Access Control Electronics iClass Software

Odd iClass Quirk: How I resolved it

I realised that recent iClass cards/fobs I purchased had an odd behaviour.

  1. It would be detectable by Proxmark3 as an iClass legacy tag.
  2. However, Proxmark3 refuses to authenticate with the master key.
  3. Switching over to iclassified + OmniKey 5321, it successfully reads and authenticates. (indicating that the fobs appear to use the default HID keys)
  4. Looking at Block 03, it seems to use the default HID auth keys. (which was what I definitely purchased).
Legacy iClass credential using default HID master key but cannot be authenticated by pm3

After some experimentation, and a pile of bricked iClass tags ūüíł , I seemed to have stumbled upon a solution to resurrect these anomalous cards/fobs again.

You will need:

  • Your anomalous iClass credentials
  • A laptop that natively runs proxmark3, AND dual boots to Windows XP with iClassified (NOTE: XP + Omnikey + iClassified combo doesn’t seem to play nice on a VM, I found that only a native environment works. Also, pm3 software does not play well with XP)
  • Proxmark3
  • An original HID iClass USB reader, compatible with iClassified (I used an Omnikey 5321)
Good ol Windows XP.
  1. Since Proxmark3 can read the iClass card/fob’s CSN, calculate a new (different from default) key using calcnewkey.
    [usb] pm3 --> hf iclass calcnewkey o (default HID master key) n (your chosen key)
    [+] Old div key : XX XX XX XX XX XX XX XX
    [+] New div key : XX XX XX XX XX XX XX XX
    [+] Xor div key : XX XX XX XX XX XX XX XX
  2. Get the Xor Div Key, store it somewhere. Need it in a mo.
  3. Reboot to your Windows XP environment.
  4. cd to your iClassified folder, and overwrite Block 03 with the calculated div key:
    iclassified>iclass.exe write 3 (calculated key)
  5. Verify that your card/fob no longer authenticates with the default HID master key.
    iclassified>iclass.exe read
    Error: Authentication failed
  6. Reboot back to your environment with Proxmark3. Verify that you can now read the credential with your chosen key.
    [usb] pm3 --> hf iclass rdbl b 06 k (your chosen key)
    [+] block 06: 00 00 00 00 00 00 FF FF

NOTE: I have noticed that this method seems to have a spotty success rate. Out of the 15 seemingly glitchy iClass cards/fobs I attempted to resurrect, 4 of them were bricked and could not be read with the key I specified. They could also not be read by iClassified+OmniKey.


QuickEntry: A Faster SafeEntry

The in-app pseudobrowser ‘modal-style’.

Update 29 May 2020: I have worked out a workaround. It may not be as neat / ‘app-like’ as an iFrame in a modal (as previously), but it appears to be working on at least Android devices. It involves physically opening the link in a new window, which in an installed PWA should open in an in-app pseudobrowser ‘modal-style’.

Update 28 May 2020: It appears the Safe Entry page has started using ‘X-Frame-Options: sameorigin’. This means that the web page cannot be run within an iFrame as what the PWA has been programmed to do.
Unfortunately, despite best efforts, that could not be bypassed yet due to the way the page was created. Until an API access opens or a new solution is found, Quick Entry is only a pipe dream.
Yes, it should be entirely possible to program as a native Android / iOS app, however that defeats the purpose of programming as a PWA (ie small, light, quick turnaround and universally installable). However, as the app will use a native browser (ie webview/ UIWebView) it should display and enable auto check-in / out without issues.

Try it now:

Quick Entry: Fast and Easy Safe Entry Check Ins

Safe Entry is an admirable concept and generally well designed app. However, accessing it requires manually scanning the QR code each time you wish to enter, or via the Singpass Mobile app (which is poorly designed, half-baked and frustratingly slow). There may be situations where you may not carry along or have easy access to your identification documents (for example, while making a food delivery). With Safe Entry becoming ‘the new normal’ in our lives, I have developed this PWA (Progressive Web App) to cut down to as little taps, loading time or actions required to enter locations as possible. This should significantly reduce the time required to check in to locations, leading to lesser queuing time and a safer environment.

In¬†future,¬†hopefully¬†GovTech¬†may¬†open¬†up¬†partially¬†the¬†API¬†for¬†Safe¬†Entry,¬†and¬†even¬†more¬†automation¬†(eg¬†auto¬†check¬†in¬†/¬†out) or fetching of all Safe Entry locations from the horse’s mouth¬†can¬†be¬†done. (Until then, all Safe Entry locations are relied on crowdsourced QR code scans.)

Key Features of Quick Entry

  • Fast & Light (one of the major aims in developing the Quick Entry app was to remove as many unnecessary taps or loading time as possible)
  • Universally Installable (as it is a progressive web app, almost any OS with a modern web browser can install this app)
  • ‘Nearby¬†Locations’¬†nicely¬†working¬†(vs¬†the half-baked¬†mess as seen on¬†Singpass¬†Mobile)
  • Check in locations grouped by Location
  • Integrated QR Scanner that automatically inserts the check in location into database. (thanks for contributing!)
  • Auto check in / out (will require developing as a native app, or API access to be opened up)

Permissions Required

  • Location (To retrieve your GPS coordinates)
  • Camera (For QR Scanner)

NOTE: This PWA DOES NOT have access to your personal data (e.g NRIC). It is also not possible to access that data as well due to the way modern web browsers are designed.

Performance vs Singpass Mobile

Benchmarks coming soon!