Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Environment : Windows 7
(Posted this on the IRC Channel, but throught I would put it up here... I hope it hasnt died its brand new!!)
So the unit is an electrohouse PM3 easy unit, purchased from a local Australian reseller, as I didnt want to wait a month for it to get here... So here we go...
So, following the Instructions to get the GNU Terminal up, I got that working, But didnt compile the firmware because going to (https://drive.google.com/open?id=0B03wIb-JZ6VQbFRmWnlKOHVKM0k - http://www.proxmark.org/forum/viewtopic.php?id=3975) Google drive, the 20170526-c87c452120aa30e0db9ca8046f00def677365ae6 already compiled firmware, I found the proxmark3.exe file, and thought that using this I would have a look and see what it would do (I should have saved the data that it outputted, but sorry I didnt, I remember the firmware/boot was something along the lines of unstable?-2016-11? something something) As I didnt want to flash firmware and break anything, I simply wanted to make sure it worked, I thought this would be the safest way of doing things, and the proxmark3.exe file that came with the 20170526 worked, for a little bit, the unit after running a hw tune, and I even managed to clone a hid prox (yah for me!) I did a hf search, but I didnt have the prox on it when I issued the command, and I got lots of .......'s, it stated to press the button, to exit the pm3 and client, so not knowing any better I pressed it, then it got odd... the unit simply stopped responding, I didnt notice the lights, but I remember the blue being on...
I assumed, probably incorrectly, that if I powered it down, it should come back up.. and I powered it down, then brought it back up, now it has the red light on, and green light on, and it stays solid for 10-20 seconds, the blue flicks for a brief time (seems to be doing a boot)
At this point my heart has somewhat sunk, I cannot see it any more in the device manager (it was there before on com4) am not happy, but wont give up. So, reading some more, I found that pressing and holding the button on boot for 10+ seconds, it will come not online, but windows will start to recognize the unit, But it cannot load the driver, doesnt have a driver, now I tried the driver from the Proxmark 3 github download via the Github for windows, and I used the driver in the compiled sounce (https://drive.google.com/open?id=0B03wIb-JZ6VQbFRmWnlKOHVKM0k) and both dont work/load. I am assuming now that rather than the unit being 'online' in windows, that its in some kind of DFU or base load setup, because letting the button go, results in it dropping offline from the windows drive manager.
So I am guessing its not dead, but wanting something from somewhere, I am assuming that I need to compile the source code from the github or something similar and then flash the firmware/bootloader etc.... Here is where I stopped (kind of) I dont want to cause any problems, as I am only going off loose information...
I've run the runme.bat in the proxspace directory, it comes up and I ran the make clean && make all, and got the following output... Reading the help, it states I should ask the community, so here I am..
pm3 ~$ make clean && make all
make -C client clean
make[1]: Entering directory `/pm3/client'
rm -f proxmark3 flasher fpga_compress proxmark3.exe flasher.exe fpga_compress
.exe obj/uart.o obj/util.o obj/crapto1/crapto1.o obj/crapto1/crypto1.o obj/mfkey
.o obj/loclass/cipher.o obj/loclass/cipherutils.o obj/loclass/des.o obj/loclass/
ikeys.o obj/loclass/elite_crack.o obj/loclass/fileutils.o obj/whereami.o obj/mif
arehost.o obj/parity.o obj/crc.o obj/crc16.o obj/crc64.o obj/iso14443crc.o obj/i
