Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hey guys,
Right now I'm really got sick of my proxmark crashing all the time. Most of this was due a crappy USB implementation (made in the time Jonathan worked on it). We are now 6 years later, with a enormous improvement of features, but still use the old Human Interface Device (HID) protocol to address the proxmark.
So, what did I do. I rewrote the core firmware parts that handles the USB connection. In my tests so far, it is running around 50x times faster and no (workaround) delays are needed anymore. It is more reliable, can handle bigger frames and best of all, it doesn't crash anymore
Since I'm using USB-CDC you do not need a driver. Only Windows needs a bit of help detecting the proxmark. M$ decided that Windows needs a .inf file that says... "YES this is indeed a generic uart over USB" ... but then it all works fine.
Since you guys know there is a lot of functionality in the proxmark, it would be good to go over it all and see if it still works with the new USB interface.
So the question is:
- Who is willing to help test the new code, debug if needed, and help fixing (my) mistakes
Thanks in advance, best regards,
Roel
Offline
Awesome news Roel!
I can help out. Just let me know what you want done.
Offline
I'm proposing to submit my major revision into the SVN and start working from there (any idea how to easily branch in google-code?). It is working already for the most parts. Though I run into some hick-ups of code that was not designed buffer size independent
For now, I leave the bootloader code out of the revision. This means you can always flash back the older revision to revive your proxmark again (should anything go wrong). But as it seems for now, I can communicate great with the USB serial port.
Can you tell me what kind of OS you are working on? This could help debugging. I'm running currently Mac OS X 10.8.2, which is basically just FreeBSD if you use the console.
Offline
Hey All,
I've branched the repository. You can do a checkout and try to compile the new version through:
merged code into default trunk
svn checkout https://proxmark3.googlecode.com/svn/trunk proxmark3 --username ...
or for read-only
merged code into default trunk
svn checkout http://proxmark3.googlecode.com/svn/trunk proxmark3
Please, let me know if you are able to get it compiled/running. Remember, if you want to restore the proxmark to the Trunk version, just hold the button (while replugging the usb cable) and start the flasher program.
Cheers,
Roel
Last edited by rule (2013-03-07 16:09:47)
Offline
Can you tell me what kind of OS you are working on? This could help debugging. I'm running currently Mac OS X 10.8.2, which is basically just FreeBSD if you use the console.
I can test under BackTrack 5 R3. Bricking one of my Proxmarks is not an issue, I've JTAGed them back to life before.
I can test under Windows 7 and Ubuntu 12.04 if needed.
Offline
I`ll try out under Windows XP when possible.
I can test many of the LF functions.
Regards.
Offline
if i have time this week i will try.
regards
Offline
I can test it under 7 but I have firmware r486... is there a fail-proof guide to update firmware ? No need to update bootloader, right ? What about old usb drivers installed ?
Last edited by asper (2012-12-05 14:17:50)
Offline
I tested to compile under Win 7 x64.
With my current setup, I am able to compile the "normal" rev 627 without any errors.
But it fails with this one (everything is fine until it comes to readline...)
I will have a closer look tomorrow.
Offline
I successfully compiled the cdc branch under Win 7 x64.
Since CDC doesn't require a real driver, but does require a .inf file under Windows. How does this .inf file looks like?
Offline
Good Job~~~our team can help you to test the code!!!
Mail it to me~~~admin@radiowar.org
Offline
Since CDC doesn't require a real driver, but does require a .inf file under Windows. How does this .inf file looks like?
Please re-compile the latest CDC version (changed Vendor/Device identifiers).
I've added the file: driver/proxmark3.inf which should work fine (quickly tested under WindowsXP 32-bit and Windows7 64-bit).
However, it seems that M$ decided that in Windows8 even an ".inf" file should be signed. Who knows, maybe in the future someone will donate a digital signature ".cat" file that signs the proxmark3.inf.
Offline
Someone using Windows 8 might want to try this
Last night I compiled everything and upgraded my PM no worries at all. I have not had much time to play with it though.
I managed to get the proxmark client to crash by executing these commands in order:
h
hf
hf mf
I didn't need to restart the proxmark. Just the app.
Offline
With the new usb "driver" what can i use under visual basic in order to send pm3 some commands?
Offline
Uart CDC/ACM means "virtual com port" ? If it is so, I will surely make a Visual Basic interface for that !!!!!!
Can someone post a compiled version in order for me to test ?
I think I should flash bootloader, fpga and OS, isn't it ?
