Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi all,
Total newbie but am used to the uphill stuggle of learning new things
I would really like to learn how to use my Proxmark3 correctly and complete a read/write.
This is the version I have : https://www.aliexpress.com/item/3299877 … 4c4dRsTimg
I followed the Windows guide : https://github.com/Proxmark/proxmark3/wiki/Windows
This is where I am at now.
-Proxmark shows as "USB Serial Device COM4" in Windows device manager.
-I can run "runme64.bat" and it shows as up to date.
- I can run "./proxmark3 com4" and get the following:
Prox/RFID mark3 RFID instrument
bootrom: master/v3.1.0-134-g70dbfc3-dirty-suspect 2019-09-26 13:55:06
os: master/v3.1.0-134-g70dbfc3-dirty-suspect 2019-09-26 13:55:11
fpga_lf.bit built for 2s30vq100 on 2015/03/06 at 07:38:04
fpga_hf.bit built for 2s30vq100 on 2019/03/20 at 08:08:07
SmartCard Slot: not available
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 204527 bytes (39%). Free: 319761 bytes (61%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
Running "hw tune" shows:
Measuring antenna characteristics, please wait.........
# LF antenna: 24.47 V @ 125.00 kHz
# LF antenna: 33.27 V @ 134.00 kHz
# LF optimal: 33.96 V @ 131.87 kHz
# HF antenna: 64.21 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
All looking good so far?
Is there anything else I need to setup?
Last edited by 877dev (2019-10-03 19:55:54)
Offline
Going further I can read my test card:
lf search
( i obscured that last digits of Raw)
proxmark3> lf search
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
PAC/Stanley Tag Found -- Raw: FF2049906D0736C5911C4756xxxxxxxx
How the Raw ID is translated by the reader is unknown
Valid PAC/Stanley ID Found!
Any advice on how to proceed?
Thank you
Last edited by 877dev (2019-10-03 21:13:50)
Offline
Any advice on how to proceed?
Thats kinda a big open ended question
Depending on what you are trying to achieve there are many different ways to "proceed".
In short, I like to think of the proxmark as a tool that is under constant review, development and updates. A lot of these updates come from the community as they learn and discover new things. (i.e. the research)
Given that the card you are looking as is an LF card, I would suggest getting some blank lf cards to play with (I like the T5577) but there are others.
Next I would focus on trying to understand how RFID works (in general). having some blank cards lets you read and write with the well known tools (so less guess work). Once you know what you are looking at you can then start to dig into the unknown.
While different systems will work in different ways, the common LF systems like HID proxcard II and em4100 work by simply sending out its ID and loop until the card looses power (read only cards).
With clone/writable cards they will support 2 modes, 1 like the above and a 2nd for "commands" (note, this does not rule out cards that will have more complex read/write, like you see in the HF cards)
a) Default read mode.
When the card is "powered" it will go into read mode and send out bits to the reader (and loop until power is removed, or a commend is sent)
b) Write/Command mode
In this mode the card can receive commands to read selected data or write selected data (e.g. store the card ID, change the config of the card)
Sometimes the way it encodes the data for a) is not the same as b)
So, having a play with something like the T5577 will let you send configs and data. e.g. HID clone
then you can use that card to learn how to sniff and decode (as you know what it should be)
As you move forwards, if you can ask specific questions, then you are more likely to get a good response.
e.g. "How to i search of a low frequency tag ?"
Answer "run the following command : lf search"
Good luck
Offline
Hi @mwalker
Yes it was quite open ended wasn't it!
In my experience the hardest part is knowing what the question is. It's a lot of information to absorb, but I will keep looking and ask an appropriate more direct question. I do have a few T5577 tags/cards which I will start testing on.
Thanks for all of the information
Offline
Pages: 1