Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi,
I am trying to read write an iclass bosch 16k access sticker (they read as genuine hid iclass from the CSN) that has not been configured. I have been trying to r/w to block 7 but nothing seems to work. I have tried the default pico pass keys and HID keys (see below) but get a 'failed to obtain CC! Tag-select is aborting.' error.
Can someone point out what I am missing?
thanks
pm3 --> hf search u
[!] timeout while waiting for reply.
CSN: xx xx xx 00 FB FF 12 E0
CC: FE FF FF FF FF FF FF FF
[+] Mode: Personalization [Programmable]
Coding: ISO 14443-2 B/ISO 15693
[+] Crypt: Secured page, keys not locked
[!] RA: Read access not enabled
Mem: 32 KBits/3 App Areas (255 * 8 bytes) [FF]
AA1: blocks 06-FF
AA2: blocks 100-FF
OTP: 0xFFFF
KeyAccess:
Read A - Kd
Read B - Kc
Write A - Kd
Write B - Kc
Debit - Kd or Kc
Credit - Kc
App IA: FF FF FF FF FF FF FF FF
[+] : Possible iClass (legacy tag)
[+] Valid iClass Tag (or PicoPass Tag) Found
pm3 --> hf iclass readblk b 07 k AFA785A7DAB33378
[-] failed to obtain CC! Tag-select is aborting... (0)
pm3 --> hf iclass readblk b 07 k 2E12CCD2F662BE76
[-] failed to obtain CC! Tag-select is aborting... (0)
pm3 --> hf iclass readblk b 07 k 5cbcf1da45d5fb4f
[-] failed to obtain CC! Tag-select is aborting... (0)
pm3 -->
Last edited by addy (2019-10-18 07:06:49)
picky position with tag and antenna. try different ones until you get the sweetspot
played around with tons of positions without any luck. Thinking maybe the keys I am using are not correct.
Is there a way to verify this?
solved. was using the wrong key. but new problem found...
after I got in the card I wrote to block 0. The Keys I have no longer work
pm3 -->
pm3 --> hf search
[!] timeout while waiting for reply.
CSN: 86 2F 2B 00 FB FF 12 E0
CC: FF FF FF FF 4D F7 FF FF
[+] Mode: Personalization [Programmable]
Coding: ISO 14443-2 B/ISO 15693
[+] Crypt: Secured page, keys not locked
[!] RA: Read access not enabled
Mem: 32 KBits/3 App Areas (255 * 8 bytes) [FF]
AA1: blocks 06-FF
AA2: blocks 100-FF
OTP: 0xFFFF
KeyAccess:
Read A - Kd
Read B - Kc
Write A - Kd
Write B - Kc
Debit - Kd or Kc
Credit - Kc
App IA: FF FF FF FF FF FF FF FF
[+] : Possible iClass (legacy tag)
[+] Valid iClass Tag (or PicoPass Tag) Found
pm3 --> hf iclass dump k F0E1D2C3B4A59687 v
[-] failed to obtain CC! Tag-select is aborting... (0)
[-] selecting tag failed
[+] retry to select card
[+] CSN | 86 2F 2B 00 FB FF 12 E0
[+] CCNR | FF FF FF FF 4D F7 FF FF
[+] authing with diversified key: AE 82 7C A9 47 51 3F 8A
[-] authentication error
[!] failed authenticating with debit key
pm3 -->
I wrote the following to block 1
hf iclass writeblk b 01 d 12FFFFFF7F1FFF3C k F0E1D2C3B4A59687
Question:
How do I calculate the correct new key?
Last edited by addy (2019-10-19 05:11:56)