hashcat Forum
iClass request - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: iClass request (/thread-8157.html)



iClass request - iceman - 02-15-2019

Some ppl has been asking about this and my own curiousity has been there since I implemented a naive dictionary implentation for the proxmark3 client.
There are different attacks already for different parts,  but given a sniffed trace of authentication

A hashcat implementation would be good for the scenario of custom keys.  

What is it?

iClass crypto

- triple des
- three hash diversifications  (hash-0 , hash-1, hash-2) for two modes.  legacy standard / elite (high)
- a twist of the des key aswell.  all parity is in last byte instead of MSB

Possible ideas for Hashcat would be a dictionary or bruteforce mode.

http://www.icedev.se/proxmark3/proxclone.com/Covert_Approach_to_Recovering_iClass_HSKeys.pdf

Documents.
http://www.proxmark.org/files/proxclone.com/


RE: iClass request - atom - 02-15-2019

Can you be more specific which type of computation is needed?


RE: iClass request - thesle3p - 03-13-2019

I would really love to see this happen, would make cracking Iclass Elite keys much more viable.


RE: iClass request - atom - 03-14-2019

I'd be happy to add this to hashcat. Just need the details.


RE: iClass request - royce - 03-16-2019

https://www.cs.bham.ac.uk/~garciaf/publications/dismantling.iClass.pdf