maybe i bought the wrong picopass2k cards?
i thought all picopass 2k wrote the same but was just told there are many different formats of picopass2k cards.
anybody have a site that can lead me to buying the correct ones.
the info i have on the original card when running a hf ic info is that
csn : HID
credential :iclass legacy
card type:picopass2k
hope that enough to find the right copy of my origianl
found the part number and format of the card but they tell me the format is proprietary .
so is that a dead end for trying to copy this card ever even if i get the correct card part?
Did you buy this card from redteamtools as well? Or, some other vender? The Redteaamtools cards are supposed to be iClass cards, meaning within HID range from what I understand. I donāt know that the CSN being out of HID range will cause an issue or not? Iām sure someone here has way more knowledge on the subject that I.
Run a check keys? Also, the redteam cards use the picopass default keys, which is pretty easy to find online, if you donāt already have it. Try the dump command with that and see what happens. My new cards should be in tomorrow, as Iām in about the same boat as you. Iāll keep my thread updated on the progress and chime in if I find anything that might help.
someone said that the format on the card has proprietary data on it. so my only option i think is i need to get the cards from the company who has that same format compatible . even though i buy the correct card i donāt think i can write on it if the format doesnāt correspond with the reader in question .
not sure but thats what the person from HID customer service told me when i called.
i have the part number of the cards and format number . maybe someone knows whats possible with this info
Where did you order the recent PicoPass 2k cards from?
Iām not sure what youāre calling āproprietary dataā on the card, nor do I remember seeing that post on this thread. Again, did you get the cards from redteam or somewhere else? Did you try the dump with the picopass default key? Itās difficult to help steer you in the right direction without any info
Also, if I were a salesperson and worked for a company that you were trying to reproduce a copy of with buying from me, Iād probably say the same thing. Being that weāre a community of folks that donāt particularly care for the phrase ācanāt be doneā Iād say donāt give up going the diy route.
1 Like
Have you tried any other keys to read data off the card? --ki 1 or --ki 2 etc?
YES keys --ki 2 worked.
i was able to write data on blocks 6-9 using
hf ic wrbl -b 6 -d (data#) --ki 2
i did a hf ic dump --ki 2 and the data showed up.
the only difference is that the original card has only18 blocks and the cloned card has 31
will this affect the reader?
and why only copy blocks 6-9 and not more blocks if the its possible except for blocks 0-5 which i learned the hard way already?
here is what each one looks like in the picture when i run
the hf ic dump commands for original and cloned card
Because after that, those are secure blocks, and the reader wonāt like them being on a card that has a different UID.
Generally not, no. At least not in my experience.
ok i let everybody know what happened when i scan the cloned card
i just went on ebay and searched picopass 2k cards and found a seller selling 10 cards for 20$ so i gave it a try not knowing there were different types of picopass 2k cards with different formats. Its when i did i hf ic dump --ki 2 i noticed the data blocks were different but i was still able to write blocks 6-9 . now i need to test the card out to see if the reader will read it.
the person working at HID told me the cards i need to buy are from part number 2000-hpggsv. which i was able to find but then he told me that the format is proprietary , im hoping hes wrong and that i can still find a way to clone it without going threw the original manufacturer. i find out soon if what i did will work with out using the exact card format like i was told
That explains it. Those cards will almost certainly not work, as they donāt have HID UID ranges, but do please try it and report back.
Iām impressed you got anything out of HID. When Iāve contacted them Iāve been stonewalled and then completely ignored.
Heās not wrong AFAIK. Heās probably saying that the SE block encryption is proprietary, which it totally is. At this point, there is no way to clone SE blocks.
I hate telling people to give up, but if this cloning attempt does not work, I donāt think this is going to work.
You may have more luck on the Proxmark forums or Discord server.
you were right the cloned copy card that i bought which was not a HID card but was a picopass2k card. i didnt know HID was needed as well. but its ok im learning.
Do you think if i buy the correct part number card and then write on blocks 6-9 it will work?
or do i even need the correct format which is proprietary meaning impossible to find unless i go directly to the company that supplied the card to me .
which defeats the purpose of trying to clone cards .
any suggest ends where to go from here
I doubt it. Remember, your source card had SE blocks that canāt be emulated on your new card.
The proprietary-ness is either the structure of the card system, which is easily emulated by a card supplied by RedTeamTools. Or itās referring to the SE system structure, which cannot be recreated.
Proprietary just means it is theirsā¦ This could be as simple as meaning it uses one of the HID formats (Facility Code/ID for example). It is likely to also mean āIām not telling you anything moreā, but if the format has already been deciphered then they donāt need to tell you.
So get the correct card, copy blocks six to nine and try it. If that doesnāt work then hopefully someone will have some good ideas (anyone know if a chameleon tiny pro could be used with one of these cards?)
question about possible cards option.
if i find an my old copy of the exact card with the same form will the card work if i changed the blocks 6-9 even if it has been deactivated and no longer worked?
can a deleted card that the no longer worked on the system be cloned to an active again?
Plus what exactly is written on blocks 6-9 . is that the data needed to open or close a door for example from an active card or name and info on that person on those blocks?
I think youāre missing some key points.
An iClass legacy (picopass) card that has been personalized and cloned blocks 6-9 should be a perfect working copy of the card you want to clone.
If those SE blocks (the ones after 6-9) are actually being used by the reader/access control system, to date there is NO successful method of cloning iClass SE cards.
What Iāve gathered from my digging on the proxmark forum (and Iām still waiting on my cards to come in to verify this. Damn US postal serviceā¦) is that the redteamtools cards come unpersonalized. Meaning they use the picopass default key rather than the HID master key. Kd is different, basically. As well as the configuration. A bit tricky to work out if youāre (like me) still climbing up the vertical learning curve.
Short answer? Get a few more cards from redteamtools. Label them specifically. Document every single command you run that modifies the card in any way. (Notepad is your friend) Read every forum you can on the proxmark forum in the iClass directory. And, be advised: asking questions over there that are even remotely possible to find via searching, probably wonāt get you a response. Spoon feeding is frowned upon. Not being a dick. Just a heads up 
And about the old card, I suppose thatās worth a shot. I would bet that the SE blocks (again, assuming itās using SE) would be using the UID with whatever encryption method SE utilizes to make that impossible. But, still worth a shot.
Let us know!
1 Like
It is indeed worth a shot, but Iām doubtful. When the entire card was deactivated from the system, it likely meant that the SE blocks also went too.
Anything issued by your company is almost certainly going to be fully locked. Itāll be impossible to change any blocks.
Think of the card reader as a lock and the card as a key. Blocks 6-9 are like the teeth of the key. For systems that read the SE blocks, anything after block 9 are going to be extra teeth, but teeth that you canāt see or clone properly.