Overview[Updated Apr 2013]
Up until the beginning of June 2011, the majority of my RFID projects have focussed on the 125Khz proximity technology. Since that time I have been working on completing a series of similar projects that are based on the 13.56 Mhz iClass contactless technology manufactured by HID Corporation.
I had originally stayed away from the iClass smartcard technology fearing it would be way too complex for me to be successful with any hacking projects. After all, the technology used Triple DES encryption, mutual authentication and other security enhancing features. However, after reading a paper that was presented at the 27th Chaos Communication Congress (27C3) in Berlin, I realized that there may be legitimate chance that I could develop the ability to clone those cards also. A link to that presentation and paper can be found [here].
My goal was not just to replicate the work that was described in the paper but to carry it a step further by demonstrating the ability to clone or modify any iClass cards regardless of whether they were of the "Standard Security" or "High Security" variety.
The design that I ended up with was based on the use of a HID RW300 iClass Reader/Writer. In effect, I was using HID's own product to help clone the iClass cards.
Due to the amount of information that relates to this project I have elected to generate a paper that summarizes my work. A copy of my complete write-up (in pdf format) can be found [here].
A photo of my completed iClass cloner is shown below.
[October 2011 Update:]
I have recently uncovered an easier way to extract the iClass key information. A short writeup describing the simplified key extraction method can be found [here.]
[January 2013 Update:]
Another method of "Wirelessly" extracting High Security keys from an "Elite" iClass system has been recently discovered. My approach to using this non-intrusive (covert) method can be found in my my most recent paper located [here.]
[April 2013 Update:]
I have recently completed an assessment of the HID bioCLASS line of iClass products. The bioCLASS technology uses fingerprint and PIN capability to add support for two and three factor authentication in the readers. I have written a paper which addresses how much extra security this technology really adds and how it can easily be defeated. The paper can be found [here.]