RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-25 00:25:48 +08:00
Code Issues Projects Releases Packages Wiki Activity

update commands.md

Browse source
This commit is contained in:
Philippe Teuwen 2020-10-06 12:17:32 +02:00
parent 64e1498cc7
commit 422ca0de20
1 changed files with 825 additions and 733 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

368
doc/commands.md
View file

@ -10,9 +10,12 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`help `|Y |`This help. Use '<command> help' for details of a particular command.`
|`auto `|N |`Automated detection process for unknown tags`
|`clear `|Y |`clear screen`
|`help `|Y |`This help. Use '<command> help' for details of a particular command.`
|`hints `|Y |`Turn hints on / off`
|`msleep `|Y |`Add a pause in milliseconds`
|`pref `|Y |`Edit preferences`
|`rem `|Y |`Add a text line in log file`
|`quit `|Y |``
|`exit `|Y |`Exit program`
@ -34,6 +37,7 @@ Check column "offline" for their availability.
|`analyse a `|Y |`num bits test`
|`analyse nuid `|Y |`create NUID from 7byte UID`
|`analyse demodbuff `|Y |`Load binary string to demodbuffer`
|`analyse freq `|Y |`Calc wave lengths`
### data
@ -79,6 +83,7 @@ Check column "offline" for their availability.
|`data undec `|Y |`Un-decimate samples by 2`
|`data zerocrossings `|Y |`Count time between zero-crossings`
|`data iir `|Y |`apply IIR buttersworth filter on plotdata`
|`data ndef `|Y |`Decode NDEF records`
### emv
@ -111,6 +116,7 @@ Check column "offline" for their availability.
|------- |------- |-----------
|`hf help `|Y |`This help`
|`hf list `|Y |`List protocol data in trace buffer`
|`hf plot `|N |`Plot signal`
|`hf tune `|N |`Continuously measure HF antenna tuning`
|`hf search `|Y |`Search for known HF tags`
|`hf sniff `|N |`<samples to skip (10000)> <triggers to skip (1)> Generic HF Sniff`
@ -133,6 +139,7 @@ Check column "offline" for their availability.
|`hf 14a chaining `|N |`Control ISO 14443-4 input chaining`
|`hf 14a raw `|N |`Send raw hex data to tag`
|`hf 14a antifuzz `|N |`Fuzzing the anticollision phase. Warning! Readers may react strange`
|`hf 14a config `|N |`Configure 14a settings (use with caution)`
### hf 14b
@ -142,9 +149,11 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`hf 14b help `|Y |`This help`
|`hf 14b apdu `|N |`Send ISO 14443-4 APDU to tag`
|`hf 14b dump `|N |`Read all memory pages of an ISO14443-B tag, save to file`
|`hf 14b info `|N |`Tag information`
|`hf 14b list `|Y |`List ISO 14443B history`
|`hf 14b ndef `|N |`Read NDEF file on tag`
|`hf 14b raw `|N |`Send raw hex data to tag`
|`hf 14b reader `|N |`Act as a 14443B reader to identify a tag`
|`hf 14b sim `|N |`Fake ISO 14443B tag`
@ -160,22 +169,22 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`hf 15 help `|Y |`This help`
|`hf 15 list `|Y |`List ISO15693 history`
|`hf 15 demod `|Y |`Demodulate ISO15693 from tag`
|`hf 15 dump `|N |`Read all memory pages of an ISO15693 tag, save to file`
|`hf 15 info `|N |`Tag information`
|`hf 15 sniff `|N |`Sniff ISO15693 traffic`
|`hf 15 raw `|N |`Send raw hex data to tag`
|`hf 15 read `|N |`Read a block`
|`hf 15 reader `|N |`Act like an ISO15693 reader`
|`hf 15 readmulti `|N |`Reads multiple Blocks`
|`hf 15 restore `|N |`Restore from file to all memory pages of an ISO15693 tag`
|`hf 15 samples `|N |`Acquire Samples as Reader (enables carrier, sends inquiry)`
|`hf 15 sim `|N |`Fake an ISO15693 tag`
|`hf 15 write `|N |`Write a block`
|`hf 15 findafi `|N |`Brute force AFI of an ISO15693 tag`
