Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hello,
I plan to spend an embarrassingly large amount of time recovering the TDES key. <I am told this is more commonly called the HID Transport key>
I am starting this project with near zero knowledge of the relevant things I ought to have knowledge of. Well that's not quite true, but far less than I ought to at any rate.
I see some people have discussed reverse engineering the OmniKEY Firmware to get it, and I can see how that would be easier. I worry, however, that I would be depriving myself of a useful learning opportunity.
Am I being foolish? Should I just save the time, money, and (knowing my dexterity and mindfulness) 2nd degree burns by attacking the firmware?
Thanks in advance for any feedback.
/R
Last edited by Ryston (2019-10-23 18:23:25)
Oh, sorry for the confusion.
No not the key used for authentication through key diversification. It looks like the contents of block |07| is encrypted and contains the facility code + external ID number, and possibly some other data.
I think I am referring to the keys used for this... ya I just re-read the part of heart of darkness describing key extraction and I am now pretty sure those are indeed things.
https://www.openpcd.org/dl/HID-iCLASS-security.pdf
Page Five, Figure 8 shows it as a 16 byte key... I guess perhaps keys would be a more appropriate description. Anyways, it is that which I seek to extract.
It seems logical to me the Omnikey must have it in its firmware as well, which would be easier to get to... but then I would miss the learning experience. Not sure if thats a lesson I'd regret skipping.
Last edited by Ryston (2019-10-22 19:23:05)