"description":"iceman's personal garbage test command",
"notes":[
"analyse a -d 137af00a0a0d"
],
"offline":true,
"options":[
"-h, --help this help",
"-d, --data <hex> bytes to manipulate"
],
"usage":"analyse a [-h] -d <hex>"
},
"analyse chksum":{
"command":"analyse chksum",
"description":"the bytes will be added with eachother and than limited with the applied mask finally compute ones' complement of the least significant bytes.",
"description":"a stub method to test different crc implementations inside the pm3 sourcecode. just because you figured out the poly, doesn't mean you get the desired output",
"notes":[
"analyse crc -d 137af00a0a0d"
],
"offline":true,
"options":[
"-h, --help this help",
"-d, --data <hex> bytes to calc crc"
],
"usage":"analyse crc [-h] -d <hex>"
},
"analyse dates":{
"command":"analyse dates",
"description":"tool to look for date/time stamps in a given array of bytes",
"notes":[
"analyse dates"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"analyse dates [-h]"
},
"analyse demodbuff":{
"command":"analyse demodbuff",
"description":"loads a binary string into demod buffer",
"notes":[
"analyse demodbuff -d 0011101001001011"
],
"offline":true,
"options":[
"-h, --help this help",
"-d, --data <bin> binary string to load"
],
"usage":"analyse demodbuff [-h] -d <bin>"
},
"analyse foo":{
"command":"analyse foo",
"description":"experiments of cliparse",
"notes":[
"analyse foo -r a0000000a0002021"
],
"offline":true,
"options":[
"-h, --help this help",
"-r, --raw <hex> raw bytes (strx)"
],
"usage":"analyse foo [-h] [-r <hex>]..."
},
"analyse freq":{
"command":"analyse freq",
"description":"calc wave lengths",
"notes":[
"analyse freq"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"analyse freq [-h]"
},
"analyse help":{
"command":"analyse help",
"description":"help this help lcr generate final byte for xor lrc crc stub method for crc evaluations chksum checksum with adding, masking and one's complement dates look for datestamps in a given array of bytes tea crypto tea test lfsr lfsr tests a num bits test nuid create nuid from 7byte uid demodbuff load binary string to demodbuffer freq calc wave lengths foo muxer units convert etu <> us <> ssp_clk (3.39mhz) --------------------------------------------------------------------------------------- analyse lcr available offline: yes specifying the bytes of a uid with a known lrc will find the last byte value needed to generate that lrc with a rolling xor. all bytes should be specified in hex.",
"description":"autocorrelate over window is used to detect repeating sequences. we use it as detection of how long in bits a message inside the signal is",
"notes":[
"data autocorr -w 4000",
"data autocorr -w 4000 -g"
],
"offline":true,
"options":[
"-h, --help this help",
"-g save back to graphbuffer (overwrite)",
"-w, --win <dec> window length for correlation. def 4000"
],
"usage":"data autocorr [-hg] [-w <dec>]"
},
"data bin2hex":{
"command":"data bin2hex",
"description":"this function converts binary to hexadecimal. it will ignore all characters not 1 or 0 but stop reading on whitespace",
"notes":[
"data bin2hex -d 0101111001010"
],
"offline":true,
"options":[
"-h, --help this help",
"-d, --data <bin> binary string to convert"
],
"usage":"data bin2hex [-h] [-d <bin>]..."
},
"data bitsamples":{
"command":"data bitsamples",
"description":"get raw samples from device as bitstring",
"notes":[
"data bitsamples"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"data bitsamples [-h]"
},
"data clear":{
"command":"data clear",
"description":"this function clears the bigbuff on deviceside and graph window",
"notes":[
"data clear"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data clear [-h]"
},
"data convertbitstream":{
"command":"data convertbitstream",
"description":"convert graphbuffer's 0|1 values to 127|-127",
"notes":[
"data convertbitstream"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data convertbitstream [-h]"
},
"data decimate":{
"command":"data decimate",
"description":"performs decimation, by reducing samples n times in the grapbuf. good for psk",
"notes":[
"data decimate",
"data decimate -n 4"
],
"offline":true,
"options":[
"-h, --help this help",
"-n <dec> factor to reduce sample set (default 2)"
],
"usage":"data decimate [-h] [-n <dec>]"
},
"data detectclock":{
"command":"data detectclock",
"description":"detect ask, fsk, nrz, psk clock rate of wave in graphbuffer",
"notes":[
"data detectclock -a -> detect clock of an ask wave in graphbuffer",
"data detectclock -f -> detect clock of an fsk wave in graphbuffer",
"data detectclock -n -> detect clock of an psk wave in graphbuffer",
"data detectclock -p -> detect clock of an nrz/direct wave in graphbuffer"
"description":"convert graphbuffer's value accordingly - larger or equal to one becomes one - less than one becomes zero",
"notes":[
"data getbitstream"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data getbitstream [-h]"
},
"data grid":{
"command":"data grid",
"description":"this function overlay grid on graph plot window. use zero value to turn off either",
"notes":[
"data grid -> turn off",
"data grid -x 64 -y 50"
],
"offline":true,
"options":[
"-h, --help this help",
"-x <dec> plot grid x coord",
"-y <dec> plot grid y coord"
],
"usage":"data grid [-h] [-x <dec>] [-y <dec>]"
},
"data help":{
"command":"data help",
"description":"help this help ----------- ------------------------- modulation------------------------- biphaserawdecode biphase decode bin stream in demodbuffer detectclock detect ask, fsk, nrz, psk clock rate of wave in graphbuffer fsktonrz convert fsk2 to nrz wave for alternate fsk demodulating (for weak fsk) manrawdecode manchester decode binary stream in demodbuffer modulation identify lf signal for clock and modulation rawdemod demodulate the data in the graphbuffer and output binary ----------- ------------------------- graph------------------------- askedgedetect adjust graph for manual ask demod using the length of sample differences to detect the edge of a wave autocorr autocorrelation over window dirthreshold max rising higher up-thres/ min falling lower down-thres, keep rest as prev. decimate decimate samples undecimate un-decimate samples hide hide graph window hpf remove dc offset from trace iir apply iir buttersworth filter on plot data grid overlay grid on graph window ltrim trim samples from left of trace mtrim trim out samples from the specified start to the specified stop norm normalize max/min to +/-128 plot show graph window rtrim trim samples from right of trace setgraphmarkers set blue and orange marker in graph window shiftgraphzero shift 0 for graphed wave + or - shift value timescale set a timescale to get a differential reading between the yellow and purple markers as time duration zerocrossings count time between zero-crossings convertbitstream convert graphbuffer's 0/1 values to 127 / -127 getbitstream convert graphbuffer's >=1 values to 1 and <1 to 0 ----------- ------------------------- general------------------------- asn1 asn1 decoder bin2hex converts binary to hexadecimal clear clears bigbuf on deviceside and graph window hex2bin converts hexadecimal to binary load load contents of file into graph window print print the data in the demodbuffer save save signal trace data (from graph window) setdebugmode set debugging level on client side --------------------------------------------------------------------------------------- data biphaserawdecode available offline: yes biphase decode binary stream in demodbuffer converts 10 or 01 -> 1 and 11 or 00 -> 0 - must have binary sequence in demodbuffer (run `data rawdemod --ar` before) - invert for conditional dephase encoding (cdp) aka differential manchester",
"notes":[
"data biphaserawdecode -> decode biphase bitstream from the demodbuffer",
"data biphaserawdecode -oi -> decode biphase bitstream from the demodbuffer, adjust offset, and invert output"
],
"offline":true,
"options":[
"-h, --help this help",
"-o, --offset set to adjust decode start position",
"description":"remove dc offset from trace. it should centralize around 0",
"notes":[
"data hpf"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data hpf [-h]"
},
"data iir":{
"command":"data iir",
"description":"apply iir buttersworth filter on plot data",
"notes":[
"data iir -n 2"
],
"offline":true,
"options":[
"-h, --help this help",
"-n <dec> factor n"
],
"usage":"data iir [-h] -n <dec>"
},
"data load":{
"command":"data load",
"description":"this command loads the contents of a pm3 file into graph window",
"notes":[
"data load -f myfilename"
],
"offline":true,
"options":[
"-h, --help this help",
"-f, --file <fn> file to load"
],
"usage":"data load [-h] -f <fn>"
},
"data ltrim":{
"command":"data ltrim",
"description":"trim samples from left of trace",
"notes":[
"data ltrim -i 300 -> keep 300 - end"
],
"offline":true,
"options":[
"-h, --help this help",
"-i, --idx <dec> from index to beginning trace"
],
"usage":"data ltrim [-h] -i <dec>"
},
"data manrawdecode":{
"command":"data manrawdecode",
"description":"manchester decode binary stream in demodbuffer converts 10 and 01 and converts to 0 and 1 respectively - must have binary sequence in demodbuffer (run `data rawdemod --ar` before)",
"notes":[
"data manrawdecode"
],
"offline":true,
"options":[
"-h, --help this help",
"-i, --inv invert output",
"--err <dec> set max errors tolerated (def 20)"
],
"usage":"data manrawdecode [-hi] [--err <dec>]"
},
"data modulation":{
"command":"data modulation",
"description":"search lf signal after clock and modulation",
"notes":[
"data modulation"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data modulation [-h]"
},
"data mtrim":{
"command":"data mtrim",
"description":"trim out samples from the specified start to the specified end point",
"notes":[
"data mtrim -s 1000 -e 2000 -> keep between 1000 and 2000"
],
"offline":true,
"options":[
"-h, --help this help",
"-s, --start <dec> start point",
"-e, --end <dec> end point"
],
"usage":"data mtrim [-h] -s <dec> -e <dec>"
},
"data norm":{
"command":"data norm",
"description":"normalize max/min to +/-128",
"notes":[
"data norm"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data norm [-h]"
},
"data plot":{
"command":"data plot",
"description":"show graph window hit 'h' in window for detail keystroke help available",
"notes":[
"data plot"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data plot [-h]"
},
"data print":{
"command":"data print",
"description":"print the data in the demodbuffer as hex or binary. defaults to binary output",
"notes":[
"data print"
],
"offline":true,
"options":[
"-h, --help this help",
"-i, --inv invert demodbuffer before printing",
"-o, --offset <dec> offset in # of bits",
"-s, --strip strip leading zeroes, i.e. set offset to first bit equal to one",
"-x, --hex output in hex (omit for binary output)"
],
"usage":"data print [-hisx] [-o <dec>]"
},
"data rawdemod":{
"command":"data rawdemod",
"description":"demodulate the data in the graphbuffer and output binary",
"description":"get raw samples for graph window (graphbuffer) from device. if 0, then get whole big buffer from device.",
"notes":[
"data samples",
"data samples -n 10000"
],
"offline":false,
"options":[
"-h, --help this help",
"-n <dec> num of samples (512 - 40000)",
"-v, --verbose verbose"
],
"usage":"data samples [-hv] [-n <dec>]"
},
"data save":{
"command":"data save",
"description":"save trace from graph window , i.e. the graphbuffer this is a text file with number -127 to 127. with the option `w` you can save it as wave file filename should be without file extension",
"notes":[
"data save -f myfilename -> save graph buffer to file",
"data save --wave -f myfilename -> save graph buffer to wave file"
],
"offline":true,
"options":[
"-h, --help this help",
"-w, --wave save as wave format (.wav)",
"-f, --file <fn w/o ext> save file name"
],
"usage":"data save [-hw] -f <fn w/o ext>"
},
"data setdebugmode":{
"command":"data setdebugmode",
"description":"set debugging level on client side",
"notes":[
"data setdebugmode"
],
"offline":true,
"options":[
"-h, --help this help",
"-0 no debug messages",
"-1 debug",
"-2 verbose debugging"
],
"usage":"data setdebugmode [-h012]"
},
"data setgraphmarkers":{
"command":"data setgraphmarkers",
"description":"set blue and orange marker in graph window",
"description":"set cursor display timescale. setting the timescale makes the differential `dt` reading between the yellow and purple markers meaningful. once the timescale is set, the differential reading between brackets can become a time duration.",
"notes":[
"data timescale --sr 125 -u ms -> for lf sampled at 125 khz. reading will be in milliseconds",
"data timescale --sr 1.695 -u us -> for hf sampled at 16 * fc/128. reading will be in microseconds",
"data timescale --sr 16 -u etu -> for hf with 16 samples per etu (fc/128). reading will be in etus"
],
"offline":true,
"options":[
"-h, --help this help",
"--sr <float> sets timescale factor according to sampling rate",
"-u, --unit <string> time unit to display (max 10 chars)"
"description":"measure tuning of device antenna. results shown in graph window. this command doesn't actively tune your antennas, it's only informative by measuring voltage that the antennas will generate",
"notes":[
"data tune"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"data tune [-h]"
},
"data undecimate":{
"command":"data undecimate",
"description":"performs un-decimation, by repeating each sample n times in the graphbuf",
"notes":[
"data undecimate",
"data undecimate -n 4"
],
"offline":true,
"options":[
"-h, --help this help",
"-n <dec> factor to repeat each sample (default 2)"
],
"usage":"data undecimate [-h] [-n <dec>]"
},
"data zerocrossings":{
"command":"data zerocrossings",
"description":"count time between zero-crossings",
"notes":[
"data zerocrossings"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"data zerocrossings [-h]"
},
"emv challenge":{
"command":"emv challenge",
"description":"executes generate challenge command. it returns 4 or 8-byte random number from card. needs a emv applet to be selected and gpo to be executed.",
"notes":[
"emv challenge -> get challenge",
"emv challenge -k -> get challenge, keep fileld on"
],
"offline":false,
"options":[
"-h, --help this help",
"-k, -k, --keep keep field on for next command",
"-a, -a, --apdu show apdu reqests and responses",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default."
],
"usage":"emv challenge [-hkaw]"
},
"emv genac":{
"command":"emv genac",
"description":"generate application cryptogram command. it returns data in tlv format. needs a emv applet to be selected and gpo to be executed.",
"notes":[
"emv genac -k 0102 -> generate ac with 2-byte cdoldata and keep field on after command",
"emv genac -t 01020304 -> generate ac with 4-byte cdol data, show result in tlv",
"emv genac -daac 01020304 -> generate ac with 4-byte cdol data and terminal decision 'declined'",
"emv genac -pmt 9f 37 04 -> load params from file, make cdol data from cdol, generate ac with cdol, show result in tlv"
],
"offline":false,
"options":[
"-h, --help this help",
"-k, -k, --keep keep field on for next command",
"-c, -c, --cda executes cda transaction. needs to get sdad in results.",
"description":"executes get processing options command. it returns data in tlv format (0x77 - format2) or plain format (0x80 - format1). needs a emv applet to be selected.",
"notes":[
"emv gpo -k -> execute gpo",
"emv gpo -t 01020304 -> execute gpo with 4-byte pdol data, show result in tlv",
"emv gpo -pmt 9f 37 04 -> load params from file, make pdol data from pdol, execute gpo with pdol, show result in tlv"
],
"offline":false,
"options":[
"-h, --help this help",
"-k, -k, --keep keep field on for next command",
"-p, -p, --params load parameters from `emv_defparams.json` file for pdoldata making from pdol and parameters",
"-m, -m, --make make pdoldata from pdol (tag 9f38) and parameters (by default uses default parameters)",
"-a, -a, --apdu show apdu reqests and responses",
"-t, -t, --tlv tlv decode results of selected applets",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default."
"description":"help this help test crypto logic test. list list iso7816 history --------------------------------------------------------------------------------------- emv exec available offline: no executes emv contactless transaction",
"notes":[
"emv exec -sat -> select card, execute msd transaction, show apdu and tlv",
"emv exec -satc -> select card, execute cda transaction, show apdu and tlv"
],
"offline":true,
"options":[
"-h, --help this help",
"-s, -s, --select activate field and select card.",
"-a, -a, --apdu show apdu reqests and responses.",
"-t, -t, --tlv tlv decode results.",
"-j, -j, --jload load transaction parameters from `emv_defparams.json` file.",
"-f, -f, --forceaid force search aid. search aid instead of execute ppse.",
"by default: transaction type - msd",
"-v, -v, --qvsdc transaction type - qvsdc or m/chip.",
"-c, -c, --qvsdccda transaction type - qvsdc or m/chip plus cda (sdad generation).",
"-x, -x, --vsdc transaction type - vsdc. for test only. not a standard behavior.",
"-g, -g, --acgpo visa. generate ac from gpo.",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default."
