Hey. So moving on with my research…
Attempt To Dump The Whole Card To Memory:
Using the ‘dump’ command instructs the ProxMark3 to read all the card data and save that data to file (both a .bin and .json file). To do this, an 8 byte hexadecimal key is required. The software already comes with a set of keys that can be viewed with the following command.
command: hf iclass managekeys -p
[=] idx| key
[=] ---+------------------------
[=] 0 | AE A6 84 A6 DA B2 32 78
[=] 1 | FD CB 5A 52 EA 8F 30 90
[=] 2 | F0 E1 D2 C3 B4 A5 96 87
[=] 3 | 76 65 54 43 32 21 10 00
[=] 4 |
[=] 5 |
[=] 6 |
[=] 7 |
[=] ---+------------------------Adding the ‘ki’ parameter with a number at the end (‘2’ for example) instructs the ‘dump’ command to use the corresponding key, and attempt to access the card.
command: hf iclass dump --ki 0
command: hf iclass dump --ki 1
command: hf iclass dump --ki 2
command: hf iclass dump --ki 3
What I’m not sure on:
- What are these keys?
- Where did they come from?
- How are they used by the ProxMark3 to access the card?
Is there a paper somewhere that explains this?