You should get a .bin file output saved in the client folder of the proxmark directory and a display of the data in the terminal. When you give the dump command does it not show the card data below the “Card has at least 2 application areas.” line?
That is the rest of the file output that @philidelphiaChickens is referring to.
should be columns similar to
block# | data | ascii | lck | info
with corresponding rows for each data block
i opened the file in notepad and this is what showed up
AEA684A6DAB23278 # AA1
7665544332211000 # key1/Kc from PicoPass 2k documentation
0123456789ABCDEF # SAGEM
5b7c62c491c11b39 # from loclass demo file.
F0E1D2C3B4A59687 # Kd from PicoPass 2k documentation
5CBCF1DA45D5FB4F # PicoPass Default Exchange Key
31ad7ebd2f282168 # From HID multiclassSE reader
6EFD46EFCBB3C875 # From pastebin: iclass keys6EFD46EFCBB3C875E033CA419AEE43F9 - Pastebin.com
E033CA419AEE43F9 # From pastebin: iclass keys6EFD46EFCBB3C875E033CA419AEE43F9 - Pastebin.com
2020666666668888 # iCopy-X iCL tags
6666202066668888 # iCopy-X iCS tags reversed from the SOs
what do i do with this info to copy it onto a blank card?
do i just put a command line with with the origianal keys on it to copy it to ?
sorry if i seem like a novice to this but i really am.
i was able to read the card now if i could just figure the correct steps to copy a card that would be great .
Trust me, I know the feeling. I’m not far from it myself Just seemingly a little farther/longer into the head scratching and reading and reading and reading about it all.
Sorry, I didn’t mean to imply that you should manually to try open the file with a text editor.
hf ic dump --ki 0 should give you a “printed” version of the chip data in the terminal as well as save a .bin file along with a json and eml file iirc.
Did you not get anything more than what you posted (in post 11 of this thread) in the terminal when you gave the dump command?
There should have been more to it than what you shared. Either a successful dump displaying and saving the data, or a failure/couldn’t communicate with chip error etc.
after running the command line
hf ic dump --ki 0 this is what showed up .
hopefully i get a little closer to actually copying this card . fingers crossed
Now we’re getting somewhere!
This is what you’re looking for. Blocks 6-9 are what you want to copy to your new card
is the link that @Pilgrimsmaster sent earlier, and it spells it out pretty straight forward for you.
hf ic wrbl -b 6 -d A30303030003E017 --ki 0
for block 6 and duplicate for 7-9 with the appropriate data, all caps, no spaces.
after writing blocks 6-9 manually, do the dump again to verify the cloned card matches the original and give it a try!
ok i hope it did it correct.
i duplicated blocks 6-9 like u mentioned and added the appropriate data. i did the ic dump info and as u can see in the new card blocks 6- 9 are the same . the only number i noticed isn’t the same is block 0 my original data numbers are different then the copy card. is that normal or did i miss something?
here’s
is my card really copied ? crossing my fingers
i cant try it out till i get back to work but from what u see do you think i did it correct?
You can’t change the UID but I believe from other people’s comments that it is more concerned about the content of the card itself.
I assume that it uses some form of challenge/response with the card, but I have not looked into it.
If everything except block 0 is identical then you should be good. As you can’t modify parts of block 0 (maybe all) then this shouldn’t be a problem.
blocks 6- 9 are identical
block 2,3,10,11,12,13,14,15,16, are not exact copy.
is that normal ? i was only told to copy blocks 6-9 from above. was i suppose to copy every
block or just from 6-9?
maybe blocks 6 threw 9 are the only ones necessary to copy and the rest are just fillers . just thinking outside the box
Unfortunately this may be all for naught. Anything past block 7 is going to be SE blocks which aren’t cloneable.
Good catch! I didn’t even pay attention to anything past block 9! I’ve been so buried in my own projects, I guess I’m used to that. Still no progress on the SE cards?
SE cards are incredibly tricky and have yet to be cracked. Never say never, but they’ve been out for long enough with very little progress, I suspect it will be a long time, if ever, before they’re cracked.
There’s a very good paper on the original iClass security issues, called “Heart of Darkness”.
As I understand, SE cards have those extra filled data blocks with data that is encrypted with the UID. Since we can’t change the UID on these cards and we don’t know exactly how these extra blocks are encrypted, we don’t know how to decrypt and clone them to a new card.
Fingers crossed! One day it’ll happen and we will know exactly how they’re encrypted and someone smarter than me will figure out a way to reverse engineer! By then, there will be new more secure tech that will start the cycle all over again.
so if i understand well the card i copied blocks 6-9 onto the new card really isn’t completely a copy of my original card since not every block was copied as well nor can they be if i understood correctly?
The short of it is that you’ll likely not be able to use the cloned card on many readers, depending on how they’re configured. Blocks 6-9 are what you’ll need for any terminals that are not looking for the SE section of your card. If you clone blocks 6-9 and none of the readers are working, it’s more than likely that they’re looking for the SE data. Unfortunately, that data cannot be properly cloned.
can i know what SE section of the card means?
Any time anything secure is broken, there will be a rush to develop something new and more secure. It’s an arms race that will never end. Non-SE has been broken for a long time, and SE is still somewhat a mystery, and yet it sounds to me that HID is working on even more secure systems.
I’m not sure I follow. Are you asking if there’s a way to decode SE blocks, how to find SE blocks, how SE works, or something else?
Any data stored after block 9 will almost certainly be SE.
