Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi
Sorry for asking such a simple question, but I seem to be unable to find the information somewhere on the net.
Background is that we (small company) need a simple access control system. We are using 2n systems in general, so we would use their RFID reader. They have two versions: one is just reading UIDs (which seems to be too little security, given how easy it is to duplicate UIDs today), and a second one is called "secured RFID" using apparently iClass SE technology. I understand that this adds some data (SIO) into the encrypted blocks, so a dupliaction is much more difficult.
Now my noobie questions:
1. Apparently some HID iClass cards are based on Mifare Desfire EV1 (e.g. HID 370x). Does that mean these cards are simply Mifare Desfire EV1 with some preconfigured data? Or are the iiClass SE cards different? So, would we need to order cards from HID or could we use "normal" Mifare Desfire?
2. If we can use "normal" Mifare Desfire EV1, is it known what data would need to be written to the card for the SIO? What it needs to contain and if it needs any specific encryption key?
3. If we would need to use the HID cards, are these preconfigured with the SIO or would we need to get a special writer from HID, too, in order to get the needed data on the cards?
4. Last not least, as a small company, does anyone know where to order HID cards in small quantities? We just need 10-20 cards.
I hope, my questions are not too basic. Thanks for any help!
Michael
Offline
1. Terminology is wrong. HID offer programmed Mifare Desfire EV1 (e.g. HID 370x) credentials. They are not called iClass cards in this case.
The EV1 credentials will have their own AID, typically 0xD3494F (varies).
You can get any Mifare Desfire EV1 and program it with the correct AID(s) and data but the only official way to do this is using the HID encoder.
2. Yes. Most of the keys are diversified.
3. Ordering HID 370x will get you what you ask for. Refer to the HTOG from HID. You do not need an encoder.
4. Probably better to find a local distributor for this. If you do not know where one is, I would suggest letting everyone here know roughly where you are geographically.
Offline
Thanks for the reply. That sounds very reasonable.
I understand that we would get fully programmed (configured?) cards from HID, which are essentially Mifare Desfire EV1 with the SIO preloaded. I also understand that we could use in general "normal" Mifare Desfire EV1 and program them ourselves, but would need to understand how the keys are calculated.
So, yes, if we can easily buy the programmed cards from HID here, then this is clearly the way to go. We are based in Switzerland and are a very small company (5 people). So I guess, 10-20 cards should be sufficient. Problem is that we are too often to small for the big suppliers that they even only talk to us (you know, minimum size is 100 or so).
Btw, out of technical interest, is there somewhere informatioin available on how the SIO is calculated and programmed to the cards?
Thanks!
Michael
Offline
You're welcome
Not sure how would be the best point of contact in your region for a low volume. Perhaps someone else on the forums might know?
There is no public information on the encoding and decoding of SIO as far as I'm aware.
Offline
I have found this shop which seems to sell different Mifare Desfire EV1 fobs, some of them marked as "SE variant" (with twice the price ):
http://easyident-shop.de/epages/8c82fd4f-9473-4e01-8e80-f74e0dea7996.sf/de_CH/?ObjectPath=/Shops/8c82fd4f-9473-4e01-8e80-f74e0dea7996/Categories/2/20
Well, I would need to find out if they would work as expected on the card reader. The producer of the card reader (2n) is not very helpful, unfortunately (again, we are too small, I guess). They don't answer any questions on the phone, but tell me to contact my dealer. The dealer has no idea, asks we to send them an email with questions, which they then forward to 2n, which then does not read them correctly, but send back standard answers, which are not helpful
Sometimes, it only helps, if one understands the stuff oneself.... That's why I asked where I could find some infos. But this really seems to be a well hidden topic. Hope that doesn't mean that HID SE is "security by obscurity"...
Offline
I think if HID Global had an honest slogan it would probably be "Security by Obscurity".
I often wonder if instead of Secure Object they actually meant to say something else?
There are design flaws in SE, hence the push (by HID) to Seos... Another obscure format.
Offline
Pages: 1