Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
This thread is about new commands (updated/removed/added) since 2.1.0.
Last edited by asper (2015-06-23 17:16:06)
Offline
the list that was in 2.1.0 release starting with hf mfu commands (mostly remade):
hf mfu dump k <key> l n <filename w/o .bin> (remade)
Options :
k <key> : (optional) key for authentication [UL-C 16bytes, EV1/NTAG 4bytes]
l : (optional) swap entered key's endianness
n <FN > : filename w/o .bin to save the dump as
p <Pg > : starting Page number to manually set a page to start the dump at
q <qty> : number of Pages to manually set how many pages to dump
sample : hf mfu dump
: hf mfu dump n myfile
: hf mfu dump k 00112233445566778899AABBCCDDEEFF
: hf mfu dump k AABBCCDDD
hf mfu rdbl b <block number> k <key> l (remade)
Options:
b <no> : block to read
k <key> : (optional) key for authentication [UL-C 16bytes, EV1/NTAG 4bytes]
l : (optional) swap entered key's endianness
sample : hf mfu rdbl b 0
: hf mfu rdbl b 0 k 00112233445566778899AABBCCDDEEFF
: hf mfu rdbl b 0 k AABBCCDDD
hf mfu wrbl b <block number> d <data> k <key> l (remade)
Options:
b <no> : block to write
d <data> : block data - (8 hex symbols)
k <key> : (optional) key for authentication [UL-C 16bytes, EV1/NTAG 4bytes]
l : (optional) swap entered key's endianness
sample : hf mfu wrbl b 0 d 01234567
: hf mfu wrbl b 0 d 01234567 k AABBCCDDD
proxmark3> hf mfu info h
It gathers information about the tag and tries to detect what kind it is.
Sometimes the tags are locked down, and you may need a key to be able to read the information
The following tags can be identified:
Ultralight, Ultralight-C, Ultralight EV1, NTAG 203, NTAG 210,
NTAG 212, NTAG 213, NTAG 215, NTAG 216, NTAG I2C 1K & 2K
my-d, my-d NFC, my-d move, my-d move NFC
Usage: hf mfu info k <key> l
Options :
k <key> : (optional) key for authentication [UL-C 16bytes, EV1/NTAG 4bytes]
l : (optional) swap entered key's endianness
sample : hf mfu info
: hf mfu info k 00112233445566778899AABBCCDDEEFF
: hf mfu info k AABBCCDDD
REMOVED:
hf mfu crdbl
hf mfu cwrbl (now integrated into wrbl)
t55xx command changes: - did these make it in 2.0?
lf t55xx config [d <demodulation>] [i 1] [o <offset>]
Options:
h This help
b <8|16|32|40|50|64|100|128> Set bitrate
d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NZ|BI|BIa> Set demodulation FSK / ASK / PSK / NZ / Biphase / Biphase A
i [1] Invert data signal, defaults to normal
o [offset] Set offset, where data should start decode in bitstream
Examples:
lf t55xx config d FSK - FSK demodulation
lf t55xx config d FSK i 1 - FSK demodulation, inverse data
lf t55xx config d FSK i 1 o 3 - FSK demodulation, inverse data, offset=3,start from position 3 to decode data
lf t55xx detect (detect t55xx chip and auto configure)
lf t55xx readblock REMOVED
lf t55xx writeblock REMOVED
lf t55xx writeblockPWD REMOVED
lf t55xx readblockPWD REMOVED
lf t55xx readtrace REMOVED
Usage: lf t55xx write <block> <data> [password]
<block>, block number to write. Between 0-7
<data>, 4 bytes of data to write (8 hex characters)
[password], OPTIONAL password 4bytes (8 hex characters)
Examples:
lf t55xx write 3 11223344 - write 11223344 to block 3
lf t55xx write 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef
Usage: lf t55xx read <block> <password>
<block>, block number to read. Between 0-7
<password>, OPTIONAL password (8 hex characters)
Examples:
lf t55xx read 0 - read data from block 0
lf t55xx read 0 feedbeef - read data from block 0 password feedbeef
Usage: lf t55xx trace [1]
[graph buffer data], if set, use Graphbuffer otherwise read data from tag
Examples:
lf t55xx trace
lf t55xx trace 1
Usage: lf t55xx info [1]
[graph buffer data], if set, use Graphbuffer otherwise read data from tag.
