Proxmark3
editThe Proxmark 3 is an improved version of proxmarkii.[1] It is a dedicated, highly-capable multi-tool for RFID analysis, providing reading, writing, analysis, snooping, replaying, emulation, modulation, demodulation, decoding, encoding, decryption, encryption for any RFID system operating in the 125KHz, 134KHz and 13.56MHz frequencies.[2] Proxmark can be considered the most powerful RFID and Near Field Communication research device currently available.[3]
Licence
editThe hardware design and firmware of this latest version is in the public domain since May 2007 under the General Public License.[4]
The the cost of the device was around 200 euro and since the schematics are online, it can be ordered through any local printed circuit board (PCB) supplier.[4]
About
editThe original Proxmark 3 was originally created as a PHD project by Jonathan Westhues in 2007 to facilitate the research of RFID systems. The Proxmark supports all major modulation and encoding schemes. Therefore, it is able to communicate with many different proprietary communication protocols used by various RFID tags. It can act as a reader. It can eavesdrop on a transaction between another reader and a tag. It can analyze the signal received over the air more closely, for example to perform an attack in which we derive information from the tag's instantaneous power consumption. It can pretend to be a tag itself. It is also capable of some less obviously useful operations that might come in handy for development work.[5]
Hardware
edit- It is additionally equipped with a Field Programmable Gate Array (FPGA) which is mainly responsible for the low-level signal processing and allows to set up multiple signal processing schemes.[4]
- Supports both low (125 kHz-134 kHz) and high frequency (13.56MHz) signal processing. This is achieved by two parallel antenna circuits that can be used independently[4]
- Has a USB interface to the computer. The current implementation uses the default Human Interface Device (HID) USB protocol. Flashing of the microcontroller and the FPGA can be done via USB. Only the first time the JTAG interface is used to set up a bootloader on the microcontroller.[4]
Software
edit- It can operate in three different mores: sniffing mode; card emulation mode; and reader mode.[4]
- The client application works as a console application and connects to the Proxmark via the standard HID USB protocol.[4]
Models
editThere are currently five different variations of Proxmark3 available for purchase.
From the very first 3rd model, Proxmark has been gradually modernized and improved, so the differences between neighboring models are not as dramatic as between the first and the last.[3]
Proxmark3
editSince it was open-sourced, there have been multiple commercial versions of the Proxmark. Originally manufactured individually or in small runs, a handful of manufacturers began to commercialise the device.[5]
Versions of note:
edit- Original
- XFPGA / RadioWar
- Rysc
- Elechouse[6]
Specifications
edit- CPU Variants of AT91SAM7S512
- Storage 512Kb SPI flash
- Interface Typically, 1x mode LEDs, 1x button.
- Antennas
- LF Untuned, external
- HF Untuned, external[6]
Proxmark3 Easy (V3.0)
editThe Proxmark 3 Easy was designed and produced by Elechouse, the creators of the Proxmark 3 RDV 2. It was designed as a lower-cost version of the Proxmark 3 RDV 2 specifically for domestic sales in China via TaoBao. It was created to be a cheaper, less capable fork of the RDV 2.
Its lower price point came at the cost of performance:
- Downgraded microcontroller: AT91SAM7S256 (smaller memory 256kb)
- Removed lithium battery management and socket.
- Removed Relay
- Removed Amplifier
These hardware changes resulted in the Proxmark 3 Easy being incapable of performing several of the Proxmark's advanced features, including the Mifare Hard-Nested attacks.
Despite these differences, several Western distibutors sold the Proxmark 3 Easy as a 1:1 alternative to the RDV 2.[7]
Specifications
edit- CPU AT91SAM7S256
- Storage 256Kb SPI flash
- Interface 4x mode LEDs, 1x button.
- Antennas
- LF Attached
- HF Integrated[7]
Proxmark3 RDV2
editDesigned and manufactured by Elechouse, the Proxmark 3 RDV 2, or "Revision Two" was the first major evolution in the Proxmark framework for many years.
