HID Iclass proxmark3

The wiki at So You Want To Implant An HID Card - WIKIs - Dangerous Things Forum has been updated to reflect how to clone HID iClass legacy credentials NOT using HID iClass master authentication keys.

Read and enjoy!

3 Likes

This is great. Thank you so much for your hard work on this!

2 Likes

Ow okey , I based my answer on the google spreadsheet:

What is the “yes” for then if not enrolling or cloning?

There SHOULD be a link to a post where it was used, did you follow that?

Also it will depend on the software settings, If done strictly and allows HID only, it may not work, if opened to “Other” ISO14443-A and a UID it should.

Can you speak to the administrator and get access to the software enrollment page?

I have not found a link…
I will try with the flexm1 to get it enrolled with low hopes :smile:
Access to the software enrollment program will be impossible I am afraid. Its a huge building shared with multiple companies and its used for the car parking and elevator.

I know it’s not the same…as I am also awaiting the flexclass to be restocked, but I ordered an iClass keyfob for now to be slightly more convenient. Keyfob > pulling out my wallet every time I have to go in and out the gate at work. In case that’s a viable option for now for you :man_shrugging:

1 Like

it already is a keyfob haha :smiley:
I have time, no worries

Hey @philidelphiaChickens, first off thanks heaps for all this info you’re sharing. Definitely needing to spend more time reading through all these threads! We use iClass and I jumped the gun and got the NeXT thinking the HF side would work (luckily still able to utilise the LF side). Is there definitely no way for the HF NTAG to simulate the iClass credential?

1 Like

Alas not. You could try having your institution enroll the HF side of the NExT implant, but otherwise, assuming it’s non-se, you’ll need to wait for flexclass.

flexclass it is, thanks man!

Unfortunately, currently the FlexClass is still out of stock.

As far as I am aware, this is the most upto date status

This was in September last year.

It sounds like Amal is waiting for leumas95 to source the chips, hopefully he still has the same contacts he got the the first 2kB batch from, so if he can’t find the 16kB chips, he can at least get the 2kB ones for Amal to produce a stop gap batch , because there seems to be a few people now on the “waiting list”.

Although, if leumas95 is still busy or struggling to source chips after all this time, maybe it would be worth some others keen for iClass chips to help him find some

1 Like

i’m slowly getting things sorted in the lab and i will be working a flexclass batch soon™ … within the next few weeks. keep eyes on Dangerous Announcements - Dangerous Things Forum

6 Likes

Thank fuck you said something, I just started searching and I don’t even want one…
:+1:
You sneaky little hold out :wink:

2 Likes

@NinjuhhNutz Can you also write up what carl55 suggested you do w/ the master key vs the HID default? Also did the community ever find another place to order the blank cards besides redteamtools which still seems OOS.

are you referring to what’s in this thread? If not, by all means ask away! :stuck_out_tongue_winking_eye:

Kind of, earlier in the thread, you mentioned you got it working (with presumably a faster and more robust method) using the master key which I might have also found. Curious how that post would change if you theoretically had the master key.

ah okay. LONG story short, I already had the master key and I just didn’t know it lol

The cards that I had didn’t use the HID master key originally. I had to run the commands listed in that post to basically configure the card to use the HID master key instead and that fixed the issue that I was having. (that I didn’t understand at first.)

you can identify what key you’re using with

hf ic chk -f iclass_default_keys.dic
then
hf ic managekeys -p

confirm which key your card is using by

hf ic rdbl -b 6 --ki x
x being 0, 1, or 2 to determine which key your card is currently using.
If it’s not the master, I can give you a hand on how to correct that. I’ll have to read my other thread again to refresh my memory, which I’ll do here in a few.

I’v been reading this forum and proxmark. However I’m still too new to this. I’ve currently trying to clone a iclass Legacy card but am facing problems.

The above is the what I did.
Is there a problem after I do hf ic chk -f iclass_default_keys.dic? I’m unable to find a valid key in this instance to compare to hf ic managekeys -p.

I’m really new in this and all inputs will be greatly appreciated!

hf ic rdbl -b 6 --ki 0

what does that command result in?

if not successful, try --ki 2

@NinjuhhNutz Thank you for the reply! Key 0-2 returns absolutely nothing at all using --ki 0 to 2.
I “unpermuted” the master key and it gave the same as key 0. I hope that I’m on the right track. And when I use the same key to try to read block 6, nothing happen ( -k Master Key-unpermuted). No error…Just nothing…