RFID Hacking 101

Configuring a Proxmark 3 Easy from scratch


πŸ“– Intro

Opening the front entrance of your building? Unlocking a locker? Logging timecards?

In this day and age, you are likely to be using an RFID tag. While many people consider them more convenient, I feel that it does open the room for more attacks since an RFID tag can be sniffed at any moment.

Anyway, I've been getting quite annoyed by the inefficiencies of asking my friend to come downstairs and open the door, whenever I'm stopping by his apartment. So, without further adieu I've got my hands on an Proxmark 3 Easy and started "hacking".

At the time of writing, and probably for many years to come, Proxmark seemed like the go-to, community praised RFID tool for "hacking". As the name suggests, Easy, I've went with the cheaper knockoff that can still sniff, read and clone RFID tags, which perfectly satisfies my needs.

βš™οΈ Setup

The installation steps are specific to macOS. Check Github Repo β†— for different operating systems.

Before doing anything remotely exciting, I had go through the tedious process of setting up everything. I've decided to use the proxmark repo from RfidResearchGroup, since it felt like having a bit better of a Developer Experience (DX).

First steps, just download the repo through Homebrew and update an environment variable since I'm using a different platform (Proxmark 3 Easy instead of Proxmark 3).

# ❗️ outdated ❗️
brew install proxmark3
export HOMEBREW_PROXMARK3_PLATFORM=PM3OTHER

Seems easy enough, am I right? Fast forward ⏩ a couple of hours in the future, guess what? nothing is working. That's because newer version of the library expect you to set the destination platform through command option when doing the installation, which was completely undocumented at the time being 😀.

brew install --with-generic proxmark3

The only logical next step was to open a PR β†— and fix the docs myself πŸ’«.

Alright, focus! We are almost there! In order for this to work, you will need the same version of firmware on your Proxmark and computer, which means that you are likely going to need to flash your device.

Start by holding the button on your Proxmark, and then plug it in using the port on the shorter side. Two lights should have flickered up, which means you have entered boot-loader mode.

If the 2 lights don't stay up after turning it on, it means that it is using a really old version that requires you to hold the button throughout the whole duration of flashing.

Once that, you can run the following command. It's really nice since it's an all-in-one script that auto detects your device and flashes both the bootrom and firmware to the latest version.

pm3-flash-all

Pro Tip: If you want to see the USB serial connection for yourself, run ls /dev/tty*. My recently flashed Proxmark 3 Easy showed up as /dev/tty.usbmodemiceman.

At this point, all the boring stuff is finally done!

πŸ‘Ύ Let’s get hacking

hf mf chk --dump
hf mf dump
hf mf restore --1k --uid 4A6CE843 -k hf-mf-102FAB2A-key-3.bin -f hf-mf-102FAB2A-dump-2.bin

πŸ‘ Special Thanks