Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-01-25 06:12:50

Omikron
Contributor
Registered: 2010-02-12
Posts: 78

loclass Difficulties

For the life of me I cannot seem to figure out what is going on here.

No matter what format I try to store the key in, running "hf iclass loclass t" to run a self-test results in a message that says the master key is not found.  I've done some searching and digging and found no good documentation regarding this.  I've glanced at the relevant source and have been unable to figure out what's going on.

Can anyone provide some notes as to where it is expecting to find the key file, and what format said key file is supposed to be in?

The fact that I used to have it working long ago is even more frustrating.  I lost my dev environment some time ago and in the process of rebuilding it I cannot seem to get this single feature working.

Offline

#2 2017-01-25 08:11:46

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: loclass Difficulties

Is it an Elite/HighSecurity master key?    hf iclass loclass doesn't work on the leaked legacy master key.

Offline

#3 2017-01-25 14:48:02

Omikron
Contributor
Registered: 2010-02-12
Posts: 78

Re: loclass Difficulties

iceman wrote:

Is it an Elite/HighSecurity master key?    hf iclass loclass doesn't work on the leaked legacy master key.

Of course not.  I'm talking about the file that the legacy master key is supposed to be stored in for loclass, in order to assist cracking of elite keys. :-)

Technically it's not required for cracking every key, but it does seem to be required to crack some keys.

Offline

#4 2017-01-25 15:21:14

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: loclass Difficulties

I think you must have gotten something very wrong.  The only file needed for loclass cmd is the dumpfile with collected nonces/macs. 

hf iclass loclass

Usage: hf iclass loclass [options]          
Options:          
h             Show this help          
t             Perform self-test          
f <filename>  Bruteforce iclass dumpfile          
                   An iclass dumpfile is assumed to consist of an arbitrary number of          
                   malicious CSNs, and their protocol responses          
                   The binary format of the file is expected to be as follows:           
                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>          
                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>          
                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>          
                  ... totalling N*24 bytes          

Offline

#5 2017-01-27 05:45:09

Omikron
Contributor
Registered: 2010-02-12
Posts: 78

Re: loclass Difficulties

iceman wrote:

I think you must have gotten something very wrong.  The only file needed for loclass cmd is the dumpfile with collected nonces/macs.

Nope, nothing very wrong. At best I would concede "potentially wrong".  :-)

proxmark3> hf iclass loclass t
[+] Testing some internals...
    Bitstream test 1 ok
    Bitstream test 2 ok
[+] Testing MAC calculation...
[+] MAC calculation OK!
[+] Checking if the master key is present (iclass_key.bin)...
[+] Master key not present, will not be able to do all testcases
[+] Testing key diversification with non-sensitive keys...
[+] Testing DES encryption
[+] Testing foo

Note that it thinks iclass_key.bin is missing (it is not).  In the past there have been one or two elite keys that I had trouble cracking unless iclass_key.bin was present, but it's been a good amount of time since I had to re-do my dev environment.  I've tried creating iclass_key.bin both as a text file and also as raw hex, and it seems to detect neither correctly.  Documentation for loclass doesn't seem to specify format of this file.  Just reaching out to see if others had notes on it.

Offline

#6 2017-01-27 07:24:08

bsmith
Contributor
Registered: 2016-01-12
Posts: 4

Re: loclass Difficulties

You might want to compare the proxmark's loclass code with the original. There appear to have been some errors in translation between the two.

Offline

#7 2017-01-27 10:53:59

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: loclass Difficulties

Ok,
The self-tests analyses the iclass crypto functions, whereas among others tries to verify with the legacy MCk and to do this reads it from the keyfile you are looking for.  You need to create that file yourself, a normal binary file, with the legacy MCk.
It nothing that is distributed with PM3.

The self-tests have nothing to do with the reader-attack.  The keyfile is not used there. The attack will not "work better" with it,  or not work at all without it.

Offline

Board footer

Powered by FluxBB