so15693tools.o obj/data.o obj/graph.o obj/ui.o obj/cmddata.o obj/lfdemod.o obj/c
mdhf.o obj/cmdhf14a.o obj/cmdhf14b.o obj/cmdhf15.o obj/cmdhfepa.o obj/cmdhflegic
.o obj/cmdhficlass.o obj/cmdhfmf.o obj/cmdhfmfu.o obj/cmdhftopaz.o obj/cmdhw.o o
bj/cmdlf.o obj/cmdlfawid.o obj/cmdlfcotag.o obj/cmdlfem4x.o obj/cmdlffdx.o obj/c
mdlfgproxii.o obj/cmdlfhid.o obj/cmdlfhitag.o obj/cmdlfio.o obj/cmdlfindala.o ob
j/cmdlfjablotron.o obj/cmdlfnexwatch.o obj/cmdlfnoralsy.o obj/cmdlfparadox.o obj
/cmdlfpcf7931.o obj/cmdlfpresco.o obj/cmdlfpyramid.o obj/cmdlfsecurakey.o obj/cm
dlft55xx.o obj/cmdlfti.o obj/cmdlfviking.o obj/cmdlfvisa2000.o obj/cmdparser.o o
bj/cmdmain.o obj/scripting.o obj/cmdscript.o obj/pm3_binlib.o obj/pm3_bitlib.o o
bj/aes.o obj/protocols.o obj/sha1.o obj/cmdcrc.o obj/reveng/reveng.o obj/reveng/
cli.o obj/reveng/bmpbit.o obj/reveng/model.o obj/reveng/poly.o obj/reveng/getopt
.o obj/deflate.o obj/adler32.o obj/trees.o obj/zutil.o obj/inflate.o obj/inffast
.o obj/inftrees.o obj/proxgui.o obj/proxguiqt.o obj/proxguiqt.moc.o obj/*.o *.mo
c.cpp ui/ui_overlays.h
cd ../liblua && make clean
make[2]: Entering directory `/pm3/liblua'
rm -f liblua.a lua luac lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o l
gc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o lt
m.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o lbitlib.o lcorolib.o ldblib.o li
olib.o lmathlib.o loslib.o lstrlib.o ltablib.o loadlib.o linit.o lua.o luac.o
make[2]: Leaving directory `/pm3/liblua'
make[1]: Leaving directory `/pm3/client'
make -C bootrom clean
make[1]: Entering directory `/pm3/bootrom'
make[1]: Leaving directory `/pm3/bootrom'
make[1]: Entering directory `/pm3/bootrom'
rm -rf obj/*.o
rm -rf obj/*.elf
rm -rf obj/*.s19
rm -rf obj/*.map
rm -rf obj/*.d
rm -rf version.c
make[1]: Leaving directory `/pm3/bootrom'
make -C armsrc clean
make[1]: Entering directory `/pm3/armsrc'
make[1]: Leaving directory `/pm3/armsrc'
make[1]: Entering directory `/pm3/armsrc'
rm -rf obj/*.o
rm -rf obj/*.elf
rm -rf obj/*.s19
rm -rf obj/*.map
rm -rf obj/*.d
rm -rf obj/*.z
rm -rf obj/*.bin
rm -rf version.c
make[1]: Leaving directory `/pm3/armsrc'
make -C recovery clean
make[1]: Entering directory `/pm3/recovery'
rm -f bootrom.bin fullimage.bin proxmark3_recovery.bin
make[1]: Leaving directory `/pm3/recovery'
make -C tools/mfkey clean
make[1]: Entering directory `/pm3/tools/mfkey'
rm -f crypto1.o crapto1.o parity.o util.o mfkey.o mfkey32 mfkey64 mfkey32.exe
mfkey64.exe
make[1]: Leaving directory `/pm3/tools/mfkey'
make -C client all
make[1]: Entering directory `/pm3/client'
/qt/bin/uic ui/overlays.ui > ui/ui_overlays.h
/bin/sh: /qt/bin/uic: No such file or directory
make[1]: *** [ui/ui_overlays.h] Error 127
make[1]: Leaving directory `/pm3/client'
make: *** [client/all] Error 2
pm3 ~$
Any thoughts anyone...
Thanks Red
Last edited by redbris (2017-06-02 12:56:33)
Offline
Pls.
don't use SW in google drive. too old
use git hub SW
for SW release in 2017 and in window OS you will need the upgraded proxspace build env. look for Gator96100's permanent thread
pls read section http://www.proxmark.org/forum/viewtopic.php?id=1125
Last edited by ntk (2017-05-29 18:16:36)
Offline
Believe it or not, but you've done well!
And you have the right course in mind (get new firmware compiled and flashed.). Flash while holding the button down. It is good practice to flash bootrom then fullimage.
Unfortunately we have not had time yet to update the proxspace environment to work with the current code as ntk brought out. (The compile error you got is because of this.). Gators proxspace environment works.
Offline
I will download Gators pack when I get home, and Try it again and keep it updated...
