Unfortunately it is rarely as simple as that. In some cases the card can only be partially cloned and depending on how your access control system is configured that might be sufficient, or might not.
Some cards cannot be cloned because they rely on the card itself performing certain cryptographic functions actually on the card in ways that do not ever expose the keys that you would need to copy.
This is yet another oddity of HIDās naming scheme. the DP/DY system is both SE and non-SE. Some readers only need the non-SE data.
There is hope yet: is there any chance you can share a photo of the readers you use? Thatāll get us a little further here.
I would guess that DP means Dual Protocol so that probably means it has a high frequency and a low frequency component. This is usually used when slowly replacing older access control systems, or expanding with a new access control system.
If you could do an lf search on the card it might answer that question.
Dual Protocol could also imply SE/non-SE.
so even if i get an original card (picopass) from the same supplier that my work buys them and cloned blocks 6-9 it still might not work?
i find out monday when i go back to work if cloning blocks 6-9 did the trick or not on todays card.
the reader in question is a standard parking gate card reader. since i have more then 1 car i wanted to have an additional card in the other car since i tend to forget to bring it and losing them happens to often so its easier for me to make my own copies then purchase a new one at 50$ a pop
Correct.
(Disclaimer: I am not a mathematician nor a cryptographer. Iām a computer science undergraduate with a focus in machine learning. All of this to say I have some idea what Iām talking about but also have no clue what Iām talking about. Please take what I say with a grain of salt)
Think about it this way: All the SE blocks are the outputs of a big mathematical equation. As a completely random hypothetical example, letās create BFG PClass SD, a completely fake brand that has a similar system to the HID iClass SE, just a completely different naming scheme. Weāve broken the SD system, and have somehow figured out the equation, which looks like this:
encryptedDataToStoreOnCard = log_15_ (3z((unencryptedData) * x^3 - y(unencryptedData^2)^3))
z, y are going to be some ungodly long prime numbers, and the whole thing is going to be a mess. x will be the cardās UID. If the system knows this equation and can read the UID, it can decode the data itās reading properly, as itās been programmed to know what z and y are. However, the user canāt do this because they donāt know z or y and definitely are not supposed to know the equation. Therefore, itās secure: no one knows all the elements except the reader, and the software on the reader is obfuscated in such a way that someone who cracks it open wonāt be able to figure out how secure it is. For extra security, we can have a different equation and z and y for multiple different blocks of data on the card, so that not one but multiple equations need to be found and solved.
The HID iClass SE system has a similar problem, which many are trying to solve: we just donāt know how to properly decode the system, as we donāt know all the elements and we donāt know how all the elements fit together.
before buying the proxmark3 on this website i asked the question on wheather or not it cloned picopass cards with the hid iclass dp logo and everybody said yes.
i guess what they meant by saying yes was eventually it should but not right now
I assume youāre referring to this post
To be clear: we have said that it has the functionality to read and clone blocks from HID cards. At no point did we say that there is a 100% guarantee that cloning will work properly and that you will have an all-in-one solution that will be easy to control. If you look back at all the things Iāve written about HID cards, I have always said that SE is not cloneable. We have no clue if and/or when it will ever be possible. I assume that there are researchers working on it now, but I personally doubt SE will be cracked any time in the near future. What we might have said is that DP cards can have the non-SE sections cloned with no problem and work fine.
Some DP cards donāt have SE blocks stored on them. Some do. It all comes down to what system your employer/school/whatever uses. You canāt win if you donāt enter, and the proxmark3 is your ticket.
i never imaged RFID cards were so complexed. Figured you scan a card on a scanner (proxmark3)that reads the data and copies it onto a blank card compatible to the same card. never imagined it to be so complex. ah well thatās life .
iāll check back in the future who knows maybe someone might find a way to copy these types of cards with new technology
(Oversimplification ahead) Some cards are basically small computers running java applets. These donāt give you the ability to just read the entire card, so you canāt just clone them.
Have a look at your bank card some time if it is NFC capable.
Donāt we all wish it were that simple. And by the same token, are glad that itās not!
ok so i tried the cloned card with only blocks 6-9 copied and no it didnāt work so i figured tonight i try writing all of the blocks one by one and i was able to copy blocks 3-18 exactly the same without an issue. when i tried to copy blocks 2 and 1 i got writing failed so i said ok let me try a doing a
hf ic dump --ki 0 to see how it looks my cloned card so far but to my surprise
i cant see the data anymore because it says it has 2 application areas like in the photo i provided .something it never said till i try cloning block 2
what does this mean and how can i back track myself or fix the issue to see the data again.
do i need to wipe my cloned card and restart the process?
Can i even wipe my cloned card to re-enter data onto it again?
if yes whatās the command line to wipe the card clean and try re -entering the data. any information is greatly appreciated
Block 0 is the UID and cannot be changed. Iām not clear on what block 2 does, but I suspect thatās also not changeable.
Changing the application area sizes is likely to do nothing.
If you did not change block 1, you should be able to change the blocks 6+.
I wonder if one could write an Apex applet to emulate an HID card.
my issue is i dont see the data like i use to when i run the command line
hf ic dump --ki 0.
instead i get message saying card has at least 2 application areas. AA1 limit 18 (0x12) AA2 limit 31 (0x1F).
never say that before.
Iām wondering if you managed to change the partitioning on the card.
Just to make sure, can you restart ProxSpace?
You might have borked the card, which means that youāll need a new card if you want to keep trying. 
At this point, if youāre planning on going the implant route, I might start talking to @amal about custom services.
Were you able to change the Debit/Credit keys? (Blocks 3+)
