mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-02-12 18:25:07 +08:00
Updated Cheatsheet
This commit is contained in:
Alex Dib
parent
5acc77bc95
commit
3fa7992940
1 changed files with 228 additions and 0 deletions
|
|
@ -138,6 +138,19 @@ pm3 --> hf iclass loclass f iclass_mac_attack.bin
|
|||
pm3 --> hf iclass dump k <Kcus> e
|
||||
```
|
||||
|
||||
Verify custom iClass key
|
||||
```
|
||||
Options
|
||||
---
|
||||
f <filename> : Dictionary file with default iclass keys
|
||||
u : CSN
|
||||
p : EPURSE
|
||||
m : macs
|
||||
e : elite
|
||||
|
||||
pm3 --> hf iclass lookup u 010a0ffff7ff12e0 p feffffffffffffff m 66348979153c41b9 f default_iclass_keys.dic e
|
||||
```
|
||||
|
||||
## Mifare
|
||||
|
||||
Check for default keys
|
||||
|
|
@ -225,3 +238,218 @@ pm3 --> hf mf chk *1 ? d default_keys.dic
|
|||
pm3 --> hf mf dump
|
||||
pm3 --> hf mf restore 1 u 4A6CE843 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-data.bin
|
||||
```
|
||||
|
||||
## HID Prox
|
||||
|
||||
Read HID Prox card
|
||||
```
|
||||
pm3 --> lf hid read
|
||||
```
|
||||
|
||||
Demodulate HID Prox card
|
||||
```
|
||||
pm3 --> lf hid demod
|
||||
```
|
||||
|
||||
Convert Site & Facility code to Wiegand
|
||||
```
|
||||
Options
|
||||
---
|
||||
<OEM> <FC> <CN>
|
||||
OEM : OEM number / site code
|
||||
FC : facility code
|
||||
CN : card number
|
||||
|
||||
pm3 --> lf hid wiegand 0 56 150
|
||||
```
|
||||
|
||||
Simulate Prox card
|
||||
```
|
||||
|
||||
pm3 --> lf hid sim 200670012d
|
||||
```
|
||||
|
||||
Clone Prox to T5577 card
|
||||
```
|
||||
pm3 --> lf hid clone 200670012d
|
||||
```
|
||||
|
||||
Brute force HID reader
|
||||
```
|
||||
Options
|
||||
---
|
||||
a <format> : 26|33|34|35|37|40|44|84");
|
||||
f <facility-code> : 8-bit value HID facility code");
|
||||
c <cardnumber> : (optional) cardnumber to start with, max 65535");
|
||||
d <delay> : delay betweens attempts in ms. Default 1000ms");
|
||||
v : verbose logging, show all tries");
|
||||
|
||||
pm3 --> lf hid brute a 26 f 224
|
||||
pm3 --> lf hid brute v a 26 f 21 c 200 d 2000
|
||||
```
|
||||
|
||||
## Indala
|
||||
|
||||
Read Indala card
|
||||
```
|
||||
pm3 --> lf indala read
|
||||
```
|
||||
|
||||
Demodulate Indala card
|
||||
```
|
||||
pm3 --> lf indala demod
|
||||
```
|
||||
|
||||
Simulate Indala card
|
||||
```
|
||||
Options
|
||||
---
|
||||
<uid> : 64/224 UID
|
||||
|
||||
pm3 --> lf indala sim a0000000c2c436c1
|
||||
```
|
||||
|
||||
Clone to T55x7 card
|
||||
```
|
||||
Options
|
||||
---
|
||||
<uid> : 64/224 UID
|
||||
|
||||
pm3 --> lf indala clone a0000000c2c436c1
|
||||
```
|
||||
|
||||
## Hitag
|
||||
|
||||
Read Hitag information
|
||||
```
|
||||
pm3 --> lf hitag info
|
||||
```
|
||||
|
||||
Act as Hitag reader
|
||||
```
|
||||
Options
|
||||
---
|
||||
HitagS:
|
||||
01 <nr> <ar> : Read all pages, challenge mode
|
||||
02 <key> : Read all pages, crypto mode. Set key=0 for no auth
|
||||
|
||||
Hitag2:
|
||||