|`hf 15 writeafi `|N |`Writes the AFI on an ISO15693 tag`
|`hf 15 writedsfid `|N |`Writes the DSFID on an ISO15693 tag`
|`hf 15 info `|N |`Tag information`
|`hf 15 list `|Y |`List ISO15693 history`
|`hf 15 raw `|N |`Send raw hex data to tag`
|`hf 15 reader `|N |`Act like an ISO15693 reader`
|`hf 15 record `|N |`Record Samples (ISO15693)`
|`hf 15 restore `|N |`Restore from file to all memory pages of an ISO15693 tag`
|`hf 15 sim `|N |`Fake an ISO15693 tag`
|`hf 15 samples `|N |`Acquire Samples as Reader (enables carrier, sends inquiry)`
|`hf 15 read `|N |`Read a block`
|`hf 15 write `|N |`Write a block`
|`hf 15 readmulti `|N |`Reads multiple Blocks`
|`hf 15 csetuid `|N |`Set UID for magic Chinese card`
@ -201,40 +210,32 @@ Check column "offline" for their availability.
|`hf felica reader `|N |`Act like an ISO18092/FeliCa reader`
|`hf felica sniff `|N |`Sniff ISO 18092/FeliCa traffic`
|`hf felica raw `|N |`Send raw hex data to tag`
|`hf felica rqservice `|N |`verify the existence of Area and Service, and to acquire Key Version.`
|`hf felica rqresponse `|N |`verify the existence of a card and its Mode.`
|`hf felica rdunencrypted`|N |`read Block Data from authentication-not-required Service.`
|`hf felica wrunencrypted`|N |`write Block Data to an authentication-not-required Service.`
|`hf felica rqservice `|N |`verify the existence of Area and Service, and to acquire Key Version.`
|`hf felica rqresponse `|N |`verify the existence of a card and its Mode.`
|`hf felica scsvcode `|N |`acquire Area Code and Service Code.`
|`hf felica rqsyscode `|N |`acquire System Code registered to the card.`
|`hf felica auth1 `|N |`authenticate a card. Start mutual authentication with Auth1`
|`hf felica auth2 `|N |`allow a card to authenticate a Reader/Writer. Complete mutual authentication`
|`hf felica read `|N |`read Block Data from authentication-required Service.`
|`hf felica rqspecver `|N |`acquire the version of card OS.`
|`hf felica resetmode `|N |`reset Mode to Mode 0.`
|`hf felica litesim `|N |`<NDEF2> - only reply to poll request`
|`hf felica litedump `|N |`Wait for and try dumping FelicaLite`
### hf legic
### hf fido
{ LEGIC RFIDs... }
{ FIDO and FIDO2 authenticators... }
|command |offline |description
|------- |------- |-----------
|`hf legic help `|Y |`This help`
|`hf legic reader `|N |`LEGIC Prime Reader UID and tag info`
|`hf legic info `|N |`Display deobfuscated and decoded LEGIC Prime tag data`
|`hf legic dump `|N |`Dump LEGIC Prime tag to binary file`
|`hf legic restore `|N |`Restore a dump file onto a LEGIC Prime tag`
|`hf legic rdmem `|N |`Read bytes from a LEGIC Prime tag`
|`hf legic sim `|N |`Start tag simulator`
|`hf legic write `|N |`Write data to a LEGIC Prime tag`
|`hf legic crc `|Y |`Calculate Legic CRC over given bytes`
|`hf legic eload `|N |`Load binary dump to emulator memory`
|`hf legic esave `|N |`Save emulator memory to binary file`
|`hf legic list `|Y |`List LEGIC history`
|`hf legic wipe `|N |`Wipe a LEGIC Prime tag`
|`hf fido help `|Y |`This help.`
|`hf fido info `|N |`Info about FIDO tag.`
|`hf fido reg `|N |`FIDO U2F Registration Message.`
|`hf fido auth `|N |`FIDO U2F Authentication Message.`
|`hf fido make `|N |`FIDO2 MakeCredential command.`
|`hf fido assert `|N |`FIDO2 GetAssertion command.`
### hf iclass
@ -244,26 +245,64 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`hf iclass help `|Y |`This help`
|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys`
|`hf iclass chk `|Y |`[options..] Check keys`