Sorry for double post
Offline
0xFFFF: I'll look into the crashing client for windows! Don't know what
is happening. You did supply the correct COM-port as an argument when
you started proxmark3.exe?
ASPER: Yes, CDC/ACM means a virtual serial port (COMx). You can easily
access such port through VB, C#, JAVA or other 4th generation language.
You do not have to flash the bootrom, if you want to re-flash, just hold
button down when plugging the proxmark in the usb port.
I'll adjust the bootloader/flasher program when it works completely and
reliable on all platforms (win/unix/mac).
Offline
If someone can provide a working FPGA+OS image I will flash and start making a VB software !!! (I know how to communicate using serial ports !!!)
Commands are always the ones described there: http://proxmark3.googlecode.com/svn/trunk/include/usb_cmd.h ?
Parity ? Baud rate ? Stop bits ?
An example of byte sequence to send for example for tune antenna or a nested mifare command ?
Last edited by asper (2012-12-06 12:50:22)
Offline
If someone can provide a working FPGA+OS image I will flash and start making a VB software !!! (I know how to communicate using serial ports !!!)
Commands are always the ones described there: http://proxmark3.googlecode.com/svn/trunk/include/usb_cmd.h ?
Parity ? Baud rate ? Stop bits ?
An example of byte sequence to send for example for tune antenna or a nested mifare command ?
Wait!!!i send it to you~
Offline
Anyway, roel ,when we reflash bootrom, we cant flash fullimage.elf and we cant install the new driver file
Offline
hi roel ,I come from RadioWar team . I had tested your new firmware on winXP . But failed.
1、As RadioWar said ,after I flash bootrom ,I can't flash anymore 。
I want to reflash an older bootrom such as r627 , It also failed。 The error information looks like “usb_reap: timeout error!” 。
here is a picture。
2、about the new “driver” , it's note work .
Offline
Did you hold the button (during plugging/flashing) when you started to flash the original firmware back to the proxmark again?
Offline
Roel can you please show me an example of bytes to send through the usb-com port?
Offline
0xFFFF: I'll look into the crashing client for windows! Don't know what is happening. You did supply the correct COM-port as an argument when you started proxmark3.exe?
Ahhh! Sorry for the confusion. I'm not using Windows at all! I'm using BT5R3.
When you said "...M$ decided that in Windows8 even an ".inf" file should be signed...", I thought someone unfortunate enough to be using Windows 8 might have wanted to try installing the unsigned driver by following the procedure in the link I provided. I don't know if it works or not.
BTW - Personally I think getting drivers signed is a waste of time and money at this point in time. I'd rather buy you a beer for your hard work
I have compiled everything and upgraded my PM under BT5R3 and Ubuntu 12.04 successfully.
When using the proxmark client ("./client/proxmark /dev/ttyACM0"), I can crash the client by entering the command "hf mf". I've done 0 investigation. All I did was keep track of the commands I executed in order leading up to the s/w crash.
I'll try to get stuck in to this tonight so I can give more detail as to what went wrong.
Offline
Did you hold the button (during plugging/flashing) when you started to flash the original firmware back to the proxmark again?
yes ,I did . But also failed. can you fixed it ?
Offline
Did you also flashed the bootrom from the proxmark-cdc version? I should still work according to the old protocol, but I'm not sure it 100% ok. To test the new version you only need to flash the osimage. FPGA and bootrom are not part of the update.
When I have time I'll test if the bootrom code still works with the flash flasher program. In the mean while it would be good to revive your proxmark with the JTAG interface.
Offline
Did you also flashed the bootrom from the proxmark-cdc version? I should still work according to the old protocol, but I'm not sure it 100% ok. To test the new version you only need to flash the osimage. FPGA and bootrom are not part of the update.
When I have time I'll test if the bootrom code still works with the flash flasher program. In the mean while it would be good to revive your proxmark with the JTAG interface.
yes , I flashed the bootrom from the proxmark-cdc version 。After that (just flashed the bootrom) , it can‘t flash anymore 。
But the proxmark3 is OK . I can use it by the old version . Maybe I can revive it with the JTAG . I’ll try later.