Examples:
lf t55xx info
lf t55xx info 1
Usage: lf t55xx dump <password>
<password>, OPTIONAL password 4bytes (8 hex symbols)
Examples:
lf t55xx dump
lf t55xx dump feedbeef
Other changes:
hf search (searches for known hf tags near antenna and outputs found type)
data psknexwatchdemod (Demodulate a NexWatch tag (nexkey, quadrakey) (PSK1) from GraphBuffer)
data printdemodbuffer x o <offset>
Options:
h This help
x output in hex (omit for binary output)
o <offset> enter offset in # of bits
hf 14b code
hf 14b demod - REMOVED
hf 14b read - REMOVED
hf 14b simlisten - REMOVED
hf epa preplay <mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs (by Frederik Möllers)
also not sure which of the new lf commands didn't make it into 2.0.0 so see: http://www.proxmark.org/forum/viewtopic.php?id=2260
CODE still unreleased:
data fdxbdemod (Demodulate a FDX-B ISO11784/85 Biphase tag from GraphBuffer)
hf 14b info (attempts to read various 14b tags and output type/uid/any other info that can be gathered)
hf 14b reader (attempts to read various 14b tags and output type/uid)
hf 14b write CHANGED TO hf 14b sriwrite
hf 14b raw (added -s option to send REQB and ATTRIB cmd prior to next raw command)
(hf search now also searches for 14b)
reveng - not yet committed:
reveng -h
CRC RevEng, an arbitrary-precision CRC calculator and algorithm finder
Usage: reveng -cdDesvhu? [-bBfFlLMrStVXyz]
[-a BITS] [-A OBITS] [-i INIT] [-k KPOLY] [-m MODEL]
[-p POLY] [-P RPOLY] [-q QPOLY] [-w WIDTH] [-x XOROUT]
[STRING...]
Options:
-a BITS bits per character (1 to 32)
-A OBITS bits per output character (1 to 32)
-i INIT initial register value
-k KPOLY generator in Koopman notation (implies WIDTH)
-m MODEL preset CRC algorithm
-p POLY generator or search range start polynomial
-P RPOLY reversed generator polynomial
-q QPOLY search range end polynomial
-w WIDTH register size, in bits
-x XOROUT final register XOR value
Modifier switches:
-b big-endian CRC -B big-endian CRC output
-f read files named in STRINGs -F find presets less quickly
-l little-endian CRC -L little-endian CRC output
-M non-augmenting algorithm -r right-justified output
-S print spaces between chars -t left-justified output
-V reverse algorithm only -X print uppercase hex
-y low bytes first in files -z raw binary STRINGs
Mode switches:
-c calculate CRCs -d dump algorithm parameters
-D list preset algorithms -e echo (and reformat) input
-s search for algorithm -v calculate reversed CRCs
-g search for alg given hex+crc -h | -u | -? show this help
Common Use Examples:
reveng -g 01020304e3
Searches for a known/common crc preset that computes the crc
on the end of the given hex string
reveng -w 8 -s 01020304e3 010204039d
Searches for any possible 8 bit width crc calc that computes
the crc on the end of the given hex string(s)
reveng -m CRC-8 -c 01020304
Calculates the crc-8 of the given hex string
reveng -D
Outputs a list of all known/common crc models with their
preset values
Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015 Gregory Cook
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Version 1.3.0 <http://reveng.sourceforge.net/>
Last edited by marshmellow (2015-06-30 05:41:39)
Offline
Under windows "data psknexwatchdemod", without a tag on the antenna, makes the client to crash (I cannot test with a tag because I don't have any).
Last edited by asper (2015-06-23 16:34:19)
Offline
You run it with samples in the graphbuffer.
Offline
I don't remember... anyway new gui is up and running. A release will follow soon !
EDIT: 2.1.0 released !
Thank you all Iceman, Piwi and Marshmellow !
Last edited by asper (2015-06-23 17:18:31)
Offline
Piwi, do you plan to add Topaz full support soon to the main trunk ?
Offline
I got a bit distracted from the Topaz branch recently (FPGA compression, hf 14b). Let me fix the issue with hf mf mifare and then I will continue on the Topaz branch.
Offline
Take your time man ! Your contribute is useful wherever it is focused on
Offline
updated my command list posting...
Offline
Will hf 14b info be the same as hf 14b reader ?
Offline
Info will output more details (if we know them)
Offline
Pages: 1