Offensive Security Tool: Proxmark3

by | Apr 8, 2022 | Tools

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 4 Minutes

Offensive Security Tool: Proxmark3

GitHub Link

 

 

Iceman – Proxmark3 a RFID / NFC project

The Proxmark3 by RfidResearchGroup, is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.

Basically, if you are on the go and want to perform mobile penetration testing for RFIDs, this code will let you achieve multiple attack scenarios without a machine. It is Powerful, Portable, Wireless and can let you Clone / Crack / Sniff / Emulate on the go.

 

Proxmark3 Installation and Overview

 

InstallationUse of the Proxmark3
Linux – Setup and BuildCompilation Instructions
Linux – Important notes on ModemManagerValidating Proxmark3 Client Functionality
Mac OS X – Homebrew & Upgrading HomeBrew Tap FormulaFirst Use and Verification
Mac OS X – MacPortsCommands & Features
Mac OS X – Setup and Build 
Windows – Setup and Build 
Termux / Android – Setup and Build 
Blue Shark ManualCommand Cheat Sheet
Advanced Compilation ParametersMore Cheat Sheets
TroubleshootingComplete Client Command Set
JTAGT5577 Introduction Guide

 

Notes / helpful documents

 

Notes  
Notes on UARTNotes on Termux / AndroidNotes on paths
Notes on frame formatNotes on tracelog / wiresharkNotes on EMV
Notes on external flashNotes on loclassNotes on Coverity Scan Config & Run
Notes on file formats used with Proxmark3Notes on MFU binary formatNotes on FPGA & ARM
Developing standalone modeWiki about standalone modeNotes on Magic UID cards
Notes on Color usageMakefile vs CMakeNotes on Cloner guns
Notes on cliparser usageNotes on clocksNotes on MIFARE DESFire
Notes on CIPURSE 

 

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

How to build?

 

Proxmark3 RDV4

See the instruction links in the tables above to build, flash and run for your Proxmark3 RDV4 device.

Generic Proxmark3 platforms

In order to build this repo for generic Proxmark3 platforms you have to read Advanced compilation parameters

 

They define generic Proxmark3 platforms as following devices.

Supported

  • RDV1, RDV2, RDV3 easy
  • Ryscorp green PCB version
  • Radiowar black PCB version
  • numerous Chinese adapted versions of the RDV3 easy (kkmoon, PiSwords etc)

 

Not supported

  • ⚠ Proxmark Evolution (EVO)
    • Note: unknown pin assignments.
  • ⚠ Ryscorp Proxmark3 Pro
    • Note: device has different fpga and unknown pin assignments.
    • Note: Company have disappeared, leaving their customers in the dark.
  • ⚠ iCopy-X
    • Note: experimental support, currently incompatible with iCopy-X GUI as Proxmark client commands are now using cliparser.
    • Note: see also icopyx-community repos for upstream sources, reversed hw etc.
    • Note: Uses DRM to lock down tags, ignores the open source licences. Use on your own risk.

 

Unknown support status

  • ⚠ VX
    • Note: unknown device hw
  • ⚠ Proxmark3 X
    • Note: unknown device hw.

 

256kb flash memory size of generic Proxmark3 platforms

⚠ Note: You need to keep a eye on how large your ARM chip built-in flash memory is. With 512kb you are fine but if its 256kb you need to compile this repo with even less functionality. When running the ./pm3-flash-all you can see which size your device have if you have the bootloader from this repo installed. Otherwise you will find the size reported in the start message when running the Proxmark3 client ./pm3.

 

OBS! Read the 256kb flash memory advisory

 

See Also: Offensive Security Tool: Boomerang

 

What has changed?

Proxmark3 RDV4 hardware modifications:

  • added flash memory 256kb
  • added smart card module
  • added FPC connector for peripherals such as Bluetooth+battery addon
  • improved antennas
    • swappable
    • LF Q factor switch
    • LF 125/134 frequency switch
  • tiny PCB form factor
  • ABS case

This repo vs official Proxmark3 repo:

See the Changelog file which they try to keep updated.

In short this repo gives you a completely different user experience when it comes to Proxmark3.

  • Supports command tab complete
  • Richer CLI with use of colors / emojis
  • Help text system implemented everywhere
  • Hints system
  • User preference settings
  • Extensive testing with continuous integration build systems on Linux, OSX and Windows, and regular usage of static analysis tools like
    • Coverity Scan
    • Cppcheck (v2.6)
    • GCC and Clang aggressive enforcement of diagnostic flags
  • Auto detection of serial ports and seamless integration with Bluetooth addon
  • Reconnect to device from inside client
  • Supports tearoff attacks
  • Supports NFC NDEF type1, type2, type4a, type4b, mifare, barcode
  • Supports pm3 client scripts, lua scripts, python scripts
  • Most comprehensive collection of scripts available
  • Wiegand encoding, decoding.
  • Supports EMV
  • Supports CIPURSE
  • Most standalone modes available with easy compilation
  • Extensive test script for client and external tools
  • Most comprehensive compiled known keys dictionaries
  • Slimed down usb communications with NG-frames
  • The most compiled public known key recovery software
  • The fastest implementations of said software
  • Support multiple fileformats for dump files (BIN/EML/JSON)
  • Interoperability of said fileformats with libnfc, MFC tool app etc
  • Supports more RFID based protocols than ever
  • Easy install for package maintainers, distro maintainers
  • Supports cmake, make
  • Builds without errors or warnings on more OS/platforms than ever
  • Available as package on known distros like Gentoo, Kali, Termux, Macports, Homebrew
  • Much more documentation

 

See Also: Write up: Hacking is an art, and so is subdomain enumeration.

 

 

Supported operative systems

This repo compiles nicely on

 

 

Precompiled binaries

See Proxmark3 precompiled builds

 

Proxmark3 GUI

The official PM3-GUI from Gaucho will not work. Not to mention is quite old and not maintained any longer.

 

 

See Also: Lizard Squad – the infamous hacking group that brought Xbox and PlayStation networks to their knees.


 

Merch

Recent Tools

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This