Some ppl has been asking about this and my own curiousity has been there since I implemented a naive dictionary implentation for the proxmark3 client.
There are different attacks already for different parts, but given a sniffed trace of authentication
A hashcat implementation would be good for the scenario of custom keys.
What is it?
iClass crypto
- triple des
- three hash diversifications (hash-0 , hash-1, hash-2) for two modes. legacy standard / elite (high)
- a twist of the des key aswell. all parity is in last byte instead of MSB
Possible ideas for Hashcat would be a dictionary or bruteforce mode.
http://www.icedev.se/proxmark3/proxclone...HSKeys.pdf
Documents.
http://www.proxmark.org/files/proxclone.com/
There are different attacks already for different parts, but given a sniffed trace of authentication
A hashcat implementation would be good for the scenario of custom keys.
What is it?
iClass crypto
- triple des
- three hash diversifications (hash-0 , hash-1, hash-2) for two modes. legacy standard / elite (high)
- a twist of the des key aswell. all parity is in last byte instead of MSB
Possible ideas for Hashcat would be a dictionary or bruteforce mode.
http://www.icedev.se/proxmark3/proxclone...HSKeys.pdf
Documents.
http://www.proxmark.org/files/proxclone.com/