I’d recommend this one: iCLASS RFID Card
2 Likes
Just so i am clear on what you are suggesting, i should get this card and try it to see if it works and if it does then the implant should work?
Yes. It might be helpful if you share the full dump of the contents of the card. If blocks 5 and 6 are the primary blocks with data, you’re likely to have a better time with this project.
Also, any chance you can share anything about the readers? If your college and my college use a similar system of readers I’ll be more able to help out here.
2 Likes
Did you check if it was a dual system with a LF and a HF component, that’s what my card is it uses prox and a HF iClass component, but they only use the prox component
Whenever i use the auto command for the proxmark it comes up with HF only
Good news is it looks like you don’t have SE blocks. I don’t have a lot of experience with pivCLASS readers, though based on the name I’m assuming it’s a multiclass reader that reads iClass and ProxPass cards. Supposedly ProxPass can be cloned to the 125Khz side of the NeXT or an xEM.
More info here.
If all the passes are pivClass, I’d fathom a guess that they’ll all accept a flexClass. I’d still get a blank iClass card to check. Better safe than sorry.
Also, those systems are super out of date. You might want to check with your ID office to make sure that they’re not planning on changing/upgrading their systems in the near future. (Sidenote: this is sadly from experience. My flexClass has failed and I still need to get it removed. I also found out the school is moving to an ID system that’s on our phones. Which I have many ranty thoughts about, but that’s for another time, not even including the fact that my flexClass will be useless next year anyways. Sigh. Learn from my mistakes.)
1 Like
I went ahead and already ordered the blank IClass Card, I realize now I did not include that the card is an IClass DP. I am definitely going to go ahead and speak with the head security dude here and find out if they are planning on changing it. If it turns out that I could use a NeXT implant, besides wait time is there any other benefits over the FlexClass?
Thank you for all your help
I’m not clear on the difference between the DP and the DY (which is what I have).
In terms of NeXT, having the NTAG216 module will let you have a chip that will interact with phones/etc. It’s generally a good all-around chip to start with. flexClass will only work with non-SE iClass readers, but should really well.
Ah I understand
Alright, got the card in the mail today and tried to follow the link above to clone it, what am i doing wrong?
[usb] pm3 --> hf ic dump --ki 0
[+] Using AA1 (debit) key[0] AE A6 84 A6 DA B2 32 78
[=] Card has at least 2 application areas. AA1 limit 18 (0x12) AA2 limit 31 (0x1F)
.
[=] -------------------------- Tag memory ---------------------------
[=] block# | data | ascii |lck| info
[=] ---------+-------------------------+----------+---+--------------
[=] 0/0x00 | B1 1B 76 13 FE FF 12 E0 | ..v..... | | CSN
[=] 1/0x01 | 12 FF FF FF 7F 1F FF 3C | .......< | | Config
[=] 2/0x02 | FF FF FF FF 57 FF FF FF | ....W... | | E-purse
[=] 3/0x03 | 90 6C 6E 17 A5 64 09 B5 | .ln..d.. | | Debit
[=] 4/0x04 | FF FF FF FF FF FF FF FF | ........ | | Credit
[=] 5/0x05 | FF FF FF FF FF FF FF FF | ........ | | AIA
[=] 6/0x06 | 03 03 03 03 00 03 E0 17 | ........ | | User
[=] 7/0x07 | 7B 0B 28 E0 76 12 FD A6 | {.(.v... | | User
[=] 8/0x08 | 2A D4 C8 21 1F 99 68 71 | *..!..hq | | User
[=] 9/0x09 | 2A D4 C8 21 1F 99 68 71 | *..!..hq | | User
[=] 10/0x0A | FF FF FF FF FF FF FF FF | ........ | | User
[=] 11/0x0B | FF FF FF FF FF FF FF FF | ........ | | User
[=] 12/0x0C | FF FF FF FF FF FF FF FF | ........ | | User
[=] 13/0x0D | FF FF FF FF FF FF FF FF | ........ | | User
[=] 14/0x0E | FF FF FF FF FF FF FF FF | ........ | | User
[=] 15/0x0F | FF FF FF FF FF FF FF FF | ........ | | User
[=] 16/0x10 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 17/0x11 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 18/0x12 | FF FF FF FF FF FF FF FF | ........ | | User
[=] ---------+-------------------------+----------+---+--------------
[+] saving dump file - 19 blocks read
[+] saved 152 bytes to binary file hf-iclass-B11B7613FEFF12E0-dump-4.bin
[+] saved 19 blocks to text file hf-iclass-B11B7613FEFF12E0-dump-4.eml
[+] saved to json file hf-iclass-B11B7613FEFF12E0-dump-4.json
[?] Try `hf iclass decrypt -f` to decrypt dump file
[?] Try `hf iclass view -f` to view dump file
[usb] pm3 --> hf ic wrbl --ki 0 -b 6 -d 030303030003E017
[+] Using key[0] AE A6 84 A6 DA B2 32 78
[-] ⛔ Writing failed
Sorry won’t let me upload a photo 
I just upped your user level, give it another shot.