21 <password> : Read all pages, password mode. Default: 4D494B52 (\"MIKR\")
|
||||
22 <nr> <ar> : Read all pages, challenge mode
|
||||
23 <key> : Read all pages, crypto mode. Key format: ISK high + ISK low. Default: 4F4E4D494B52 ("ONMIKR")
|
||||
25 : Test recorded authentications
|
||||
26 : Just read UID
|
||||
|
||||
pm3 --> lf hitag 26
|
||||
pm3 --> lf hitag 21 4D494B52
|
||||
```
|
||||
|
||||
Sniff Hitag traffic
|
||||
```
|
||||
pm3 --> lf hitag sniff
|
||||
pm3 --> lf hitag list
|
||||
```
|
||||
|
||||
Simulate Hitag
|
||||
```
|
||||
pm3 --> lf hitag sim c378181c_a8f7.ht2
|
||||
```
|
||||
|
||||
Write to Hitag block
|
||||
```
|
||||
Options
|
||||
---
|
||||
HitagS:
|
||||
03 <nr,ar> <page> <byte0...byte3> : Write page, challenge mode
|
||||
04 <key> <page> <byte0...byte3> : Write page, crypto mode. Set key=0 for no auth
|
||||
|
||||
Hitag2:
|
||||
24 <key> <page> <byte0...byte3> : Write page, crypto mode. Key format: ISK high + ISK low.
|
||||
27 <password> <page> <byte0...byte3> : Write page, password mode. Default: 4D494B52 ("MIKR")
|
||||
|
||||
pm3 --> lf hitag writer 24 499602D2 1 00000000
|
||||
```
|
||||
|
||||
Simulate Hitag2 sequence
|
||||
```
|
||||
pm3 --> lf hitag reader 21 56713368
|
||||
pm3 --> lf hitag sim c378181c_a8f7.ht2
|
||||
```
|
||||
|
||||
## T55XX
|
||||
|
||||
Detect T55XX card
|
||||
```
|
||||
pm3 --> lf t55xx detect
|
||||
```
|
||||
|
||||
Configure demodulation
|
||||
```
|
||||
Options
|
||||
---
|
||||
<FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa> : Set demodulation
|
||||
EM is ASK
|
||||
HID Prox is FSK
|
||||
Indala is PSK
|
||||
|
||||
pm3 --> lf t55xx config FSK
|
||||
```
|
||||
|
||||
Write to T55xx block
|
||||
```
|
||||
b <block> : block number to write. Between 0-7
|
||||
d <data> : 4 bytes of data to write (8 hex characters)
|
||||
|
||||
pm3 --> lf t55xx wr b 0 d 00081040
|
||||
```
|
||||
|
||||
Wipe a T55xx tag and set defaults
|
||||
```
|
||||
lf t55xx wipe
|
||||
```
|
||||
|
||||
## Data
|
||||
|
||||
Get raw samples [512-40000]
|
||||
```
|
||||
data samples <size>
|
||||
```
|
||||
|
||||
Save samples to file
|
||||
```
|
||||
data save <filename>
|
||||
```
|
||||
|
||||
Load samples from file
|
||||
```
|
||||
data load <filename>
|
||||
```
|
||||
|
||||
## Lua Scripts
|
||||
|
||||
List Lua Scripts
|
||||
|
||||
```
|
||||
script list
|
||||
```
|
||||
|
||||
Convert .bin to .eml
|
||||
```
|
||||
Options
|
||||
---
|
||||
i <file> : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
|
||||
|
||||
script run dumptoemul -i xxxxxxxxxxxxxx.bin
|
||||
```
|
||||
|
||||
Format Mifare card
|
||||
```
|
||||
Options
|
||||
---
|
||||
k <key> : the current six byte key with write access
|
||||
n <key> : the new key that will be written to the card
|
||||
a <access> : the new access bytes that will be written to the card
|
||||
x : execute the commands aswell.
|
||||
|
||||
script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue