From 53734767f14e9d7962ddbed7a7a8f6e0f0875148 Mon Sep 17 00:00:00 2001 From: Eric Betts Date: Thu, 20 Jun 2024 18:58:44 -0700 Subject: [PATCH] Add to readme --- .catalog/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.catalog/README.md b/.catalog/README.md index 82fed0e2079..1df70aa5139 100644 --- a/.catalog/README.md +++ b/.catalog/README.md @@ -64,3 +64,9 @@ Due to the nature of how secure picopass works, it is possible to emulate some p 3. Card will authenticate and read 4. Suggested to both "Save" the card and "Save as Seader" + +# Elite Keygen Attack + +Background: https://youtu.be/MKSXSKQHz6o?si=DEKkW60x858pUI0a&t=600 + +The keys used for early Elite systems used the VB6 (yes, as in Visual Basic) RNG to generate the keys. This attack uses the known VB6 RNG to generate the keys. This attack is only useful for early Elite systems, as later systems are keyed in some other manor. Since this can generate an insanely large number of values (and eventually loop), by default it is limited to the first 2000 keys. Please provide feedback if you would like this increased. Also, the leaked iCopyX dictionary included 700ish of these, so the first 700 are redundant to the System Elite Dictionary attack run during "Read". This attack is not useful for iClass SE systems.