Iclass elite key remove

Buka · February 18, 2025, 3:08am

How to remove elite key or recover?

=] --------------------------- Tag memory ----------------------------

[=] block# | data | ascii |lck| info
[=] ---------±------------------------±---------±–±---------------
[=] 0/0x00 | 27 03 33 11 FE FF 12 E0 | '.3.?..? | | CSN
[=] 1/0x01 | 12 FF FF FF 7F 1F FF 3C | …< | | Config
[=] 2/0x02 | FE FF FF FF FF FF FF FF | ?.. | | E-purse
[=] 3/0x03 | 86 B3 93 97 72 5A 6C F7 | .?..rZl? | | Debit
[=] 4/0x04 | 00 00 00 00 00 00 00 00 | … | | Credit
[=] 5/0x05 | FF FF FF FF FF FF FF FF | … | | AIA
[=] 6/0x06 | 28 CB 91 9D 00 00 00 1C | (?.. | | User / HID CFG
[=] 7/0x07 | E0 5C 91 CF 63 34 23 B9 | ?.?c4#? | | User / Cred
[=] 8/0x08 | 00 00 00 00 00 00 00 00 | … | | User / Cred
[=] 9/0x09 | 00 00 00 00 00 00 00 00 | … | | User / Cred
[=] 10/0x0A | 00 00 00 00 00 00 00 00 | … | | User
[=] 11/0x0B | 00 00 00 00 00 00 00 00 | … | | User
[=] 12/0x0C | 00 00 00 00 00 00 00 00 | … | | User
[=] 13/0x0D | 00 00 00 00 00 00 00 00 | … | | User
[=] 14/0x0E | 00 00 00 00 00 00 00 00 | … | | User
[=] 15/0x0F | 00 00 00 00 00 00 00 00 | … | | User
[=] 16/0x10 | 00 00 00 00 00 00 00 00 | … | | User
[=] 17/0x11 | 00 00 00 00 00 00 00 00 | … | | User
[=] 18/0x12 | 00 00 00 00 00 00 00 00 | … | | User
[=] 19/0x13 | 00 00 00 00 00 00 00 00 | … | | User AA2

Aoxhwjfoavdlhsvfpzha · February 18, 2025, 3:16am

Can you explain a little more about what you’re trying to do?

You have an elite credential and you want it to work with a legacy reader perhaps?

Buka · February 18, 2025, 3:31am

this card is dead quz of don’t know elite key so trying to restore card, when i try attack with flipper zero did not found keys, proxmark3 same too, so i think my knowladge is to weak that is why support here

tac0s · February 18, 2025, 3:34am

I don’t think you can. Pretty sure this is a security feature.

Aoxhwjfoavdlhsvfpzha · February 18, 2025, 3:36am

Have you tried hf iclass chk -f iclass_elite_keys.dic --elite?

Buka · February 18, 2025, 3:42am

[+] Reading tag CSN / CCNR…
[+] CSN: 27 03 33 11 FE FF 12 E0
[+] CCNR: FE FF FF FF FF FF FF FF 00 00 00 00
[=] Generating diversified keys using elite algo
[+] Searching for DEBIT key…
Chunk [635/730]
[+] time in iclass chk 10.0 seconds

[usb] pm3 →

Aoxhwjfoavdlhsvfpzha · February 18, 2025, 3:44am

How about hf iclass chk -f iclass_default_keys.dic?

Buka · February 18, 2025, 3:45am

[+] Reading tag CSN / CCNR…
[+] CSN: 27 03 33 11 FE FF 12 E0
[+] CCNR: FE FF FF FF FF FF FF FF 00 00 00 00
[=] Generating diversified keys
[+] Searching for DEBIT key…
Chunk [635/760]
[+] time in iclass chk 10.3 seconds

Iceman · February 18, 2025, 6:28am

Depends if card was used with an elite or custom elite key.

Try:
hf iclass chk --vb6kdf

if failure you have to look at the reader to extract the nonces used for loclass attack.

Buka · February 18, 2025, 6:49am

[usb] pm3 → hf iclass chk --vb6kdf

[+] Reading tag CSN / CCNR…

[+] CSN: 27 03 33 11 FE FF 12 E0

[+] CCNR: FE FF FF FF FF FF FF FF 00 00 00 00

[=] Generating diversified keys using elite algo

[+] Searching for DEBIT key…

Chunk [4953/5000]

[+] time in iclass chk 68.0 seconds

[usb] pm3 →

Buka · February 18, 2025, 6:58am

i think this card is dead, tnx boys

Iceman · February 18, 2025, 9:05am

according to your dump you have the diversified key.
How did you get it if you didn’t use a known key?!?

Buka · February 18, 2025, 10:24am

it was accident to write key, what is this? 86 B3 93 97 72 5A 6C F7

Iceman · February 19, 2025, 10:20pm

part of the data in your first post

It is the diversified key for your card.
You can’t get it if you don’t have the right key.