Try changing what —ki You’re using. It’s possible the redteamtools card uses another default key to write.
In fact try scanning the blank card and see what key you get that returns successfully.
Took a shot and did --ki 2, came up with this, (sorry photos dont like me today)
[usb] pm3 --> hf ic dump --ki 2
[+] Using AA1 (debit) key[2] F0 E1 D2 C3 B4 A5 96 87
[!] ⚠️ AA1 config is >= card size, using card size as AA1 limit
[=] Card has 1 application area. AA1 limit 31 (0x1F)
.
[=] -------------------------- Tag memory ---------------------------
[=] block# | data | ascii |lck| info
[=] ---------+-------------------------+----------+---+--------------
[=] 0/0x00 | 8B 7F 83 01 F8 FF 12 E0 | ........ | | CSN
[=] 1/0x01 | FF FF FF FF 7F 1F FF BC | ........ | | Config
[=] 2/0x02 | FE FF FF FF FF FF FF FF | ........ | | E-purse
[=] 3/0x03 | BF FE 4B BB 6A 05 EE 18 | ..K.j... | | Debit
[=] 4/0x04 | FF FF FF FF FF FF FF FF | ........ | | Credit
[=] 5/0x05 | FF FF FF FF FF FF FF FF | ........ | | AIA
[=] 6/0x06 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 7/0x07 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 8/0x08 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 9/0x09 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 10/0x0A | FF FF FF FF FF FF FF FF | ........ | | User
[=] 11/0x0B | FF FF FF FF FF FF FF FF | ........ | | User
[=] 12/0x0C | FF FF FF FF FF FF FF FF | ........ | | User
[=] 13/0x0D | FF FF FF FF FF FF FF FF | ........ | | User
[=] 14/0x0E | FF FF FF FF FF FF FF FF | ........ | | User
[=] 15/0x0F | FF FF FF FF FF FF FF FF | ........ | | User
[=] 16/0x10 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 17/0x11 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 18/0x12 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 19/0x13 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 20/0x14 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 21/0x15 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 22/0x16 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 23/0x17 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 24/0x18 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 25/0x19 | FF FF FF FF FF FF FF FF | ........ | | User
[=] 26/0x1A | FF FF FF FF FF FF FF FF | ........ | | User
[=] 27/0x1B | FF FF FF FF FF FF FF FF | ........ | | User
[=] 28/0x1C | FF FF FF FF FF FF FF FF | ........ | | User
[=] 29/0x1D | FF FF FF FF FF FF FF FF | ........ | | User
[=] 30/0x1E | FF FF FF FF FF FF FF FF | ........ | | User
[=] 31/0x1F | FF FF FF FF FF FF FF FF | ........ | | User
[=] ---------+-------------------------+----------+---+--------------
[+] saving dump file - 32 blocks read
[+] saved 256 bytes to binary file hf-iclass-8B7F8301F8FF12E0-dump.bin
[+] saved 32 blocks to text file hf-iclass-8B7F8301F8FF12E0-dump.eml
[+] saved to json file hf-iclass-8B7F8301F8FF12E0-dump.json
[?] Try `hf iclass decrypt -f` to decrypt dump file
[?] Try `hf iclass view -f` to view dump file
Okay, you’ll need to use key 2 in the cloning process. The command should look something like this:
hf ic wrbl --ki 2 -b 6 -d {data}
Also, it looks like you don’t have a card that’s set up as SE. That’s good!
alright so i used key 2 to write blocks 6 and 7, went to go try the card and it did not work, but now when i try to create a dump file to verify the block contents it comes up with this,
[usb] pm3 --> hf ic dump --ki 2
[+] Using AA1 (debit) key[2] F0 E1 D2 C3 B4 A5 96 87
[=] Card has at least 2 application areas. AA1 limit 18 (0x12) AA2 limit 31 (0x1F)
.
[!!] 🚨 failed to communicate with card
That’s… not good. Can you confirm that the pm3 will still read another card? Does it work with any other keys?
The proxmark still works fine with the tester cards as well as my id