{"id":128,"date":"2018-09-05T19:37:47","date_gmt":"2018-09-05T23:37:47","guid":{"rendered":"http:\/\/dc540.org\/xxx\/?p=128"},"modified":"2018-09-11T12:23:50","modified_gmt":"2018-09-11T16:23:50","slug":"proxmark-3-rdv4","status":"publish","type":"post","link":"https:\/\/dc540.org\/xxx\/2018\/09\/proxmark-3-rdv4\/","title":{"rendered":"Proxmark 3 RDV4"},"content":{"rendered":"\n

I was excited to pick up the new Proxmark 3 RDV4 from its Kickstarter, before the official, far more expensive release at Defcon 26.\u00a0 I’d been playing with it since I got it, cloned my office entry HID card, and tried out a couple of the Android apps to run it.<\/p>\n\n\n\n

There are two Android apps that I’m aware of. Walrus<\/a>\u00a0is the one that seems promising to me.\u00a0 It leverages the ability to read, write and simulate (playback) RFID cards native to the Proxmark, and supposedly a feature under development is to brute force readers using bulk-collected tags.\u00a0 Sounds like a fun tool for physical pentesters.\u00a0 Collect cards in a crowded elevator, then try to get into offices using the cards you’ve collected.\u00a0 I haven’t checked for an update since downloading the software, so I have no idea whether it’s been implemented yet.\u00a0 The other one, AndProx<\/a>, is a standard Proxmark CLI, and I’m not much for typing on phones.\u00a0 It’ll work in a pinch, but I prefer my trusty Macbook for that. Also, it didn’t seem to recognize the Proxmark from my phone. Maybe I need an OTG cable.<\/p>\n\n\n\n

I picked up some keyfob tags on Amazon, because I have this annoying habit of forgetting my work card every once in a while and having to borrow a temporary card from the receptionist, and I figure if I have one on the same ring as my car keys it’ll be far less likely that I’ll leave it at home (or in the car). However, my RFID tag knowledge isn’t super deep, and apparently just looking for T5577 cards isn’t good enough.\u00a0 They read as “Indala” in the Proxmark, and I’m unable to clone my HID card to them as I could with the included Proxgrind card, or other random cards in my collection.<\/p>\n\n\n\n

So I looked a little closer this time, and ordered another set of fobs that one reviewer claims he was able to clone HID with. Science is all trial and error, right?<\/p>\n\n\n\n

If you’re considering getting a Proxmark, I’ll share a couple of experiences.\u00a0 Trying to update the bootloader and firmware from a Linux VM was problematic. The update hung and bricked the Proxmark. This was easily fixed by holding down the button on the unit while powering it up, and while re-uploading the bootloader and firmware directly from MacOS.\u00a0 If you get weird command errors, it’s because your client and firmware versions are out of sync. Once everything’s in sync, it’s like clockwork.<\/p>\n\n\n\n

Side note: I’m getting to be known as “that guy” at work. A coworker asked me if I could pick tubular locks today.\u00a0 Gotta dig out my tubular pick set to bring in tomorrow. He wants to replace a drive in a locked drive array and doesn’t know where the key is.<\/p>\n\n\n\n

Indala Update 2018-09-09:<\/strong> I somehow managed to get the “Indala” card to work. Hints from iceman gave me confidence that the reader may have just been misreading the tags, so I played around with t55xx commands until I managed to get it right.\u00a0 I will try to duplicate the process in my spare time so that I have a documented solution.\u00a0 The good news is that it does work.\u00a0 Now what to do with these 19 extra fobs.\u00a0 \ud83d\ude42<\/p>\n\n\n\n

\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"

I was excited to pick up the new Proxmark 3 RDV4 from its Kickstarter, before the official, far more expensive release at Defcon 26.\u00a0 I’d been playing with it since … <\/p>\n

Continue reading “Proxmark 3 RDV4”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5],"tags":[21,22],"class_list":["post-128","post","type-post","status-publish","format-standard","hentry","category-hardware","tag-proxmark","tag-rfid"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/posts\/128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/comments?post=128"}],"version-history":[{"count":3,"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/posts\/128\/revisions"}],"predecessor-version":[{"id":167,"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/posts\/128\/revisions\/167"}],"wp:attachment":[{"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/media?parent=128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/categories?post=128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dc540.org\/xxx\/wp-json\/wp\/v2\/tags?post=128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}