],
"usage":"emv exec [-hsatjfvcxgw] by default:"
},
"emv intauth":{
"command":"emv intauth",
"description":"generate internal authenticate command. usually needs 4-byte random number. it returns data in tlv format . needs a emv applet to be selected and gpo to be executed.",
"notes":[
"emv intauth -k 01020304 -> execute internal authenticate with 4-byte ddoldata and keep field on after command",
"emv intauth -t 01020304 -> execute internal authenticate with 4-byte ddol data, show result in tlv",
"emv intauth -pmt 9f 37 04 -> load params from file, make ddol data from ddol, internal authenticate with ddol, show result in tlv"
],
"offline":false,
"options":[
"-h, --help this help",
"-k, -k, --keep keep field on for next command",
"-p, -p, --params load parameters from `emv_defparams.json` file for ddoldata making from ddol and parameters",
"-m, -m, --make make ddoldata from ddol (tag 9f49) and parameters (by default uses default parameters)",
"-a, -a, --apdu show apdu reqests and responses",
"-t, -t, --tlv tlv decode results of selected applets",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default."
"description":"alias of `trace list -t 7816` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"emv list -f -> show frame delay times",
"emv list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"emv list [-h1fcrux] [--dict <file>]..."
},
"emv pse":{
"command":"emv pse",
"description":"executes pse/ppse select command. it returns list of applet on the card:",
"notes":[
"emv pse -s1 -> select, get pse",
"emv pse -st2 -> select, get ppse, show result in tlv"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, -s, --select activate field and select card",
"-t, -t, --tlv tlv decode results of selected applets",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default."
],
"usage":"emv pse [-hsk12atw]"
},
"emv readrec":{
"command":"emv readrec",
"description":"executes read record command. it returns data in tlv format. needs a bank applet to be selected and sometimes needs gpo to be executed.",
"description":"tries to extract public keys and run the roca test against them.",
"notes":[
"emv roca -w -> select --contact-- card and run test",
"emv roca -> select --contactless-- card and run test"
],
"offline":false,
"options":[
"-h, --help this help",
"-t, -t, --selftest self test",
"-a, -a, --apdu show apdu reqests and responses",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default"
],
"usage":"emv roca [-htaw]"
},
"emv scan":{
"command":"emv scan",
"description":"scan emv card and save it contents to a file. it executes emv contactless transaction and saves result to a file which can be used for emulation",
"notes":[
"emv scan -at -> scan msd transaction mode and show apdu and tlv",
"emv scan -c -> scan cda transaction mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-a, -a, --apdu show apdu reqests and responses.",
"-t, -t, --tlv tlv decode results.",
"-e, -e, --extract extract tlv elements and fill application data",
"-j, -j, --jload load transaction parameters from `emv_defparams.json` file.",
"by default: transaction type - msd",
"-v, -v, --qvsdc transaction type - qvsdc or m/chip.",
"-c, -c, --qvsdccda transaction type - qvsdc or m/chip plus cda (sdad generation).",
"-x, -x, --vsdc transaction type - vsdc. for test only. not a standard behavior.",
"-g, -g, --acgpo visa. generate ac from gpo.",
"-m, -m, --merge merge output file with card's data. (warning: the file may be corrupted!)",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default.",
"output.json json output file name"
],
"usage":"emv scan [-hatejvcxgmw] by default: output.json"
},
"emv search":{
"command":"emv search",
"description":"tries to select all applets from applet list",
"notes":[
"emv search -s -> select card and search",
"emv search -st -> select card, search and show result in tlv"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, -s, --select activate field and select card",
"-k, -k, --keep keep field on for next command",
"-a, -a, --apdu show apdu reqests and responses",
"-t, -t, --tlv tlv decode results of selected applets",
"-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default."
"-d, --decapdu decode apdu request if it possible",
"-m, --make <head (cla ins p1 p2) hex> make apdu with head from this field and data from data field. must be 4 bytes length: <cla ins p1 p2>",
"-e, --extended make extended length apdu if `m` parameter included",
"-l, --le <le (int)> le apdu parameter if `m` parameter included",
"<apdu (hex) | data (hex)> data if `m` parameter included"
],
"usage":"hf 14a apdu [-hsktde] [-m <head (cla ins p1 p2) hex>] [-l <le (int)>] <apdu (hex) | data (hex)> [<apdu (hex) | data (hex)>]..."
},
"hf 14a chaining":{
"command":"hf 14a chaining",
"description":"enable/disable iso14443a input chaining. maximum input length goes from ats.",
"notes":[
"hf 14a chaining disable -> disable chaining",
"hf 14a chaining -> show chaining enable/disable state"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf 14a chaining [-h] [<enable/disable or 0/1>]"
},
"hf 14a config":{
"command":"hf 14a config",
"description":"--------------------------------------------------------------------------------------- hf 14a apdufind available offline: no enumerate apdu's of iso7816 protocol to find valid cls/ins/p1/p2 commands. it loops all 256 possible values for each byte. the loop oder is ins -> p1/p2 (alternating) -> cla. tag must be on antenna before running.",
"description":"collect n>0 iso14443-a uids in one go",
"notes":[
"hf 14a cuids -n 5 -> collect 5 uids"
],
"offline":false,
"options":[
"-h, --help this help",
"-n, --num <dec> number of uids to collect"
],
"usage":"hf 14a cuids [-h] [-n <dec>]"
},
"hf 14a help":{
"command":"hf 14a help",
"description":"help this help list list iso 14443-a history --------------------------------------------------------------------------------------- hf 14a list available offline: yes alias of `trace list -t 14a` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf 14a list -f -> show frame delay times",
"hf 14a list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf 14a list [-h1fcrux] [--dict <file>]..."
},
"hf 14a info":{
"command":"hf 14a info",
"description":"this command makes more extensive tests against a iso14443a tag in order to collect information",
"notes":[
"hf 14a info -nsv -> shows full information about the card"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose adds some information to results",
"-n, --nacktest test for nack bug",
"-s, --aidsearch checks if aids from aidlist.json is present on the card and prints information about found aids"
],
"usage":"hf 14a info [-hvns]"
},
"hf 14a ndefread":{
"command":"hf 14a ndefread",
"description":"read nfc data exchange format (ndef) file on type 4 ndef tag",
"notes":[
"hf 14a ndefread"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf 14a ndefread [-h]"
},
"hf 14a raw":{
"command":"hf 14a raw",
"description":"sends raw bytes over iso14443a. with option to use topaz 14a mode.",
"notes":[
"hf 14a raw -sc 3000 -> select, crc, where 3000 == 'read block 00'",
"hf 14a raw -ak -b 7 40 -> send 7 bit byte 0x40"
],
"offline":false,
"options":[
"-h, --help this help",
"-a active signal field on without select",
"-b <dec> number of bits to send. useful for send partial byte",
"description":"collect data from the field and save into command buffer. buffer accessible from command 'hf 14a list'",
"notes":[
"hf 14a sniff -c -r"
],
"offline":false,
"options":[
"-h, --help this help",
"-c, --card triggered by first data from card",
"-r, --reader triggered by first 7-bit request from reader (req,wup,...)"
],
"usage":"hf 14a sniff [-hcr]"
},
"hf 14b dump":{
"command":"hf 14b dump",
"description":"this command dumps the contents of a iso-14443-b tag and save it to file tries to autodetect cardtype, memory size defaults to sri4k",
"notes":[
"hf 14b dump",
"hf 14b dump -f myfilename"
],
"offline":false,
"options":[
"-h, --help this help",
"-f, --file <filename> (optional) filename, if no <name> uid will be used as filename"
],
"usage":"hf 14b dump [-h] [-f <filename>]..."
},
"hf 14b help":{
"command":"hf 14b help",
"description":"help this help list list iso-14443-b history --------------------------------------------------------------------------------------- hf 14b apdu available offline: no sends an iso 7816-4 apdu via iso 14443-4 block transmission protocol (t=cl). works with all apdu types from iso 7816-4:2013",
"description":"tag information for iso/iec 14443 type b based tags",
"notes":[
"hf 14b info"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, --aidsearch checks if aids from aidlist.json is present on the card and prints information about found aids",
"-v, --verbose verbose"
],
"usage":"hf 14b info [-hsv]"
},
"hf 14b list":{
"command":"hf 14b list",
"description":"alias of `trace list -t 14b` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf 14b list -f -> show frame delay times",
"hf 14b list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf 14b list [-h1fcrux] [--dict <file>]..."
},
"hf 14b ndefread":{
"command":"hf 14b ndefread",
"description":"print nfc data exchange format (ndef)",
"notes":[
"hf 14b ndefread"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf 14b ndefread [-h]"
},
"hf 14b raw":{
"command":"hf 14b raw",
"description":"sends raw bytes to card",
"notes":[
"hf 14b raw -cks --data 0200a40400 -> standard select, apdu 0200a4000 (7816)",
"hf 14b raw -ck --sr --data 0200a40400 -> srx select",
"hf 14b raw -ck --cts --data 0200a40400 -> c-ticket select"
],
"offline":false,
"options":[
"-h, --help this help",
"-k, --keep leave the signal field on after receive response",
"-s, --std activate field, use iso14b select",
"--sr activate field, use srx st select",
"--cts activate field, use ask c-ticket select",
"-c, --crc calculate and append crc",
"-r do not read response from card",
"-t, --timeout <dec> timeout in ms",
"-v, --verbose verbose",
"-d, --data <hex> data, bytes to send"
],
"usage":"hf 14b raw [-hkscrv] [--sr] [--cts] [-t <dec>] [-d <hex>]..."
},
"hf 14b rdbl":{
"command":"hf 14b rdbl",
"description":"read sri512 | srix4k block",
"notes":[
"hf 14b rdbl -b 06"
],
"offline":false,
"options":[
"-h, --help this help",
"-b, --block <dec> block number"
],
"usage":"hf 14b rdbl [-h] [-b <dec>]"
},
"hf 14b reader":{
"command":"hf 14b reader",
"description":"act as a 14443b reader to identify a tag",
"notes":[
"hf 14b reader"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, --silent silent (no messages)",
"-@ optional - continuous reader mode"
],
"usage":"hf 14b reader [-hs@]"
},
"hf 14b sim":{
"command":"hf 14b sim",
"description":"simulate a iso/iec 14443 type b tag with 4 byte uid / pupi",
"notes":[
"hf 14b sim -u 11aa33bb"
],
"offline":false,
"options":[
"-h, --help this help",
"-u, --uid hex 4byte uid/pupi"
],
"usage":"hf 14b sim [-h] [-u hex]..."
},
"hf 14b sniff":{
"command":"hf 14b sniff",
"description":"sniff the communication reader and tag",
"notes":[
"hf 14b sniff"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf 14b sniff [-h]"
},
"hf 14b sriwrite":{
"command":"hf 14b sriwrite",
"description":"write data to a sri512 or srix4k block",
"description":"this command attempts to brute force afi of an iso-15693 tag estimated execution time is around 2 minutes",
"notes":[
"hf 15 findafi"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf 15 findafi [-h]"
},
"hf 15 help":{
"command":"hf 15 help",
"description":"----------- --------------------- general --------------------- help this help list list iso-15693 history demod demodulate iso-15693 from tag --------------------------------------------------------------------------------------- hf 15 list available offline: yes alias of `trace list -t 15` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf 15 list -f -> show frame delay times",
"hf 15 list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf 15 list [-h1fcrux] [--dict <file>]..."
},
"hf 15 info":{
"command":"hf 15 info",
"description":"uses the optional command `get_systeminfo` 0x2b to try and extract information",
"notes":[
"hf 15 info",
"hf 15 info -*",
"hf 15 info -u e011223344556677"
],
"offline":false,
"options":[
"-h, --help this help",
"-u, --uid <hex> full uid, 8 bytes",
"--ua unaddressed mode",
"-* scan for tag",
"-2 use slower '1 out of 256' mode",
"-o, --opt set option flag (needed for ti)"
],
"usage":"hf 15 info [-h*2o] [-u <hex>] [--ua]"
},
"hf 15 raw":{
"command":"hf 15 raw",
"description":"sends raw bytes over iso-15693 to card",
"notes":[
"hf 15 raw -c -d 260100 -> add crc",
"hf 15 raw -krc -d 260100 -> add crc, keep field on, skip response"
],
"offline":false,
"options":[
"-h, --help this help",
"-2 use slower '1 out of 256' mode",
"-c, --crc calculate and append crc",
"-k keep signal field on after receive",
"-r do not read response",
"-d, --data <hex> raw bytes to send"
],
"usage":"hf 15 raw [-h2ckr] -d <hex> [-d <hex>]..."
"description":"acquire samples as reader (enables carrier, send inquiry and download it to graphbuffer. try 'hf 15 demod' to try to demodulate/decode signal",
"notes":[
"hf 15 samples"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf 15 samples [-h]"
},
"hf 15 sim":{
"command":"hf 15 sim",
"description":"simulate a iso-15693 tag",
"notes":[
"hf 15 sim -u e011223344556677"
],
"offline":false,
"options":[
"-h, --help this help",
"-u, --uid <8b hex> uid eg e011223344556677"
],
"usage":"hf 15 sim [-h] -u <8b hex>"
},
"hf 15 slixdisable":{
"command":"hf 15 slixdisable",
"description":"disable privacy mode on slix iso-15693 tag",
"notes":[
"hf 15 slixdisable -p 0f0f0f0f"
],
"offline":false,
"options":[
"-h, --help this help",
"-p, --pwd <hex> password, 8 hex bytes"
],
"usage":"hf 15 slixdisable [-h] -p <hex>"
},
"hf 15 sniff":{
"command":"hf 15 sniff",
"description":"sniff activity without enabling carrier",
"description":"help this help. test tests --------------------------------------------------------------------------------------- hf cipurse info available offline: no get info from cipurse tags",
"description":"help this help info display info about an emrtd list list iso 14443a/7816 history --------------------------------------------------------------------------------------- hf emrtd dump available offline: no dump all files on an emrtd",
"notes":[
"hf emrtd dump"
],
"offline":true,
"options":[
"-h, --help this help",
"-n, --documentnumber <alphanum> document number, up to 9 chars",
"-d, --dateofbirth <yymmdd> date of birth in yymmdd format",
"-e, --expiry <yymmdd> expiry in yymmdd format",
"-m, --mrz <[0-9a-z<]> 2nd line of mrz, 44 chars",
"description":"alias of `trace list -t 7816` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf emrtd list -f -> show frame delay times",
"hf emrtd list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf emrtd list [-h1fcrux] [--dict <file>]..."
},
"hf epa preplay":{
"command":"hf epa preplay",
"description":"perform pace protocol by replaying given apdus",
"description":"initiate mutual authentication. this command must always be executed before auth2 command and mutual authentication is achieve only after auth2 command has succeeded. incomplete / experimental command!!!",
"description":"complete mutual authentication. this command can only be executed subsquent to auth1 incomplete / experimental command!!! experimental command - m2c/p2c will be not checked",
"description":"help this help ----------- ----------------------- general ----------------------- list list iso 18092/felica history ----------- ----------------------- felica standard ----------------------- ----------- ----------------------- felica light ----------------------- --------------------------------------------------------------------------------------- hf felica list available offline: yes alias of `trace list -t felica` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf felica list -f -> show frame delay times",
"hf felica list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf felica list [-h1fcrux] [--dict <file>]..."
