Reading Time: 4 Minutes

Offensive Security Tool: Proxmark3

GitHub Link

Iceman – Proxmark3 a RFID / NFC project

The Proxmark3 by RfidResearchGroup, is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.

Basically, if you are on the go and want to perform mobile penetration testing for RFIDs, this code will let you achieve multiple attack scenarios without a machine. It is Powerful, Portable, Wireless and can let you Clone / Crack / Sniff / Emulate on the go.

Proxmark3 Installation and Overview

Notes / helpful documents

See Also: Complete Offensive Security and Ethical Hacking Course

How to build?

Proxmark3 RDV4

See the instruction links in the tables above to build, flash and run for your Proxmark3 RDV4 device.

Generic Proxmark3 platforms

In order to build this repo for generic Proxmark3 platforms you have to read Advanced compilation parameters

They define generic Proxmark3 platforms as following devices.

Supported

• RDV1, RDV2, RDV3 easy
• Ryscorp green PCB version
• Radiowar black PCB version
• numerous Chinese adapted versions of the RDV3 easy (kkmoon, PiSwords etc)

Not supported

• ⚠ Proxmark Evolution (EVO)
  • Note: unknown pin assignments.
• ⚠ Ryscorp Proxmark3 Pro
  • Note: device has different fpga and unknown pin assignments.
  • Note: Company have disappeared, leaving their customers in the dark.
• ⚠ iCopy-X
  • Note: experimental support, currently incompatible with iCopy-X GUI as Proxmark client commands are now using cliparser.
  • Note: see also icopyx-community repos for upstream sources, reversed hw etc.
  • Note: Uses DRM to lock down tags, ignores the open source licences. Use on your own risk.

Unknown support status

• ⚠ VX
  • Note: unknown device hw
• ⚠ Proxmark3 X
  • Note: unknown device hw.

256kb flash memory size of generic Proxmark3 platforms

⚠ Note: You need to keep a eye on how large your ARM chip built-in flash memory is. With 512kb you are fine but if its 256kb you need to compile this repo with even less functionality. When running the ./pm3-flash-all you can see which size your device have if you have the bootloader from this repo installed. Otherwise you will find the size reported in the start message when running the Proxmark3 client ./pm3.

 

OBS! Read the 256kb flash memory advisory

See Also: Offensive Security Tool: Boomerang

What has changed?

Proxmark3 RDV4 hardware modifications:

• added flash memory 256kb
• added smart card module
• added FPC connector for peripherals such as Bluetooth+battery addon
• improved antennas
  • swappable
  • LF Q factor switch
  • LF 125/134 frequency switch
• tiny PCB form factor
• ABS case

This repo vs official Proxmark3 repo:

See the Changelog file which they try to keep updated.

In short this repo gives you a completely different user experience when it comes to Proxmark3.

• Supports command tab complete
• Richer CLI with use of colors / emojis
• Help text system implemented everywhere
• Hints system
• User preference settings
• Extensive testing with continuous integration build systems on Linux, OSX and Windows, and regular usage of static analysis tools like
  • Coverity Scan
  • Cppcheck (v2.6)
  • GCC and Clang aggressive enforcement of diagnostic flags
• Auto detection of serial ports and seamless integration with Bluetooth addon
• Reconnect to device from inside client
• Supports tearoff attacks
• Supports NFC NDEF type1, type2, type4a, type4b, mifare, barcode
• Supports pm3 client scripts, lua scripts, python scripts
• Most comprehensive collection of scripts available
• Wiegand encoding, decoding.
• Supports EMV
• Supports CIPURSE
• Most standalone modes available with easy compilation
• Extensive test script for client and external tools
• Most comprehensive compiled known keys dictionaries
• Slimed down usb communications with NG-frames
• The most compiled public known key recovery software
• The fastest implementations of said software
• Support multiple fileformats for dump files (BIN/EML/JSON)
• Interoperability of said fileformats with libnfc, MFC tool app etc
• Supports more RFID based protocols than ever
• Easy install for package maintainers, distro maintainers
• Supports cmake, make
• Builds without errors or warnings on more OS/platforms than ever
• Available as package on known distros like Gentoo, Kali, Termux, Macports, Homebrew
• Much more documentation

See Also: Write up: Hacking is an art, and so is subdomain enumeration.

Supported operative systems

This repo compiles nicely on

• WSL1 on Windows 10
• Proxspace environment release v3.10
• Windows/MinGW environment
• Ubuntu, ParrotOS, Gentoo, Pentoo, Kali, NetHunter, Arch Linux, Fedora, Debian, Raspbian
• Android / Termux
• Mac OS X / Homebrew (or MacPorts, experimental) / Apple Silicon M1
• Docker container
  • Iceman repo based ubuntu 18.04 container
  • Iceman fork based container v1.7

Precompiled binaries

See Proxmark3 precompiled builds

Proxmark3 GUI

The official PM3-GUI from Gaucho will not work. Not to mention is quite old and not maintained any longer.

• Proxmark3 Universal GUI will work more or less.
• Proxmark3 GUI cross-compiled which is recently updated and claims to support latest source of this repo.
• Proxmark3_GUI simple gui in vb.net

See Also: Lizard Squad – the infamous hacking group that brought Xbox and PlayStation networks to their knees.