All major hardware components, including the microcontroller, FPGA and flash memory were revised and updated.
However, the most significant changes were in the antenna design and implementation. The bulky, awkward and untuned antennas of the Proxmark 3 were replaced with compact, pre-tuned HF and LF antennas, using the standard SMA interface instead of the USB-Hirose cables previously used.
The Proxmark 3 RDV 2 was the first all-in-one design, with its stacked PCB design providing a case and attach points for the antennas, finally enabling the device to be used in environments where more discretion was required.
The Proxmark 3 RDV 2 was quickly adopted as the "industry standard" device. Its popularity resulted in grey-market / counterfeit versions of the device surfacing on AliExpress / TaoBao. These devices had known issues with their antenna performance and suffered from failing relays.[8]
Specifications
edit- CPU AT91SAM7S512
- Storage 512Kb SPI flash
- Interface 4x mode LEDs, 1x button.
- Battery External battery connector
- Antennas
- LF Pretuned, Removable
- HF Pretuned, Removable[8]
Proxmark3 EVO
editThe Proxmark 3 EVO, or "Evolution" is designed by Elechouse to be the ultimate evolution of the Proxmark 3 Platform.
No larger than a wallet, the Proxmark 3 Evo has been miniaturised and modernised to respond to the evolving requirements of the community.
It can be considered the ultimate desktop device for RFID researchers and hobbists.
- Durable: High quality ABS case protects your hardware, even on the go
- Flexible: Only proxmark to feature an RGB LED for intuative status indication
- Android Compatible: Works with Project Walrus for automated red-teaming[9]
Device Characteristics
edit- Miniaturised: 60 x 90 x 12mm
- Internalised, Pre-tuned antennas
- RGB LED (integrated into official codebase)
- ABS case
- 100% Compatible with the official Proxmark codebase[9]
Specifications
edit- CPU AT91SAM7S512
- Storage External 2MBits / 512Kb SPI flash
- Interface 1x RGB LED, 1x button.
- Battery External battery connector
- Antennas
- LF Pretuned, Internal
- HF Pretuned, Internal[9]
Proxmark3 RDV4
editThe Proxmark 3 RDV4 is the latest revision of the Proxmark 3 Platform. It is designed and manufactured by RRG, a company formed by four people instrumental to the Proxmark 3 including:
- Chris Hermann (iceman) - Moderator of the proxmark forums
- Kevin (0xFFFF) - Moderator of the proxmark forums
The RDV 4 revision represents a highly optimised piece of hardware specifically designed for the pen-testing community:
- Covert: Fits easily into a hand and pocket
- Modular: Rapidly switch pre-tuned antennas for more range when in the field
- Intuiative: Multiple Status LEDs for at-a-glance status checking
- Android Compatible: Works with Project Walrus for automated red-teaming
- Expandable: BLE/Wifi module expansion capability for automated data egress[10]
Device Characteristics
edit- Smallest Proxmark Ever: 54 x 87 x 10mm
- Internalised, Pre-tuned antennas
- SIM/Smart card reader
- Miniaturised ABS case
- Expandable Framework:
- Hot-swappable mid and long range antennas
- BLE/Wifi module compatible[10]
Specifications
edit- CPU SAM7S512
- Storage External 2MBits / 256Kb SPI flash
- Interface 4x power LEDs, 4x mode LEDs, 1x button.