},
"hf felica info":{
"command":"hf felica info",
"description":"reader for felica based tags",
"notes":[
"hf felica info"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf felica info [-h]"
},
"hf felica litedump":{
"command":"hf felica litedump",
"description":"dump iso/18092 felica lite tag. it will timeout after 200sec",
"notes":[
"hf felica litedump"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf felica litedump [-h]"
},
"hf felica litesim":{
"command":"hf felica litesim",
"description":"emulating iso/18092 felica lite tag",
"notes":[
"hf felica litesim -u 1122334455667788"
],
"offline":false,
"options":[
"-h, --help this help",
"-u, --uid <hex> uid/ndef2 8 hex bytes"
],
"usage":"hf felica litesim [-h] -u <hex>"
},
"hf felica raw":{
"command":"hf felica raw",
"description":"send raw hex data to tag",
"notes":[
"hf felica raw -cs 20",
"hf felica raw -cs 2008"
],
"offline":false,
"options":[
"-h, --help this help",
"-a active signal field on without select",
"-c calculate and append crc",
"-k keep signal field on after receive",
"-n <dec> number of bits",
"-r do not read response",
"-s active signal field on with select",
"<hex> raw bytes to send"
],
"usage":"hf felica raw [-hackrs] [-n <dec>] <hex> [<hex>]..."
},
"hf felica rdbl":{
"command":"hf felica rdbl",
"description":"use this command to read block data from authentication-not-required service. - mode shall be mode0. - successful == block data - unsuccessful == status flag1 and flag2",
"description":"use this command to verify the existence of a card and its mode. - current mode of the card is returned",
"notes":[
"hf felica rqresponse -i 11100910c11bc407"
],
"offline":false,
"options":[
"-h, --help this help",
"-i <hex> set custom idm"
],
"usage":"hf felica rqresponse [-h] [-i <hex>]"
},
"hf felica rqservice":{
"command":"hf felica rqservice",
"description":"use this command to verify the existence of area and service, and to acquire key version: - when the specified area or service exists, the card returns key version. - when the specified area or service does not exist, the card returns ffffh as key version. for node code list of a command packet, area code or service code of the target of acquisition of key version shall be enumerated in little endian format. if key version of system is the target of acquisition, ffffh shall be specified in the command packet.",
"description":"use this command to acquire the version of card os. response: - format version: fixed value 00h. provided only if status flag1 = 00h - basic version: each value of version is expressed in bcd notation. provided only if status flag1 = 00h - number of option: value = 0: aes card, value = 1: aes/des card. provided only if status flag1 = 00h - option version list: provided only if status flag1 = 00h - aes card: not added - aes/des card: des option version is added - bcd notation",
"description":"use this command to acquire system code registered to the card. - if a card is divided into more than one system, this command acquires system code of each system existing in the card.",
"notes":[
"hf felica rqsyscode",
"hf felica rqsyscode -i 11100910c11bc407"
],
"offline":false,
"options":[
"-h, --help this help",
"-i <hex> set custom idm"
],
"usage":"hf felica rqsyscode [-h] [-i <hex>]"
},
"hf felica scsvcode":{
"command":"hf felica scsvcode",
"description":"feature not implemented yet. feel free to contribute!",
"notes":[
"hf felica scsvcode"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hf felica scsvcode [-h]"
},
"hf felica sniff":{
"command":"hf felica sniff",
"description":"collect data from the field and save into command buffer. buffer accessible from `hf felica list`",
"description":"use this command to write block data to authentication-not-required service. - mode shall be mode0. - un-/ssuccessful == status flag1 and flag2",
"description":"execute a fido2 get assertion command. needs json file with parameters. sample file `fido2_defparams.json` in `client/resources/`. - needs if `rk` option is `false` (authenticator doesn't store credential to its memory) - for yubikey there must be only one option `\"up\": true` or false",
"hf fido assert -f test.json -l -> use parameters file `text.json` and add to request credentialid"
],
"offline":false,
"options":[
"-h, --help this help",
"-a, --apdu show apdu reqests and responses",
"-v, --verbose show technical data. vv - show full certificates data",
"-c, --cbor show cbor decoded data",
"-l, --list add credentialid from json to allowlist",
"-f, --file <fn> parameter json file name"
],
"usage":"hf fido assert [-havcl] [-f <fn>]"
},
"hf fido auth":{
"command":"hf fido auth",
"description":"initiate a u2f token authentication. needs key handle and two 32-byte hash numbers. key handle(var 0..255), challenge parameter (32b) and application parameter (32b) the default config filename is `fido2_defparams.json`",
"notes":[
"hf fido auth --kh 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f -> execute command with 2 parameters, filled 0x00 and key handle",
"description":"help this help. list list iso 14443a history --------------------------------------------------------------------------------------- hf fido list available offline: yes alias of `trace list -t 14a` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf fido list -f -> show frame delay times",
"hf fido list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf fido list [-h1fcrux] [--dict <file>]..."
"description":"execute a fido2 make credential command. needs json file with parameters. sample file `fido2_defparams.json` in `client/resources/`. - for yubikey there must be only one option `\"rk\": true` or false",
"hf fido make -> use default parameters file `fido2_defparams.json`",
"hf fido make -f test.json -> use parameters file `text.json`"
],
"offline":false,
"options":[
"-h, --help this help",
"-a, --apdu show apdu reqests and responses",
"-v, --verbose show technical data. vv - show full certificates data",
"-t, --tlv show der certificate contents in tlv representation",
"-c, --cbor show cbor decoded data",
"-f, --file <fn> parameter json file name"
],
"usage":"hf fido make [-havtc] [-f <fn>]"
},
"hf fido reg":{
"command":"hf fido reg",
"description":"initiate a u2f token registration. needs two 32-byte hash numbers. challenge parameter (32b) and application parameter (32b). the default config filename is `fido2_defparams.json`",
"description":"-------- ----------------------- high frequency ----------------------- 14a { iso14443a rfids... } 14b { iso14443b rfids... } 15 { iso15693 rfids... } cipurse { cipurse transport cards... } epa { german identification card... } emrtd { machine readable travel document... } felica { iso18092 / felica rfids... } fido { fido and fido2 authenticators... } jooki { jooki rfids... } iclass { iclass rfids... } legic { legic rfids... } lto { lto cartridge memory rfids... } mf { mifare rfids... } mfp { mifare plus rfids... } mfu { mifare ultralight rfids... } mfdes { mifare desfire rfids... } seos { seos rfids... } st25ta { st25ta rfids... } thinfilm { thinfilm rfids... } topaz { topaz (nfc type 1) rfids... } waveshare { waveshare nfc epaper... } ----------- --------------------- general --------------------- help this help list list protocol data in trace buffer search search for known hf tags --------------------------------------------------------------------------------------- hf list available offline: yes alias of `trace list -t raw` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"description":"manage reader configuration card via cardhelper, the generated config card will be uploaded to device emulator memory. you can start simulating `hf iclass sim -t 3` or use the emul commands",
"description":"3des decrypt data this is a naive implementation, it tries to decrypt every block after block 6. correct behaviour would be to decrypt only the application areas where the key is valid, which is defined by the configuration block. obs! in order to use this function, the file `iclass_decryptionkey.bin` must reside in the resources directory. the file should be 16 bytes binary data or... make sure your cardhelper is placed in the sim module",
"description":"3des encrypt data obs! in order to use this function, the file 'iclass_decryptionkey.bin' must reside in the resources directory. the file should be 16 hex bytes of binary data",
"description":"display emulator memory. number of bytes to download defaults to 256. other value is 2048.",
"notes":[
"hf iclass eview",
"hf iclass eview -s 2048",
"hf iclass eview -s 2048 -v"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, --size <256|2048> number of bytes to save (default 256)",
"-v, --verbose verbose output"
],
"usage":"hf iclass eview [-hv] [-s <256|2048>]"
},
"hf iclass help":{
"command":"hf iclass help",
"description":"----------- --------------------- operations --------------------- help this help info tag information list list iclass history ----------- --------------------- recovery --------------------- loclass use loclass to perform bruteforce reader attack lookup uses authentication trace to check for key in dictionary file ----------- --------------------- simulation --------------------- ----------- --------------------- utils --------------------- configcard reader configuration card calcnewkey calc diversified keys (blocks 3 & 4) to write new keys encode encode binary wiegand to block 7 encrypt encrypt given block data decrypt decrypt given block data or tag dump file managekeys manage keys to use with iclass commands view display content from tag dump file --------------------------------------------------------------------------------------- hf iclass dump available offline: no dump all memory from a iclass tag",
"description":"act as a iclass reader. reads / fingerprints a iclass tag.",
"notes":[
"hf iclass info"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hf iclass info [-h]"
},
"hf iclass list":{
"command":"hf iclass list",
"description":"alias of `trace list -t iclass` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf iclass list -f -> show frame delay times",
"hf iclass list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf iclass list [-h1fcrux] [--dict <file>]..."
},
"hf iclass loclass":{
"command":"hf iclass loclass",
"description":"execute the offline part of loclass attack an iclass dumpfile is assumed to consist of an arbitrary number of malicious csns, and their protocol responses the binary format of the file is expected to be as follows: <8 byte csn><8 byte cc><4 byte nr><4 byte mac> <8 byte csn><8 byte cc><4 byte nr><4 byte mac> <8 byte csn><8 byte cc><4 byte nr><4 byte mac> ... totalling n*24 bytes",
"notes":[
"hf iclass loclass -f iclass_dump.bin",
"hf iclass loclass --test"
],
"offline":true,
"options":[
"-h, --help this help",
"-f, --file <fn> filename with nr/mac data from `hf iclass sim -t 2`",
"description":"help this help decode decode jooki token encode encode jooki token --------------------------------------------------------------------------------------- hf jooki clone available offline: no write a jooki token to a ultralight or ntag tag",
"notes":[
"hf jooki clone -d <hex bytes> -> where hex is raw ndef",
"hf jooki clone --b64 7wzlgezqlgwtnwny -> using base64 url parameter"
],
"offline":true,
"options":[
"-h, --help this help",
"-b, --b64 <base64> base64 url parameter",
"-d, --data <hex> raw ndef bytes",
"-p, --pwd <hex> password for authentication (ev1/ntag 4 bytes)"
"description":"help this help list list legic history crc calculate legic crc over given bytes eload load binary dump to emulator memory esave save emulator memory to binary file --------------------------------------------------------------------------------------- hf legic list available offline: yes alias of `trace list -t legic` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf legic list -f -> show frame delay times",
"hf legic list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf legic list [-h1fcrux] [--dict <file>]..."
},
"hf legic info":{
"command":"hf legic info",
"description":"gets information from a legic prime tag like systemarea, user areas, etc",
"description":"read uid and type information from a legic prime tag",
"notes":[
"hf legic reader"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"hf legic reader [-h@]"
},
"hf legic restore":{
"command":"hf legic restore",
"description":"reads binary file and it autodetects card type and verifies that the file has the same size then write the data back to card. all bytes except the first 7bytes [uid(4) mcc(1) dcf(2)]",
"notes":[
"hf legic restore -f myfile -> use user specified filename",
"hf legic restore -f myfile --ob -> use uid as filename and obfuscate data"
],
"offline":false,
"options":[
"-h, --help this help",
"-f, --file <filename> specify a filename to restore",
"description":"help this help list list lto-cm history --------------------------------------------------------------------------------------- hf lto dump available offline: no dump data from lto tag",
"description":"alias of `trace list -t lto` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf lto list -f -> show frame delay times",
"hf lto list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf lto list [-h1fcrux] [--dict <file>]..."
},
"hf lto rdbl":{
"command":"hf lto rdbl",
"description":"reead blocks from lto tag",
"notes":[
"hf lto rdbl --first 0 --last 254"
],
"offline":false,
"options":[
"-h, --help this help",
"--first <dec> the first block number to read as an integer",
"--last <dec> the last block number to read as an integer"
"usage":"hf mf auth4 [-h] <key num (hex 2 bytes)> <key value (hex 16 bytes)>"
},
"hf mf autopwn":{
"command":"hf mf autopwn",
"description":"this command automates the key recovery process on mifare classic cards. it uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys. if all keys are found, it try dumping card content both to file and emulator memory.",
"notes":[
"hf mf autopwn",
"hf mf autopwn -s 0 -a -k ffffffffffff -> target mfc 1k card, sector 0 with known key a 'ffffffffffff'",
"description":"overwrite full manufacturer block for magic gen3 card - you can specify part of manufacturer block as 4/7-bytes for uid change only note: bcc, sak, atqa will be calculated automatically",
"notes":[
"hf mf gen3blk -> print current data",
"hf mf gen3blk -d 01020304 -> set 4 byte uid",
"hf mf gen3blk -d 01020304050607 -> set 7 byte uid",
"description":"nested attack for hardened mifare classic cards. `--i<x>` set type of simd instructions. without this flag programs autodetect it. or hf mf hardnested -r --tk [known target key] add the known target key to check if it is present in the remaining key space hf mf hardnested --blk 0 -a -k a0a1a2a3a4a5 --tblk 4 --ta --tk ffffffffffff",
"description":"help this help list list mifare history hardnested nested attack for hardened mifare classic cards decrypt [nt] [ar_enc] [at_enc] [data] - to decrypt sniff or trace view display content from tag dump file --------------------------------------------------------------------------------------- hf mf list available offline: yes alias of `trace list -t mf` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf mf list -f -> show frame delay times",
"hf mf list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf mf list [-h1fcrux] [--dict <file>]..."
},
"hf mf mad":{
"command":"hf mf mad",
"description":"checks and prints mifare application directory (mad)",
"notes":[
"hf mf mad -> shows mad if exists",
"hf mf mad --aid e103 -k ffffffffffff -b -> shows ndef data if exists. read card with custom key and key b",
"description":"personalize the uid of a mifare classic ev1 card. this is only possible if it is a 7byte uid card and if it is not already personalized.",
"notes":[
"hf mf personalize --f0 -> double size uid",
"hf mf personalize --f1 -> double size uid, optional usage of selection process shortcut",
"hf mf personalize --f2 -> single size random id",
"hf mf personalize --f3 -> single size nuid",
"hf mf personalize -b -k b0b1b2b3b4b5 --f3 -> use key b = 0xb0b1b2b3b4b5"
],
"offline":false,
"options":[
"-h, --help this help",
"-a use key a to authenticate sector 0 (def)",
"-b use key b to authenticate sector 0",
"-k, --key <hex> key (def ffffffffffff)",
"--f0 uidfo, double size uid",
"--f1 uidf1, double size uid, optional usage of selection process shortcut",
"description":"restore mifare classic binary file to tag. the key file and data file will program the card sector trailers. by default we authenticate to card with key b 0xffffffffffff. `--uid` param is used for filename templates `hf-mf-<uid>-dump.bin` and `hf-mf-<uid>-key.bin. if not specified, it will read the card uid instead. `-w` param you can indicate that the key file should be used for authentication instead. if so we also try both b/a keys",
"description":"print a mifare classic dump file (bin/eml/json)",
"notes":[
"hf mf view -f hf-mf-01020304-dump.bin"
],
"offline":true,
"options":[
"-h, --help this help",
"-f, --file <fn> filename of dump",
"-v, --verbose verbose output"
],
"usage":"hf mf view [-hv] -f <fn>"
},
"hf mf wipe":{
"command":"hf mf wipe",
"description":"wipe card to zeros and default keys/acc. this command takes a key file to wipe card will use uid from card to generate keyfile name if not specified. new a/b keys..... ff ff ff ff ff ff new acc rights... ff 07 80 new gpb.......... 69",
"hf mfdes auth -n 0 -t des -k 0000000000000000 -f none -> select picc level and authenticate with key num=0, key type=des, key=00..00 and key derivation = none",
"hf mfdes auth -n 0 -t aes -k 00000000000000000000000000000000 -> select picc level and authenticate with key num=0, key type=aes, key=00..00 and key derivation = none",
"hf mfdes auth -n 0 -t des -k 0000000000000000 --save -> select picc level and authenticate and in case of successful authentication - save channel parameters to defaults",
"hf mfdes auth --aid 123456 -> select application 123456 and authenticate via parameters from `default` command"
"change crypto algorithm for picc key is possible, but for app keys crypto algorithm is set by createapp command and can't be changed wo application delete",
"",
"hf mfdes changekey --aid 123456 -> execute with default factory setup. change des key 0 in the app 123456 from 00..00 to 00..00",
"hf mfdes changekey -t des --newalgo aes --newkey 11223344556677889900112233445566 --newver a5 -> change card master key to aes one",
"--rawdata <rawdata hex> rawdata that sends to command",
"--aid <app id hex> application id for create. mandatory. (3 hex bytes, big endian)",
"--fid <file id hex> iso file id. forbidden values: 0000 3f00, 3fff, ffff. (2 hex bytes, big endian). if specified - enable iso file id over all the files in the app.",
"--dfname <df name str> iso df name 1..16 chars string",
"description":"create standard/backup file in the application. application master key needs to be provided or flag --no-auth set (depend on application settings).",
"--rawtype/--rawdata have priority over the other settings. and with these parameters you can create any file. file id comes from parameters, all the rest data must be in the --rawdata parameter",
"--rawrights have priority over the separate rights settings.",
"key/mode/etc of the authentication depends on application settings",
"hf mfdes createfile --aid 123456 --fid 01 --rawtype 01 --rawdata 000100eeee000100 -> create file via sending rawdata to the card. can be used to create any type of file. authentication with defaults from `default` command",
"hf mfdes createfile --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 -> create file app=123456, file=01 and mentioned rights with defaults from `default` command",
"description":"create transaction mac file in the application. application master key needs to be provided or flag --no-auth set (depend on application settings).",
"notes":[
"--rawrights have priority over the separate rights settings.",
"key/mode/etc of the authentication depends on application settings",
"hf mfdes createmacfile --aid 123456 --fid 01 --mackey --rawrights 1f30 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file with parameters. rights from default. authentication with defaults from `default` command",
"hf mfdes createmacfile --aid 123456 --fid 01 --amode plain --rrights free --wrights deny --rwrights free --chrights key0 --mackey 00112233445566778899aabbccddeeff -> create file app=123456, file=01, with key, and mentioned rights with defaults from `default` command",
"hf mfdes createmacfile -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup. key and keyver == 0x00..00"
"description":"create linear/cyclic record file in the application. application master key needs to be provided or flag --no-auth set (depend on application settings).",
"--rawrights have priority over the separate rights settings.",
"key/mode/etc of the authentication depends on application settings",
"hf mfdes createrecordfile --aid 123456 --fid 01 --size 000010 --maxrecord 000010 --cyclic -> create cyclic record file with parameters. rights from default. authentication with defaults from `default` command",
"hf mfdes createrecordfile --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 --size 000010 --maxrecord 000010 -> create linear record file app=123456, file=01 and mentioned rights with defaults from `default` command",
"description":"create value file in the application. application master key needs to be provided or flag --no-auth set (depend on application settings).",
"description":"for each application show fil list and then file content. key needs to be provided for authentication or flag --no-auth set (depend on cards settings).",
"description":"get uid from card. get the real uid if the random uid bit is on and get the same uid as in anticollision if not. master key needs to be provided.",
"description":"help this help list list desfire (iso 14443a) history test test crypto --------------------------------------------------------------------------------------- hf mfdes info available offline: no get info from mifare desfire tags",
"description":"alias of `trace list -t des` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf mfdes list -f -> show frame delay times",
"hf mfdes list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf mfdes list [-h1fcrux] [--dict <file>]..."
