2021-12-31 18:04:05 +08:00
# Notes about the LOCLASS attack
< a id = "top" > < / a >
# Table of Contents
- [Notes about the LOCLASS attack ](#notes-about-the-loclass-attack )
- [Table of Contents ](#table-of-contents )
- [Unit testing ](#unit-testing )
2019-08-30 14:51:31 +08:00
2019-08-30 14:57:04 +08:00
This document is primarily intended for understanding `hf iclass loclass` and files used with it.
2019-08-30 14:51:31 +08:00
2020-10-23 07:24:54 +08:00
LOCLASS aim is to recover the used masterkey for that specific reader configured in Elite mode / High Security mode.
2019-08-30 14:51:31 +08:00
2020-11-28 10:22:23 +08:00
LOCLASS, is a two part attack. First is the online part where you gather needed information from the reader by presenting a carefully selected CSN and save the responses to file. For the first part you run `hf iclass sim -t 2` and take notice of the saved filename.
2019-08-30 14:51:31 +08:00
The second part is offline, where the information gathered from the first step is used in a series of DES operations to figure out the used
2019-08-30 14:57:04 +08:00
masterkey.
2020-11-02 10:02:51 +08:00
run `hf iclass loclass -f abc.bin`
2019-08-30 14:51:31 +08:00
If you don't have access to a iClass SE reader configured in Elite mode there is a test file which you can use.
2020-11-02 10:02:51 +08:00
`hf iclass loclass -f iclass_dump.bin`
2019-08-30 14:51:31 +08:00
# Unit testing
2021-12-31 18:04:05 +08:00
^[Top](#top)
2019-08-30 14:57:04 +08:00
In order to verify that loclass is actually working, there is a "unit" test mode.
2020-11-02 10:02:51 +08:00
run `hf iclass loclass --test` .
2019-08-30 14:57:04 +08:00
2019-08-30 14:51:31 +08:00
This test mode uses two files.
2019-08-30 14:57:04 +08:00
- `iclass_dump.bin`
2020-11-28 10:22:23 +08:00
this is a sample file from `hf iclass sim -t 2` , with complete keytable recovery, using 128 carefully selected CSN and the file contains the MAC results from reader.
2019-08-30 14:57:04 +08:00
- `iclass_key.bin`
2020-10-23 07:24:54 +08:00
this is file shall contain the legacy masterkey, AA1 key. loclass uses it to verify that permutation / reversing / generation of key is correct.