Original README below
A detailed explanation of how this PoC works can be found within our blog post.
On the user facing side we only added two new commands: hf 14a getchallenge <uid>
and hf 14a opendoor <uid> <key>
. To make those work, we had to mix
some code from the iceman
fork into the official
proxmark3 code. We originally tried to
develop on top of the iceman fork, but for some reason the reader wouldn't want
to talk to the proxmark when emulating a tag. The official code didn't have
that issue so we went with the (somewhat ugly) path of least resistance and
copied desfire_crypto.{c,h}
and its dependencies into the official proxmark3
repo.
We provide an annotated-trace
file showing the communication between a tag
and the reader. There are some tests for SimulateIso14443aTag
you can run by
setting run_tests
to true
and running the command in the comments above it.
They play through the exact same commands as within the annotated-trace
file
and ensure that SimulateIso14443aTag
answers correctly.
The proxmark3 is a powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
This repository contains enough software, logic (for the FPGA), and design documentation for the hardware that you could, at least in theory, do something useful with a proxmark3.
- This repository!
- The Wiki
- The GitHub Pages website
- The Forum
- The IRC channel: irc.freenode.org #proxmark3 (chat in your browser)
- The Homebrew formula repository
- Proxmark3 community discord server
The tools required to build or run the project will vary depending on your operating system. Please refer to the wiki for details.
The Proxmark3 is available for purchase (assembled and tested) from the following locations:
Distributor Name | Warehouse Location | Entity Location |
---|---|---|
RyscCorp | USA | USA |
Hackerwarehouse | USA | USA |
Elechouse | HK | HK |
Lab401 | EU | HK |
RFxSecure | CN | SG |
Sneaktechnology | CN | CN |
Most of the ultra-low-volume contract assemblers could put something like this together with a reasonable yield. A run of around a dozen units is probably cost-effective. The BOM includes (possibly- outdated) component pricing, and everything is available from Digikey and the usual distributors.
If you've never assembled a modern circuit board by hand, then this is not a good place to start. Some of the components (e.g. the crystals) must not be assembled with a soldering iron, and require hot air.
The schematics are included; the component values given are not necessarily correct for all situations, but it should be possible to do nearly anything you would want with appropriate population options.
The printed circuit board artwork is also available, as Gerbers and an Excellon drill file.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Jonathan Westhues user jwesthues, at host cq.cx
May 2007, Cambridge MA