Cloning a HID IClass 2k key fob

oh sorry i wasnt sure since i havent updated the other one in a while, but to answer your question yes and yes

  1. Trying changing the ki value. Others had success for example using “2”, when “0” didn’t work.
1 Like

What does the ki value mean?

Change the 0 to a 2

--ki is the key value the card wants in order to release some of the information stored on the card.

1 Like

That will probably work for the pm3 because it knows to look for the other authentication key, but can (and in my experience, will) cause issues with the reader that he is trying to use the cloned tag for. Blocks 6-9 are all the reader really cares about once authentication is done. BUT, --ki 2 uses a different key than --ki 0, so the authentication isn’t gonna be too happy about that.

the "using AA1 key [0] AE xx xx xx xx xx xx xx should be the correct key for the class tag.

UNLESS the reader has been configured to use a custom key. In which case you may very well be royally screwed.

It sounds like you’re just not communicating with the credential at all. What does your “hf search” command give you? Have you tried repositioning the card? Moving the pm3 to different surfaces? I know that sounds trivial, but it does in fact make a huge difference.

In my PM conversation with @695, the pm3 was able to detect the presence of the card. I’m guessing it’s a key error. Either it’s not --ki 0 and is some other pre-stored number OR the card has a non-standard key. It’s unusual but not impossible, especially if the admin who handles card stuff is on top of their security.

1 Like

yea that’s what I was thinking as well. But, if it is as simple as the card using a different key (as is the case with the red team tools cards in the state that they come) it’s fairly simple to change the authentication key used in the card. assuming that the reader does in fact use the --ki 0 key.

I suppose step 1 would be to get a successful dump from the original tag and verify that is does in fact use --ki 0. If not, if we can determine the key being used, easy as pie :wink:

1 Like