Updated: January 2025
Current command:
hf iclass legrec --help
Attempts to recover the diversified key of a specific iClass card. This may take a long time. The Card must remain be on the PM3 antenna during the whole process! This process may brick the card! usage: hf iclass legrec [--allnight] options: -h, --help This help --macs <hex> AA1 Authentication MACs --index <dec> Where to start from to retrieve the key, default 0 --loop <dec> The number of key retrieval cycles to perform, max 10000, default 100 --debug Re-enables tracing for debugging. Limits cycles to 1. --notest Perform real writes on the card! --allnight Loops the loop for 10 times, recommended loop value of 5000. --est Estimates the key updates based on the card's CSN assuming standard key. examples/notes: hf iclass legrec --macs 0000000089cb984b hf iclass legrec --macs 0000000089cb984b --index 0 --loop 100 --notest