RFID HACKING②:PM3 Getting Started Guide

0x00 Preface

Proxmark3 is an open source hardware designed and developed by Jonathan Westhues in his master's thesis to study Mifare Classic, which can be used in RFID sniffing, reading and cloning, such as: PM3 can be in water card, bus card, A series of RFID\NFC cards, such as access cards and their corresponding machine read, data exchange, sniffing attacks, and the use of sniffer data through the XOR Check tool to calculate the sector key, of course, PM3 can also be used to crack access to implement physical intrusion.

0X01 Environment Construction

1.1 Windows environment

PM3 's firmware and software are usually used in a companion, i.e. each firmware version has a hardware elf firmware and software corresponding to it.

The PM3 purchased in Radiowar uses the r486 version of the firmware (firmware &app) By default, and the first use requires the installation of the PM3 driver on the PC:

Device Management

Update Driver

Trust driver

Installation Successful

1.1.1 Hardware Testing

Locate the Proxmark3.exe in the r486\win32\ directory, pull it into the cmd window, enter the confirmation and enter the PM3 's terminal:

// Measurement of antenna tuning // Print Display firmware version information for PROXMARK3 // Reset PM3

1.1.2 Bug

After testing, PM3 compatibility, stability problems, causing frequent crashes, the cause of the problem personal guessing may be the r486 version of the firmware issue, causing frequent crashes on the Windows platform. Solution: Upgrade the firmware and use the Linux platform, which will be shared later in the article.

1.2 Firmware Upgrade (This article takes the upgrade to the 848 firmware version as an example)

Find the tool to burn the PM3 firmware in the R486\win32 directory: Flasher.exe, drag the file into the cmd window and tap a space, then find fullimage.elf in the new firmware 848\firmware_win directory and drag it into the cmd window:

Enter confirm wait a little will be OK.

1.3 Linux

Taking Kali as an example, this paper introduces how to build PM3 working environment in Linux.

apt-get  updateapt-get install build-essential libreadline5 libreadline-dev libusb-0.1 -4 libusb-dev perl pkg-config subversionsvn checkout http://  Proxmark3.googlecode.com/svn/trunk proxmark-trunk  // because this is the code that is cloned from Google via SVN, when executing this command remember FQ 

CD proxmark-trunk/Clientmake

// Enter PM3 's working terminal HW Tune  // test Equipment

0x02 Conclusion

The environment was set up, as the article said: PM3 can be in the water card, bus card, Access card and other RFID\NFC card and corresponding to the machine read, data exchange time to sniff attack, and use the sniffer data through the XOR Check tool to calculate the sector key. First two photos:

This article first write here, follow-up will have the case of RFID cracking sharing, please look forward to.

Extended Reading

RFID Hacking: See how I break through the door to infiltrate Freebuf stronghold

Data download

Proxmark-trunk Code Package: Http://pan.baidu.com/s/1dFyOFjN

PM3 Firmware & Learning materials: HTTP://PAN.BAIDU.COM/S/1DFFJDDF

0X03 Reference

Https://www.trustwave.com/Resources/SpiderLabs-Blog/Proxmark-3,-now-with-more-Android/

www.proxmark.org

Google Play

Radiowar

Defcon23 RFID Hacking speech paper

RFID Cooking with Mifare Classic

RFID hacking②:pm3 Getting Started Guide