Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi,
I have developped a new hardware HydraBus with HydraNFC (shield for HydraBus) which can sniff/debug NFC cards with same possibility as proxmark (for NFC 13.56MHz) but all done in MCU Cortex M4F.
The Hardware and Firmware are planned to be fully open source and soon available on GitHub https://github.com/bvernoux/hydrabus
You can register your interest on this project here http://hydrabus.com/?page_id=15
Of course developers are welcome !! and I can even give free board (production will start soon).
For more details on HydraNFC Shield see http://hydrabus.com/?page_id=30
Best Regards
Benjamin
Hi there
Can you share the schematics?
Can you show your code for ISO14443A sniffing and writing to microSD card?
TRF7970A can only emulate ISO14443A/B - am I right?
Hi there
Can you share the schematics?
Can you show your code for ISO14443A sniffing and writing to microSD card?
TRF7970A can only emulate ISO14443A/B - am I right?
About schematic, I will share all (in my github) with first batch of 100boards which could be available at Seeed Studio soon in about 2 months (HW will be licenced as CC BY NC).
Software/Firmware will be available in GPLv2 or Apache or other fully Open Source license compatible with ChibiOS, as i'm using at for OS and Drivers.
TRF7970A can Emulate ISO14443A/B but in fact there is also raw mode in TRF7970A which can do any mode, as software is responsible of modulation (requires GPIO to switch up to 13.56MHz) of each bit the only constraint is limited by frequency 13.56MHz so only for NFC.
Anyway RAW mode is possible with STM32F4 @ 168MHz as GPIO can run at up to 80MHz and I have already an ultra optimized code using LUT for such stuff which are planned later and where contributors are welcome.
I will provide free board (HydraBus+HydraNFC) for developer which want to help on firmware and feature like Emulation of Mifare or other fun emulation/code/features.
Best Regards
Benjamin
Hi bvernoux, I would really like to test your new hardware, please keep me informed by email about further developing steps.
Could you register again (as you have not filled your full address) with your full address in my website http://hydrabus.com/?page_id=15 ?
Add you are developer, I will contact you later when some board will be available.
Best Regards
Benjamin
TRF7970A can Emulate ISO14443A/B but in fact there is also raw mode in TRF7970A which can do any mode, as software is responsible of modulation (requires GPIO to switch up to 13.56MHz) of each bit the only constraint is limited by frequency 13.56MHz so only for NFC.
Anyway RAW mode is possible with STM32F4 @ 168MHz as GPIO can run at up to 80MHz and I have already an ultra optimized code using LUT for such stuff which are planned later and where contributors are welcome.
I have a quick look at TRF7970A datasheet, section "5.9.6 Direct mode". So, it this transceiver can modulate ASK/OOK only?
It would be interesting to look at your code.
bvernoux wrote:TRF7970A can Emulate ISO14443A/B but in fact there is also raw mode in TRF7970A which can do any mode, as software is responsible of modulation (requires GPIO to switch up to 13.56MHz) of each bit the only constraint is limited by frequency 13.56MHz so only for NFC.
Anyway RAW mode is possible with STM32F4 @ 168MHz as GPIO can run at up to 80MHz and I have already an ultra optimized code using LUT for such stuff which are planned later and where contributors are welcome.I have a quick look at TRF7970A datasheet, section "5.9.6 Direct mode". So, it this transceiver can modulate ASK/OOK only?
It would be interesting to look at your code.
It can modulate ASK/OOK directly also it is "high level" mode so just a configuration.
I have wrote some example to Read UID on Mifare and ISO15693/Vicinity cards to understand how work those modes using BuSpirate on my blog:
http://bvernoux.blogspot.fr/2012/01/nfc-ti-trf7970a-breakout-board-v10-for.html
Best Regards
Benjamin
asper wrote:Hi bvernoux, I would really like to test your new hardware, please keep me informed by email about further developing steps.
Could you register again (as you have not filled your full address) with your full address in my website http://hydrabus.com/?page_id=15 ?
Add you are developer, I will contact you later when some board will be available.Best Regards
Benjamin
Did it yesterday night but i did not find a field to write "developer"; tell me if you received my data correctly. Thank you.
bvernoux wrote:asper wrote:Hi bvernoux, I would really like to test your new hardware, please keep me informed by email about further developing steps.
Could you register again (as you have not filled your full address) with your full address in my website http://hydrabus.com/?page_id=15 ?
Add you are developer, I will contact you later when some board will be available.Best Regards
Benjamin
Did it yesterday night but i did not find a field to write "developer"; tell me if you received my data correctly. Thank you.
Hi Asper,
No problem it is logged.
Best Regards
Benjamin
Does it support multiple subcarrier frequencies in card emulation mode? I can't find it in datasheet.
I have not really checked that part but anyway the raw mode can be also used for emulation and in that case any NFC card with 13.56MHz freq can be emulated.
Well for what i know iso15693 supports different data bitrates (not all yet supported by pm3) and this is not related to raw commands but to low level transmission... Am i wrong vivat?
Well for what i know iso15693 supports different data bitrates (not all yet supported by pm3) and this is not related to raw commands but to low level transmission... Am i wrong vivat?
Yes, you are right. ISO15693 part 2 describes low-level communication. Data transmission from card to reader is based on 423 kHz and 484 kHz subcarriers.
bvernoux
How much your board will cost?
When you will commit your project to Github?
Hi,
The target price for HydraBus+HydraNFC should be something between 79 and 119 USD ex. VAT.
This price is ultra low especially for such small batch, depending on success of the first batch I could lower the price.
Firmware and Hardware for HydraBus and HydraNFC will be available on my github with first batch of 100 boards.
I estimate in about 2 months.
Best Regards
Benjamin
Hi,
Just a news:
The HydraNFC Shield + Antenna is now Available in SeeedStudio Online Shop : http://www.seeedstudio.com/depot/HydraNFC-Shield-and-HydraNFC-Antenna-p-1974.html
The HydraBus shall be available soon too.
Best Regards
Benjamin Vernoux
Hi Benjamin,
I would like to buy your hydraxxx ...
But I want first know how to do this "use case":
I want to get the key of a mifare card by sniffing it while opening a door that is "away" from my computer ( under windows XP ), I also have a galaxy S2 ( android ) ...
How can I do that with your hardware ?
Regards,
Dan.
Hi Dan,
Autonomous sniffer mode is really easy you just need
1) The hardware:
- 1 HydraBus
- 1 HydraNFC (with NFC Antenna included)
- 1 MicroSd (formatted FAT16 or FAT32 up to 32GB)
- 1 Power Bank connected on HydraBus Micro USB1 or 2 to power hydrabus+hydranfc boards.
2) Flash official hydrafw firmware 0.1 Beta like described here:
HydraFW for HydraBus/HydraNFC
3) Power the board and start NFC sniffer by pressing&releasing HydraNFC K3 button
Place the HydraNFC Antenna between the TAG & the Reader.
When you have sniffed enough data stop it by pressing HydraNFC K4 button (it save data in microSD and green LED blink quickly if all is ok).
4) Power Off the board extract the microSD and read it with your computer/tablet...
Files are created in root of the microsd and are text files with similar format as proxmark (except there's no ! for parity)
Best Regards
Benjamin
Last edited by bvernoux (2014-10-05 11:29:40)
Thanks for your answer, Benjamin.
One last question: does it comes already flashed with your latest firmware, when bought from seedstudio ?
Regards,
Dan.
Hi Dan,
flashed firmware in HydraBus from SeeedStudio is an old beta version used for test purpose only and does not support sniffer mode or other mode.
So it is required to upgrade the firmware when you receive it.
Best Regards
Benjamin
Hi Benjamin.
Could hydrabus sniff 15963 ?
I think not yet.thanks
Only ISO14443A is supported in actual firmware, ISO14443B and ISO15963 are planned later but I have not started this development (so any people interested can work on it),
I will say if someone is interested in doing ISO14443B and ISO15963, I will give a free HydraBus+HydraNFC.
Source code is fully open source and available here: https://github.com/bvernoux/hydrafw
PS: I'm working on porting Bus Pirate commands/syntax for HydraBus (but I plan some work specific to HydraNFC later).
Best Regards
Benjamin
Last edited by bvernoux (2014-10-12 10:00:50)
Hi Benjamin,
Your Git source code compiled ok ( Cygwin under XP ), but I can't install the DFU drivers inside STM32F4_USB_DFU_Driver.