- Performance
- LF (125KHz): 70mm @ 65V
- HF (13.56MHz): 88mm @ 44V[10]
What's included:
editStandard Accessory Pack
edit- 1x Proxmark 3 RDV4.01
- 1x Pretuned LF Antenna - 125KHz & 134KHz (Internal)
- 1x Pretuned HF Antenna - 13.56MHz (Internal)
- 1x Micro USB Cable
- 1x Screw Driver (for external antenna mounting)
- 1x SIM / SAM Reader Module
RFID Tags / Cards
edit- 1x 'Magic' 1k UID Changeable - PVC Card format
- 1x T5577 Tag - PVC Card format
Complete Accessory Pack
edit- 1x Standalone Module (Battery + Bluetooth)
- 1x HF Antenna Pack (1x Mid Range, 1x Long Range)
- 1x LF Antenna Pack (1x Mid Range, 1x Long Range)
- 1x Flashing Support[10]
Compatible systems
edit- Windows: XP, 7, 8, 10 (All Versions)
- OS/X: 10.0 - 10.7 (All Versions)
- Linux: Debian, Ubuntu, CentOS, etc (All Versions)
- Android: Specific Builds[11]
Proxmark 3 technical comparison
editThere are multiple versions of the Proxmark, optimised for desktop use or penetration testing. Please check the table below to find the version that corresponds with your needs.[11]
Feature | Proxmark 3 RDV 4.01 | Proxmark 3 EVO | Others (RDV2, Easy, etc) |
---|---|---|---|
CPU | SAM7S512 | AT91SAM7S512 | AT91SAM7S512 / AT91SAM7S256 |
Memory | External 2MBits Internal 512Kb SPI | External 2MBits Internal 512Kb SPI | External None Internal 256 - 512Kb SPI |
LF Read Range | 70mm @ 65V | 40mm @ 55V | 10mm - 35mm |
HF Read Range | 40 - 85mm @ 44V | 50mm @ 40V | 10mm - 40mm |
HF Read Range (medium antenna) | 90mm | ||
HF Read Range (large antenna) | 100 - 120mm | ||
Dimensions | 54x87x10mm | 60x90x12mm | At least 150x50mmx50mm |
Expandable Framework? | Yes |
Proxmark 3 functionality comparison
editThere are multiple versions of the Proxmark, optimised for desktop use or penetration testing. Please check the table below to find the version that corresponds with your needs.[11]
Feature | Proxmark 3 RDV 4.01 | Proxmark 3 EVO | Others (RDV2, Easy, etc) |
---|---|---|---|
Internal Antennas | X | X | |
ABS Case | X | X | |
Miniaturised | X | X | |
Pentesting Optimised | X | ||
Desktop Optimised | X | ||
SIM/SAM Reader | X | ||
Swappable Antennas | X | ||
Long Range Antenna | X | ||
Interface | 8x LED | 1x RGB LED | 1x LED |
- ^ "A Test Instrument for HF/LF RFID". cq.cx. Retrieved 2021-05-03.
- ^ "Proxmark 3 RDV4.01". Lab401. Retrieved 2021-05-03.
- ^ a b "[0] Proxmark3 - Introduction". 04/25/2019.
{{cite web}}
:|first=
missing|last=
(help); Check date values in:|date=
(help)CS1 maint: url-status (link) - ^ a b c d e f g "Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research" (PDF). cs.ru.nl.
{{cite web}}
:|first=
missing|last=
(help); line feed character in|title=
at position 50 (help)CS1 maint: multiple names: authors list (link) CS1 maint: url-status (link) - ^ a b "Proxmark 3 | Proxmark". proxmark.com. Retrieved 2021-05-03.
- ^ a b "Proxmark 3 Easy | Proxmark". www.proxmark.com. Retrieved 2021-05-03.
- ^ a b "Proxmark 3 Easy | Proxmark". www.proxmark.com. Retrieved 2021-05-03.
- ^ a b "Proxmark 3 RDV 2 | Proxmark". www.proxmark.com. Retrieved 2021-05-03.
- ^ a b c "Proxmark 3 EVO | Proxmark". www.proxmark.com. Retrieved 2021-05-03.
- ^ a b c d "Proxmark 3 RDV4 | Proxmark". www.proxmark.com. Retrieved 2021-05-03.
- ^ a b c "Proxmark 3 RDV4.01". Lab401. Retrieved 2021-05-03.