"hf mfdes read --aid 123456 --fid 01 -> read file: app=123456, file=01, offset=0, all the data. use default channel settings from `default` command",
"hf mfdes read --aid 123456 --fid 01 --type record --offset 000000 --length 000001 -> read one last record from record file. use default channel settings from `default` command"
"--aid <app id hex> application id (3 hex bytes, big endian)",
"--fid <file id hex> file id (1 hex byte)",
"--no-auth execute without authentication",
"--type <auto/data/value/record/mac> file type auto/data(standard/backup)/value/record(linear/cyclic)/mac). auto - check file settings and then read. default: auto",
"-o, --offset <hex> file offset (3 hex bytes, big endian). for records - record number (0 - lastest record). default 0",
"-l, --length <hex> length to read (3 hex bytes, big endian -> 000000 = read all data). for records - records count (0 - all). default 0."
"description":"[=] ------ desfire tests ------ [!] no space for crc. pos: 1 [=] crc16............. passed [!] no space for crc. pos: 2 [=] crc32............. passed [=] cmac 3tdea........ passed [=] cmac 2tdea........ passed [=] cmac des.......... passed [=] ev2 session keys.. passed [=] ev2 iv calc....... passed [=] ev2 mac calc...... passed [=] --------------------------- [+] tests [ ok ] ======================================================================================= hf seos { seos rfids... } --------------------------------------------------------------------------------------- hf seos help available offline: yes help this help list list seos history --------------------------------------------------------------------------------------- hf seos info available offline: no get info from seos tags",
"hf mfdes write --aid 123456 --fid 01 -d 01020304 -> write file: app=123456, file=01, offset=0, get file type from card. use default channel settings from `default` command",
"hf mfdes write --aid 123456 --fid 01 --type data -d 01020304 --0ffset 000100 -> write data to std file with offset 0x100",
"hf mfdes write --aid 123456 --fid 01 --type data -d 01020304 --commit -> write data to backup file with commit",
"hf mfdes write --aid 123456 --fid 01 --type value -d 00000001 -> increment value file",
"hf mfdes write --aid 123456 --fid 01 --type value -d 00000001 --debit -> decrement value file",
"hf mfdes write --aid 123456 --fid 01 -d 01020304 -> write data to record file with `auto` type",
"hf mfdes write --aid 123456 --fid 01 --type record -d 01020304 -> write data to record file",
"hf mfdes write --aid 123456 --fid 01 --type record -d 01020304 --updaterec 0 -> update record in the record file. record 0 - lastest record.",
"hf mfdes write --aid 123456 --fid 01 --type record --offset 000000 -d 11223344 -> write record to record file. use default channel settings from `default` command"
"--aid <app id hex> application id (3 hex bytes, big endian)",
"--fid <file id hex> file id (1 hex byte)",
"--no-auth execute without authentication",
"--type <auto/data/value/record/mac> file type auto/data(standard/backup)/value/record(linear/cyclic)/mac). auto - check file settings and then write. default: auto",
"-o, --offset <hex> file offset (3 hex bytes, big endian). for records - record number (0 - lastest record). default 0",
"-d, --data <hex> data for write (data/record file), credit/debit(value file)",
"--debit use for value file debit operation instead of credit",
"--commit commit needs for backup file only. for the other file types and in the `auto` mode - command set it automatically.",
"--updaterec <record number dec> record number for update record command. updates record instead of write. lastest record - 0"
"description":"checks keys with mifare plus card.",
"notes":[
"hf mfp chk -k 000102030405060708090a0b0c0d0e0f -> check key on sector 0 as key a and b",
"hf mfp chk -s 2 -a -> check default key list on sector 2, key a",
"hf mfp chk -d mfp_default_keys -s0 -e6 -> check keys from dictionary against sectors 0-6",
"hf mfp chk --pattern1b -j keys -> check all 1-byte keys pattern and save found keys to json",
"hf mfp chk --pattern2b --startp2b fa00 -> check all 2-byte keys pattern. start from key fa00fa00...fa00"
],
"offline":false,
"options":[
"-h, --help this help",
"-a, --keya check only key a (by default check all keys).",
"-b, --keyb check only key b (by default check all keys).",
"-k, --key <key> key for checking (hex 16 bytes)",
"-d, --dict <file> file with keys dictionary",
"--pattern1b check all 1-byte combinations of key (0000...0000, 0101...0101, 0202...0202, ...)",
"--pattern2b check all 2-byte combinations of key (0000...0000, 0001...0001, 0002...0002, ...)",
"--startp2b <pattern> start key (2-byte hex) for 2-byte search (use with `--pattern2b`)",
"-j, --json <file> json file to save keys",
"-v, --verbose verbose mode."
],
"usage":"hf mfp chk [-habv] [-s start sector num (0..255)] [-e end sector num (0..255)] [-k <key>] [-d <file>] [--pattern1b] [--pattern2b] [--startp2b <pattern>] [-j <file>]"
},
"hf mfp commitp":{
"command":"hf mfp commitp",
"description":"executes commit perso command. can be used in sl0 mode only.",
"notes":[
"hf mfp commitp"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose show internal data."
],
"usage":"hf mfp commitp [-hv]"
},
"hf mfp help":{
"command":"hf mfp help",
"description":"help this help --------------------------------------------------------------------------------------- hf mfp info available offline: no get info from mifare plus tags",
"notes":[
"hf mfp info"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hf mfp info [-h]"
},
"hf mfp initp":{
"command":"hf mfp initp",
"description":"executes write perso command for all card's keys. can be used in sl0 mode only.",
"notes":[
"hf mfp initp --key 000102030405060708090a0b0c0d0e0f -> fill all the keys with key (00..0f)",
"hf mfp initp -vv -> fill all the keys with default key(0xff..0xff) and show all the data exchange"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose show internal data.",
"-k, --key <hex> key, 16 hex bytes"
],
"usage":"hf mfp initp [-hv] [-k <hex>]..."
},
"hf mfp mad":{
"command":"hf mfp mad",
"description":"checks and prints mifare application directory (mad)",
"notes":[
"hf mfp mad -> shows mad if exists",
"hf mfp mad -a e103 -k d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7 -> shows ndef data if exists"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose show technical data",
"--aid <aid> print all sectors with aid",
"-k, --key <key> key for printing sectors",
"-b, --keyb use key b for access printing sectors (by default: key a)",
"-k, --key <hex> key for authentication (ul-c 16 bytes)",
"-l swap entered key's endianness",
"-k keep field on (only if a password is provided too)"
],
"usage":"hf mfu cauth [-hlk] [-k <hex>]"
},
"hf mfu dump":{
"command":"hf mfu dump",
"description":"reads all pages from ultralight, ultralight-c, ultralight ev1 ntag 203, ntag 210, ntag 212, ntag 213, ntag 215, ntag 216 and saves data into binary/json files. it autodetects card type.",
"notes":[
"hf mfu dump -f myfile -> dump whole tag, save to `myfile.bin`",
"hf mfu dump -k aabbccdd -> dump whole tag using pwd aabbccdd",
"hf mfu dump -p 10 -> start at page 10 and dump rest of blocks",
"hf mfu dump -p 10 -q 2 -> start at page 10 and dump two blocks",
"description":"help this help keygen generate 3des mifare diversified keys pwdgen generate pwd from known algos --------------------------------------------------------------------------------------- hf mfu keygen available offline: yes set the 3des key on mifare ultralight-c tag.",
"notes":[
"hf mfu keygen -r",
"hf mfu keygen --uid 11223344556677"
],
"offline":true,
"options":[
"-h, --help this help",
"-u, --uid <hex> <4|7> hex byte uid",
"-r read uid from tag"
],
"usage":"hf mfu keygen [-hr] [-u <hex>]"
},
"hf mfu info":{
"command":"hf mfu info",
"description":"get info about mifare ultralight family styled tag. sometimes the tags are locked down, and you may need a key to be able to read the information",
"notes":[
"hf mfu info",
"hf mfu info -k aabbccdd",
"hf mfu info --key 00112233445566778899aabbccddeeff"
"description":"set uid on mifare ultralight tag. this only works for `magic ultralight` tags.",
"notes":[
"hf mfu setuid --uid 11223344556677"
],
"offline":false,
"options":[
"-h, --help this help",
"-u, --uid <hex> new uid (7 bytes)"
],
"usage":"hf mfu setuid [-h] [-u <hex>]"
},
"hf mfu sim":{
"command":"hf mfu sim",
"description":"simulate mifare ultralight family type based upon iso/iec 14443 type a tag with 4,7 or 10 byte uid from emulator memory. see `hf mfu eload` first. see `hf 14a sim -h` to see available types. you want 2 or 7 usually.",
"description":"alias of `trace list -t 7816` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf seos list -f -> show frame delay times",
"hf seos list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf seos list [-h1fcrux] [--dict <file>]..."
},
"hf sniff":{
"command":"hf sniff",
"description":"the high frequency sniffer will assign all available memory on device for sniffed data. use `data samples` to download from device and `data plot` to visualize it. press button to quit the sniffing.",
"description":"help this help list list iso 14443a/7816 history ndefread read ndef file on tag --------------------------------------------------------------------------------------- hf st25ta info available offline: no get info about st25ta tag",
"notes":[
"hf st25ta info"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hf st25ta info [-h]"
},
"hf st25ta list":{
"command":"hf st25ta list",
"description":"alias of `trace list -t 7816` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf st25ta list -f -> show frame delay times",
"hf st25ta list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf st25ta list [-h1fcrux] [--dict <file>]..."
},
"hf st25ta ndefread":{
"command":"hf st25ta ndefread",
"description":"read nfc data exchange format (ndef) file on st25ta",
"-p, --password <hex> current 16 byte write password",
"-n, --new <hex> new 16 byte password"
],
"usage":"hf st25ta pwd [-hrw] -p <hex> -n <hex>"
},
"hf st25ta sim":{
"command":"hf st25ta sim",
"description":"emulating st25ta512b tag with 7 byte uid",
"notes":[
"hf st25ta sim -u 02e2007d0fca4c"
],
"offline":false,
"options":[
"-h, --help this help",
"-u, --uid <hex> 7 byte uid"
],
"usage":"hf st25ta sim [-h] -u <hex>"
},
"hf thinfilm help":{
"command":"hf thinfilm help",
"description":"help this help list list nfc barcode / thinfilm history - not correct --------------------------------------------------------------------------------------- hf thinfilm info available offline: no get info from thinfilm tags",
"notes":[
"hf thinfilm info"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hf thinfilm info [-h]"
},
"hf thinfilm list":{
"command":"hf thinfilm list",
"description":"alias of `trace list -t thinfilm` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf thinfilm list -f -> show frame delay times",
"hf thinfilm list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf thinfilm list [-h1fcrux] [--dict <file>]..."
},
"hf thinfilm sim":{
"command":"hf thinfilm sim",
"description":"simulate thinfilm tag",
"notes":[
"hf thinfilm sim -d b70470726f786d61726b2e636f6d"
],
"offline":false,
"options":[
"-h, --help this help",
"-d, --data <hex> bytes to send",
"--raw raw, provided bytes should include crc"
],
"usage":"hf thinfilm sim [-h] -d <hex> [--raw]"
},
"hf topaz help":{
"command":"hf topaz help",
"description":"help this help list list topaz history --------------------------------------------------------------------------------------- hf topaz list available offline: yes alias of `trace list -t topaz` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"hf topaz list -f -> show frame delay times",
"hf topaz list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"hf topaz list [-h1fcrux] [--dict <file>]..."