|`hf iclass clone `|N |`[options..] Restore a dump file onto a iClass tag`
|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file`
|`hf iclass dump `|N |`[options..] Dump iClass tag to file`
|`hf iclass eload `|N |`[f <fname>] Load iClass dump file into emulator memory`
|`hf iclass encrypt `|Y |`[options..] Encrypt given block data`
|`hf iclass dump `|N |`[options..] Dump Picopass / iCLASS tag to file`
|`hf iclass info `|Y |` Tag information`
|`hf iclass list `|Y |` List iClass history`
|`hf iclass list `|Y |` List iclass history`
|`hf iclass rdbl `|N |`[options..] Read Picopass / iCLASS block`
|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader`
|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag`
|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication`
|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block`
|`hf iclass chk `|Y |`[options..] Check keys`
|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack`
|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file`
|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iClass`
|`hf iclass replay `|N |`<mac> Read Picopass / iCLASS tag via replay attack`
|`hf iclass sim `|N |`[options..] Simulate iCLASS tag`
|`hf iclass eload `|N |`[f <fn> ] Load Picopass / iCLASS dump file into emulator memory`
|`hf iclass esave `|N |`[f <fn> ] Save emulator memory to file`
|`hf iclass eview `|N |`[options..] View emulator memory`
|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys`
|`hf iclass encrypt `|Y |`[options..] Encrypt given block data`
|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file`
|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iclass commands`
|`hf iclass permutekey `|N |` Permute function from 'heart of darkness' paper`
|`hf iclass rdbl `|N |`[options..] Read iClass block`
|`hf iclass reader `|N |` Act like an iClass reader`
|`hf iclass readtagfile `|Y |`[options..] Display content from tag dump file`
|`hf iclass replay `|N |`<mac> Read iClass tag via replay attack`
|`hf iclass sim `|N |`[options..] Simulate iClass tag`
|`hf iclass sniff `|N |` Eavesdrop iClass communication`
|`hf iclass wrbl `|N |`[options..] Write iClass block`
|`hf iclass view `|Y |`[options..] Display content from tag dump file`
### hf legic
{ LEGIC RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf legic help `|Y |`This help`
|`hf legic list `|Y |`List LEGIC history`
|`hf legic reader `|N |`LEGIC Prime Reader UID and tag info`
|`hf legic info `|N |`Display deobfuscated and decoded LEGIC Prime tag data`
|`hf legic dump `|N |`Dump LEGIC Prime tag to binary file`
|`hf legic restore `|N |`Restore a dump file onto a LEGIC Prime tag`
|`hf legic rdbl `|N |`Read bytes from a LEGIC Prime tag`
|`hf legic sim `|N |`Start tag simulator`
|`hf legic wrbl `|N |`Write data to a LEGIC Prime tag`
|`hf legic crc `|Y |`Calculate Legic CRC over given bytes`
|`hf legic eload `|Y |`Load binary dump to emulator memory`
|`hf legic esave `|Y |`Save emulator memory to binary file`
|`hf legic wipe `|N |`Wipe a LEGIC Prime tag`
### hf lto
{ LTO Cartridge Memory RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf lto help `|Y |`This help`
|`hf lto dump `|N |`Dump LTO-CM tag to file`
|`hf lto restore `|N |`Restore dump file to LTO-CM tag`
|`hf lto info `|N |`Tag information`
|`hf lto rdbl `|N |`Read block`
|`hf lto wrbl `|N |`Write block`
|`hf lto list `|Y |`List LTO-CM history`
### hf mf
@ -277,38 +316,43 @@ Check column "offline" for their availability.
