Heart of Darkness-exploring the uncharted backwaters of HID iCLASS

This paper provides detailed information on iCLASSTMreader and key security. It explains the security problems found without revealing the extracted secret keys (DES authentication Key and the 3DES data encryption key for iCLASSTMStandard Security cards). The chosen approach of not releasing the encryption and authentication keys gives iCLASS vendors and customers an important headstart to update readers and cards to High Security mode in order to stop attackers from forging, reading and cloning iCLASS Standard Security cards. This paper also explains, how Standard Security and High Security keys were extracted from a RW400 reader without leaving visible traces.