0x00 Preface
Proxmark3 is an open source hardware designed and developed by Jonathan Westhues in his master's thesis to study Mifare Classic, which can be used in RFID sniffing, reading and cloning, such as: PM3 can be in water card, bus card, A series of RFID\NFC cards, such as access cards and their corresponding machine read, data exchange, sniffing attacks, and the use of sniffer data through the XOR Check tool to calculate the sector key, of course, PM3 can also be used to crack access to implement physical intrusion.
0X01 Environment Construction
1.1 Windows environment
PM3 's firmware and software are usually used in a companion, i.e. each firmware version has a hardware elf firmware and software corresponding to it.
The PM3 purchased in Radiowar uses the r486 version of the firmware (firmware &app) By default, and the first use requires the installation of the PM3 driver on the PC:
Device Management
Update Driver
Trust driver
Installation Successful
1.1.1 Hardware Testing
Locate the Proxmark3.exe in the r486\win32\ directory, pull it into the cmd window, enter the confirmation and enter the PM3 's terminal:
// Measurement of antenna tuning // Print Display firmware version information for PROXMARK3 // Reset PM3
1.1.2 Bug
After testing, PM3 compatibility, stability problems, causing frequent crashes, the cause of the problem personal guessing may be the r486 version of the firmware issue, causing frequent crashes on the Windows platform. Solution: Upgrade the firmware and use the Linux platform, which will be shared later in the article.
1.2 Firmware Upgrade (This article takes the upgrade to the 848 firmware version as an example)
Find the tool to burn the PM3 firmware in the R486\win32 directory: Flasher.exe, drag the file into the cmd window and tap a space, then find fullimage.elf in the new firmware 848\firmware_win directory and drag it into the cmd window:
Enter confirm wait a little will be OK.
1.3 Linux
Taking Kali as an example, this paper introduces how to build PM3 working environment in Linux.
apt-get updateapt-get install build-essential libreadline5 libreadline-dev libusb-0.1 -4 libusb-dev perl pkg-config subversionsvn checkout http:// Proxmark3.googlecode.com/svn/trunk proxmark-trunk // because this is the code that is cloned from Google via SVN, when executing this command remember FQ
CD proxmark-trunk/Clientmake
// Enter PM3 's working terminal HW Tune // test Equipment
0x02 Conclusion
The environment was set up, as the article said: PM3 can be in the water card, bus card, Access card and other RFID\NFC card and corresponding to the machine read, data exchange time to sniff attack, and use the sniffer data through the XOR Check tool to calculate the sector key. First two photos:
This article first write here, follow-up will have the case of RFID cracking sharing, please look forward to.
Extended Reading
RFID Hacking: See how I break through the door to infiltrate Freebuf stronghold
Data download
Proxmark-trunk Code Package: Http://pan.baidu.com/s/1dFyOFjN
PM3 Firmware & Learning materials: HTTP://PAN.BAIDU.COM/S/1DFFJDDF
0X03 Reference
Https://www.trustwave.com/Resources/SpiderLabs-Blog/Proxmark-3,-now-with-more-Android/
www.proxmark.org
Google Play
Radiowar
Defcon23 RFID Hacking speech paper
RFID Cooking with Mifare Classic
RFID hacking②:pm3 Getting Started Guide