|`hf mf darkside `|N |`Darkside attack`
|`hf mf nested `|N |`Nested attack`
|`hf mf hardnested `|Y |`Nested attack for hardened MIFARE Classic cards`
|`hf mf staticnested `|N |`Nested attack against static nonce MIFARE Classic cards`
|`hf mf autopwn `|N |`Automatic key recovery tool for MIFARE Classic`
|`hf mf nack `|N |`Test for MIFARE NACK bug`
|`hf mf chk `|N |`Check keys`
|`hf mf fchk `|N |`Check keys fast, targets all keys on card`
|`hf mf decrypt `|Y |`[nt] [ar_enc] [at_enc] [data] - to decrypt sniff or trace`
|`hf mf rdbl `|N |`Read MIFARE classic block`
|`hf mf rdsc `|N |`Read MIFARE classic sector`
|`hf mf dump `|N |`Dump MIFARE classic tag to binary file`
|`hf mf restore `|N |`Restore MIFARE classic binary file to BLANK tag`
|`hf mf wrbl `|N |`Write MIFARE classic block`
|`hf mf setmod `|N |`Set MIFARE Classic EV1 load modulation strength`
|`hf mf auth4 `|N |`ISO14443-4 AES authentication`
|`hf mf dump `|N |`Dump MIFARE Classic tag to binary file`
|`hf mf mad `|N |`Checks and prints MAD`
|`hf mf ndef `|N |`Prints NDEF records from card`
|`hf mf personalize `|N |`Personalize UID (MIFARE Classic EV1 only)`
|`hf mf rdbl `|N |`Read MIFARE Classic block`
|`hf mf rdsc `|N |`Read MIFARE Classic sector`
|`hf mf restore `|N |`Restore MIFARE Classic binary file to BLANK tag`
|`hf mf setmod `|N |`Set MIFARE Classic EV1 load modulation strength`
|`hf mf wrbl `|N |`Write MIFARE Classic block`
|`hf mf sim `|N |`Simulate MIFARE card`
|`hf mf ecfill `|N |`Fill simulator memory with help of keys from simulator`
|`hf mf eclr `|N |`Clear simulator memory`
|`hf mf egetblk `|N |`Get simulator memory block`
|`hf mf egetsc `|N |`Get simulator memory sector`
|`hf mf eset `|N |`Set simulator memory block`
|`hf mf ekeyprn `|N |`Print keys from simulator memory`
|`hf mf eload `|N |`Load from file emul dump`
|`hf mf esave `|N |`Save to file emul dump`
|`hf mf ecfill `|N |`Fill simulator memory with help of keys from simulator`
|`hf mf ekeyprn `|N |`Print keys from simulator memory`
|`hf mf eview `|N |`View simulator memory`
|`hf mf csetuid `|N |`Set UID (magic chinese card)`
|`hf mf eset `|N |`Set simulator memory block`
|`hf mf eview `|N |`View emul memory`
|`hf mf cgetblk `|N |`Read block`
|`hf mf cgetsc `|N |`Read sector`
|`hf mf cload `|N |`Load dump`
|`hf mf csave `|N |`Save dump from card into file or emulator`
|`hf mf csetblk `|N |`Write block`
|`hf mf csetuid `|N |`Set UID`
|`hf mf cview `|N |`view card`
|`hf mf cwipe `|N |`Wipe card to default UID/Sectors/Keys`
|`hf mf csetblk `|N |`Write block (magic chinese card)`
|`hf mf cgetblk `|N |`Read block (magic chinese card)`
|`hf mf cgetsc `|N |`Read sector (magic chinese card)`
|`hf mf cload `|N |`Load dump (magic chinese card)`
|`hf mf csave `|N |`Save dump from magic chinese card into file or emulator`
|`hf mf cview `|N |`View card memory (magic chinese card)`
|`hf mf mad `|N |`Checks and prints MAD`
|`hf mf ndef `|N |`Prints NDEF records from card`
|`hf mf gen3uid `|N |`Set UID without manufacturer block`
|`hf mf gen3blk `|N |`Overwrite full manufacturer block`
|`hf mf gen3freeze `|N |`Perma lock further UID changes`
|`hf mf ice `|N |`collect MIFARE Classic nonces to file`
@ -352,6 +396,7 @@ Check column "offline" for their availability.