Thanks for your answer 。
Offline
if you have problems used jtag.
upload bootrom.s19 wiht you jtag, and after that you can try with flasher.exe to upload osimage and fpgaimage
Offline
i have upgrade proxmark, and compiled new version. (windows 7 x64)
Now when a install driver. Proxmark is on the virtual com 7
i try proxmark3.exe 7 and it said: invalid serial port
why??
thanks
Offline
i have upgrade proxmark, and compiled new version. (windows 7 x64)
Now when a install driver. Proxmark is on the virtual com 7
i try proxmark3.exe 7 and it said: invalid serial port
why??
thanks
try proxmark3.exe COM7
Offline
thanks xxootest
now works but any command that a i have tried always give me the same error
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
is like the comunication is going in only one way, when i send any command to the proxmark it´s look like this has recived the command because the leds works as usual, but the proxmark dosen´t give back to the computer any data.
Offline
Using Windows7 64 and Windows XP 32 similar problem here:
Just starting it no info shown on screen, neither "Waiting for a response from the proxmark..." but a simple black line.
PM3 is correctly recognized by the system using \driver\proxmark3.inf
At first it was on COM21 and I forced it to COM5
If I send commands I can see the PM3 working (Es. sending HW TUNE the green light is on and then, after few seconds, it shuts off) but no on-screen information (no answers from PM3 line); it seems nothing is arriving from PM3.
My PM3 configuration:
Bootloader = r625
FPGA = r627
OS = r635
Last edited by asper (2012-12-07 11:40:15)
Offline
If I send commands I can see the PM3 working (Es. sending HW TUNE the green light is on and then, after few seconds, it shuts off) but no on-screen information (no answers from PM3 line); it seems nothing is arriving from PM3.
Yes , I have the same problem。 But it can use old version of proxmark3.exe .
Offline
Using OS r635 I was not able to communicate with previous (r627) proxmark3.exe, but I think this is normal.
Just reverted back to OS r627 (holding PM3 button when reconnecting USB cable and during flashing) waiting to reflash another test version
Thank you roel ! If a new version will work as expected a windows software will surely come (please send me an example of bytes to send through serial port in order to make PM3 execute commands) !!!
Last edited by asper (2012-12-07 11:50:32)
Offline
Sorry for double-post but I see that a new r639 is out: is there anyone (RadioWar ?) that can compile for windows ? Maybe the "missing header" and "fixed read uart for windows" will solve the problem !
Last edited by asper (2012-12-07 11:56:03)
Offline
I got it fully working under Windows XP now. No clue why Windows7 is messing up with the communication.
To help you all guys, I just made a fresh compile environment for windows, you can find it here:
code.google.com/p/proxmark3/downloads/d … oxmark.zip
Please, make sure you follow the instructions given there.
Cheers,
Roel
Offline
Ok, Windows7 is still buggy (receiving partial frames), but it seems to work at least right now...R641 8)
For building compatible VB software you should look at the content of command frames, just try to figure out how the messages are constructed (look for packed struct UsbCommand). To debug, you can use a Serial Port Monitor (PortMon) or for an x64 system you could use for example the trial version of: http://www.aggsoft.com/serial-port-monitor/download.htm
Offline
Compiling I receive:
/bin/sh: perl: command not found
and end with a fatal error after many lines "QApplication_ No such file or directory - compilation terminated"
Do I need to install perl ? Where I can find it ?
Offline
@asper : See "cdc\COMPILING.txt"
http://strawberry-perl.googlecode.com/files/strawberry-perl-5.10.1.1.msi
Offline
Windows 7 seems to work fine now with....R462
test@testpc /c/proxmark3-cdc/client
$ ./proxmark3.exe com3
proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 492-unclean 2011-09-05 12:53:53
#db# os: svn 633-unclean 2012-12-05 20:26:46
#db# FPGA image built on 2012/ 1/ 6 at 15:27:56
proxmark3>
Please... can you guys test this for me?
Offline
Windows 7 seems to work fine now with....R462
test@testpc /c/proxmark3-cdc/client $ ./proxmark3.exe com3 proxmark3> hw version #db# Prox/RFID mark3 RFID instrument #db# bootrom: svn 492-unclean 2011-09-05 12:53:53 #db# os: svn 633-unclean 2012-12-05 20:26:46 #db# FPGA image built on 2012/ 1/ 6 at 15:27:56 proxmark3>
Please... can you guys test this for me?
Okay~~~
Offline
I am trying to compile it myself but I miss something; perl installed but still errors, maybe I need QT SDK that I am downloading right now (more than 400Mb!). If you (radiowar) are able to send me a compiled version I will be really thankful !!
