Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-09-11 06:54:01

piwi
Contributor
Registered: 2013-06-04
Posts: 704

iCLASS command 0x26 ?

When running 'hf iclass sim 2' against an HID Omnikey 5321V2 reader, I am getting

#db# Unhandled command (len = 5) received from reader: 26 01 00 f6 0a

Does anyone have an idea what the reader command 0x26 is? And what is the expected tag response?

Offline

#2 2019-09-11 07:17:11

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 632

Re: iCLASS command 0x26 ?

Looks like the reader is attempting to access the Application Directory. Length is 01. Data is null. Checksum.
Response should 8 bytes IIRC.

Offline

#3 2019-09-11 13:59:46

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: iCLASS command 0x26 ?

Wouldn't that be achieved by simple read to block 5 (0c 05)?

Offline

#4 2019-09-11 14:15:30

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: iCLASS command 0x26 ?

Is it possible that this is the ISO15693 standard INVENTORY command? Are iCLASS cards supposed to respond to that? Standard answer would be the (non rotated) ID then?

Offline

#5 2019-09-12 01:18:13

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 632

Re: iCLASS command 0x26 ?

piwi wrote:

Wouldn't that be achieved by simple read to block 5 (0c 05)?

It's a command. It exists. ¯\_(ツ)_/¯
All I was looking for was iClass and 0x26. Not much to go on really.

Identify - 0x26 0x01 mask_bit_length
mask_bit_length is typically 0 in this case I think.
This function returns an enum as part of a Find or Anticollision operation.
Should be responding with 12 bytes.
Tx & Rx CRC flags - 06 00?
Protocol - ISO15693 - 01
CSN - 8 bytes.

Offline

Board footer

Powered by FluxBB