Proxmark 3 RDV4.01

Some basic reminders on how to use the Proxmark 3.

Install

Proxmark 3 rdv4 repo
Previous proxmarks repo

0 - WSL2 special

If you are using WSL2 you need some extra steps to access USB devices. The Microsoft doc

Windows side

On the Windows store install winget (Programme d’installation d’application)
On (root) Powershell, update then restart your linux install, then run the following command to install “USBIPD-WIN”

wsl --update
wsl --shutdown
winget install --interactive --exact dorssel.usbipd-win

Once it’s done, list the usb devices

usbipd wsl list

And attach it to your linux instance

 usbipd wsl attach --busid previsously_found_usb_id

1 - Discard modemmanager

The issue is discussed here

sudo apt remove modemmanager
yay -R modemmanager

2 - Install and compile

The wiki
Clone :

git clone https://github.com/RfidResearchGroup/proxmark3.git
cd proxmark3

Install dependancies :

Kali

apt install git build-essential libreadline8 libreadline-dev gcc-arm-none-eabi libbz2-dev libssl-dev libusb-0.1-4 libusb-dev ncurses-dev perl pkg-config libpcsclite-dev pcscd

Arch

yay -S gcc-arm-none-eabi

Compile :
```
make clean && make all
```
Flash :
```
./pm3-flash-all
```
Udev :
Usage

Recon

Identifying High-Frequency (hf) and Low-Frequency (lf) tags

proxmark3>hf search
proxmark3>lf search

Keys

Mifare key check

proxmark3>hf mf chk --1k -* --dump -f ext_keys.dic

hf : high-frequency
mf : mifare
chk : check keys
–1 : mifare 1k
-* : A and B keys
–dump : dump keys to a file (dumpkeys.bin)
-f ext_keys.dic : dictionary

ps : keep in mind that the dumpkeys.bin and dumpdata.bin will be saved in the directory from which you ran the command. If you are in your home directory and run [path to the git clone]/proxmark3/client/proxmark3, the files will be saved in your home directory

Nested

If all keys are not found using the previous dictionary attack, we should use the nested attack :

proxmark3>hf mf nested 1 0 A a0a1a2a3a4a5

hf : high-frequency
mf : mifare
nested : attack type
1 : mifare 1k
0 : block number of known key
A : key type of known key
a0a1a2a3a4a5 : known key

Data

Complete dump of the card to dumpadata.bin, using the dumpkeys.bin file

proxmark3>hf mf dump

In the same directory of the proxmark client, you ll find the “pm3_mfd2eml.py” script, to convert the .bin into .eml Note that this step is no longer necessary with the latest updates as the hf mf dump command dump in both .eml and .bin format and that hf mf cload accept both format as well

python pm3_mfd2eml.py dumpdata.bin random_name.eml

Now all you have to do is clone it on a magic card

proxmark3>hf mf cload -f random_name