Using Proxmark3 RDV4.01
Installation: Installing proxmark3 RDV4.01 in Kali
Basic commands
# The prompt will have this appearance
[usb] pm3 -->
# Display help and commands
help
# Close the client
quit
To get an overview of the available commands for LF RFID and HF RFID:
To search quickly for known LF or HF tags:
To get info on a ISO14443-A tag:
Read and write:
# Read sector 1 with key FFFFFFFFFFFF
hf mf rdsc -s 1 -k FFFFFFFFFFFF
# Read block 13 with key FFFFFFFFFFFF
hf mf rdbl --blk 13 -k FFFFFFFFFFFF
# Write block 8 with key a FFFFFFFFFFFF
hf mf wrbl --blk 8 -a -k FFFFFFFFFFFF -d FFFFFFFFFFFF7F078800FFFFFFFFFFFF
Getting keys
# Check all sectors, all keys, 1K, and write to file
hf mf chk --1k --dump
# Check for default keys:
hf mf chk --1k -f mfc_default_keys
# Check dictionary against block 0, key A
hf mf chk -a --tblk 0 -f mfc_default_keys.dic
# Run autopwn, to extract all keys and backup a MIFARE Classic tag
hf mf autopwn
hf mf nested --1k --blk 0 -a -k FFFFFFFFFFFF --dump
# Dump MIFARE Classic card contents:
hf mf dump
hf mf dump --1k -k hf-mf-A29558E4-key.bin -f hf-mf-A29558E4-dump.bin
# Write to MIFARE Classic block:
hf mf wrbl --blk 0 -k FFFFFFFFFFFF -d d3a2859f6b880400c801002000000016
# Bruteforce MIFARE Classic card numbers from 11223344 to 11223346:
script run hf_mf_uidbruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
# Bruteforce MIFARE Ultralight EV1 card numbers from 11223344556677 to 11223344556679
script run hf_mf_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
Next steps
- https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/cheatsheet.md
- https://github.com/Proxmark/proxmark3/wiki/Generic-ISO14443-Ops
- https://github.com/RfidResearchGroup/proxmark3/wiki/More-cheat-sheets