Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2019-11-13 18:24:34
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Rework of 'hf iclass snoop', including jamming option
For those who are interested in iClass research: with PR#884 on official repository comes a working 'hf iclass snoop'.
As a bonus it has an option to jam (prevent) CC updates. If you don't know the advantages of an unchanged CC then this is not for you 
.
Hint: snooping works best with the antenna directly "attached" to the card and positioned between card and reader. Use the B and C LEDs to find the best snooping distance.
Offline
#2 2019-11-14 08:49:32
- yukihama
- Contributor
- Registered: 2018-05-13
- Posts: 133
Re: Rework of 'hf iclass snoop', including jamming option
For those who are interested in iClass research: with PR#884 on official repository comes a working 'hf iclass snoop'.
As a bonus it has an option to jam (prevent) CC updates. If you don't know the advantages of an unchanged CC then this is not for you
Hint: snooping works best with the antenna directly "attached" to the card and positioned between card and reader. Use the B and C LEDs to find the best snooping distance.
can you succesfully do the "Not legacy iclass card"? LOL
Offline
#3 2019-12-04 18:35:38
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: Rework of 'hf iclass snoop', including jamming option
I have added an '-n' option to 'hf iclass readbl' and 'hf iclass dump' for replaying a NR/MAC pair gathered with 'hf iclass snoop --jam'. Enjoy.
Offline
#4 2019-12-04 18:40:10
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: Rework of 'hf iclass snoop', including jamming option
can you succesfully do the "Not legacy iclass card"? LOL
Depends. Snooping and replaying NR/MAC should work on every Picopass card. Which doesn't mean that you can create working clones of each and every card.
Offline
#5 2020-10-13 09:02:29
- hayabusa
- Contributor
- From: Australia
- Registered: 2019-08-27
- Posts: 12
Re: Rework of 'hf iclass snoop', including jamming option
I have added an '-n' option to 'hf iclass readbl' and 'hf iclass dump' for replaying a NR/MAC pair gathered with 'hf iclass snoop --jam'. Enjoy.
Hi Piwi
Thanks for your great work.
Im wondered, would you also add this function to writeblk?
it would be nice I think.
cheers
Offline
#6 2020-10-14 10:50:34
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Rework of 'hf iclass snoop', including jamming option
We are recalculating the MAC for each write cmd w data, given the diversified key. I see no possibility to replay it since we don't have the new mac needed.
Offline
#7 2020-10-16 14:49:45
- hayabusa
- Contributor
- From: Australia
- Registered: 2019-08-27
- Posts: 12
Re: Rework of 'hf iclass snoop', including jamming option
We are recalculating the MAC for each write cmd w data, given the diversified key. I see no possibility to replay it since we don't have the new mac needed.
Thanks for confirming
cheers
Last edited by hayabusa (2020-10-17 23:40:57)
Offline