13.56 Mhz HID iCLASS, Corp1000 Wiegand format cards

Can flipper read or emulate HID iCLASS and Corp1000 cards? They are 13.56mhz. I attempted to read several using the NFC app on flipper and none of them were readable.

I have a Keyscan 1K card that I was able to successfully read with NFC, but when emulating the card, my reader does not detect flipper.


Re iClass:

The flipper firmware can’t do it yet, but it should be doable, looks like proxmark3 can: https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/cheatsheet.md#iCLASS My iClass cards show up in the flipper as generic ISO 14443A cards, so it should be a matter of adding HID’s protocol.

Note that this is just for legacy iClass (not iClass Seos or iClass SE, which have actual encryption)


Work in progress: https://twitter.com/aguynamedbettse/status/1529170304601206784


@bettse hi, this feature is very usefull for me, can you share plugin or more info about this, please?

Maybe I wrote in wrong class. Most of my cards is HID iClass DL

It is in the official firmware repo, but not enabled by default due to size problems. This is the command to compile the firmware yourself with the picopass plugin enabled: https://github.com/flipperdevices/flipperzero-firmware/pull/1298#issuecomment-1172697057

1 Like

Are there plans to enable this in the near future?

The picopass tool can detect my card, but says “Read Failed”, “SE Detected.”
Looks like it’s either not quite ready or it’s not yet possible for some of these iClass cards.

1 Like

the new picopass can detect and read my HID iclass DL card now, but doesn’t emulate it. It can only write it? I dont get it

I am a little confused, too. Is there any way to emulate the card once it is read?

bettse, can the cards be emulated, or just read and programmed?

Picopass will not emulate. I’m not sure if maybe in the future it will but currently you can just read then write.

I tested this with 2 iclass gp cards running 72bit wiegand. 1 blank and the other encoded with my badge number and bioscrypt.

I was able to partially encode the card. My badge number came over and will work just fine on non biometric readers, but my fingerprint did not carry over unfortunately.

I tried running picopass in the application folder. I have an iClass HID DP. No joy. The flipper got stuck in the reading mode. I had to reboot it.

I have an HID CP1000 encoder at work with all of the test cards, I’ll bring my flipper with me and try them out.

The only card I’ve been unsuccessful so far with is an HID 0009p

1 Like

I’m very new to this. All our iClass SEOS HID cards read–these are 13.xx MHz devices–I get consistent unique hex strings. What they don’t do is emulate, and I’m not sure if that would ever be possible.

The number on the cards we use is HID Seos iCLASS Px ID9P

Depends on what your card readers are actually set to accept. That card you have is HID’s top of the line PAC system, it can do basic unencrypted keys (which the picopass app can read), HID’s iClass system (which hasn’t been fully broken), and HID’s Seos system, which AFAIK, doesn’t have any public attacks against it at all. A single Seos card can run all the kinds of keys at the same time

Still says that zaw