xNT and HID iClass with Proxmark3


I just picked up an xEM for the future access controls to be installed at work, however at a different work site they utilize HID iClass legacy cards. If it’s feasible, I’d like to get an xNT as well to handle that site.

Aside from going to all the hassle of A) explaining what I’m doing B) explaining the reasoning that I’m doing it C) walk the IT guy through how to do it, how would I go about cloning the iClass?

I’ve done some preliminary research and see that the master key was cracked, but I’m not sure how to go about implementing this without paying $186 to some Chinese company for software to clone from card to xNT.

CSN: Removed
CC: ff ff ff ff bb ff ff ff

Mode: Application [Locked]
Coding: ISO 14443-2 B/ISO 15693
Crypt: Secured page, keys not locked
RA: Read access not enabled
Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
AA1: blocks 06-12
AA2: blocks 13-1F
AppIA: ff ff ff ff ff ff ff ff
: Possible iClass (legacy tag)