Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2019-04-13 09:43:24

kon_or
Contributor
Registered: 2019-04-12
Posts: 2

Cannot calcualte the master key

I successfully ran a reader attack

pm3 --> hf iclass sim 2
[=] Starting iCLASS sim 2 attack (elite mode)          
[=] press keyboard to cancel          
#db# [+] going into attack mode, 9 CSNS sent          
#db# [+] CSN: 01 .... e0 OK          
#db# [+] CSN: 0c .... e0 OK          
#db# [+] CSN: 10 .... e0 OK          
#db# [+] CSN: 13 .... e0 OK          
#db# [+] CSN: 07 .... e0 OK          
#db# [+] CSN: 14 .... e0 OK          
#db# [+] CSN: 17 .... e0 OK          
#db# [+] CSN: ce .... e0 OK          
#db# [+] CSN: d2 .... e0 OK          
[+] 9 out of 9 MAC obtained [OK]          
[+] saved 216 bytes to binary file iclass_mac_attack-1.bin

when I try to use the dump to calculate the master key I get the following error

pm3 --> hf iclass loclass f iclass_mac_attack-1.bin 
----------------------------          
[=] Bruteforcing byte 1          
[=] Bruteforcing byte 0          
[=] Bruteforcing byte 69   
.... 
[!] Failed to recover 3 bytes using the following CSN          
[!] CSN = d25a82f8f7ff12e0          
[+] time: 350 seconds          
[!] error, we are missing byte 0, custom key calculation will fail...          
[!] error, we are missing byte 1, custom key calculation will fail...          
[!] error, we are missing byte 2, custom key calculation will fail...          
[!] error, we are missing byte 3, custom key calculation will fail...          
[!] error, we are missing byte 4, custom key calculation will fail...          
[!] error, we are missing byte 5, custom key calculation will fail...          
[!] error, we are missing byte 6, custom key calculation will fail...          
[!] error, we are missing byte 7, custom key calculation will fail...          
[!] error, we are missing byte 8, custom key calculation will fail...          
[!] error, we are missing byte 9, custom key calculation will fail...          
[!] error, we are missing byte 10, custom key calculation will fail...          
[!] error, we are missing byte 11, custom key calculation will fail...          
[!] error, we are missing byte 12, custom key calculation will fail...          
[!] error, we are missing byte 13, custom key calculation will fail...          
[!] error, we are missing byte 14, custom key calculation will fail...          
[!] error, we are missing byte 15, custom key calculation will fail...          

          
[+] -- High security custom key (Kcus) --          
[+] Standard format    = da28787db0ff2150          
[+] iClass format      = 31ad7ebd2f282168          
[!] Failed to verify calculated master key (k_cus)! Something is wrong.  

Am i missing a something or what is the best way to diagnose the reason it fails?

Offline

#2 2019-04-14 00:13:16

carl55
Contributor
From: Colorado USA
Registered: 2010-07-04
Posts: 155

Re: Cannot calcualte the master key

The most likely explanation for your problem is that you are attempting to retrieve the high security authentication key from an iCLASS SE reader.
The loclass function does not work with the newer "iClass SE" readers unless they explicitly support the use of legacy credentials.

If you look at the diversified key algorithms in the HID charts below you will see that there are various hashing algorithms involved when calculating the diversified key used in the authentication process. It is theorized that HID has modified one or more of these hashing algorithms for iClass SE. Until more details are uncovered, the loclass function can only be used reliably with readers that support legacy credentials.


iClass High Security Algorithm

iClass Standard Security Algorithm

Offline

#3 2019-04-14 06:19:15

iceman
Administrator
Registered: 2013-04-25
Posts: 5,495
Website

Re: Cannot calcualte the master key

Welcome back @carl55,   I been missing you!


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

Board footer

Powered by FluxBB