Вы находитесь на странице: 1из 16
H T T P : / / P R O X M A R K

H T T P : / / P R O X M A R K 3 . C O M /

H T T P : / / P R O X M A R K 3

Proxmark III User Guide

Copyright © 2008-20014, Rysc Corp.

Table of Contents

Getting Started

1

Pre-Flight Check

3

Client Software

3

Windows 7 Driver Installation

4

Client Running on Linux

8

Client Running on Windows

9

Check Antennas

9

Operating Examples

11

Reading HID Tags

11

Standalone Mode

12

Snooping on MIFARE

13

Support

14

H T T P : / / P R O X M A R K 3 . C O M /

Getting Started

Chapter

1

T he Proxmark III is arguably the most powerful device currently available for researching RFID and Near Field Communication systems. A powerful processor, FPGA, and custom firmware allow it to meet the demanding

communications timing requirements imposed by various RFID systems. The device targets low and high frequency systems operating at 125 kHz, 134 kHz and 13.56 Mhz.

The device was originally developed by Jonathan Westhues and then released under the GPL. It has since been enhanced and discussed by a great community of enthusiasts who can be contacted through http://proxmark.org/. We encourage new users to register with the site and delve into the information available on the forums. There is also a comprehensive manual maintained by the Proxmark community and made available at the link below.

https://github.com/Proxmark/proxmark3/wiki

W

A R N I N G

Bare PCBs are susceptible to Electrostatic Discharge or

“ESD”. Please keep this in mind when handling the bare Proxmark PCB. This warning can be ignored if you operate your Proxmark inside an enclosure.

This guide has been written targeting version 20140401 of the Proxmark firmware and client software. This version number corresponds to the date when the source code was checked out from GitHub. An appropriate versioning scheme has not yet been decided on by the community after switching from Google Code to GitHub.

This guide has been developed for the hardware sold through proxmark3.com. Certain portions of this guide may not apply to hardware supplied by other vendors. If you did not purchase your hardware from proxmark3.com, it is recommended that you use documentation supplied by your vendor.

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

In addition to your Proxmark, at a minimum, you will need a mini USB cable for power and PC communications and either a high or low frequency antenna. Antennas can be made at home or purchased online from http://proxmark3.com/.

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

Pre-Flight Check

Connect your Proxmark to a PC using the mini 5-pin USB cable pictured on the right.

All Proxmark LEDs should turn on and then quickly turn off in turn. If the LEDs stay lit, this may indicate

a problem with your board or that the board has not been programmed correctly.

board or that the board has not been programmed correctly.  N O T E Every

N O T E

Every board obtained from proxmark3.com has been programmed with the latest stable firmware available at the time and rigorously tested to ensure proper functionality prior to shipping.

ClientSoftware

Download the Proxmark client software that corresponds to the version of firmware

running on your board from http://proxmark3.com/dl/pm3-bin-20140401.zip. Using the client software on Windows requires installation of a driver. No driver installation

is required on Linux based machines.

W

A R N I N G

Operating your Proxmark with the wrong client software version will produce unpredictable results and could lead to

damage of the device. The client software does not verify that it is communicating with

a compatible version of firmware.

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

Windows7DriverInstallation

Recent versions of the Proxmark client require the use of a libusb driveron Windows hosts. Perform the following steps to install the driver.

1. Ensure that the Proxmark is connected to a PC via USB and then click Start, right click My Computer and then click Manage.

click Start, right click My Computer and then click Manage. 2. Click Device Manager in the

2. Click Device Manager in the left pane and expand the Other Devices tree on the right. Right click on “Unknown Device” and then click Properties. Verify

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

3.

4.

that the properties of the device match those shown below.

that the properties of the device match those shown below. Exit the properties dialog and right

Exit the properties dialog and right click the device once more. This time select Update Driver Software.

Select “Browse my computer for driver software”.

the device once more. This time select Update Driver Software. Select “ Browse my computer for

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

5.

6.

Click the “Browse my computer for driver software” button. Select the driver folder within the Proxmark client software distribution.

the driver folder within the Proxmark client software distribution. Click “ Install this driver software anyway

Click “Install this driver software anyway”.

the driver folder within the Proxmark client software distribution. Click “ Install this driver software anyway

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

7. If you see the confirmation dialog shown below, your Proxmark driver is now installed!

dialog shown below, your Proxmark driver is now installed! 8. Back in Device Manager, the Unknown

8. Back in Device Manager, the Unknown Device will now show up as a Proxmark3. Take note of the COM port associated with the device (COM3 in

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

the picture below).

