Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2020-03-08 12:28:22

Malkav
Contributor
Registered: 2020-02-26
Posts: 2

Tips for 14a offline sniffing with PiSwords Proxmark3

Hi all,

I recently bought the PiSwords Proxmark3 from AliExpress, since I wanted to start playing with RFID tags. I decided to buy the two USB ports model because it says that it can perform offline sniffing but I couldn't find any documentation to do it, so this is why I'm writing this post.

First of all, you'll need to flash the RRG/Iceman firmware. To flash the bootloader you have to follow the procedure described in https://github.com/Proxmark/proxmark3/wiki/flashing and keep the button pressed while connecting the USB port (once you upgrade to the RRG/Iceman FW this won't be necessary). I flashed first the original firmware but just because I wanted to see the differences between the original and the RRG/Iceman FW, I assume you can flash directly the second one.

About offline sniffing: you can see on one of the photos of the product that the front connector is for "USB Powerbank" and the side one for "Off-line sniffing". This is wrong, or at least very misleading. The front connector is the only one that has an USB data connection, so the side one will be the one used for the Powerbank.

The procedure for offline sniffing will be something like this:

  1. Connect the Powerbank to the side connector.

  2. Keep pressed the Proxmark3 button to enter standalone mode (I'll talk more about this later).

  3. Perform offline sniffing.

  4. Connect the Proxmark3 to your PC using the front connector.

  5. Dump the sniffing session with the Proxmark client.

It's quite easy, but I had to do some trial and error until I got it right.

About the standalone mode, if you want to sniff 14a using this Proxmark3 you'll have to develop your own mode. This is because the HF_14ASNIFF mode is valid only for the RDV4 model which has a SPI flash memory which unfortunately we don't have with the PiSwords model.

Based on this mode I've tried something like this (I did it copying/pasting from the HF_YOUNG & HF_14ASNIFF modes from Craig Young & Michael Farrell, so I'd like to thank both of them):

#include "standalone.h"
#include "proxmark3_arm.h"
#include "iso14443a.h"
#include "util.h"
#include "appmain.h"
#include "dbprint.h"
#include "ticks.h"
#include "BigBuf.h"

void ModInfo(void) {
    DbpString("hf_14asniff_nospiffs: standalone 'hf 14a sniff', keeps it in memory");
}

void RunMod() {
    StandAloneMode();
    Dbprintf("Starting standalone mode: hf_14asniff_nospiffs");

    for (;;) {
        SniffIso14443a(0);
        
        LED_D_ON();
        for (;;) {
            WDT_HIT();
            int button_pressed = BUTTON_HELD(280);
            if (button_pressed == BUTTON_HOLD)
                break;

            // exit from Standalone Mode,   send a usbcommand.
            if (data_available()) return;
        }
        LED_D_OFF();
        SpinDelay(300);
    }
}

It basically performs a "hf 14a sniff" until the button is pressed. Then the LED D will turn on and you'll be able to connect the Proxmark3 to your PC and do a "hf 14a list" to dump the sniffing session. Also, if you want to discard the sniffing session you just have to press the button briefly, then you'll return to the sniffing session (the LED D will turn off and A will turn on).

I tried it using my phone to read a tag and it seems to work, however I must warn you that I couldn't try this using a real reader.

For more information to include a new standalone mode check the RRG readme: https://github.com/RfidResearchGroup/proxmark3/blob/master/armsrc/Standalone/readme.md

Last, I'd like to thank Iceman1001 and all the Rfid Research Group for all their great work. Best Regards.

Offline

Board footer

Powered by FluxBB