Okay. Is there a way for me to see the data in that format? I’m just trying to wrap my head around what I’m actually looking at in the dump and info results.
I’ve done some digging elsewhere, and came up with a question that I can’t find an answer for.
The iClasss cards from redteamtools come non programmed and unpersonalized. I’ve come across mentions of the picopass personalization procedure. But I can’t find any documentation on it other than one or two mentions in various forum threads about needing it for the reader to recognize the card and to use the iclass master key instead of the picopass default key.
At the point I’m fairly confident that the flexclass is easily cloneable for what I need. But, not 100% so I’d like to be sure before the implant procedure.
@amal ? Any insight? I have 2 new cards that should be delivered today before I go to work tonight. Hopefully I’ll have some time to work on it tonight at work.
Finally had an opportunity to snap a pic of the reader. Some asshole broke it off the pole it was mounted on. To my delight 
And new cards came in the mail last night. I’ll work on it to ought at work 
writing the authentication key to block 3…so the card from redteam is using the picopass default rather than the hid master. While the card is still in personalization mode, from what I gather on the proxmark forum, it’s a “true” write of the key to block 3 instead of the xor version of the key that would be necessary while in application mode. But, then how exactly do I put the card in application mode?
For the record, I have the same question posted over on the pm3 forum, but response times there aren’t quite what they are here. So, yea
That is a great question and one I don’t have a good answer to. Let us know what you find out!
1 Like
SUCCESS! So, carl55 over on the pm3 forum helped me get over the hump. Ended up writing a config file to set the card in application mode and the new xor’d diversified key to use the HID master key vs the HID default. Then writing blocks 6-9 and viola!
I’m waiting on a reply from carl55 for a more detailed explanation so I can bring it over here! Huge thanks to everyone that’s helped out over here!
2 Likes
That’s great news! If you want to add it onto my HID Wiki, please do.
1 Like
Will do! When I get a reply and better explanation written up I’ll add the how-to for going from personalized to application mode and an easy to understand process for calculating the new keys.
2 Likes
Just got a confirmation on what I was waiting on to do the write up for iclass cloning for unprogrammed credential. I’ll work on it tonight at work. Probably send you @philidelphiaChickens a rough draft for review before adding to your thread.
Its the same reader that I have on one of my workplaces. The NEXT chip would read it but the software saw it as “unknown device” so they couldn’t enroll it. Will try again later with FlexM1 , hopefully this will work for enrolling. Fingers crossed!
as @zwack said, you will definitely need a flexclass. Don’t make my initial mistake and think “HF is HF” and it’ll work.
flexclass is the only working implant that uses the iclass credential at this point. Do you have a proxmark and a valid credential for the reader?
1 Like
From my understanding, IFis a yes, WHEN is also a yes 
I’m also very impatiently awaiting the restock!
The wiki at So You Want To Implant An HID Card - WIKIs - Dangerous Things Forum has been updated to reflect how to clone HID iClass legacy credentials NOT using HID iClass master authentication keys.
Read and enjoy!
3 Likes
This is great. Thank you so much for your hard work on this!
2 Likes
Ow okey , I based my answer on the google spreadsheet:
What is the “yes” for then if not enrolling or cloning?
There SHOULD be a link to a post where it was used, did you follow that?
Also it will depend on the software settings, If done strictly and allows HID only, it may not work, if opened to “Other” ISO14443-A and a UID it should.
Can you speak to the administrator and get access to the software enrollment page?
I have not found a link…
I will try with the flexm1 to get it enrolled with low hopes 
Access to the software enrollment program will be impossible I am afraid. Its a huge building shared with multiple companies and its used for the car parking and elevator.