Clone HID iClass PicoPass 2k

AustralianElectrical · September 12, 2022, 9:42am

If the fob you’re copying from is using the standard key, all you should need to do is have the existing fob on the hf antenna and then run:

hf iclass rdbl -b 7 --ki 0

Then take the valid fob off the proxmark and put the writable fob/card on and run:

hf iclass wrbl -b 7 -d XXXXXXXXXXXXXXXX --ki 0

Replace the Xs with the 8 bytes (16 hex symbols) that the proxmark3 output when you ran the rdbl command.

That should be it (assuming they’re not using non-standard ‘high security’ keys or something else going on).

Here is a list (incomplete and made very quickly) of posts that contain useful iClass information. I suggest you read each carefully as the next steps for standard and more involved iClass cloning have been covered elsewhere:

github.com

RfidResearchGroup/proxmark3/blob/master/doc/cheatsheet.md#iCLASS

<a id="Top"></a>
# Command Cheat Sheet

|Generic|Low Frequency 125 kHz|High Frequency 13.56 MHz|
|---|---|---|
|[Generic](#Generic)|[T55XX](#T55XX)|[MIFARE](#MIFARE)|
|[Data](#Data)|[HID Prox](#HID-Prox)|[iCLASS](#iCLASS)|
|[Memory](#Memory)|[Indala](#Indala)||
|[Sim Module](#Sim-Module)|[Hitag](#Hitag)||
|[Lua Scripts](#Lua-Scripts)|||
|[Smart Card](#Smart-Card)|||
|[Wiegand convertion](#Wiegand-manipulation)|||

## Generic
^[Top](#top)

Identify High Frequency cards
```
pm3 --> hf search
```

This file has been truncated. show original