|`hf mfu gen `|Y |`Generate 3des mifare diversified keys`
|`hf mfu pwdgen `|Y |`Generate pwd from known algos`
|`hf mfu otptear `|N |`Tear-off test on OTP bits`
|`hf mfu ndef `|N |`Prints NDEF records from card`
### hf mfdes
@ -362,36 +407,41 @@ Check column "offline" for their availability.
|------- |------- |-----------
|`hf mfdes help `|Y |`This help`
|`hf mfdes info `|N |`Tag information`
|`hf mfdes list `|Y |`List DESFire (ISO 14443A) history`
|`hf mfdes enum `|N |`Tries enumerate all applications`
|`hf mfdes auth `|N |`Tries a MIFARE DesFire Authentication`
|`hf mfdes getuid `|N |`Get random uid`
|`hf mfdes selectaid `|N |`Select Application ID`
|`hf mfdes createaid `|N |`Create Application ID`
|`hf mfdes deleteaid `|N |`Delete Application ID`
|`hf mfdes createfile `|N |`Create Standard/Backup File`
|`hf mfdes createvaluefile`|N |`Create Value File`
|`hf mfdes createrecordfile`|N |`Create Linear/Cyclic Record File`
|`hf mfdes deletefile `|N |`Create Delete File`
|`hf mfdes clearfile `|N |`Clear record File`
|`hf mfdes readdata `|N |`Read data from standard/backup/record file`
|`hf mfdes writedata `|N |`Write data to standard/backup/record file`
|`hf mfdes getvalue `|N |`Get value of file`
|`hf mfdes changevalue `|N |`Write value of a value file (credit/debit/clear)`
|`hf mfdes changekey `|N |`Change Key`
|`hf mfdes formatpicc `|N |`Format PICC`
|`hf mfdes dump `|N |`Dump all files`
|`hf mfdes chk `|N |`Check keys`
### hf topaz
### hf st
{ TOPAZ (NFC Type 1) RFIDs... }
{ ST Rothult RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf topaz help `|Y |`This help`
|`hf topaz reader `|N |`Act like a Topaz reader`
|`hf topaz sim `|N |`<UID> -- Simulate Topaz tag`
|`hf topaz sniff `|N |`Sniff Topaz reader-tag communication`
|`hf topaz raw `|N |`Send raw hex data to tag`
|`hf topaz list `|Y |`List Topaz history`
### hf fido
{ FIDO and FIDO2 authenticators... }
|command |offline |description
|------- |------- |-----------
|`hf fido help `|Y |`This help.`
|`hf fido info `|N |`Info about FIDO tag.`
|`hf fido reg `|N |`FIDO U2F Registration Message.`
|`hf fido auth `|N |`FIDO U2F Authentication Message.`
|`hf fido make `|N |`FIDO2 MakeCredential command.`
|`hf fido assert `|N |`FIDO2 GetAssertion command.`
|`hf st help `|Y |`This help`
|`hf st info `|N |`Tag information`
|`hf st list `|Y |`List ISO 14443A/7816 history`
|`hf st ndef `|Y |`read NDEF file on tag`
|`hf st protect `|N |`change protection on tag`
|`hf st pwd `|N |`change password on tag`
|`hf st sim `|N |`Fake ISO 14443A/ST tag`
### hf thinfilm
@ -406,6 +456,31 @@ Check column "offline" for their availability.