I start dpinst_x86.exe , but nothing happen, and the file STTub30.sys does not go to ...system32/drivers ....Any clue / how can I debug this ?
Hi,
You could try installing latest official driver from ST here (STSW-STM32080)
http://www.st.com/web/catalog/tools/FM1 … /PF257916#
Also depending on Windows system especially windows 8 or 8.1 it is required to disable signed driver else install is impossible.
Step by step tuto for that
https://learn.sparkfun.com/tutorials/di … -windows-8
Just for information I have updated the HydraFW Wiki for installation:
https://github.com/bvernoux/hydrafw/wik … h-HydraBus
Best Regards
Benjamin
Last edited by bvernoux (2014-10-12 10:58:08)
Hi,
I've just ordered a Hydrabus and shield, looking forward to playing with it. I'm getting a bit frustrated with pm3, it would be nice to test a platform which is a bit less clogged with old stuff, and which is being actively maintained.
I was checking out the source code for the HackRF (I wanted to check how the USB comms were performed) and saw that you were one of the contributors (along with Jared Boone and Ossman) - that little fact was what made me go ahead and place the order. Is there a mailinglist or forum for hydrabus ?
Hi,
I've just ordered a Hydrabus and shield, looking forward to playing with it. I'm getting a bit frustrated with pm3, it would be nice to test a platform which is a bit less clogged with old stuff, and which is being actively maintained.
I was checking out the source code for the HackRF (I wanted to check how the USB comms were performed) and saw that you were one of the contributors (along with Jared Boone and Ossman) - that little fact was what made me go ahead and place the order. Is there a mailinglist or forum for hydrabus ?
Hi holiman,
Thanks for your interest.
The firmware now support protocol like I2C (slave), SPI (slave & master) & UART with same syntax as Bus Pirate.
mode details available here: HydraFW-commands
There is no mailing list but I will re-open the forum soon,
the best is to communicate on IRC Freenode channel #hydrabus or use the Issues hydrafw issues/features for features/bug
Best Regards
Benjamin
Last edited by bvernoux (2014-11-03 21:51:51)
Hi,
I've just ordered a Hydrabus and shield, looking forward to playing with it. I'm getting a bit frustrated with pm3, it would be nice to test a platform which is a bit less clogged with old stuff, and which is being actively maintained.
I was checking out the source code for the HackRF (I wanted to check how the USB comms were performed) and saw that you were one of the contributors (along with Jared Boone and Ossman) - that little fact was what made me go ahead and place the order. Is there a mailinglist or forum for hydrabus ?
Hi!
How did the Hydrabus and shield fare? PM3 is old stuff and hard to obtain in current 2015. By the way, does Hydrabus support 125 kHz?
Hi,
HydraNFC does not support 125KHz (only 13.56MHz NFC) and I'm not planning an extension board to support it (as it is an obsolete technology see RFIdler for 125KHz, i can even sell you one as I have 2 and i'm not using them).
Full details about HydraNFC are here: http://hydrabus.com/hydranfc-1-0-specifications/
Note: HydraBus is a generic board with mainly just the MCU and dual microUSB + microSD card slot and all gpio.
If you want to ask questions the best place is HydraBus Forum
About to emulate tags there is already some beta version in github hydrafw trunk, you will need to rebuild the firmware in trunk
This new firmware v0.6 (including basic emulation) is planned to be released in few weeks (there is still lot of things to tests, cleanup...).
For more details see HydraFW GitHub Todo List
Especially new commands emul-mifare (Mifare Emulation command: Anticol+UID+HALT) or emul-3a (ISO14443A Emulation command using TRF7970A hardware Anticol/UID)
For the Mifare Emulation you can also help to implement Mifare specific commands and crypto like it is done on Proxmark.
Best Regards,
Benjamin
Last edited by bvernoux (2015-10-03 09:18:42)
Main problem with libnfc is it is hardly linked to NXP PN53x chipset and even if we would write an Emulation of such chipset with TRF7970A + STM32 I doubt there is any interest towards a real PN532 chipset.
Anyway if someone have motivation to do that work he's welcome and I will be very happy to add this stuff in https://github.com/bvernoux/hydrafw repository