"description":"help this help --------------------------------------------------------------------------------------- hf waveshare loadbmp available offline: no load bmp file to waveshare nfc epaper.",
"description":"connects to a proxmark3 device via specified serial port. baudrate here is only for physical uart or uart-bt, not for usb-cdc or blue shark add-on",
"description":"set device side debug level output. note: option -4, this option may cause malfunction itself",
"notes":[
"hw dbg -1"
],
"offline":false,
"options":[
"-h, --help this help",
"-0 no debug messages",
"-1 error messages",
"-2 plus information messages",
"-3 plus debug messages",
"-4 print even debug messages in timing critical functions"
],
"usage":"hw dbg [-h01234]"
},
"hw detectreader":{
"command":"hw detectreader",
"description":"start to detect presences of reader field",
"notes":[
"hw detectreader -l"
],
"offline":false,
"options":[
"-h, --help this help",
"-l, --lf detect low frequence 125/134 khz",
"-h, --hf detect high frequence 13.56 mhz"
],
"usage":"hw detectreader [-hlh]"
},
"hw fpgaoff":{
"command":"hw fpgaoff",
"description":"turn of fpga and antenna field",
"notes":[
"hw fpgaoff"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hw fpgaoff [-h]"
},
"hw help":{
"command":"hw help",
"description":"------------- ----------------------- hardware ----------------------- help this help connect connect proxmark3 to serial port --------------------------------------------------------------------------------------- hw break available offline: no send break loop package",
"notes":[
"hw break"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hw break [-h]"
},
"hw lcd":{
"command":"hw lcd",
"description":"send command/data to lcd",
"notes":[
"hw lcd -r aa -c 03 -> sends 0xaa three times"
],
"offline":false,
"options":[
"-h, --help this help",
"-r, --raw <hex> data",
"-c, --cnt <dec> number of times to send"
],
"usage":"hw lcd [-h] -r <hex> -c <dec>"
},
"hw lcdreset":{
"command":"hw lcdreset",
"description":"hardware reset lcd",
"notes":[
"hw lcdreset"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hw lcdreset [-h]"
},
"hw ping":{
"command":"hw ping",
"description":"test if the proxmark3 is responsive",
"notes":[
"hw ping",
"hw ping --len 32"
],
"offline":false,
"options":[
"-h, --help this help",
"-l, --len <dec> length of payload to send"
],
"usage":"hw ping [-h] [-l <dec>]"
},
"hw readmem":{
"command":"hw readmem",
"description":"read memory at decimal address from arm chip flash.",
"notes":[
"hw readmem -a 10000"
],
"offline":false,
"options":[
"-h, --help this help",
"-a, --adr <dec> address to read"
],
"usage":"hw readmem [-h] -a <dec>"
},
"hw reset":{
"command":"hw reset",
"description":"reset the proxmark3 device.",
"notes":[
"hw reset"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hw reset [-h]"
},
"hw setlfdivisor":{
"command":"hw setlfdivisor",
"description":"drive lf antenna at 12 mhz / (divisor + 1).",
"notes":[
"hw setlfdivisor -d 88"
],
"offline":false,
"options":[
"-h, --help this help",
"-d, --div <dec> 19 - 255 divisor value (def 95)"
],
"usage":"hw setlfdivisor [-h] -d <dec>"
},
"hw setmux":{
"command":"hw setmux",
"description":"set the adc mux to a specific value",
"description":"show runtime status information about the connected proxmark3",
"notes":[
"hw status"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hw status [-h]"
},
"hw tearoff":{
"command":"hw tearoff",
"description":"configure a tear-off hook for the next write command supporting tear-off after having been triggered by a write command, the tear-off hook is deactivated delay (in us) must be between 1 and 43000 (43ms). precision is about 1/3us.",
"notes":[
"hw tearoff --delay 1200 -> define delay of 1200us",
"hw tearoff --on -> (re)activate a previously defined delay",
"hw tearoff --off -> deactivate a previously activated but not yet triggered hook"
],
"offline":false,
"options":[
"-h, --help this help",
"--delay <dec> delay in us before triggering tear-off, must be between 1 and 43000",
"description":"trigger a timing interval acquisition to re-adjust the realtimecounter divider",
"notes":[
"hw tia"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hw tia [-h]"
},
"hw tune":{
"command":"hw tune",
"description":"measure antenna tuning",
"notes":[
"hw tune"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hw tune [-h]"
},
"hw version":{
"command":"hw version",
"description":"show version information about the connected proxmark3",
"notes":[
"hw version"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"hw version [-h]"
},
"lf awid brute":{
"command":"lf awid brute",
"description":"enables bruteforce of awid reader with specified facility-code. this is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step if cardnumber is not given, it starts with 1 and goes up to 65535",
"description":"help this help demod demodulate an awid fsk tag from the graphbuffer --------------------------------------------------------------------------------------- lf awid demod available offline: yes try to find awid prox preamble, if found decode / descramble data",
"notes":[
"lf awid demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf awid demod [-h]"
},
"lf awid reader":{
"command":"lf awid reader",
"description":"read a awid prox tag",
"notes":[
"lf awid reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf awid reader [-h@]"
},
"lf awid sim":{
"command":"lf awid sim",
"description":"enables simulation of awid card with specified facility-code and card number. simulation runs until the button is pressed or another usb command is issued.",
"description":"enables awid compatible reader mode printing details of scanned awid26 or awid50 tags. run until the button is pressed or another usb command is issued.",
"notes":[
"lf awid watch"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf awid watch [-h]"
},
"lf cmdread":{
"command":"lf cmdread",
"description":"modulate lf reader field to send command before read. all periods in microseconds. - use `lf config` to set parameters",
"description":"help this help demod demodulate an cotag tag --------------------------------------------------------------------------------------- lf cotag demod available offline: yes try to find cotag preamble, if found decode / descramble data",
"notes":[
"lf cotag demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf cotag demod [-h]"
},
"lf cotag reader":{
"command":"lf cotag reader",
"description":"read a cotag tag, the current support for cotag is limited.",
"notes":[
"lf cotag reader -2"
],
"offline":false,
"options":[
"-h, --help this help",
"-1 high/low signal; maxlength bigbuff",
"-2 translation of high/low into bytes with manchester 0,1",
"-3 raw signal; maxlength bigbuff"
],
"usage":"lf cotag reader [-h123]"
},
"lf destron clone":{
"command":"lf destron clone",
"description":"clone a destron tag to a t55x7, q5/t5555 or em4305/4469 tag.",
"description":"help this help demod demodulate an destron tag from the graphbuffer --------------------------------------------------------------------------------------- lf destron demod available offline: yes try to find destron preamble, if found decode / descramble data",
"notes":[
"lf destron demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf destron demod [-h]"
},
"lf destron reader":{
"command":"lf destron reader",
"description":"read a destron tag",
"notes":[
"lf destron reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf destron reader [-h@]"
},
"lf destron sim":{
"command":"lf destron sim",
"description":"try to find destron preamble, if found decode / descramble data",
"notes":[
"lf destron sim"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf destron sim [-h]"
},
"lf em 410x brute":{
"command":"lf em 410x brute",
"description":"bruteforcing by emulating em 410x tag",
"notes":[
"lf em 410x brute -f ids.txt",
"lf em 410x brute -f ids.txt --clk 32",
"lf em 410x brute -f ids.txt --delay 3000",
"lf em 410x brute -f ids.txt --delay 3000 --clk 32"
],
"offline":false,
"options":[
"-h, --help this help",
"--clk <dec> <32|64> clock (default 64)",
"--delay <dec> pause delay in milliseconds between uids simulation (default 1000ms)",
"-f, --file <hex> file with uids in hex format, one per line",
"--gap <dec> gap (0's) between id repeats (default 20)"
"description":"watch 'nd spoof, activates reader waits until a em 410x tag gets presented then proxmark3 starts simulating the found uid",
"notes":[
"lf em 410x spoof"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf em 410x spoof [-h]"
},
"lf em 410x watch":{
"command":"lf em 410x watch",
"description":"enables electro marine (em) compatible reader mode printing details of scanned tags. run until the button is pressed or another usb command is issued.",
"notes":[
"lf em 410x watch"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf em 410x watch [-h]"
},
"lf em 4x05 chk":{
"command":"lf em 4x05 chk",
"description":"this command uses a dictionary attack against em4205/4305/4469/4569",
"description":"help this help demod demodulate a em4x05/em4x69 tag from the graphbuffer sniff attempt to recover em4x05 commands from sample buffer --------------------------------------------------------------------------------------- lf em 4x05 brute available offline: no this command tries to bruteforce the password of a em4205/4305/4469/4569 the loop is running on device side, press proxmark3 button to abort",
"description":"help this help ----------- --------------------- operations --------------------- ----------- --------------------- simulation --------------------- --------------------------------------------------------------------------------------- lf em 4x50 brute available offline: no tries to bruteforce the password of a em4x50 card. function can be stopped by pressing pm3 button.",
"lf em 4x50 brute --first 12330000 --last 12340000 -> tries pwds from 0x12330000 to 0x1234000000"
],
"offline":true,
"options":[
"-h, --help this help",
"--first <hex> first password (start), 4 bytes, lsb",
"--last <hex> last password (stop), 4 bytes, lsb"
],
"usage":"lf em 4x50 brute [-h] --first <hex> --last <hex>"
},
"lf em 4x50 info":{
"command":"lf em 4x50 info",
"description":"tag information em4x50.",
"notes":[
"lf em 4x50 info",
"lf em 4x50 info -v -> show data section",
"lf em 4x50 info -p 12345678 -> uses pwd 0x12345678"
],
"offline":false,
"options":[
"-h, --help this help",
"-p, --pwd <hex> password, 4 hex bytes, lsb",
"-v, --verbose additional output of data section"
],
"usage":"lf em 4x50 info [-hv] [-p <hex>]"
},
"lf em 4x50 login":{
"command":"lf em 4x50 login",
"description":"login into em4x50 tag.",
"notes":[
"lf em 4x50 login -p 12345678 -> login with password 12345678"
],
"offline":false,
"options":[
"-h, --help this help",
"-p, --passsword <hex> password, 4 bytes, lsb"
],
"usage":"lf em 4x50 login [-h] -p <hex>"
},
"lf em 4x50 rdbl":{
"command":"lf em 4x50 rdbl",
"description":"reads single em4x50 block/word.",
"notes":[
"lf em 4x50 rdbl -b 3",
"lf em 4x50 rdbl -b 32 -p 12345678 -> reads block 32 with pwd 0x12345678"
],
"offline":false,
"options":[
"-h, --help this help",
"-b, --block <dec> block/word address",
"-p, --pwd <hex> password, 4 hex bytes, lsb"
],
"usage":"lf em 4x50 rdbl [-h] -b <dec> [-p <hex>]"
},
"lf em 4x50 reader":{
"command":"lf em 4x50 reader",
"description":"shows standard read data of em4x50 tag.",
"notes":[
"lf em 4x50 reader",
"lf em 4x50 reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf em 4x50 reader [-h@]"
},
"lf em 4x50 restore":{
"command":"lf em 4x50 restore",
"description":"restores data from dumpfile (bin/eml/json) onto a em4x50 tag. if used with -u, the filetemplate `lf-4x50-uid-dump.bin` is used as filename",
"notes":[
"lf em 4x50 restore -u 1b5aff5c -> uses lf-4x50-1b5aff5c-dump.bin",
"description":"authenticate against an em4x70 by sending random number (rn) and f(rn) if f(rn) is incorrect based on the tag crypt key, the tag will not respond",
"notes":[
"lf em 4x70 auth --rnd 45f54ada252aac --frn 4866bb70 -> test authentication, tag will respond if successful"
],
"offline":false,
"options":[
"-h, --help this help",
"--par add parity bit when sending commands",
"--rnd <hex> random 56-bit",
"--frn <hex> f(rn) 28-bit as 4 hex bytes"
],
"usage":"lf em 4x70 auth [-h] [--par] --rnd <hex> --frn <hex>"
},
"lf em 4x70 help":{
"command":"lf em 4x70 help",
"description":"help this help --------------------------------------------------------------------------------------- lf em 4x70 info available offline: no tag information em4x70 tag variants include id48 automotive transponder. id48 does not use command parity (default). v4070 and em4170 do require parity bit.",
"notes":[
"lf em 4x70 info",
"lf em 4x70 info --par -> adds parity bit to command"
],
"offline":true,
"options":[
"-h, --help this help",
"--par add parity bit when sending commands"
],
"usage":"lf em 4x70 info [-h] [--par]"
},
"lf em 4x70 unlock":{
"command":"lf em 4x70 unlock",
"description":"unlock em4x70 by sending pin default pin may be: aaaaaaaa 00000000",
"notes":[
"lf em 4x70 unlock -p 11223344 -> unlock with pin",
"lf em 4x70 unlock -p 11223344 --par -> unlock with pin using parity commands"
],
"offline":false,
"options":[
"-h, --help this help",
"--par add parity bit when sending commands",
"-p, --pin <hex> pin, 4 bytes"
],
"usage":"lf em 4x70 unlock [-h] [--par] -p <hex>"
},
"lf em 4x70 write":{
"command":"lf em 4x70 write",
"description":"write em4x70",
"notes":[
"lf em 4x70 write -b 15 -d c0de -> write 'c0de' to block 15",
"lf em 4x70 write -b 15 -d c0de --par -> adds parity bit to commands"
],
"offline":false,
"options":[
"-h, --help this help",
"--par add parity bit when sending commands",
"-b, --block <dec> block/word address, dec",
"-d, --data <hex> data, 2 bytes"
],
"usage":"lf em 4x70 write [-h] [--par] -b <dec> -d <hex>"
},
"lf em 4x70 writekey":{
"command":"lf em 4x70 writekey",
"description":"write new 96-bit key to tag",
"notes":[
"lf em 4x70 writekey -k f32aa98cf5be4adfa6d3480b"
],
"offline":false,
"options":[
"-h, --help this help",
"--par add parity bit when sending commands",
"-k, --key <hex> crypt key as 12 hex bytes"
],
"usage":"lf em 4x70 writekey [-h] [--par] -k <hex>"
},
"lf em 4x70 writepin":{
"command":"lf em 4x70 writepin",
"description":"write pin",
"notes":[
"lf em 4x70 writepin -p 11223344 -> write pin",
"lf em 4x70 writepin -p 11223344 --par -> write pin using parity commands"
],
"offline":false,
"options":[
"-h, --help this help",
"--par add parity bit when sending commands",
"-p, --pin <hex> pin, 4 bytes"
],
"usage":"lf em 4x70 writepin [-h] [--par] -p <hex>"
},
"lf em help":{
"command":"lf em help",
"description":"help this help 410x { em 4102 commands... } 4x05 { em 4205 / 4305 / 4369 / 4469 commands... } 4x50 { em 4350 / 4450 commands... } 4x70 { em 4070 / 4170 commands... } ======================================================================================= lf em 410x { em 4102 commands... } --------------------------------------------------------------------------------------- lf em 410x help available offline: yes help this help demod demodulate a em410x tag from the graphbuffer --------------------------------------------------------------------------------------- lf em 410x demod available offline: yes try to find em 410x preamble, if found decode / descramble data",
"notes":[
"lf em 410x demod -> demod an em410x tag id from graphbuffer",
"lf em 410x demod --clk 32 -> demod an em410x tag id from graphbuffer using a clock of rf/32",
"lf em 410x demod --clk 32 -i -> demod an em410x tag id from graphbuffer using a clock of rf/32 and inverting data",
"lf em 410x demod -i -> demod an em410x tag id from graphbuffer while inverting data",
"lf em 410x demod --clk 64 -i --err 0 -> demod an em410x tag id from graphbuffer using a clock of rf/64 and inverting data and allowing 0 demod errors"
],
"offline":true,
"options":[
"-h, --help this help",
"--clk <dec> clock (default autodetect)",
"--err <dec> maximum allowed errors (default 100)",
"description":"help this help demod demodulate a fdx-b iso11784/85 tag from the graphbuffer --------------------------------------------------------------------------------------- lf fdxb demod available offline: yes try to find fdx-b preamble, if found decode / descramble data",
"notes":[
"lf fdxb demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf fdxb demod [-h]"
},
"lf fdxb reader":{
"command":"lf fdxb reader",
"description":"read a fdx-b animal tag note that the continuous mode is less verbose",
"notes":[
"lf fdxb reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf fdxb reader [-h@]"
},
"lf fdxb sim":{
"command":"lf fdxb sim",
"description":"enables simulation of fdx-b animal tag. simulation runs until the button is pressed or another usb command is issued.",
"description":"help this help demod demodulate an gallagher tag from the graphbuffer --------------------------------------------------------------------------------------- lf gallagher demod available offline: yes try to find gallagher preamble, if found decode / descramble data",
"description":"enables simulation of gallagher card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"description":"clone a guardall tag to a t55x7, q5/t5555 or em4305/4469 tag. the facility-code is 8-bit and the card number is 16-bit. larger values are truncated. currently work only on 26bit",
"description":"help this help demod demodulate a g prox ii tag from the graphbuffer --------------------------------------------------------------------------------------- lf gproxii demod available offline: yes try to find guardall prox-ii preamble, if found decode / descramble data",
"notes":[
"lf gproxii demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf gproxii demod [-h]"
},
"lf gproxii reader":{
"command":"lf gproxii reader",
"description":"read a guardall tag",
"notes":[
"lf gproxii reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf gproxii reader [-h@]"
},
"lf gproxii sim":{
"command":"lf gproxii sim",
"description":"enables simulation of guardall card with specified card number. simulation runs until the button is pressed or another usb command is issued. the facility-code is 8-bit and the card number is 16-bit. larger values are truncated. currently work only on 26bit",
"description":"enables bruteforce of hid readers with specified facility code. this is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step if cardnumber is not given, it starts with 1 and goes up to 65535",
"description":"help this help demod demodulate hid prox tag from the graphbuffer --------------------------------------------------------------------------------------- lf hid demod available offline: yes try to find hid prox preamble, if found decode / descramble data",
"notes":[
"lf hid demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf hid demod [-h]"
},
"lf hid reader":{
"command":"lf hid reader",
"description":"read a hid prox tag",
"notes":[
"lf hid reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf hid reader [-h@]"
},
"lf hid sim":{
"command":"lf hid sim",
"description":"enables simulation of hid card with card number. simulation runs until the button is pressed or another usb command is issued.",
"description":"enables hid compatible reader mode printing details. by default, values are printed and logged until the button is pressed or another usb command is issued.",
"notes":[
"lf hid watch"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf hid watch [-h]"
},
"lf hitag cc":{
"command":"lf hitag cc",
"description":"check challenges, load a file with saved hitag crypto challenges and test them all. the file should be 8 * 60 bytes long, the file extension defaults to `.cc`",
"description":"read all card memory and save to filein password mode the default key is 4d494b52 (mikr) in crypto mode the default key is 4f4e4d494b52 (onmikr) format: isk high + isk low.",
"description":"help this help list list hitag trace history --------------------------------------------------------------------------------------- lf hitag eload available offline: no loads hitag tag dump into emulator memory on device",
"description":"sniff traffic between hitag reader and tag.",
"notes":[
"lf hitag info"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf hitag info [-h]"
},
"lf hitag list":{
"command":"lf hitag list",
"description":"alias of `trace list -t hitag2` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"lf hitag list -f -> show frame delay times",
"lf hitag list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"lf hitag list [-h1fcrux] [--dict <file>]..."
