Implants and compatibility with HID Seos IP?

pwnkitteh · July 13, 2019, 11:27pm

My work uses the (relatively) recent HID Seos cards and readers for their access control. I’ve looked through the datasheet, and as far as I can tell although the vivokey has cryptographic ability, seos is proprietary and therefore I’m not really sure if it will work as a replacement for my key card. The card I have wasn’t marked with exact branding, but from what I can tell it’s part of their 500x series, and therefore isn’t compatible with any existing legacy technologies. All the relevant branding I could see was the “HID Seos IP” on the bottom left of the card, and on the bottom right “xt”.

Can someone with more experience than me take a look and see if these are compatible, and if possible explain why/why not so I can be more informed?
Thank you.

Datasheet
Blog post about HID Seos

HID Global Page about the card - hidglobal. com/products/cards-and-credentials/iclass-seos/iclass-seos8k-prox

amal · July 23, 2019, 2:27am

It looks like SEOS is a java card applet… so no chance of cloning your card to an implant. There may be a future though where SEOS runs on the VivoKey Flex One… just would require cooperation from HID. This would be a Fidesmo question though.

bepiswriter · July 23, 2019, 2:59am

Shit, I’d be down for an HID + DT partnership

amal · July 23, 2019, 7:27pm

It would be a VivoKey partnership for sure, and if you know the right people maybe we could arrange a chat

bepiswriter · July 23, 2019, 8:03pm

I wish, closest I know to someone at HID is my sales rep at ADI.

ElBarto · November 4, 2022, 2:23am

So if my work place uses this same type of cards and readers, is there any implant that can act as one of this cards? Not to clone an existing one but as a completely new one?

amal · November 4, 2022, 3:27am

I found this interesting

It’s the start of a possible seos emulator Java card applet. It would need some significant development, but it might just be possible to create a seos applet for Apex

philidelphiaChickens · November 4, 2022, 4:05am

I was looking at this earlier as well, albeit as a gateway into some other research (I’m curious if there’s a way to emulate iClass SE with Apex). I might poke at it a little more.

turbo2ltr · August 11, 2023, 6:30pm

dang it.

amal · August 11, 2023, 8:30pm

What chip is in there? Maybe we convert it

turbo2ltr · August 11, 2023, 8:50pm

It’s um…not exactly my card. lol.

** TagInfo scan (version 4.25.4) 2023-08-11 13:46:00 **
Report Type: 
-- IC INFO ------------------------------

# IC manufacturer:
Unknown manufacturer

# IC type:
Unknown IC implementing ISO/IEC 14443-4

-- NDEF ------------------------------

# No NDEF data storage populated:

-- EXTRA ------------------------------

# TagInfo Version:
Version :4.25.4

# Device Info:
Device Model :samsung ( SM-S908U1 )
Android OS Version :12

-- FULL SCAN ------------------------------

# Technologies supported:
ISO/IEC 7816-4 compatible
ISO/IEC 14443-4 (Type A) compatible
ISO/IEC 14443-3 (Type A) compatible


# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.IsoDep, android.nfc.tech.NfcA]
* Maximum transceive length: 65279 bytes
* Default maximum transceive time-out: 618 ms
* Extended length APDUs supported
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 618 ms


# Detailed protocol information:
ID: XXX
* Random ID
ATQA: 0x0100
SAK: 0x20
ATS: XXX
* Max. accepted frame size: 256 bytes (FSCI: 8)
* Supported receive rates:
	- 106, 212, 424, 848 kbit/s (DR: 1, 2, 4, 8)
* Supported send rates:
	- 106, 212, 424, 848 kbit/s (DS: 1, 2, 4, 8)
* Different send and receive rates supported
* SFGT: 302.0 us  (SFGI: 0)
* FWT: 77.33 ms  (FWI: 8)
* NAD not supported
* CID supported
* Historical bytes: [none]

--------------------------------------

turbo2ltr · August 11, 2023, 8:51pm

I edited out the ID, but I see now it is indeed random.

RedGreen · October 28, 2023, 11:25pm

I know this is an old post, but I ran across this related paper online. And don’t see it elsewhere. Might be interesting to someone researching Seos.
“A relay attack against HID Seos” - https://eprint.iacr.org/2023/450.pdf

2023-450.pdf (2.7 MB)

Tack a link to their code too,
“CardHopper - ISO14443-A long distance relay attack tools” - Loudmouth Security / CardHopper · GitLab

Pilgrimsmaster · October 29, 2023, 1:07am

I renamed it

SEOS_ A relay attack against HID Seos (2.7 MB)

and added it to the PDF repository

Thanks for the update

RedGreen · October 29, 2023, 1:12am

Thanks. I recollect looking at that area once so far, but am often unsure memory wise.
I added a bit more to my comment, as I see they have a revised link to their code.