NTK, I've read it through as best as I can for a first timer, but will check it again, I was wondeirng about it when I was downloading it the instructions and details say to download the 2009 proxspace, which I was dubious about, but the instructions said so, so I did it.. will get the gator release and try again, will then flash the boot rom then the fullimage, I have to figure out why when i boot with the button pressed it doesnt load any drivers, but I suspect that this will be hidden in the gator release file...
Will update soon
Thanks!
Offline
Redbris is correct, the windows section on the wiki needs to be updated. It still recommends the old proxspace 20130613 file.
Offline
OKAY!!
So after a lot more reading, and some blind luck (IMHO) I managed to flash the boot and the fullimage
Here is what I did, so hopefully it can help out others
I will write it all out from the get go, so that hopefully others can benifit from this.. The story of the first encounter... Sit down take a load off..
Purchased my Proxmark 3 online from a local ebayer, The Unit is a Proxmark3 Easy by Electrohouse, Yes I paid an extra 50$ to get it locally, but wanted to get it going rather than waiting a month for it to come from China etc (Unit has serial number of 20170222).
I registered before it arrived on the forum, and introduced myself to everyone, and got some kind words of encouragement from the senior members, and continued on, My reading to date, has been somewhat confusing, a lot of data that is not 'current', which I can understand, its a community based effort, and from there, people do it for free, and out of there own time. I followed the following guides that I found ( I found it a little odd that the proxspace for windows was old, BUT, I simply assumed that since it was, as it is, a terminal program, and doesnt need a lot of upkeep, its a terminal program (very wrong here, but new guy assumption!)
https://github.com/Proxmark/proxmark3/wiki/Windows was read through, some of the more advanced options and other OS options I glanced over, simply because it doesnt make sense to me, but I did try to understand.
I plugged the unit in, and found that the unit was found on the USB Bus, but it was not 'loaded' the driver was not available, I downloaded Gators excellent premade images http://www.proxmark.org/forum/viewtopic.php?id=3975, I downloaded the latest master branch, and extracted it, followed the instructions and ran the proxspace3.exe file in there, and connected to the unit!
Connection was okay, no issues, Ran A HW Tune, came back on the HF and LF Antennas, Placed a prox in the LF antenna field, ran it again, and the voltage dropped, so its reading okay from there! I then proceeded to clone a hid tag that I had here (I have about 20 different types of various 125khz tags, as at work I deal with this stuff every day, installing and ordering, but never actually knowing what it is and how it works) so cloned the card, ran it on my test bench (alarm with access control, a local australian favorite) and it opened the door, read back the data correctly, and I was happy, I then ran a LF search, but DIDNT have a tag in the field, The '.....'s started to blip away quite happily, with a note on the first line after the command it stated that if I press the side button, it will exit...
Pressing the Button, did nothing, at all, but the '....' of the search stopped, and nothing else, the terminal became unresponsive and after a few minutes I chose to reboot the unit with a power up. The next problem was that the unit rebooted, yes, but the GREEN and RED lights where on solid, they 'twinkled' every 60 seconds or so, and there was nothing else happening.. of which.. I felt quite low...
I read as much as I could, but it was getting late, and from what I found, it could be a firmware issue, and everything pointed to flashing the unit with a firmware, but there was no com port available, and the device that would come up if you where to power it down then back up again, holding the button on the side, wasnt found or loadable.. It seemed to be some kind of DFU mode or loader mode, but releasing the button dropped the unknown device out of the Windows 7 device manager.
I chose to rather than continue and break something even more (I dont know why it 'broke' in the first place, I chose to reach out and see where it would get me, I left some messages on the IRC Channel, and left a message here (the thread you are reading now)
After returning to the problem the next day, I read through the thoughts that where put up from the senior members, and decided to do some more reading, I found that other people had the similar issue and it pushed me over to a site that had the ATMEL DFU Mode Driver, I downloaded it (http://psx-scene.com/forums/f178/signed … ers-65978/) and tried it out, and found that it didnt work and didnt load...
In the mean time, I downloaded the proxspace complete files that had been made by gator and put that onto the pc, download the github repository, and then put it in the PM3 Directory in the proxspace directory, loaded the runme.bat, and then compiled the firmware, thinking that I could then force this firmware onto the device in the terminal.. sadly this didnt work, it couldnt find the proxmark at all, it did compile, but the compiled files still need a valid port to push it over onto, I was back to square one...