},
"lf hitag reader":{
"command":"lf hitag reader",
"description":"act like a hitag reader",
"notes":[
"hitag s",
"lf hitag reader --01 --nrar 0102030411223344",
"lf hitag reader --02 -k 4f4e4d494b52",
"hitag 2",
"lf hitag reader --21 -k 4d494b52",
"lf hitag reader --22 --nrar 0102030411223344",
"lf hitag reader --23 -k 4f4e4d494b52",
"lf hitag reader --26"
],
"offline":false,
"options":[
"-h, --help this help",
"--01 hitags, read all pages, challenge mode",
"--02 hitags, read all pages, crypto mode. set key=0 for no auth",
"--21 hitag2, read all pages, password mode. def 4d494b52 (mikr)",
"--22 hitag2, read all pages, challenge mode",
"--23 hitag2, read all pages, crypto mode. key isk high + isk low. def 4f4e4d494b52 (onmikr)",
"--25 hitag2, test recorded authentications (replay?)",
"description":"simulate hitag2 / hitags transponder you need to `lf hitag eload` first",
"notes":[
"lf hitag sim -2"
],
"offline":false,
"options":[
"-h, --help this help",
"-1 simulate hitag1",
"-2 simulate hitag2",
"-s simulate hitags"
],
"usage":"lf hitag sim [-h12s]"
},
"lf hitag sniff":{
"command":"lf hitag sniff",
"description":"sniff traffic between hitag reader and tag. use `lf hitag list` to view collected data.",
"notes":[
"lf hitag sniff"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf hitag sniff [-h]"
},
"lf hitag writer":{
"command":"lf hitag writer",
"description":"act like a hitag writerin password mode the default key is 4d494b52 (mikr) in crypto mode the default key is 4f4e4d494b52 (onmikr) format: isk high + isk low.",
"description":"help this help demod demodulate an idteck tag from the graphbuffer --------------------------------------------------------------------------------------- lf idteck demod available offline: yes try to find idteck preamble, if found decode / descramble data",
"notes":[
"lf idteck demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf idteck demod [-h]"
},
"lf idteck reader":{
"command":"lf idteck reader",
"description":"read a idteck tag",
"notes":[
"lf idteck reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf idteck reader [-h@]"
},
"lf idteck sim":{
"command":"lf idteck sim",
"description":"enables simulation of idteck card. simulation runs until the button is pressed or another usb command is issued.",
"notes":[
"lf idteck sim --raw 4944544b351fbe4b"
],
"offline":false,
"options":[
"-h, --help this help",
"-r, --raw <hex> raw bytes"
],
"usage":"lf idteck sim [-h] [-r <hex>]..."
},
"lf indala altdemod":{
"command":"lf indala altdemod",
"description":"tries to psk demodulate the graphbuffer as indala this is uses a alternative way to demodulate and was used from the beginning in the pm3 client. it's now considered obsolete but remains because it has sometimes its advantages.",
"notes":[
"lf indala altdemod",
"lf indala altdemod --long -> demod a indala tag from graphbuffer as 224 bit long format"
"description":"help this help demod demodulate an indala tag (psk1) from graphbuffer altdemod alternative method to demodulate samples for indala 64 bit uid (option '224' for 224 bit) --------------------------------------------------------------------------------------- lf indala demod available offline: yes tries to psk demodulate the graphbuffer as indala",
"notes":[
"lf indala demod",
"lf indala demod --clock 32 -> demod a indala tag from graphbuffer using a clock of rf/32",
"lf indala demod --clock 32 -i -> demod a indala tag from graphbuffer using a clock of rf/32 and inverting data",
"lf indala demod --clock 64 -i --maxerror 0 -> demod a indala tag from graphbuffer using a clock of rf/64, inverting data and allowing 0 demod errors"
],
"offline":true,
"options":[
"-h, --help this help",
"--clock <dec> optional - set clock (as integer), if not set, autodetect.",
"--maxerr <dec> optional - set maximum allowed errors, default = 100",
"description":"enables simulation of indala card with specified facility code and card number. simulation runs until the button is pressed or another usb command is issued.",
"description":"clone a ioprox card with specified facility-code and card number to a t55x7, q5/t5555 or em4305/4469 tag. tag must be on the antenna when issuing this command.",
"notes":[
"lf io clone --vn 1 --fc 101 --cn 1337"
],
"offline":false,
"options":[
"-h, --help this help",
"--vn <dec> 8bit version",
"--fc <dec> 8bit facility code",
"--cn <dec> 16bit card number",
"--q5 optional - specify writing to q5/t5555 tag",
"--em optional - specify writing to em4305/4469 tag"
"description":"help this help demod demodulate an ioprox tag from the graphbuffer --------------------------------------------------------------------------------------- lf io demod available offline: yes try to find ioprox preamble, if found decode / descramble data",
"notes":[
"lf io demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf io demod [-h]"
},
"lf io reader":{
"command":"lf io reader",
"description":"read a ioprox tag",
"notes":[
"lf io reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf io reader [-h@]"
},
"lf io sim":{
"command":"lf io sim",
"description":"enables simulation of ioprox card with specified facility-code and card number. simulation runs until the button is pressed or another usb command is issued.",
"description":"enables ioprox compatible reader mode printing details. by default, values are printed and logged until the button is pressed or another usb command is issued.",
"notes":[
"lf io watch"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf io watch [-h]"
},
"lf jablotron clone":{
"command":"lf jablotron clone",
"description":"clone a jablotron tag to a t55x7, q5/t5555 or em4305/4469 tag. tag must be on the antenna when issuing this command.",
"description":"help this help demod demodulate an jablotron tag from the graphbuffer --------------------------------------------------------------------------------------- lf jablotron demod available offline: yes try to find jablotron preamble, if found decode / descramble data",
"description":"enables simulation of jablotron card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"notes":[
"lf jablotron sim --cn 01b669"
],
"offline":false,
"options":[
"-h, --help this help",
"--cn <hex> jablotron card id - 5 bytes max"
],
"usage":"lf jablotron sim [-h] --cn <hex>"
},
"lf keri clone":{
"command":"lf keri clone",
"description":"clone a keri tag to a t55x7, q5/t5555 or em4305/4469 tag",
"description":"help this help demod demodulate an keri tag from the graphbuffer --------------------------------------------------------------------------------------- lf keri demod available offline: yes try to find keri preamble, if found decode / descramble data",
"notes":[
"lf keri demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf keri demod [-h]"
},
"lf keri reader":{
"command":"lf keri reader",
"description":"read a keri tag",
"notes":[
"lf keri reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf keri reader [-h@]"
},
"lf keri sim":{
"command":"lf keri sim",
"description":"enables simulation of keri card with internal id. you supply a keri card id and it will converted to a keri internal id.",
"notes":[
"lf keri sim --cn 112233"
],
"offline":false,
"options":[
"-h, --help this help",
"--id <dec> keri card id"
],
"usage":"lf keri sim [-h] --id <dec>"
},
"lf motorola clone":{
"command":"lf motorola clone",
"description":"clone motorola uid to a t55x7, q5/t5555 or em4305/4469 tag. defaults to 64 bit format",
"description":"help this help demod demodulate an motorola tag from the graphbuffer --------------------------------------------------------------------------------------- lf motorola demod available offline: yes try to find motorola preamble, if found decode / descramble data",
"notes":[
"lf motorola demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf motorola demod [-h]"
},
"lf motorola reader":{
"command":"lf motorola reader",
"description":"read a motorola tag",
"notes":[
"lf motorola reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf motorola reader [-h@]"
},
"lf motorola sim":{
"command":"lf motorola sim",
"description":"enables simulation of motorola card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"notes":[
"lf motorola sim"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf motorola sim [-h]"
},
"lf nedap clone":{
"command":"lf nedap clone",
"description":"clone a nedap tag to a t55x7, q5/t5555 or em4305/4469 tag.",
"notes":[
"lf nedap clone --st 1 --cc 101 --id 1337"
],
"offline":false,
"options":[
"-h, --help this help",
"--st <dec> optional - sub type (default 5)",
"--cc <dec> customer code (0-4095)",
"--id <dec> id (0-99999)",
"-l, --long optional - long (128), default to short (64)",
"--q5 optional - specify writing to q5/t5555 tag",
"--em optional - specify writing to em4305/4469 tag"
"description":"help this help demod demodulate nedap tag from the graphbuffer --------------------------------------------------------------------------------------- lf nedap demod available offline: yes try to find nedap preamble, if found decode / descramble data",
"notes":[
"lf nedap demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf nedap demod [-h]"
},
"lf nedap reader":{
"command":"lf nedap reader",
"description":"read a nedap tag",
"notes":[
"lf nedap reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf nedap reader [-h@]"
},
"lf nedap sim":{
"command":"lf nedap sim",
"description":"enables simulation of nedap card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"notes":[
"lf nedap sim --st 1 --cc 101 --id 1337"
],
"offline":false,
"options":[
"-h, --help this help",
"--st <dec> optional - sub type (default 5)",
"--cc <dec> customer code (0-4095)",
"--id <dec> id (0-99999)",
"-l, --long optional - long (128), default to short (64)"
"description":"clone a nexwatch tag to a t55x7, q5/t5555 or em4305/4469 tag. you can use raw hex values or create a credential based on id, mode and type of credential (nexkey / quadrakey / russian)",
"description":"help this help demod demodulate a nexwatch tag (nexkey, quadrakey) from the graphbuffer --------------------------------------------------------------------------------------- lf nexwatch demod available offline: yes try to find nexwatch preamble, if found decode / descramble data",
"notes":[
"lf nexwatch demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf nexwatch demod [-h]"
},
"lf nexwatch reader":{
"command":"lf nexwatch reader",
"description":"read a nexwatch tag",
"notes":[
"lf nexwatch reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf nexwatch reader [-h@]"
},
"lf nexwatch sim":{
"command":"lf nexwatch sim",
"description":"enables simulation of secura card with specified card number. simulation runs until the button is pressed or another usb command is issued. you can use raw hex values or create a credential based on id, mode and type of credential (nexkey/quadrakey)",
"description":"help this help demod demodulate an noralsy tag from the graphbuffer --------------------------------------------------------------------------------------- lf noralsy demod available offline: yes try to find noralsy preamble, if found decode / descramble data",
"notes":[
"lf noralsy demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf noralsy demod [-h]"
},
"lf noralsy reader":{
"command":"lf noralsy reader",
"description":"read a noralsy tag",
"notes":[
"lf noralsy reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf noralsy reader [-h@]"
},
"lf noralsy sim":{
"command":"lf noralsy sim",
"description":"enables simulation of noralsy card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"description":"help this help demod demodulate a pac tag from the graphbuffer --------------------------------------------------------------------------------------- lf pac demod available offline: yes try to find pac/stanley preamble, if found decode / descramble data",
"notes":[
"lf pac demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf pac demod [-h]"
},
"lf pac reader":{
"command":"lf pac reader",
"description":"read a pac/stanley tag",
"notes":[
"lf pac reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf pac reader [-h@]"
},
"lf pac sim":{
"command":"lf pac sim",
"description":"enables simulation of pac/stanley card with specified card number. simulation runs until the button is pressed or another usb command is issued. the card id is 8 byte number. larger values are truncated.",
"description":"help this help demod demodulate a paradox fsk tag from the graphbuffer --------------------------------------------------------------------------------------- lf paradox demod available offline: yes try to find paradox preamble, if found decode / descramble data",
"notes":[
"lf paradox demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf paradox demod [-h]"
},
"lf paradox reader":{
"command":"lf paradox reader",
"description":"read a paradox tag",
"notes":[
"lf paradox reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf paradox reader [-h@]"
},
"lf paradox sim":{
"command":"lf paradox sim",
"description":"enables simulation of paradox card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"notes":[
"lf paradox sim --raw 0f55555695596a6a9999a59a"
],
"offline":false,
"options":[
"-h, --help this help",
"-r, --raw <hex> raw hex data. 12 bytes"
],
"usage":"lf paradox sim [-h] [-r <hex>]"
},
"lf pcf7931 config":{
"command":"lf pcf7931 config",
"description":"this command tries to set the configuration used with pcf7931 commands the time offsets could be useful to correct slew rate generated by the antenna caling without some parameter will print the current configuration.",
"description":"help this help config configure the password, the tags initialization delay and time offsets (optional) --------------------------------------------------------------------------------------- lf pcf7931 reader available offline: no read a pcf7931 tag",
"notes":[
"lf pcf7931 reader -@ -> continuous reader mode"
],
"offline":true,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf pcf7931 reader [-h@]"
},
"lf pcf7931 write":{
"command":"lf pcf7931 write",
"description":"this command tries to write a pcf7931 tag.",
"notes":[
"lf pcf7931 write --blk 2 --idx 1 -d ff -> write 0xff to block 2, index 1"
],
"offline":false,
"options":[
"-h, --help this help",
"-b, --blk <dec> [0-7] block number",
"-i, --idx <dec> [0-15] index of byte inside block",
"description":"help this help demod demodulate presco tag from the graphbuffer --------------------------------------------------------------------------------------- lf presco demod available offline: yes try to find presco preamble, if found decode / descramble data",
"notes":[
"lf presco demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf presco demod [-h]"
},
"lf presco reader":{
"command":"lf presco reader",
"description":"read a presco tag",
"notes":[
"lf presco reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf presco reader [-h@]"
},
"lf presco sim":{
"command":"lf presco sim",
"description":"enables simulation of presco card with specified card number. simulation runs until the button is pressed or another usb command is issued. per presco format, the card number is 9 digit number and can contain *# chars. larger values are truncated.",
"description":"clone a farpointe/pyramid tag to a t55x7, q5/t5555 or em4305/4469 tag. the facility-code is 8-bit and the card number is 16-bit. larger values are truncated. currently only works on 26bit",
"description":"help this help demod demodulate a pyramid fsk tag from the graphbuffer --------------------------------------------------------------------------------------- lf pyramid demod available offline: yes try to find farpoint/pyramid preamble, if found decode / descramble data",
"notes":[
"lf pyramid demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf pyramid demod [-h]"
},
"lf pyramid reader":{
"command":"lf pyramid reader",
"description":"read a farpointe/pyramid tag",
"notes":[
