Question about CSN

Chigurh · 2015-10-01 20:09:49

I have a sample tag I'm working on which is identified by pm3 as a valid iClass Tag (or PicoPass Tag) but its CSN ends with 00-12-E0 whereas all the documents I've seen (and PM3 source code) refers to CSN ending with FF-12-E0. Can somebody explain what my 00 means and if I should worry ? I cannot access the reader as well with the hf iclass sim commands, all of them being rejected by the reader.

marshmellow · 2015-10-01 20:26:11

is the reader an iclass reader? it looks to me like you have a picopass chip that is not part of the iclass club.

Chigurh · 2015-10-01 20:34:00

I'm not sure, the reader is the one opening the door to my appartment

marshmellow · 2015-10-01 20:37:09

most if not all iclass tags say iclass somewhere on them. (at least in my experience)... if yours doesn't you've probably stumbled upon another company using the picopass chip for door access.

Chigurh · 2015-10-01 20:41:59

Thank you. I've looked at the source code and if I understand correctly it's not handled by pm3 (yet) ?

Chigurh · 2015-10-01 20:43:28

My tag hasn't anything printed on it so you must be right

marshmellow · 2015-10-01 21:23:54

The latest code can do a lot with the picopass/iclass tags, you just need the correct keys to do much.

Chigurh · 2015-10-01 21:28:32

I did try to get the key from an hf iclass sim 2 but it seems to be rejected by the reader, I'm probably doing something wrong.

#db# Going into attack mode, 15 CSNS sent
#db# Simulating CSN 000b0ffff7ff12e0
#db# Unknown command received from reader (len=4): c 2 xx xx ff fe 5f 2 1c
(...)
Mac responses: 0 MACs obtained (should be 15)

carl55 · 2015-10-01 22:38:05

That procedure is only capable of extracting the high security authentication key information from a high security HID iclass reader.
It will NOT extract key information from a standard security iclass reader nor will it extract any key information from a non-iclass reader.
I agree with marshmellow, the CSN of your card indicates that it is using a Picopass chip but it is NOT an iClass card. Depending on the brand of reader your apartment is using it may be simply using the cards CSN value to determine access privileges and may not even be using its smart card capabilities.

Chigurh · 2015-10-01 23:04:07

I have modified the hf sim code to emulate my tag's CSN but I get the same result (unknown command from reader).
Emulating an iclass card in mode 0 with a valid CSN didn't work either but picopass being compatible with iso 14443B and 15693 I will dig into this direction as well.
I'm not aware of the reader model either unfortunately, the only visible mark on the external reader is "Vigik", which is french post office Mifare door security system implemented in most of french buildings.
Thank you both for your help.

Proxmark3 community

Announcement

#1 2015-10-01 20:09:49

Question about CSN

#2 2015-10-01 20:26:11

Re: Question about CSN

#3 2015-10-01 20:34:00

Re: Question about CSN

#4 2015-10-01 20:37:09

Re: Question about CSN

#5 2015-10-01 20:41:59

Re: Question about CSN

#6 2015-10-01 20:43:28

Re: Question about CSN

#7 2015-10-01 21:23:54

Re: Question about CSN

#8 2015-10-01 21:28:32

Re: Question about CSN

#9 2015-10-01 22:38:05

Re: Question about CSN

#10 2015-10-01 23:04:07

Re: Question about CSN

Board footer