Skip to content

Using Proxmark3 RDV4.01

Installation: Installing proxmark3 RDV4.01 in Kali

Basic commands

1
2
3
4
5
6
7
8
# The prompt will have this appearance
[usb] pm3 --> 

# Display help and commands
help

# Close the client
quit

To get an overview of the available commands for LF RFID and HF RFID:

1
2
[usb] pm3 --> lf
[usb] pm3 --> hf

To search quickly for known LF or HF tags:

1
2
[usb] pm3 --> lf search
[usb] pm3 --> hf search

To get info on a ISO14443-A tag:

1
[usb] pm3 --> hf 14a info

Read and write:

1
2
3
4
5
6
7
8
# Read sector 1 with key FFFFFFFFFFFF
hf mf rdsc -s 1 -k FFFFFFFFFFFF

# Read block 13 with key FFFFFFFFFFFF
hf mf rdbl --blk 13 -k FFFFFFFFFFFF

# Write block 8 with key a FFFFFFFFFFFF 
hf mf wrbl --blk 8 -a -k FFFFFFFFFFFF -d FFFFFFFFFFFF7F078800FFFFFFFFFFFF

Getting keys

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Check all sectors, all keys, 1K, and write to file
hf mf chk --1k --dump             

# Check for default keys:
hf mf chk --1k -f mfc_default_keys

# Check dictionary against block 0, key A
hf mf chk -a --tblk 0 -f mfc_default_keys.dic       

# Run autopwn, to extract all keys and backup a MIFARE Classic tag
hf mf autopwn


hf mf nested --1k --blk 0 -a -k FFFFFFFFFFFF --dump

# Dump MIFARE Classic card contents:
hf mf dump
hf mf dump --1k -k hf-mf-A29558E4-key.bin -f hf-mf-A29558E4-dump.bin


# Write to MIFARE Classic block:
hf mf wrbl --blk 0 -k FFFFFFFFFFFF -d d3a2859f6b880400c801002000000016


# Bruteforce MIFARE Classic card numbers from 11223344 to 11223346:
script run hf_mf_uidbruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc

# Bruteforce MIFARE Ultralight EV1 card numbers from 11223344556677 to 11223344556679
script run hf_mf_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu

Next steps

Last update: 2024-04-07
Created: April 7, 2024 18:53:53