I then followed some thoughts about Windows 7 and Windows 10 test mode, I enabled this function (Press Start->Search and type cmd . Right-click on the result and click Run as administrator. In the CMD window type or copy this bcdedit /set testsigning on and press enter. Restart PC.) and then put the unit into DFU Mode again, And tried to force the unit load the drives in gators latest firmware/driver compile.. That didnt work either...
When I rebooted the unit, held the button down, and then brought the unit back online, I found that the unit was 'found' but without any drivers, when selecting the options to search for the drivers, I thought, why not *FORCE* it to use the proxmark drivers that had already been loaded from the previous day, what is the worst that can happen.. right.. I navigated to select an existing driver, went to com ports, found proxmark tree, then selected the proxmark driver, it complained bitterly about it being an unsigned driver, and the boogy man will take my machine over... I live on the edge... and chose yes...
To my joy I found that the unit found the unit, and loaded the driver without complaining, I was fully expecting the pc to spit it back out and deny something or not allow it to bring it back up... Thankfully it loaded the driver, no exclamation mark to cross no errors, and it was online..
I chose to then power the unit down, and bring it back up again, no luck, so this meant to me, that it loaded the driver for the DFU Mode, or whatever it chose to be (Perhaps the driver for the current USB?Root?Hub?Endpoint?), I powered the unit down again, and found that holding the button down and putting it back into DFU mode, the unit came back, and was 'working' on COM5 (not COM4), Running the FLASH - bootrom.bat in the /win32 directory I crossed my fingers and went through, the bootloaded loaded, stated it was okay, and everything was *okay*, lights where still on, and I reset it, but still nothing.
@marshmellow stated that you should load the boot then the image, so Powered it down again, put it into 'DFU' mode (dont know what its called, but flash mode) and then proceeded to run FLASH - Fullimage.bat, this ran for about 20 seconds, and stated it was okay, lights where still on (red and green), so I powered the unit down and then brought it back up.
Unit came back up, HW Tune Worked, and proxspace reported the unit online.
Details extracted from below (Back to the tag I was going to fiddle with last night)
Prox/RFID mark3 RFID instrument
bootrom: master/v2.2.0-476-gc87c452-suspect 2017-05-26 09:37:29
os: master/v2.2.0-476-gc87c452-suspect 2017-05-26 09:37:33
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26
uC: AT91SAM7S256 Rev C
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 191327 bytes (73%). Free: 708
17 bytes (27%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune
Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)
....
# LF antenna: 24.06 V @ 125.00 kHz
# LF antenna: 18.98 V @ 134.00 kHz
# LF optimal: 23.93 V @ 123.71 kHz
# HF antenna: 24.35 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
proxmark3> hw tune
Measuring antenna characteristics, please wait......#db# DownloadFPGA(len: 42096
)
.
# LF antenna: 24.20 V @ 125.00 kHz
# LF antenna: 18.98 V @ 134.00 kHz
# LF optimal: 24.20 V @ 125.00 kHz
# HF antenna: 23.86 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
proxmark3> hf ?
help This help
14a { ISO14443A RFIDs... }
14b { ISO14443B RFIDs... }
15 { ISO15693 RFIDs... }
epa { German Identification Card... }
legic { LEGIC RFIDs... }
iclass { ICLASS RFIDs... }
mf { MIFARE RFIDs... }
mfu { MIFARE Ultralight RFIDs... }
topaz { TOPAZ (NFC Type 1) RFIDs... }
tune Continuously measure HF antenna tuning
list List protocol data in trace buffer
search Search for known HF tags [preliminary]
snoop <samples to skip (10000)> <triggers to skip (1)> Generic HF Sno
op
proxmark3> hf search
UID : 40 23 0a e3
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
Valid ISO14443A Tag Found - Quiting Search
proxmark3>
So the end of the story is that its back up and working, With lots of help, and its appreciated.. now onto looking at this card (friend has asked me to take this large blocky tag, and make it into a iso for her!)
So again, thanks everyone, I hope this helps someone, and I hope to put up my experiences if you want to hear them...
Offline
Some good learning experience there!
Offline