EDIT:
installed:
- qt-windows-opensource-5.0.0-rc1-msvc2010_32-x86-offline.exe
- Setup-Subversion-1.7.7.msi
- yagarto-bu-2.22_gcc-4.7.2-c-c++_nl-1.20.0_gdb-7.5_eabi_20121013.exe
- strawberry-perl-5.10.1.1.msi
- mingw-proxmark.zip (latest in C:\)
but I receive a series of errors:
Unuseful to say I really sucks at linux...
Last edited by asper (2012-12-07 14:55:36)
Offline
I am trying to compile it myself but I miss something; perl installed but still errors, maybe I need QT SDK that I am downloading right now (more than 400Mb!). If you (radiowar) are able to send me a compiled version I will be really thankful !!
Did you download this compile environment and followed the instructions?
Offline
Yes roel, I edited my previous post to show the errors (partial) - I tryed also to "make" inside the fpga folder without any luck.
Last edited by asper (2012-12-07 14:56:53)
Offline
You try to build the FPGA, which is not needed. The FPGA is rarely changed and the new (FPGA) hardware representation is stored in a binary file fpga.bit. There is indeed a makefile in the FPGA folder, but to build it from scratch you need the complete Xilinx SDK (~2gb).
When type "make" in the root folder of the the proxmark repository, it will call the other makefile's (armsrc, client and bootrom) recursively. So if that succeeds you are finished. Just ignore the FPGA folder, you only need if you updated the VHDL code.
BTW, did you do a checkout on the trunk or on the CDC folder.....? Since I actually disabled the (QT) gui in the CDC version, I think you are compiling the wrong version ?:)
The mingw-proxmark.zip instructions show how to download the trunk, but if you want to test my new version you need to replace:
svn checkout http://proxmark3.googlecode.com/svn/trunk/ proxmark3
with
svn checkout http://proxmark3.googlecode.com/svn/branches/cdc proxmark3-cdc
Offline
Well, using this http://proxmark3.googlecode.com/svn/branches/cdc files are compiling (using the root Make file).
So yes, it is working now under Windows 7 64
No luck with http://proxmark3.googlecode.com/svn/trunk/
Do you think that I will always need WT disabled in order for me to compile using my actual environement ?
I will try to log som com traffic right now ! Thank you !
EDIT: with the new interface I am not ablt do disconnect the device from my main host to connect it to my virtual station running windows xp (it was working using lib-usb) - maybe this information can be useful.
Last edited by asper (2012-12-07 16:14:00)
Offline
Well, logged data and I think it is that way:
Each sent packet seems to be 527bytes (20F in Hex)
1st 2 bytes represent the command (main command list there: http://proxmark3.googlecode.com/svn/trunk/include/usb_cmd.h)
followed by
525 bytes (parameters and other stuff).
So, for example, if I want to send a "tune" command I must send, over the chosen COM port:
040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(this is what I logged)
But, looking at code (I am not good at...) I read:
typedef struct {
uint32_t cmd;
uint32_t arg[3];
union {
uint8_t asBytes[48];
uint32_t asDwords[12];
That means that I have command (2 bytes) + arg (3 bytes) + 48 bytes + 12 bytes = 65 bytes...
I tryed to re-send it using a terminal software but without success... what am I doing wrong ?
EDIT: this is my compiled branch: http://www.sendspace.com/file/4aai4x
Last edited by asper (2012-12-07 17:04:54)
Offline
A progress made !
0004 -> hw tune
0701 -> hw version
So commands must be sent inverted (for ex. in the source code you read 0107 you must send 0701). Some commands are not only 2 bytes, they needs "parameters"; I am studying them !
I can not understand why in the PM3 answer there is lot of "garbage" data... it also seems that some commands are sent also in ascii (with error answer from pm3) and also other commands are sent during operations... but in the interface we only read "intelligible" data.
The proxmark is responding to my serial commands !!!
Last edited by asper (2012-12-07 18:00:12)
Offline
Problem/bug: launching hf mf and sniffing the com port NOTHING is sniffed so the command is not sent through the serial port (absolutely no bytes sent). The same if you try to send hf mf nested or others.
Last edited by asper (2012-12-07 18:29:59)
Offline
Problem/bug: launching hf mf and sniffing the com port NOTHING is sniffed so the command is not sent through the serial port (absolutely no bytes sent). The same if you try to send hf mf nested or others.
Thanks for spotting, fixed it!
Offline
New version always here: svn checkout http://proxmark3.googlecode.com/svn/branches/cdc ? Should I delete previous version before downlaoding it again ?
Offline