PROXMARK3 Command HelpDirectory[Hide]
- 1 tips for using
- 2 Help main assistance commands (based on r830 and the following versions)
- 3 HW Hardware Detection related commands
- 4 Data graphics window/Buffer data manipulation commands
- 5 LF Low-frequency related commands
- 5.1 LF em4x (em4x card class related commands ...)
- 5.2 LF HID (HID card class related commands ...)
- 5.3 lf Ti (TI card class related commands ...)
- 5.4 LF Hitag (hitag tag related to answer ...)
- 6 HF High frequency related commands
- 6.1 HF 14a (iso14443a Card Related commands ... )
- 6.2 HF 14b (iso14443b card related commands ... )
- 6.3 HF (ISO15693 card related commands ... )
- 6.4 HF EPA (German identity card-related commands ... )
- 6.5 HF legic (legic card related commands ... )
- 6.6 HF IClass (iclass card related commands ... )
- 6.7 hf MF (mifare Card related commands ... )
Tips for use
- The PROXMARK3 command uses the minimum matching mode, each command can only be entered to be uniquely identifiable, such as HF MF CHK, only one C at the HF MF command CHK, so the HF MF CHK, HF MF CH, HF MF C are equivalent, so see the online data in the life Make it different. Do not doubt that they are equivalent.
- Proxmark3 each run will produce a proxmark3.log text file in the same directory, which records the results of PROXMARK3 executing each of your commands. Remember, just the result of the command execution. The command itself is stored in the same directory. history file inside. You need to see the history to open Proxmark3.log as well as. Historical view.
- Enter all existing commands without any parameters, and the Help information for the command will be displayed directly.
- All command aids are enclosed in curly braces {}, and there are ellipses that indicate the next level of command. For example, the 14a, 14b, 15, Legic, IClass, MF help messages under the HF command are all {...} form, indicating that there is still a command at the next level.
- When you use the HF MF CHK automation operation, if the full card is the default key, manually create a 16-file file named Dumpkeys.bin, and write all known keya/b to the file! Write Keya first, in write keyb, remember not to have space/enter! Then put in the PROXMARK3 client directory, and then execute the HF MF dump, you will get the dumpdata of the full card! The premise is that keyb is write.
- EM4X Card Straight card has not been out of the ID, you can try this trick: start with 410xwatch, and then put the card, generally can be out tag ID.
- All commands in the high-frequency command for the UID card do not require key to read and write the UID card directly.
Help Master Assistance commands (based on r830 and the following versions)
| Help |
Displays Help. (Use command ' <command> help ' to get more helpful information about the command.) Of course, the direct input of the relevant commands, without Help, can also appear in the command's assistance information. )//For example HW Help is equivalent to HW. |
| Data |
graphics window/Buffer data manipulation, etc. |
| Exit |
Exit the PROXMARK3 terminal environment |
| Hf |
High frequency related commands |
| Hw |
Hardware Detection related commands |
| Lf |
Low Frequency related commands |
| Quit |
Exit PROXMARK3 Terminal environment equivalent to exit |
HW Hardware Detection related commands
| Help |
Show Help |
| Detectreader |
[' l '/' H ']--detects the external Reader frequency area (option "L" or "H" limit to low frequency LF or HF HF) |
| Fpgaoff |
Set FPGA to OFF |
| Lcd |
<16 commands > < times >--Send command/data to LCD |
| Lcdreset |
Resetting the LCD |
| Readmem |
Read the memory of the 10-input address from the chip |
| Reset |
Reset Proxmark3 |
| Setlfdivisor |
<19-255>--driving LF antenna at 12mhz/(base + 1) |
| Setmux |
<loraw/hiraw/lopkd/hipkd>--Set the ADC multiplexer to a specific value |
| Tune |
Measurement of antenna tuning |
| Version |
Displays firmware version information for PROXMARK3 |
Data
