Hey All,
I’ve finally made some progress while using the sim command and running a LOCLASS attack on a reader on site and using a valid know CSN:
hf iclass sim -t 2 --csn [CSN OF VALID CARD]
Which gave me the iclass_mac_attack.bin that has allowed me to run:
hf iclass loclass -f iclass_mac_attack.bin
Which gave me the keys being used in a couple of formats (I ended up using the ICLASS format) which then lets me run:
hf iclass managekeys --ki 7 -k [HID ICLASS FORMAT KEY FROM COMMAND ABOVE]
Which saves the key into slot 7 of the managed iclass keys (so you don’t mistype them) and can then run:
hf iclass dump --ki 7 --elite
Which then dumps the card using the key stored in slot 7 after elite computations have been applied.
So now I’ve finally been able to dump the data off the credentials using the custom keys.
I’m now waiting for my writable cards to arrive so I can see how simple it will be to write the blocks needed to the new cards and have them recognised my the readers on site.
I’ll probably come crawling back with more questions once I have a crack at writing and testing the new cards.
Wish me luck…