proxmark3/doc/loclass_notes.md

# About LOCLASS attack

This document is primarily intended for understanding `hf iclass loclass` and files used with it.

LOCLASS aim is to recover the used masterkey for that specific reader configured in Elite mode / High Security mode.

LOCLASS, is a two part attack. First is the online part where you gather needed information from the reader by presenting a carefully selected CSN and save the responses to file.  For the first part you run `hf iclass sim 2` and take notice of the saved filename.

The second part is offline,  where the information gathered from the first step is used in a series of DES operations to figure out the used 
masterkey.
   run `hf iclass loclass -f abc.bin`

If you don't have access to a iClass SE reader configured in Elite mode there is a test file which you can use.
   `hf iclass loclass -f iclass_dump.bin` 


# Unit testing
In order to verify that loclass is actually working, there is a "unit" test mode.
run `hf iclass loclass --test`.

This test mode uses two files. 

- `iclass_dump.bin`
   this is a sample file from `hf iclass sim 2`, with complete keytable recovery, using 128 carefully selected CSN and the file contains the MAC results from reader. 
- `iclass_key.bin`
   this is file shall contain the legacy masterkey, AA1 key. loclass uses it to verify that permutation / reversing / generation of key is correct.
add: updated the loclass document 2019-08-30 14:51:31 +08:00			`# About LOCLASS attack`

textual 2019-08-30 14:57:04 +08:00			This document is primarily intended for understanding `hf iclass loclass` and files used with it.
add: updated the loclass document 2019-08-30 14:51:31 +08:00
typos 2020-10-23 07:24:54 +08:00			`LOCLASS aim is to recover the used masterkey for that specific reader configured in Elite mode / High Security mode.`
add: updated the loclass document 2019-08-30 14:51:31 +08:00
			LOCLASS, is a two part attack. First is the online part where you gather needed information from the reader by presenting a carefully selected CSN and save the responses to file. For the first part you run `hf iclass sim 2` and take notice of the saved filename.

			`The second part is offline, where the information gathered from the first step is used in a series of DES operations to figure out the used`
textual 2019-08-30 14:57:04 +08:00			`masterkey.`
Update references to hf iclass loclass 2020-11-02 10:02:51 +08:00			run `hf iclass loclass -f abc.bin`
add: updated the loclass document 2019-08-30 14:51:31 +08:00
			`If you don't have access to a iClass SE reader configured in Elite mode there is a test file which you can use.`
Update references to hf iclass loclass 2020-11-02 10:02:51 +08:00			`hf iclass loclass -f iclass_dump.bin`
add: updated the loclass document 2019-08-30 14:51:31 +08:00

			`# Unit testing`
textual 2019-08-30 14:57:04 +08:00			`In order to verify that loclass is actually working, there is a "unit" test mode.`
Update references to hf iclass loclass 2020-11-02 10:02:51 +08:00			run `hf iclass loclass --test`.
textual 2019-08-30 14:57:04 +08:00
add: updated the loclass document 2019-08-30 14:51:31 +08:00			`This test mode uses two files.`
textual 2019-08-30 14:57:04 +08:00
			- `iclass_dump.bin`
			this is a sample file from `hf iclass sim 2`, with complete keytable recovery, using 128 carefully selected CSN and the file contains the MAC results from reader.
			- `iclass_key.bin`
typos 2020-10-23 07:24:54 +08:00			`this is file shall contain the legacy masterkey, AA1 key. loclass uses it to verify that permutation / reversing / generation of key is correct.`