I have been trying to clone a card that I have. I just need a duplicate – not an implant or anything. After researching this, I thought a good first step would be to create a dump file. This is where I can into some complications.
[usb] pm3 --> auto
[=] hf search
[+] iCLASS / Picopass CSN: CF 64 6D 16 FE FF 12 E0
[+] Valid iCLASS tag / PicoPass tag found
[usb] pm3 --> hf iclass dump
[-] Run command with keys
[usb] pm3 --> hf iclass dump -k 3F90EBF0910F7B6F
[=] Card has at least 2 application areas. AA1 limit 18 (0x12) AA2 limit 31 (0x1F).
[!!] failed to communicate with card
Can someone tell me what I am doing wrong? Is it possible to clone this card? How can I do so? I am using a proxmark3 easy.
I just grabbed the “iClass Master Key” from here. Is this correct? Cheatsheet
@philidelphiaChickens first question was going to be mine. I can’t remember exactly who it was that told me (what seems like a lifetime ago) NOT to use explicitly typed keys, rather than the key index option in the proxmark.
Other than custom keys, the proxmark has the 3 most commonly used keys for the iclass cards.
I would try hf ic dump --ki 0 then try --ki 2 if it’s not successful. Odds are, you’re good with that. PLEASE do not write anything to block 1 or block 3. I’ve done it and it’s a nightmare, and I’m currently trying to help another forum member recover from that mistake.
I was able to get the dump working with hf ic dump --ki 0. I was also able to get this to emulate successfully with hf iclass sim 3 (it might have been slightly different, I don’t remember the command exactly).
Now that this works, I was wondering how I can write to a physical card. What are the steps for doing this from the dump file? What kind of card do I need? Does this look like the right kind?
Awesome! That looks good - I was worried that the card would have secure bits. It looks like you should be able to start cloning. For blocks 6-9, run hf iclass wrbl --ki 0 -b [block number] -d [numbers associated with block] with the new card on the reader.