"lf pyramid reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf pyramid reader [-h@]"
},
"lf pyramid sim":{
"command":"lf pyramid sim",
"description":"enables simulation of farpointe/pyramid card with specified card number. simulation runs until the button is pressed or another usb command is issued. the facility-code is 8-bit and the card number is 16-bit. larger values are truncated. currently work only on 26bit",
"description":"help this help demod demodulate an securakey tag from the graphbuffer --------------------------------------------------------------------------------------- lf securakey demod available offline: yes try to find securakey preamble, if found decode / descramble data",
"description":"enables simulation of secura card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"notes":[
"lf securakey sim --raw 7fcb400001adea5344300000"
],
"offline":false,
"options":[
"-h, --help this help",
"-r, --raw <hex> raw hex data. 12 bytes"
],
"usage":"lf securakey sim [-h] [-r <hex>]"
},
"lf sim":{
"command":"lf sim",
"description":"simulate low frequency tag from graphbuffer use `lf config` to set parameters",
"notes":[
"lf sim",
"lf sim --gap 240 -> start simulating with 240ms gap"
],
"offline":false,
"options":[
"-h, --help this help",
"-g, --gap <ms> start gap in microseconds"
],
"usage":"lf sim [-h] [-g <ms>]"
},
"lf simask":{
"command":"lf simask",
"description":"simulate ask tag from demodbuffer or input",
"description":"simulate lf tag with bidirectional data transmission between reader and tag",
"notes":[
"lf simbidir"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"lf simbidir [-h]"
},
"lf simfsk":{
"command":"lf simfsk",
"description":"simulate fsk tag from demodbuffer or input. there are about four fsk modulations to know of. fsk1 - where fc/8 = high and fc/5 = low fsk1a - is inverted fsk1, ie: fc/5 = high and fc/8 = low fsk2 - where fc/10 = high and fc/8 = low fsk2a - is inverted fsk2, ie: fc/10 = high and fc/8 = low note: if you set one clock manually set them all manually",
"description":"sniff low frequency signal. you need to configure the lf part on the proxmark3 device manually. usually a trigger and skip samples is a good thing to set before doing a low frequency sniff. - use `lf config` to set parameters. - use `data plot` to look at sniff signal. - use `lf search -1` to see if signal can be automatic decoded",
"-s, --samples <dec> number of samples to collect",
"-v, --verbose verbose output",
"-@ continuous sniffing mode"
],
"usage":"lf sniff [-hv@] [-s <dec>]"
},
"lf t55xx bruteforce":{
"command":"lf t55xx bruteforce",
"description":"this command uses bruteforce to scan a number range. try reading page 0, block 7 before. warning this may brick non-password protected chips!",
"description":"this command uses a dictionary attack. for some cloners, try '--em' for known pwdgen algo. try to reading page 0 block 7 before. warning: this may brick non-password protected chips!",
"notes":[
"lf t55xx chk -m -> use dictionary from flash memory (rdv4)",
"description":"this command allows to emit arbitrary raw commands on t5577 and cut the field after arbitrary duration. uncontrolled usage can easily write an invalid configuration, activate lock bits, otp bit, password protection bit, deactivate test-mode, lock your card forever. warning: this may lock definitively the tag in an unusable state!",
"description":"----------- ---------------------------- notice ----------------------------- remember to run `lf t55xx detect` first whenever a new card is placed on the proxmark3 or the config block changed. help this help ----------- --------------------- operations --------------------- config set/get t55xx configuration (modulation, inverted, offset, rate) detect try detecting the tag modulation from reading the configuration block info show t55x7 configuration data (page 0/ blk 0) trace show t55x7 traceability data (page 1/ blk 0-1) ----------- --------------------- recovery --------------------- sniff attempt to recover t55xx commands from sample buffer --------------------------------------------------------------------------------------- lf t55xx clonehelp available offline: no display a list of available commands for cloning specific techs on t5xx tags",
"notes":[
"lf t55xx clonehelp"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf t55xx clonehelp [-h]"
},
"lf t55xx info":{
"command":"lf t55xx info",
"description":"show t55x7 configuration data (page 0/ blk 0) from reading the configuration block from tag. use `-c` to specify a config block data to be used instead of reading tag.",
"notes":[
"lf t55xx info",
"lf t55xx info -1",
"lf t55xx info -p 11223344",
"lf t55xx info -c 00083040",
"lf t55xx info -c 6001805a --q5"
],
"offline":true,
"options":[
"-h, --help this help",
"-1 extract using data from graphbuffer",
"-p, --pwd <hex> password (4 hex bytes)",
"-c, --blk0 <hex> use these data instead (4 hex bytes)",
"--q5 interprete provided data as t5555/q5 config",
"--r0 downlink - fixed bit length (detected def)",
"description":"read t55xx block data. this commands defaults to page 0. * * * warning * * * use of read with password on a tag not configured for a password can damage the tag * * * * * * * * * *",
"notes":[
"lf t55xx read -b 0 -> read data from block 0",
"lf t55xx read -b 0 --pwd 01020304 -> read data from block 0, pwd 01020304",
"lf t55xx read -b 0 --pwd 01020304 -o -> read data from block 0, pwd 01020304, override"
],
"offline":false,
"options":[
"-h, --help this help",
"-b, --blk <0-7> block number to read",
"-p, --pwd <hex> password (4 hex bytes)",
"-o, --override override safety check",
"--pg1 read page 1",
"--r0 downlink - fixed bit length (detected def)",
"description":"this command uses a few tricks to try to recover mangled password. try reading page 0, block 7 before. warning this may brick non-password protected chips!",
"description":"help this help demod demodulate raw bits for ti lf tag from the graphbuffer --------------------------------------------------------------------------------------- lf ti demod available offline: yes try to find ti preamble, if found decode / descramble data",
"notes":[
"lf ti demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf ti demod [-h]"
},
"lf ti reader":{
"command":"lf ti reader",
"description":"read a ti tag",
"notes":[
"lf ti reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf ti reader [-h@]"
},
"lf ti write":{
"command":"lf ti write",
"description":"write to a r/w ti tag.",
"notes":[
"lf ti write --raw 1122334455667788",
"lf ti write --raw 1122334455667788 --crc 1122"
],
"offline":false,
"options":[
"-h, --help this help",
"-r, --raw <hex> raw hex data. 8 bytes max",
"--crc <hex> optional - crc"
],
"usage":"lf ti write [-h] -r <hex> [--crc <hex>]"
},
"lf tune":{
"command":"lf tune",
"description":"continuously measure lf antenna tuning. press button or <enter> to interrupt.",
"notes":[
"lf tune",
"lf tune --mix"
],
"offline":false,
"options":[
"-h, --help this help",
"-n, --iter <dec> number of iterations (default: 0=infinite)",
"description":"help this help demod demodulate a viking tag from the graphbuffer --------------------------------------------------------------------------------------- lf viking demod available offline: yes try to find viking am preamble, if found decode / descramble data",
"notes":[
"lf viking demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf viking demod [-h]"
},
"lf viking reader":{
"command":"lf viking reader",
"description":"read a viking am tag",
"notes":[
"lf viking reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf viking reader [-h@]"
},
"lf viking sim":{
"command":"lf viking sim",
"description":"enables simulation of viking card with specified card number. simulation runs until the button is pressed or another usb command is issued. per viking format, the card number is 8 digit hex number. larger values are truncated.",
"notes":[
"lf viking sim --cn 01a337"
],
"offline":false,
"options":[
"-h, --help this help",
"--cn <hex> 8 digit hex viking card number"
],
"usage":"lf viking sim [-h] [--cn <hex>]..."
},
"lf visa2000 clone":{
"command":"lf visa2000 clone",
"description":"clone a visa2000 tag to a t55x7, q5/t5555 or em4305/4469 tag.",
"description":"help this help demod demodulate an visa2000 tag from the graphbuffer --------------------------------------------------------------------------------------- lf visa2000 demod available offline: yes try to find visa2000 preamble, if found decode / descramble data",
"notes":[
"lf visa2000 demod"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"lf visa2000 demod [-h]"
},
"lf visa2000 reader":{
"command":"lf visa2000 reader",
"description":"read a visa2000 tag",
"notes":[
"lf visa2000 reader -@ -> continuous reader mode"
],
"offline":false,
"options":[
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage":"lf visa2000 reader [-h@]"
},
"lf visa2000 sim":{
"command":"lf visa2000 sim",
"description":"enables simulation of visa2k card with specified card number. simulation runs until the button is pressed or another usb command is issued.",
"notes":[
"lf visa2000 sim --cn 1337"
],
"offline":false,
"options":[
"-h, --help this help",
"--cn <dec> visa2k card id"
],
"usage":"lf visa2000 sim [-h] --cn <dec>"
},
"mem dump":{
"command":"mem dump",
"description":"dumps flash memory on device into a file or view in console",
"notes":[
"mem dump -f myfile -> download all flashmem to file",
"description":"help this help --------------------------------------------------------------------------------------- mem baudrate available offline: no set the baudrate for the spi flash memory communications. reading flash id will virtually always fail under 48mhz setting. unless you know what you are doing, please stay at 24mhz. if >= 24mhz, fastreads instead of reads instruction will be used.",
"notes":[
"mem baudrate --mhz 48"
],
"offline":true,
"options":[
"-h, --help this help",
"--mhz <24|48> spi baudrate in mhz"
],
"usage":"mem baudrate [-h] --mhz <24|48>"
},
"mem info":{
"command":"mem info",
"description":"collect signature and verify it from flash memory",
"notes":[
"mem info"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, --sign create a signature",
"-d <hex> flash memory id, 8 hex bytes",
"-p, --pem <fn> key in pem format",
"-v, --verbose verbose output"
],
"usage":"mem info [-hsv] [-d <hex>] [-p <fn>]"
},
"mem load":{
"command":"mem load",
"description":"loads binary file into flash memory on device warning: mem area to be written must have been wiped first ( this is already taken care when loading dictionaries )",
"mem spiffs dump -s tag.bin -d aaa -e -> download tag.bin, save as aaa.eml format"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, --src <fn> spiffs file to save",
"-d, --dest <fn> file name to save to <w/o .bin>",
"-e, --eml also save in eml format"
],
"usage":"mem spiffs dump [-he] -s <fn> [-d <fn>]"
},
"mem spiffs help":{
"command":"mem spiffs help",
"description":"help this help --------------------------------------------------------------------------------------- mem spiffs copy available offline: no copy a file to another (destructively) in spiffs file system",
"notes":[
"mem spiffs copy -s aaa.bin -d aaa_cpy.bin"
],
"offline":true,
"options":[
"-h, --help this help",
"-s, --src <fn> source file name",
"-d, --dest <fn> destination file name"
],
"usage":"mem spiffs copy [-h] -s <fn> -d <fn>"
},
"mem spiffs info":{
"command":"mem spiffs info",
"description":"print file system info and usage statistics",
"notes":[
"mem spiffs info"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"mem spiffs info [-h]"
},
"mem spiffs mount":{
"command":"mem spiffs mount",
"description":"mount the spiffs file system if not already mounted",
"notes":[
"mem spiffs mount"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"mem spiffs mount [-h]"
},
"mem spiffs remove":{
"command":"mem spiffs remove",
"description":"remove a file from spiffs filesystem",
"notes":[
"mem spiffs remove -f lasttag.bin"
],
"offline":false,
"options":[
"-h, --help this help",
"-f, --filename <fn> file to remove"
],
"usage":"mem spiffs remove [-h] -f <fn>"
},
"mem spiffs rename":{
"command":"mem spiffs rename",
"description":"rename/move a file from spiffs filesystem.",
"notes":[
"mem spiffs rename -s aaa.bin -d bbb.bin"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, --src <fn> source file name",
"-d, --dest <fn> destination file name"
],
"usage":"mem spiffs rename [-h] -s <fn> -d <fn>"
},
"mem spiffs test":{
"command":"mem spiffs test",
"description":"test spiffs operations, require wiping pages 0 and 1",
"notes":[
"mem spiffs test"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"mem spiffs test [-h]"
},
"mem spiffs tree":{
"command":"mem spiffs tree",
"description":"print the flash memory file system tree",
"notes":[
"mem spiffs tree"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"mem spiffs tree [-h]"
},
"mem spiffs unmount":{
"command":"mem spiffs unmount",
"description":"un-mount the spiffs file system",
"notes":[
"mem spiffs unmount"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"mem spiffs unmount [-h]"
},
"mem spiffs upload":{
"command":"mem spiffs upload",
"description":"uploads binary-wise file into device file system warning: mem area to be written must have been wiped first. this is already taken care when loading dictionaries. file names can only be 32 bytes long on device spiffs",
"notes":[
"mem spiffs upload -s local.bin -d dest.bin"
],
"offline":false,
"options":[
"-h, --help this help",
"-s, --src <fn> source file name",
"-d, --dest <fn> destination file name"
],
"usage":"mem spiffs upload [-h] -s <fn> -d <fn>"
},
"mem spiffs view":{
"command":"mem spiffs view",
"description":"view a file on flash memory on devicer in console",
"notes":[
"mem spiffs view -f tag.bin"
],
"offline":false,
"options":[
"-h, --help this help",
"-f, --file <fn> spiffs file to view",
"-c, --cols <dec> column breaks (def 32)"
],
"usage":"mem spiffs view [-h] -f <fn> [-c <dec>]"
},
"mem spiffs wipe":{
"command":"mem spiffs wipe",
"description":"* * * warning * * * this command wipes all files on the device spiffs file system",
"notes":[
"mem spiffs wipe"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"mem spiffs wipe [-h]"
},
"mem wipe":{
"command":"mem wipe",
"description":"wipe flash memory on device, which fills it with 0xff [ !!! obs ] use with caution",
"notes":[
"mem wipe -p 0 -> wipes first page"
],
"offline":false,
"options":[
"-h, --help this help",
"-p <dec> 0,1,2 page memory"
],
"usage":"mem wipe [-h] [-p <dec>]"
},
"msleep":{
"command":"msleep",
"description":"sleep for given amount of milliseconds",
"notes":[
"msleep 100"
],
"offline":true,
"options":[
"-h, --help this help",
"-t, --ms <ms> time in milliseconds"
],
"usage":"msleep [-h] [-t <ms>]"
},
"nfc barcode help":{
"command":"nfc barcode help",
"description":"-------- ------------------ nfc barcode -------------------- -------- --------------------- general --------------------- help this help ======================================================================================= reveng { crc calculations from reveng software... } [=] reveng: no mode switch specified. use reveng -h for help. ======================================================================================= smart { smart card iso-7816 commands... } --------------------------------------------------------------------------------------- smart help available offline: yes help this help list list iso 7816 history upgrade upgrade sim module firmware --------------------------------------------------------------------------------------- smart list available offline: yes alias of `trace list -t 7816` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes":[
"smart list -f -> show frame delay times",
"smart list -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"--dict <file> use dictionary keys file"
],
"usage":"smart list [-h1fcrux] [--dict <file>]..."
