New to RFID cloning here. Been trying to use a proxmark3 easy to clone an iclass card but I’ve been confused by all the tutorials posted online. I would appreciate if anyone would be willing to share the steps on how to clone this particular card.
It’s unlikely but it is possible that the reader may only be looking at the CSN, If you can get an iClass card in personalisation mode (red team tools sells one) you can try copying the CSN of your SE card to it.
Does anyone (@amal, @Pilgrimsmaster ) know how the eye class SE authentication works? Would it be possible to brute force the master key? I’d be happy to donate some computer and proxmark time to that
I’m super late to the party, but iClass SE isn’t cloneable. No HID systems that use iClass cards use the CSN for authentication, AFAIK.
Non-SE iClass (AKA Legacy) has been cracked for a long time. SE terminals that accept legacy cards can have a downgrade attack run on them, but I’m not the right person to ask about that.
First time post, but been in the RFID side of things in the retail and warehousing space for a while…
I’m curious to see if there is any traction with Iclass SE there seems to be variant understandings on such IClass standard.
I have cloned other cards which are straight forward, but it seems the SE is the challenge.
Here from MR keyfob apparently can do this? is this even possibly? iCLASS SE Fob Duplication Instructions - YouTube
Then quotes like this" I copy-x They have an add on that copies iclass se “First in the world” I guess it works only on buildings with support for legacy system as well which they say is about 85% coverage"
overall is there any traction with SE and if so, can anyone share intel?
There is no traction with SE. What these are doing is extracting the pacs data using a legitimate HID reader, and then writing it to an iClass Legacy card. This only works if the target readers want to accept legacy.
Does anyone have an update on how to clone Iclass SE fobs?
As I understand there is a way to convert the Iclass Serial number (found by scanning the RFID using an Multiclass Iclass reader). (the iclass serial number was then shown as the following: iCLASS[0607816ac0] ) and convert it to a number that you can then write to a 13.56 MHz card and now have a working copy of an iclass se fob.
The info that I read off the original Iclass se card is below. I want to know how to convert the scanned serial number into data that can be written on a new card.
Hello,
i have been reading and still confused about whether i can copy my current iclass 2k SE fob. I have 6 fobs and i want them converted to a card format to fit in my wallet.
Can i read my current fob, and then transfer the data or copy it to a blank card? If so what equipment do i need?
Do i need the site code and ID and can that be extracted. Some tell me to get the cp1000 and will do the job, others say it wont work and some say need the icopyx and proxmark etc… A lot of back and forward and hoping someone can provide a latest update if it can be done and what is required and how to do it.
Wait, is iClass SE an actual different card technology than iClass legacy? I thought it was just marketing mumbo for “We put an SIO credential on the iClass legacy chip” and you had to go for Seos to get an actual hardware upgrade.
No this would be legacy + SIO which is its own thing
SE is the same chip architecture just using a separate proprietary crypto.
To downgrade to legacy you can extract the PACs content of an SE with a weaponised reader or you can purchase the SE SAM by itself and use something like the pmRDV4 or flipper (with a SAM adaptor hardware addon) you can then encode this PACs content onto a legacy credential and hope that legacy remains enabled.
For direct to other SE cloning you’d need an omnikey to encode the PACs data in SE to an SE cred.
Other options also include downgrading to hidprox low frequency given LF is enabled on the reader & no SIO on the hf credential