Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Here's some things discovered to sniff mifare card-reader communication with Proxmark3 Easy:
PACKAGE:
Throw away mid-board and turn LF antenna upside down. It works as usual but device slimmer.
USB:
Put some compound glue or resin on usb connector because it will break.
USB-OTG:
Get wire not adapter because it applies less force on your phone and PM3 connector.
ANDROID:
AndProx works well, but not with Iceman's firmware. But on computer Iceman's Client works only with Iceman's firmware. So,
+ On computer (mac) i just connect PM3 to usb with BUTTON pressed on, 2 lights are shining, and execute PM3-Flash-All
+ On android: Download Proxmark 3 mainline Bootrom and Fullimage from AndProx Github to Android phone. Then using RRG's Rfid Tools (Tools -> PM3 Firmware Flasher -> Custom firmware) flash Bootrom and Fullimage to the PM3. Now you can go on Android with AndProx.
ON THE GO:
On AndProx start hf 14a snoop and find the right spot on your hf antenna with reader. When PM3 is placed correctly the ORANGE light (2nd from usb) is blinking. This light indicates communication with reader, and believe me, you need it. Place KEY on the PM in found spot and present the sandwitch to the reader. Normal situation is when both ORANGE and RED lights are blinking.
SNOOPING:
Restart PM3 by going back to start screen of AndProx and sometimes reconnecting PM3 to the phone. Start hf 14a snoop and slowly present device with key to the reader. When key read is complete, remove the PM3 with key and push the only button on PM3. Then start hf list 14a. Select all output and copy/paste it to some Notes app like Turtl (it converts plaintext to table, handy).
ANALYZE:
On computer look through tables and find sequence like this:
Tag 01 20 01 45
Rdr e2! e2! 09 b3 2e! 80! d5 c1! !crc ?
Tag 14 69 37 6a!
Rdr 0b! 3d 69! b6 !crc ?
Tag 4e! e9! fe! 47 4e! c7 eb e0 0e! 54! 80 16 f1 01! 3d e0!
da! a4! !crc
Tag 5a 09! 5a! 49 5f 11 9c 26! 45! c2 f9 ea! 80! 36 04! 07!
76! 62 !crc
Good sequence is like this:
Tag | 8 digits |NT
Rdr | 16 digits (with ? mark) |NR & AR
Tag | 8 digits |AT
...
Other patterns are no-go.
Find on your computer where Proxmark3 is and from it's directory (in terminal app, outside PM3 app) start mfkey64 like this (removing spaces and ! marks):
tools/mfkey/mfkey64 [UID] [NT] [NR] [AR] [AT]
Example for the given code:
tools/mfkey/mfkey64 5A04E566 01200145 e2e209b3 2e80d5c1 1469376a
Where:
5A04E566 UID
01200145 NT
e2e209b3 NR
2e80d5c1 AR
1469376a AT
UID can be obtained by hf search command.
You will get key (presumably 0 sector, A) and then try numerous attacks from PM3
P.S.
I didnt found good use to hf sniff and hf list mf commands in my working environment.