},
"nfc barcode sim":{
"command":"nfc barcode sim",
"description":"simulate thinfilm tag",
"notes":[
"hf thinfilm sim -d b70470726f786d61726b2e636f6d"
],
"offline":false,
"options":[
"-h, --help this help",
"-d, --data <hex> bytes to send",
"--raw raw, provided bytes should include crc"
],
"usage":"hf thinfilm sim [-h] -d <hex> [--raw]"
},
"nfc help":{
"command":"nfc help",
"description":"-------- --------------------- nfc tags -------------------- type1 { nfc forum tag type 1... } type2 { nfc forum tag type 2... } type4a { nfc forum tag type 4 iso14443a... } type4b { nfc forum tag type 4 iso14443b... } mf { nfc type mifare classic/plus tag... } barcode { nfc barcode tag... } -------- --------------------- general --------------------- help this help decode decode ndef records --------------------------------------------------------------------------------------- nfc decode available offline: yes decode and print nfc data exchange format (ndef)",
"description":"-------- --------- nfc type mifare classic/plus tag -------- -------- --------------------- general --------------------- help this help ======================================================================================= nfc barcode { nfc barcode tag... } --------------------------------------------------------------------------------------- nfc barcode read available offline: no get info from thinfilm tags",
"notes":[
"hf thinfilm info"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hf thinfilm info [-h]"
},
"nfc mf pread":{
"command":"nfc mf pread",
"description":"prints nfc data exchange format (ndef)",
"notes":[
"hf mfp ndefread -> shows ndef data",
"hf mfp ndefread -vv -> shows ndef parsed and raw data",
"hf mfp ndefread -a e103 -k d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7 -> shows ndef data with custom aid and key"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose show technical data",
"--aid <aid> replace default aid for ndef",
"-k, --key <key> replace default key for ndef",
"-b, --keyb use key b for access sectors (by default: key a)"
"description":"-------- -------------- nfc forum tag type 1 --------------- -------- --------------------- general --------------------- help this help ======================================================================================= nfc type2 { nfc forum tag type 2... } --------------------------------------------------------------------------------------- nfc type2 read available offline: no prints nfc data exchange format (ndef)",
"notes":[
"hf mfu ndefread -> shows ndef data",
"hf mfu ndefread -k ffffffff -> shows ndef data with key"
],
"offline":true,
"options":[
"-h, --help this help",
"-l swap entered key's endianness"
],
"usage":"hf mfu ndefread [-hl] [-k replace default key for ndef]"
},
"nfc type1 read":{
"command":"nfc type1 read",
"description":"get info from topaz tags",
"notes":[
"hf topaz info"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose verbose output"
],
"usage":"hf topaz info [-hv]"
},
"nfc type2 help":{
"command":"nfc type2 help",
"description":"-------- -------------- nfc forum tag type 2 --------------- -------- --------------------- general --------------------- help this help ======================================================================================= nfc type4a { nfc forum tag type 4 iso14443a... } --------------------------------------------------------------------------------------- nfc type4a read available offline: no read nfc data exchange format (ndef) file on type 4 ndef tag",
"notes":[
"hf 14a ndefread"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hf 14a ndefread [-h]"
},
"nfc type4a help":{
"command":"nfc type4a help",
"description":"-------- --------- nfc forum tag type 4 iso14443a ---------- -------- --------------------- general --------------------- help this help ======================================================================================= nfc type4b { nfc forum tag type 4 iso14443b... } --------------------------------------------------------------------------------------- nfc type4b read available offline: no print nfc data exchange format (ndef)",
"notes":[
"hf 14b ndefread"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"hf 14b ndefread [-h]"
},
"nfc type4a st25taread":{
"command":"nfc type4a st25taread",
"description":"read nfc data exchange format (ndef) file on st25ta",
"description":"-------- --------- nfc forum tag type 4 iso14443b ------------- -------- --------------------- general --------------------- help this help ======================================================================================= nfc mf { nfc type mifare classic/plus tag... } --------------------------------------------------------------------------------------- nfc mf cread available offline: no prints nfc data exchange format (ndef)",
"notes":[
"hf mf ndefread -> shows ndef parsed data",
"hf mf ndefread -vv -> shows ndef parsed and raw data",
"hf mf ndefread --aid e103 -k ffffffffffff -b -> shows ndef data with custom aid, key and with key b"
],
"offline":true,
"options":[
"-h, --help this help",
"-v, --verbose show technical data",
"--aid <aid> replace default aid for ndef",
"-k, --key <key> replace default key for ndef",
"-b, --keyb use key b for access sectors (by default: key a)"
"description":"get preference of using colors in the client",
"notes":[
"prefs get color"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"prefs get color [-h]"
},
"prefs get emoji":{
"command":"prefs get emoji",
"description":"get preference of using emojis in the client",
"notes":[
"prefs get emoji"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"prefs get emoji [-h]"
},
"prefs get hints":{
"command":"prefs get hints",
"description":"get preference of showing hint messages in the client",
"notes":[
"prefs get hints"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"prefs get hints [-h]"
},
"prefs get plotsliders":{
"command":"prefs get plotsliders",
"description":"get preference of showing the plotslider control in the client",
"notes":[
"prefs get plotsliders"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"prefs get plotsliders [-h]"
},
"prefs get savepaths":{
"command":"prefs get savepaths",
"description":"get preference of file paths in the client",
"notes":[
"prefs get savepaths"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"prefs get savepaths [-h]"
},
"prefs help":{
"command":"prefs help",
"description":"help this help get { get a preference } set { set a preference } show show all preferences --------------------------------------------------------------------------------------- prefs show available offline: yes show all persistent preferences",
"notes":[
"prefs show"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"prefs show [-h]"
},
"prefs set clientdebug":{
"command":"prefs set clientdebug",
"description":"set presistent preference of using clientside debug level",
"notes":[
"prefs set clientdebug --simple"
],
"offline":true,
"options":[
"-h, --help this help",
"--off no debug messages",
"--simple simple debug messages",
"--full full debug messages"
],
"usage":"prefs set clientdebug [-h] [--off] [--simple] [--full]"
"description":"help this help barmode set bar mode clientdebug set client debug level clientdelay set client execution delay color set color support emoji set emoji display hints set hint display savepaths ... to be adjusted next ... plotsliders set plot slider display --------------------------------------------------------------------------------------- prefs set barmode available offline: yes set presistent preference of hf/lf tune command styled output in the client",
"usage":"prefs set barmode [-h] [--bar] [--mix] [--val]"
},
"prefs set hints":{
"command":"prefs set hints",
"description":"set presistent preference of showing hint messages in the client",
"notes":[
"prefs set hints --on"
],
"offline":true,
"options":[
"-h, --help this help",
"--off hide hints",
"--on show hints"
],
"usage":"prefs set hints [-h] [--off] [--on]"
},
"prefs set plotsliders":{
"command":"prefs set plotsliders",
"description":"set presistent preference of showing the plotslider control in the client",
"notes":[
"prefs set plotsliders --on"
],
"offline":true,
"options":[
"-h, --help this help",
"--off hide plot slider controls",
"--on show plot slider controls"
],
"usage":"prefs set plotsliders [-h] [--off] [--on]"
},
"prefs set savepaths":{
"command":"prefs set savepaths",
"description":"set presistent preference of file paths in the client",
"notes":[
"prefs set savepaths --dump /home/mydumpfolder -> all dump files will be saved into this folder",
"prefs set savepaths --def /home/myfolder -c -> create if needed, all files will be saved into this folder"
],
"offline":true,
"options":[
"-h, --help this help",
"-c, --create create directory if it does not exist",
"--def <path> default path",
"--dump <path> dump file path",
"--trace <path> trace path"
],
"usage":"prefs set savepaths [-hc] [--def <path>] [--dump <path>] [--trace <path>]"
},
"quit":{
"command":"quit",
"description":"quit the proxmark3 client terminal",
"notes":[
"quit"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"quit [-h]"
},
"rem":{
"command":"rem",
"description":"add a text line in log file",
"notes":[
"rem my message -> adds a timestamp with `my message`"
],
"offline":true,
"options":[
"-h, --help this help",
"<string> message line you want inserted"
],
"usage":"rem [-h] <string> [<string>]..."
},
"script help":{
"command":"script help",
"description":"this is a feature to run lua/cmd/python scripts. you can place scripts within the luascripts/cmdscripts/pyscripts folders. --------------------------------------------------------------------------------------- script list available offline: yes list available lua, cmd and python scripts",
"notes":[
"script list"
],
"offline":true,
"options":[
"-h, --help this help"
],
"usage":"script list [-h]"
},
"script run":{
"command":"script run",
"description":"run a lua, cmd or python script. if no extension it will search for lua/cmd/py extensions use `script list` to see available scripts",
"notes":[
"script run my_script -h"
],
"offline":true,
"options":[
"-h, --help this help",
"<filename> name of script to run",
"<params> script parameters"
],
"usage":"script run [-h] <filename> [<params>]..."
},
"smart brute":{
"command":"smart brute",
"description":"tries to bruteforce sfi, using a known list of aid's",
"notes":[
"smart brute -t"
],
"offline":false,
"options":[
"-h, --help this help",
"-t, --tlv executes tlv decoder if it possible"
],
"usage":"smart brute [-ht]"
},
"smart info":{
"command":"smart info",
"description":"extract more detailed information from smart card.",
"notes":[
"smart info -v"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose verbose"
],
"usage":"smart info [-hv]"
},
"smart raw":{
"command":"smart raw",
"description":"sends raw bytes to card",
"notes":[
"smart raw -s -0 -d 00a404000e315041592e5359532e4444463031 -> `1pay.sys.ddf01` ppse directory with get atr",
"smart raw -0 -d 00a404000e325041592e5359532e4444463031 -> `2pay.sys.ddf01` ppse directory",
"smart raw -0 -t -d 00a4040007a0000000041010 -> mastercard",
"smart raw -0 -t -d 00a4040007a0000000031010 -> visa"
],
"offline":false,
"options":[
"-h, --help this help",
"-r do not read response",
"-a active smartcard without select (reset sc module)",
"-s active smartcard with select (get atr)",
"-t, --tlv executes tlv decoder if it possible",
"-0 use protocol t=0",
"-d, --data <hex> bytes to send"
],
"usage":"smart raw [-hrast0] -d <hex>"
},
"smart reader":{
"command":"smart reader",
"description":"act as a smart card reader.",
"notes":[
"smart reader"
],
"offline":false,
"options":[
"-h, --help this help",
"-v, --verbose verbose"
],
"usage":"smart reader [-hv]"
},
"smart setclock":{
"command":"smart setclock",
"description":"set clock speed for smart card interface.",
"description":"[=] ------------------------------------------------------------------- [!] warning - sim module firmware upgrade [!] a dangerous command, do wrong and you could brick the sim module [=] ------------------------------------------------------------------- upgrade rdv4.0 sim module firmware",
"notes":[
"smart upgrade -f sim011.bin"
],
"offline":true,
"options":[
"-h, --help this help",
"-f, --file <filename> firmware file name"
],
"usage":"smart upgrade [-h] -f <filename>"
},
"trace help":{
"command":"trace help",
"description":"help this help list list protocol data in trace buffer load load trace from file save save trace buffer to file --------------------------------------------------------------------------------------- trace list available offline: yes annotate trace buffer with selected protocol data you can load a trace from file (see `trace load -h`) or it be downloaded from device by default",
"notes":[
"trace list -t raw -> just show raw data without annotations",
"trace list -t 14a -> interpret as iso14443-a communications",
"trace list -t thinfilm -> interpret as thinfilm communications",
"trace list -t topaz -> interpret as topaz communications",
"trace list -t mf -> interpret as mifare classic communications and decrypt crypto1 stream",
"trace list -t des -> interpret as mifare desfire communications",
"trace list -t 14b -> interpret as iso14443-b communications",
"trace list -t 7816 -> interpret as iso7816-4 communications",
"trace list -t 15 -> interpret as iso15693 communications",
"trace list -t iclass -> interpret as iclass communications",
"trace list -t legic -> interpret as legic communications",
"trace list -t felica -> interpret as iso18092 / felica communications",
"trace list -t hitag1 -> interpret as hitag1 communications",
"trace list -t hitag2 -> interpret as hitag2 communications",
"trace list -t hitags -> interpret as hitags communications",
"trace list -t lto -> interpret as lto-cm communications",
"trace list -t cryptorf -> interpret as cryptorf communitcations",
"trace list -t mf --dict <mfc_default_keys> -> use dictionary keys file",
"trace list -t 14a -f -> show frame delay times",
"trace list -t 14a -1 -> use trace buffer"
],
"offline":true,
"options":[
"-h, --help this help",
"-1, --buffer use data from trace buffer",
"-f show frame delay times",
"-c mark crc bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into wireshark using encapsulation type \"iso 14443\"",
"-t, --type <string> protocol to annotate the trace",
"--dict <file> use dictionary keys file"
],
"usage":"trace list [-h1fcrux] [-t <string>]... [--dict <file>]..."
},
"trace load":{
"command":"trace load",
"description":"load protocol data from binary file to trace buffer file extension is <.trace>",
"notes":[
"trace load -f mytracefile -> w/o file extension"
],
"offline":true,
"options":[
"-h, --help this help",
"-f, --file <filename> trace file to load"
],
"usage":"trace load [-h] [-f <filename>]..."
},
"trace save":{
"command":"trace save",
"description":"save protocol data from trace buffer to binary file file extension is <.trace>",
"notes":[
"trace save -f mytracefile -> w/o file extension"
],
"offline":true,
"options":[
"-h, --help this help",
"-f, --file <filename> trace file to save"
],
"usage":"trace save [-h] [-f <filename>]..."
},
"usart btfactory":{
"command":"usart btfactory",
"description":"reset bt add-on to factory settings this requires 1) btpower to be turned on 2) bt add-on to not be connected => the add-on blue led must blink warning: process only if strictly needed!",
"notes":[
"usart btfactory"
],
"offline":false,
"options":[
"-h, --help this help"
],
"usage":"usart btfactory [-h]"
},
"usart config":{
"command":"usart config",
"description":"configure usart. warning: it will have side-effects if used in usart host mode! the changes are not permanent, restart proxmark3 to get default settings back.",
"notes":[
"usart config -b 9600",
"usart config -b 9600 --none",
"usart config -e"
],
"offline":false,
"options":[
"-h, --help this help",
"-b, --baud <dec> baudrate",
"-n, --none mone parity",
"-e, --even even parity",
"-o, --odd odd parity"
],
"usage":"usart config [-hneo] [-b <dec>]"
},
"usart help":{
"command":"usart help",
"description":"help this help --------------------------------------------------------------------------------------- usart btpin available offline: no change bt add-on pin. warning: this requires 1) btpower to be turned on 2) bt add-on to not be connected => the add-on blue led must blink",
"notes":[
"usart btpin -p 1234"
],
"offline":true,
"options":[
"-h, --help this help",
"-p, --pin <dec> desired pin number (4 digits)"
],
"usage":"usart btpin [-h] -p <dec>"
},
"usart rx":{
"command":"usart rx",
"description":"receive string over usart. warning: it will have side-effects if used in usart host mode!",
"notes":[
"usart rx -t 2000 -> 2 second timeout"
],
"offline":false,
"options":[
"-h, --help this help",
"-t, --timeout <dec> timeout in ms, default is 0ms"
],
"usage":"usart rx [-h] [-t <dec>]"
},
"usart rxhex":{
"command":"usart rxhex",
"description":"receive bytes over usart. warning: it will have side-effects if used in usart host mode!",
"notes":[
"usart rxhex -t 2000 -> 2 second timeout"
],
"offline":false,
"options":[
"-h, --help this help",
"-t, --timeout <dec> timeout in ms, default is 0ms"
],
"usage":"usart rxhex [-h] [-t <dec>]"
},
"usart tx":{
"command":"usart tx",
"description":"send string over usart. warning: it will have side-effects if used in usart host mode!",
"notes":[
"usart tx -d \"at+version\"",
"usart tx -d \"at+version\\r\\n\""
],
"offline":false,
"options":[
"-h, --help this help",
"-d, --data <string> string to send"
],
"usage":"usart tx [-h] -d <string>"
},
"usart txhex":{
"command":"usart txhex",
"description":"send bytes over usart. warning: it will have side-effects if used in usart host mode!",
"description":"send string over usart and wait for response. warning: if used in usart host mode, you can only send at commands to add-on when bt connection is not established (led needs to be blinking) any other usage in usart host mode will have side-effects!",
"notes":[
"usart txrx -d \"at+version\" -> talking to bt add-on (when no connection)",
"usart txrx -t 2000 -d \"at+somestuff\\r\\n\" -> talking to a target requiring longer time and end-of-line chars"
],
"offline":false,
"options":[
"-h, --help this help",
"-t, --timeout <dec> timeout in ms, default is 1000 ms",
"-d, --data <string> string to send"
],
"usage":"usart txrx [-h] [-t <dec>] -d <string>"
},
"wiegand decode":{
"command":"wiegand decode",
"description":"decode raw hex or binary to wiegand format",
"description":"help this help list list available wiegand formats encode encode to wiegand raw hex (currently for hid prox) decode convert raw hex to decoded wiegand format (currently for hid prox) --------------------------------------------------------------------------------------- wiegand list available offline: yes list available wiegand formats",