|`hf thinfilm sim `|N |`Fake Thinfilm tag`
### hf topaz
{ TOPAZ (NFC Type 1) RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf topaz help `|Y |`This help`
|`hf topaz list `|Y |`List Topaz history`
|`hf topaz info `|N |`Tag information`
|`hf topaz reader `|N |`Act like a Topaz reader`
|`hf topaz sim `|N |`<UID> -- Simulate Topaz tag`
|`hf topaz sniff `|N |`Sniff Topaz reader-tag communication`
|`hf topaz raw `|N |`Send raw hex data to tag`
### hf waveshare
{ Waveshare NFC ePaper... }
|command |offline |description
|------- |------- |-----------
|`hf waveshare help `|Y |`This help`
|`hf waveshare loadbmp `|N |`Load BMP file to Waveshare NFC ePaper`
### hw
{ Hardware commands... }
@ -460,7 +535,7 @@ Check column "offline" for their availability.
|`lf awid help `|Y |`this help`
|`lf awid demod `|Y |`demodulate an AWID FSK tag from the GraphBuffer`
|`lf awid read `|N |`attempt to read and extract tag data`
|`lf awid clone `|N |`clone AWID tag to T55x7 (or to q5/T5555)`
|`lf awid clone `|N |`clone AWID tag to T55x7 or Q5/T5555`
|`lf awid sim `|N |`simulate AWID tag`
|`lf awid brute `|N |`Bruteforce card number against reader`
|`lf awid watch `|N |`continuously watch for cards. Reader mode`
@ -490,17 +565,19 @@ Check column "offline" for their availability.
|`lf em 410x_brute `|N |`reader bruteforce attack by simulating EM410x tags`
|`lf em 410x_watch `|N |`watches for EM410x 125/134 kHz tags (option 'h' for 134)`
|`lf em 410x_spoof `|N |`watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)`
|`lf em 410x_clone `|N |`write EM410x UID to T5555(Q5) or T55x7 tag`
|`lf em 410x_clone `|N |`write EM410x UID to T55x7 or Q5/T5555 tag`
|`lf em 4x05_demod `|Y |`demodulate a EM4x05/EM4x69 tag from the GraphBuffer`
|`lf em 4x05_dump `|N |`dump EM4x05/EM4x69 tag`
|`lf em 4x05_wipe `|N |`wipe EM4x05/EM4x69 tag`
|`lf em 4x05_info `|N |`tag information EM4x05/EM4x69`
|`lf em 4x05_read `|N |`read word data from EM4x05/EM4x69`
|`lf em 4x05_write `|N |`write word data to EM4x05/EM4x69`
|`lf em 4x50_demod `|Y |`demodulate a EM4x50 tag from the GraphBuffer`
|`lf em 4x50_dump `|N |`dump EM4x50 tag`
|`lf em 4x50_read `|N |`read word data from EM4x50`
|`lf em 4x50_info `|N |`tag information EM4x50`
|`lf em 4x50_write `|N |`write word data to EM4x50`
|`lf em 4x50_write_password`|N |`change passwword of EM4x50 tag`
|`lf em 4x50_read `|N |`read word data from EM4x50`
|`lf em 4x50_wipe `|N |`wipe data from EM4x50`
### lf fdx
@ -511,8 +588,8 @@ Check column "offline" for their availability.
|------- |------- |-----------
|`lf fdx help `|Y |`this help`
|`lf fdx demod `|Y |`demodulate a FDX-B ISO11784/85 tag from the GraphBuffer`
|`lf fdx read `|N |`attempt to read and extract tag data`
|`lf fdx clone `|N |`clone animal ID tag to T55x7 (or to q5/T5555)`
|`lf fdx read `|N |`attempt to read at 134kHz and extract tag data`
|`lf fdx clone `|N |`clone animal ID tag to T55x7 or Q5/T5555`
|`lf fdx sim `|N |`simulate Animal ID tag`
@ -538,13 +615,13 @@ Check column "offline" for their availability.
