The Proxmark3 is an RFID tool that can interact with the vast majority of the world's RFID tags and systems at both high and low frequency.
Originally developed by Jonathan Westhues more than 10 years ago, the device has gradually established itself as the standard tool for RFID analysis.
Due to its versatility, it has been adapted to many industries and uses: from RFID enthusiasts to academic research and product development to law enforcement and penetration testing .
The hardware and software have been developed rapidly in recent years, which has led to mature and miniaturized versions of the hardware. There are versions that are optimized for on-site use, e.g. B. for Red teaming or pen tests, and desktop versions optimized for research in the office or in the lab.
It's hard to imagine everyday life without RFID tags, among other things they are used for access controls or in passports as a digital memory for passport photos and fingerprints, as a chip in cards or mobile phones for contactless payment, to identify lost pets and much more.
Penetration Tester: The miniature size of the latest Proxmark3 together with its standalone mode and Android-based tools make it the ideal tool for testing, sniffing, replaying and cloning in red teaming environments.
Development: Access to low-level sniffing, logging, demodulation and replay tools makes the Proxmark an essential tool for anyone developing any product or service in the RFID space.
Research: Proxmark is the tool behind all major breakthroughs in RFID security research: Mifare Classic Crypto Cracking, Mifare PRNG Analysis, VingCard Exploitation & Defeat to name a few.
RFID Enthusiast: The Proxmark is on the desks of thousands of hobbyists, hackers, and manufacturers worldwide. Its comprehensive code base enables easy reading, writing, cloning, cracking and emulating of RFID.
This example uses MacOS and the Proxmark3 RDV2
We will first use Homebrew to install the software for the Proxmark.
Add homebrew tap
brew tap proxmark/proxmark3
Proxmark 3 installation:
brew install proxmark3
Hold down the button on the side of the Proxmark3 during the next step and make sure lights A and C flash while you press the button.
Check ls /dev/tty.* for /dev/tty.usbmodemiceman1
Flash Firmware
sudo proxmark3-flasher /dev/tty.usbmodemiceman1 /usr/local/share/firmware/fullimage.elf
Connect to Proxmark3
proxmark3 /dev/tty.usbmodem141301
In the next step, we use the following command to examine what type of RFID chip we have in front of us.
lf search
In this case we scanned an EM4X chip. This is mostly used as a token for access control.
In the next step we will copy the chip.
lf read
Now we can use this command to simulate the chip with the Proxmark3
lf sim
Now we can also clone the chip. As before, we read the chip with the following command.
lf em 410xread 1
Now we read the blank writable chip that we want to copy our scanned EM ID to.
After that, we can then write the new EM ID on it as shown in the screenshot below.
We will use 12345678 as NEW EM ID.
lf em 410xread 1
lf em 410xwrite 12345678 1
