[usb] pm3 → auto
[+] Valid iCLASS tag / PicoPass tag found
which gives this:
[usb] pm3 → hf ic dump --ki 0
[+] Using AA1 (debit) key[0] AE A6 84 A6 DA B2 32 78
[=] Card has at least 2 application areas. AA1 limit 18 (0x12) AA2 limit 31 (0x1F)
.
[!!] failed to communicate with card
any help appreciated.
does it just give you that output of valid iclass found or does it give you more info
do hf ic info and make sure its outputting properly
then re run the dump command making sure your card is securely placed on the proxmark so it can couple (black square is high freq antenna. it needs to either be ontop of the back suqare or under it under the proxmark.)
[usb] pm3 → hf ic info
[=] --------------------- Tag Information ----------------------
[+] CSN: 2D B8 BC 10 FE FF 12 E0 uid
[+] Config: 12 FF FF FF 7F 1F FF 3C card configuration
[+] E-purse: F0 FF FF FF FF FF FF FF Card challenge, CC
[+] Kd: 00 00 00 00 00 00 00 00 debit key ( hidden )
[+] Kc: 00 00 00 00 00 00 00 00 credit key ( hidden )
[+] AIA: FF FF FF 00 06 FF FF FF application issuer area
[=] -------------------- card configuration --------------------
[=] Raw: 12 FF FF FF 7F 1F FF 3C
[=] 12… app limit
[=] FFFF ( 65535 )… OTP
[=] FF… block write lock
[=] 7F… chip
[=] 1F… mem
[=] FF… EAS
[=] 3C fuses
[=] Fuses:
[+] mode… Application (locked)
[+] coding… ISO 14443-2 B / 15693
[+] crypt… Secured page, keys not locked
[=] RA… Read access not enabled
[=] PROD0/1… Default production fuses
[=] -------------------------- Memory --------------------------
[=] 2 KBits/2 App Areas ( 256 bytes )
[=] 1 books / 1 pages
[=] First book / first page configuration
[=] Config | 0 - 5 ( 0x00 - 0x05 ) - 6 blocks
[=] AA1 | 6 - 18 ( 0x06 - 0x12 ) - 13 blocks
[=] AA2 | 19 - 31 ( 0x13 - 0x1F ) - 18 blocks
[=] ------------------------- KeyAccess ------------------------
[=] * Kd, Debit key, AA1 Kc, Credit key, AA2 *
[=] Read A… debit
[=] Read B… credit
[=] Write A… debit
[=] Write B… credit
[=] Debit… debit or credit
[=] Credit… credit
[=] ------------------------ Fingerprint -----------------------
[+] CSN… HID range
[+] Credential… iCLASS SE
[+] Card type… PicoPass 2K
[usb] pm3 → hf ic dump --ki 0
[+] Using AA1 (debit) key[0] AE A6 84 A6 DA B2 32 78
[=] Card has at least 2 application areas. AA1 limit 18 (0x12) AA2 limit 31 (0x1F)
.
[!!] failed to communicate with card
[usb] pm3 → hf ic dump --ki 0
[+] Using AA1 (debit) key[0] AE A6 84 A6 DA B2 32 78
[=] Card has at least 2 application areas. AA1 limit 18 (0x12) AA2 limit 31 (0x1F)
.
[!!] failed to communicate with card
[usb] pm3 →
[usb] pm3 → auto
[=] lf search
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[=]
[/]Searching for COTAG tag…
[-] No data found!
[?] Maybe not an LF tag?
[=] hf search
Searching for iCLASS / PicoPass tag…
[+] iCLASS / Picopass CSN: 2D B8 BC 10 FE FF 12 E0
[+] Valid iCLASS tag / PicoPass tag found
[usb] pm3 →
well there we go, it’s an SE credential which means it has keys that aren’t publicaly disclosed and not available to the proxmark. you can’t dump it because you don’t have the key. you’ll need a weaponised reader to be able to clone this.
When you say “SE credential” - how do you know that?
What is a “weaponised reader” and can the Proxmark3 be turned into one?
It’s kind of like this
in your output. the SE is the next generation after legacy and doesn’t share the keys
a weaponised reader is using an official hid multiclass reader with an esp interceptor to sniff the raw wiegand data of the card and downgrade it onto an iclass legacy. and no the proxmark can’t do that alone it needs the reader
Okay, so from that article, it sounds like I just need to:
I don’t think so. I’m pretty sure the article is referencing old iClass… It was just an example of what might need to happen to get the keys for an SE card… I don’t know the specifics for the new secure version of iClass
How can you tell if it’s a new secure version of iClass vs. an old iClass?
in your output it says the credential type. it says iclass SE
a weaponised reader is a HID multiclass reader that you wire an esp wiegand interceptor into. you can buy these or make them (can’t remember if omni key works for this tbh) you can then take the information from your exposed iclass SE and put it on an iclass legacy
where can I get an
HID multi-class reader
and an
esp wiegand interceptor
at? Are these
iClass legacy cards?
yep those are the correct blank cards
you can get a hid multiclass se RP10 for less than 40$ on ebay and the esp you’re looking for is called an ESPKEY Wiegand interceptor
I can’t find an RP10 for less than $50
I see the ESPY Wiegand interceptor here: