Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
I have not completed yet the task I want to do. Still have many questions unanswered, info I need But I think I better put all tools in one place. rather than leave here one, there one.
This is the first page to read
Credits & references
Last edited by ntk (2016-05-04 15:52:08)
Offline
I have some tools written in VB and some excel with macros, because malicious code could be easily to be injected in. or added to the excel sheet etc I need some straight advises
- firstly macros, phishing code is a headache, apart from using strong password against modification of the code, and recommend always download from original or a trustable source. what else? Could better rewrite everything to a program. Safer form, but will waste too much time to reinvent everything even from a basic display of cells over simple addition to complex manipulation of bits
- Secondly, release a just file or always with a GNU GENERAL PUBLIC LICENSE file, code use as it is, no this no that blablabla attach?
Or forget all about that.
What else should I be aware of?
Offline
Password for open file or unzip is proxmark3
Configuration block data for AT55x7 --------> Download
The tool is designed to work in both directions:
A/ If you have infos regarding type, modulation, number of data blocks etc. you want the chip to emulate, you can tell the chip by ticking the right radio options and press "Make Configuration". From the the result windows you can fish the wanted data for configuration block zero for use easily.
B/ but if you know a configuration data block somewhere and you wonders what exactly it contains, what lurchs under the ice surface, it could be a accidental/malicious activation of password for example, which could block your card for access next time you need, etc. then you can paste the data in the right upper window (also the result windows) and press "Visualisation", the tool will display the characters of the would be emulate chip. Configuration block data for AT5555 or Sokymat Q5 --------> Download
Similarly to the AT55x7 configuration tool, this AT5555 or Sokymat Q5 configuration tool also works in both directions: forwardst to map a new configuration data block or backwards on checking out the nature of a given configuration data block.
the data could be easily fish out and put straight into use, via copy from the upper right window, or could be pasted in the same window for visualisation. No way to make mistake by hand writing. 
To use the HID tool from your side you need to know only 3 infos:
- Firstly, the type of tag eg. "HID 26bit"/"Wiegand 26 bit"/"H10301" to chose HID 26bit; or Corporate 1000 type to use HID 35bit or H10302 or 10304 to decide for the right tool, either HID 37bit standard or HID 37 bit Huge for example,
- secondly, the card identity CN and the Facility code FC to fill the only two required input fields.
The rest excel, using formulas and macros, will automatically do for you.
The output contains:
- Ready data for at55x7 write command,
- wiegand sequence or HEX UID ( this step isompatible here not necessary but it is an early preparation for one more new conversion tool:In backwards direction, once you've got the HEX trace from a HID creader, the decoding tool should be able to recalculate the FC and internal CN.) 
Similarly to the basic HID 26 bit mapping tool. Here you need to input facility\site code FC and internal card number CN. Excel will do all back an dforth conversion, mapping, and form result for you
Need testing on real target 
Need testing on real target I am still hopelessly looking for information to put the rest of these tools together.
Have found some info, hope to finish construction this tool soon, cryptic comment on parity bits. Hope on finding some more examples of trace, so this puzzle can be unravel Indala 26bit
Indala 37bit
TECOM 27bit
HID 31bit
HID 32bit
HID 33bit
AMAG 37bit
HID 40bit
HID 48bit
AWID 64bit
HID 75bit
HID 107bit
HID 128bit
Keyscan C15001
Paxton 37bit
HID trace to CN and FC conversion
Intention is for this CN anf FC auto conversion tools is a one button activation tool to get the user intervene at the least of possible and so avoiding any write\conversion\copying mistake. Also different from Brivo card calculation tool, this tool is a vision of one-step-to-result tool ...Just a vision Still not sure of which to involve or how it could work Last edited by ntk (2016-05-08 15:15:07)
Offline
Hi ntk,
Looks like the DropBox links are dead. I might be able to help with some of your "under construction" formats.
Offline
ModHex(gfhjhgikdchbidhgdchuhvifdchfhghbhfdudcdcgchghvichrhgdchjhbihhgdcifhjhghtdchkhudcifhjhgdchdhbhehnikhbidhfdciehvhthgiihjhgidhgdudcfvihhgiddceeecdcifhkhthgiedchfhviihuhrhvhbhfhghfdchbhuhfdchuhvifdchvhuhgdciihvidhfdchhhghghfhdhbhehndudcfkdchfhvhudiifdchnhuhviidciihjhbifdcifhjhgikdchfhviihuhrhvhbhfdchhhviddudcghhgidikdchfhkiehbicichvhkhuifhghfdududuiehvdcfkdchnhkhrhrdcifhjhghtdchrhkhuhniedu) -PatienceIsAVirtue102@gmail.com-
Which one you would like to see?
Very great if you could help me with the "under construction" formats. I can't wait for infos. Thanks.
Last edited by ntk (2016-05-12 18:20:44)
Offline
Sorry that nobody has chimed in to help. I've built a few things in excel like the ones you've done. I think I have the KeyScan C15001 complete.
Last edited by mnelson (2016-05-12 16:17:10)
Offline
Wow, very good news. Hopefully someone has real reader/real fob/card also join in soon, so that we don't only have on paper but we can do also field trial ...
Offline
I have readers/ credential/ control boards/ OEM software for many of these and will be able to do confirmation testing.
Offline
Birth of a regression test tool for LF....(, and part of HF sector)
What happens if you run one PM3 as simulator and the other as reader? do they behave like real tag/real reader? what limitation?
Because I don't have HW to run them against, I never use simulator before. Sorry my ignorance. But I am very interested how many times/ how often do you use LF or HF simulation? a week a month? would you say simulation in the history never has been broken by any SW programmer? would you participate a small poll about simulation
you vote here
you can see poll result here
Poll voter is anonymous...
When set a Pm3 as simulator is there possible to implemented a way for come off that mode, like timeout, deactivate command? for example to go on to simulate an ither type of card/tag
PS I have oyster card when I approach a transport card point (reader) it reads my card in any angle (0/45/90 degree), position (right side/reverse side). With PM3 it is different, with each Mifare card I have a different optimal distance/angle/position ... It makes very hard to work. I don't understand where that limitation comes from, because our antenna is delicate? is orientated? is too weak or is for broaden use of any type of card?
Last edited by ntk (2016-05-30 12:12:30)
Offline