© 2 0 0 8 - 2 0 1 4 , R Y S C C

Client Running on Linux

The Proxmark exposes a USB CDC interface to the host machine. On linux, the Proxmark will show up as the device /dev/ttyACM<N>. To launch the client, run

./proxmark3 /dev/ttyACM<N>.

You can inspect the output of the dmesg command to figure out the specific device name.

/dev/ttyACM<N> . You can inspect the output of the dmesg command to figure out the specific

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

Client Running on Windows

With your Proxmark connected via USB, open a command prompt and run win32\proxmark3.exe <COMX>. This should launch the windows client and display a window like the one shown below. Enter the hw version command to see what version of firmware is running.

version command to see what version of firmware is running. From this point a variety of

From this point a variety of commands can be entered. To see a list of commands type help.

Check Antennas

With your Proxmark connected to a PC and the client running, connect your LF antenna to the Proxmark using the smaller 4-pin USB cable supplied. Issue the „hw tune‟ command and check that the voltage returned is at least 12V (for 125 kHz).

that the voltage returned is at least 12V (for 125 kHz). Next, connect your HF antenna

Next, connect your HF antenna and again issue the „hw tune‟ command. The voltage reported should be at least 7V.

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

If your HF antenna reports a voltage less than 7V, try flipping the switch on your antenna to the opposite orientation.

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

Chapter

2

Operating Examples

T his chapter provides reproducible demonstrations of the Proxmark in action including tag frequency detection, reading a HID Proxcard II, stand-alone mode, and snooping ISO1443-A traffic between a reader and tag.

Reading HID Tags

The Proxmark firmware already includes comprehensive support for reading and simulating HID tags. The firmware does not include routines for writing to HID tags. Reading and simulation functions are accessed via the commands lf hid fskdemod

and lf hid sim.

The following steps demonstrate how to read and replay a HID tag.

1. Connect the LF antenna to the Proxmark

2. Connect the Proxmark to the PC

3. Launch the client

4. Enter „lf hid fskdemod‟ and then allow a HID tag to enter the antenna‟s field. When the tag is in-range you should observe messages displaying the facility code and tag ID like those shown below.

the facility code and tag ID like those shown below. 5. Press the button when you

5. Press the button when you would like to stop reading tags.

6. To simulate the tag previously read, concatenate the first two hexadecimal values and pass them as the first parameter to the „lf hid sim „ command as

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

shown below (e.g. lf hid sim 2006e22b0a).

R Y S C C O R P . shown below (e.g. lf hid sim 2006e22b0a).

7. This will cause the yellow LED of the Proxmark to stay lit until the button is pressed. During this time the waveform representing the tag ID specified will be replayed continuously. When you are ready to stop replaying the tag, press the Proxmark button.

StandaloneMode

Standalone mode allows for storage and replay of two different HID tags without the Proxmark being attached to a PC.

N O T E

You will need a USB battery to operate the Proxmark without a PC. USB batteries are sold separately.

To enter standalone mode, hold the button down for a few seconds until the LEDs begin to dance. It is best to get comfortable with it by running attached to a PC initially as you will be able to view debug messages.

To record a tag, hold the button again while close to the tag and wait for LEDs to change. To replay, press button once more. Make a note of which LED is lit at the time of recording/replay as this indicates the active slot. There are two slots, red and orange.

Further information on standalone mode can be found at the URL below.

http://code.google.com/p/proxmark3/wiki/RunningPM3#Standalone_Mode_-_HID_Prox_emulation

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

R Y S C

C O R P .

C O P Y R I G H T © 2 0 0 8 - 2

Snooping on MIFARE

In order to follow along with the steps in this section you will need an ISO14443-A contactless reader such as the Omnikey 5321 and a Mifare 1k Classic.

Use the Omnikey Diagnostic Tool to obtain the tag UID.

In this example, the tag has UID

34 06 62 BB.

Now fire up your Proxmark and connect an HF antenna. Position your antenna between the reader and tag. Launch the Proxmark client and enter the command hf

14a snoop.

The Proxmark LEDs should blink for a while until you see a COMMAND FINISHED message like the one shown below.

you see a COMMAND FINISHED message like the one shown below. Next, enter the command hf

Next, enter the command hf 14a list and observe the tag UID in the resulting trace.

C O P Y R I G H T

© 2 0 0 8

- 2

0 1 4

,

Support

If you

run

into

trouble and

R Y S C

need

C O R P .

help with

Chapter

3

your Proxmark,

please contact

Don‟t forget to include the following items in your message:

Your date of purchase

Firmware version

A detailed description of the problem

Any applicable screenshots