graphics window/Buffer data manipulation commands
| Help |
Show Help |
| Amp |
Amplification Peak |
| Askdemod |
<0/1>--attempt to modulate the waveform of the amplitude-shifted keying |
| Autocorr |
< window length >-Auto Correction window |
| Bitsamples |
Get the original sample as Bit |
| Bitstream |
[Clock rate]--the waveform converted into a bit stream |
| Buffclear |
Clear buffer Samples and graphics window |
| Dec |
Sample Extraction |
| Detectclock |
Detecting clock rate |
| Fskdemod |
FSK Display Waveform graphics window as HID |
| Grid |
<x> <y>--overlay grid on graph, close with 0 value |
| Hexsamples |
< block > [< offset;]--a large buffer as a 16-binary dump |
| Hide |
Hide Graphics window |
| Hpf |
Remove DC offset from track line |
| Load |
< file name >--load track from file (to graphics window) |
| LTrim |
<samples>-Organize samples from left track |
| Mandemod |
[i] [clock rate]-manchester demodulation binary stream (option "I" upside-down output) |
| Manmod |
[Clock rate]--Manchester demodulation binary stream |
| Norm |
Normal size Change max/min to +/-500 |
| Plot |
Display the graphics window (click ' H ' in the window to display the key help) |
| Samples |
[128-16000]--Get the original sample from the graphics window |
| Save |
< file name >--Save track (from graphics window) |
| Scale |
< values >--Set the display scale of the cursor |
| Threshold |
< thresholds >-maximizes/Minimizes graphics windows based on thresholds |
| Zerocrossings |
Calculate the time of the 0 intersection |
LF Low-frequency related commands
| Help |
Show Help |
| Cmdread |
<off> < ' 0 ' > < ' 1 ' > < command > [' H ']--send a command to adjust the LF reader period (in subtle units) before reading (the ' h ' option is 134) |
| em4x |
EM4X card class related commands ... |
| Flexdemod |
Demodulation FlexPass Sample |
| Hid |
HID Card Class-related commands ... |
| Indalademod |
[' 224 ']--demodulation of the 64-bit UID of the Indala sample (option ' 224 ' is 224-bit) |
| Indalaclone |
[UID] [' L ']--clone Indala to t55x7 card (the label must be on the antenna) (UID is 16 binary) (option ' l ' means 224-bit UID) |
| Read |
[' H ']--read 125/134 khz low-Frequency ID tag (option ' H ' is 134) |
| Sim |
[Gap] – simulates a low-frequency label (in microseconds) from the buffer of the optional GAP |
| Simbidir |
Analog low-frequency labeling (bidirectional transmission of data between the card reader and the label) |
| SimMan |
< clock > < bit rate > [GAP] simulates any Manchester low-frequency label |
| Ti |
TI Card class-related commands ... |
| Hitag |
Hitag tags related to response ... |
| Vchdemod |
[' Clone ']-demodulation verichip Company sample |
| T55xx |
T55XX card class related commands ... |
| PCF7931 |
PCF7931 card class related commands ... |
LF em4x (em4x card class related commands ...)
| Help |
Show Help |
| Em410xread |
[Clock rate]--Extract the ID of the em410x tag |
| Em410xsim |
<UID>--Analogue em410x label |
| Em410xwatch |
Read em410x label, 2000 samples get ID |
| Em410xwrite |
<UID> < ' 0 ' t5555> < ' 1 ' t55x7>--write em410x UID to T5555 (Q5) or t55x7 label |
| Em4x50read |
Reading data from the em4x50 tag |
| Readword |
<word>--Reading em4xxx character data |
| Readwordpwd |
<word><password>--reading em4xxx character data in password mode |
| Writeword |
<word>--Writing em4xxx character data |
| Writewordpwd |
<data><word><password>--writing em4xxx character data in password mode |
LF HID (HID card class related commands ...)
| Help |
Show Help |
| Demod |
Demodulation hid ProX Card II (not optimal) |
| Fskdemod |
Real-time HID FSK demodulator |
| Sim |
<ID>--Analog HID label |
| Clone |
<ID>-Clone hid to t55x7 card (the label must be on the antenna) |
lf Ti (TI card class related commands ...)
| Help |
Show Help |
| Demod |
TI type LF label demodulation primitive bit |
| Read |
Read and decode the tags of ti class 134kHz |
| Write |
New data written to a read/write Ti class 134kHz tag |
LF Hitag (hitag tag related to answer ...)
