Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

  • Logged in as ikarus
  • Last visit: Today 11:22:42

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-10-07 13:42:49

jiangyi1985
Contributor
Registered: 2020-08-12
Posts: 6

what should i do after loclass offline crack succeeded?

In order to clone an iClass card, first I did mac attack with

hw stand 2

Then I run loclass offline and got a success result (key replaced with 11121314... due to privacy)

[usb] pm3 --> hf iclass loclass f iclass_mac_attack.bin
...
[+] -- High security custom key (Kcus) --
[+] Standard format  11 12 13 14 15 16 17 18 
[+] iClass format    21 22 23 24 25 26 27 28

[+] Key verified ok!

Question 1:
Which key format should I use for the dump command? The standard format or the iClass format? Is there any other format/permute required? Do I need the 'e' parameter?

//which one to use?
hf iclass dump k 1112131415161718
hf iclass dump k 2122232425262728

//do i need this?
//e            : elite computations applied to key

Question 2:
If I want to use standalone mode, should i replace the aa2_key[] or the legacy_aa1_key[] in the code?

static uint8_t aa2_key[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
static uint8_t legacy_aa1_key[] = {0xAE, 0xA6, 0x84, 0xA6, 0xDA, 0xB2, 0x32, 0x78};

Question 3:
What will happen if standalone mode 3 reader runs with a wrong aa1/aa2 key? Does it save wrong data? How do I know whether it succeeds if I'm not connecting pm3 to my client (cannot see debug info)?

Thanks in advance!

Last edited by jiangyi1985 (2020-10-10 18:20:52)

Offline

Quick reply

Write your message and submit

Board footer

Powered by FluxBB