| Help |
Show Help |
| List |
List Hitag sniffing data |
| Reader |
Read the Hitag label data as a reader |
| Sim |
Analog Hitag Response |
| Snoop |
Eavesdropping on Hitag Communications |
HF High frequency related commands
| Help |
Show Help |
| 14a |
ISO14443A Card Related commands ... |
| 14b |
ISO14443B Card Related commands ... |
| 15 |
ISO15693 Card Related commands ... |
| Epa |
The German identity card of the relevant order ... |
| Legic |
Legic Card Related commands ... |
| IClass |
IClass Card Related commands ... |
| Mf |
Mifare Card Related commands ... |
| Tune |
Continuous measurement of the tuning of high frequency antennas |
HF 14a (iso14443a card related commands ... )
| Help |
Show Help |
| List |
Lists the traffic history of the ISO14443A class card and the reader |
| Reader |
Reading data such as the UID of the ISO14443A class card |
| Cuids |
Collects a specified number of random UID, showing the start and end times. |
| Sim |
<UID>--Analog iso14443a class label |
| Snoop |
Eavesdropping on the communication data of iso14443a card and card reader |
| Raw |
Send directives to tags using raw format commands |
HF 14b (iso14443b card related commands ... )
| Help |
Show Help |
| Demod |
The label of the modulation iso14443b protocol |
| List |
Lists the iso14443b card and reader communication history that has been tapped |
| Read |
Read the ISO14443B class card information |
| Sim |
Analog iso14443b class Labels |
| Simlisten |
Simulation of iso14443b class labels from high frequency samples |
| Snoop |
Monitor the communication data between the ISO14443B card and the card reader |
| Sri512read |
<int>-Read the contents of the SRI512 tag |
| Srix4kread |
<int>-Read the contents of the srix4k tag |
| Raw |
Send directives to tags using raw format commands |
HF (ISO15693 card related commands ...) )
| Help |
Show Help |
| Demod |
The label of the modulation ISO15693 protocol |
| Read |
Read the ISO15693 class card information |
| Record |
Record ISO15693 label samples |
| Reader |
As ISO15693 card reader, read the UID and other information |
| Sim |
Tag for analog ISO15693 protocol |
| Cmd |
Send commands directly to the label of the ISO15693 protocol |
| Findafi |
Violent a ISO15693 tagged AFI |
| Dumpmemory |
Read all page memory data for ISO15693 tags |
HF EPA (German identity card-related order ... )
| Help |
Show Help |
| Cnonces |
<m> <n> <d>--collects an encrypted value of n bytes length m in D seconds. |
HF Legic (legic card related commands ... )
| Help |
Show Help |
| Decode |
Display of non-confusing, decoded legic RF label data (after using HF Legic reader) |
| Save |
<filename> [<length>]--Storing sample data |
| Load |
<filename>--Recover sample data |
| Sim |
[Phase drift [frame drift [req/resp drift]] start the simulation tag (after using load or read) |
| Write |
<offset> <length>-Write data to buffer (after using load or read) |
| Fill |
<offset> <length> <value>--fill/write label constant value |
HF IClass (iclass card related commands ... )
| Help |
Show Help |
| List |
Lists the traffic history of the IClass class card and the reader |
| Snoop |
Eavesdropping on the communication data of IClass card and card reader |
| Sim |
Analog IClass Tags |
| Reader |
Read IClass tags |
HF MF (MIFARE card related commands ... )
| Help |
Show Help |
| Dbg |
Setting the default debug mode |
| Rdbl |
Reading chunk data from the MIFARE Classic card |
| Rdsc |
Read the MIFARE Classic card sector data |
| Dump |
Export MIFARE Classic card data to a binary file |
| Restore |
Recover data from binary files to a blank Mifare classic card |
| Wrbl |
Rewrite chunk data for Mifare Classic card |
| Chk |
Test each chunk of the Mifare Classic card key A/b |
| Mifare |
Execution of Mifare "Darkside" attack based on PRNG vulnerability |
| Nested |
Test nested authentication vulnerability, based on a known key, to get all sectors keys |
| Sniff |
Communication between the olfactory card and the reader (equivalent to HF 14a Snoop) |
| Sim |
Simulate a Mifare card |
| Eclr |
Clears the data for each chunk of emulated memory |
| Eget |
Get data for each chunk of emulated memory |
| Eset |
Set data for each chunk of emulated memory |
| Eload |
Load simulation data from an exported file |
| Esave |
Exporting and saving simulation data to a file |
| Ecfill |
Using the emulator's keys to fill the emulated memory |
| Ekeyprn |
Print output emulated keys in memory |
| Csetuid |
Directly set the UID of the UID card can be changed |
| Csetblk |
Write the corresponding chunk data to the UID card |
| Cgetblk |
Read the UID card corresponding block data |
| Cgetsc |
Read the UID card corresponding sector data |
| Cload |
Writes dump data to the UID card. Attention |
| Csave |
Save UID Card data to file or emulated memory |
PROXMARK3 Command Help