|`lf gproxii help `|Y |`this help`
|`lf gproxii demod `|Y |`demodulate a G Prox II tag from the GraphBuffer`
|`lf gproxii read `|N |`attempt to read and extract tag data from the antenna`
|`lf gproxii clone `|N |`clone Guardall tag to T55x7`
|`lf gproxii clone `|N |`clone Guardall tag to T55x7 or Q5/T5555`
|`lf gproxii sim `|N |`simulate Guardall tag`
### lf hid
{ HID RFIDs... }
{ HID Prox RFIDs... }
|command |offline |description
|------- |------- |-----------
@ -570,9 +647,21 @@ Check column "offline" for their availability.
|`lf hitag sim `|N |`Simulate Hitag transponder`
|`lf hitag sniff `|N |`Eavesdrop Hitag communication`
|`lf hitag writer `|N |`Act like a Hitag Writer`
|`lf hitag dump `|N |`Dump Hitag2 tag`
|`lf hitag cc `|N |`Test all challenges`
### lf idteck
{ Idteck RFIDs... }
|command |offline |description
|------- |------- |-----------
|`lf idteck help `|Y |`This help`
|`lf idteck demod `|Y |`Demodulate an Idteck tag from the GraphBuffer`
|`lf idteck read `|N |`Attempt to read and Extract tag data from the antenna`
### lf indala
{ Indala RFIDs... }
@ -583,7 +672,7 @@ Check column "offline" for their availability.
|`lf indala demod `|Y |`demodulate an indala tag (PSK1) from GraphBuffer`
|`lf indala altdemod `|Y |`alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)`
|`lf indala read `|N |`read an Indala Prox tag from the antenna`
|`lf indala clone `|N |`clone Indala tag to T55x7`
|`lf indala clone `|N |`clone Indala tag to T55x7 or Q5/T5555`
|`lf indala sim `|N |`simulate Indala tag`
@ -596,7 +685,7 @@ Check column "offline" for their availability.
|`lf io help `|Y |`this help`
|`lf io demod `|Y |`demodulate an IOProx tag from the GraphBuffer`
|`lf io read `|N |`attempt to read and extract tag data`
|`lf io clone `|N |`clone IOProx tag to T55x7 (or to q5/T5555)`
|`lf io clone `|N |`clone IOProx tag to T55x7 or Q5/T5555`
|`lf io sim `|N |`simulate IOProx tag`
|`lf io watch `|N |`continuously watch for cards. Reader mode`
@ -610,7 +699,7 @@ Check column "offline" for their availability.
|`lf jablotron help `|Y |`This help`
|`lf jablotron demod `|Y |`Demodulate an Jablotron tag from the GraphBuffer`
|`lf jablotron read `|N |`Attempt to read and extract tag data from the antenna`
|`lf jablotron clone `|N |`clone jablotron tag to T55x7 (or to q5/T5555)`
|`lf jablotron clone `|N |`clone jablotron tag to T55x7 or Q5/T5555`
|`lf jablotron sim `|N |`simulate jablotron tag`
@ -623,10 +712,23 @@ Check column "offline" for their availability.
|`lf keri help `|Y |`This help`
|`lf keri demod `|Y |`Demodulate an KERI tag from the GraphBuffer`
|`lf keri read `|N |`Attempt to read and extract tag data from the antenna`
|`lf keri clone `|N |`clone KERI tag to T55x7 (or to q5/T5555)`
|`lf keri clone `|N |`clone KERI tag to T55x7 or Q5/T5555`
|`lf keri sim `|N |`simulate KERI tag`
### lf motorola
{ Motorola RFIDs... }
|command |offline |description
|------- |------- |-----------
|`lf motorola help `|Y |`This help`
|`lf motorola demod `|Y |`Demodulate an MOTOROLA tag from the GraphBuffer`
|`lf motorola read `|N |`Attempt to read and extract tag data from the antenna`
|`lf motorola clone `|N |`clone MOTOROLA tag to T55x7`
|`lf motorola sim `|N |`simulate MOTOROLA tag`
### lf nedap
{ Nedap RFIDs... }
@ -637,7 +739,7 @@ Check column "offline" for their availability.
|`lf nedap demod `|Y |`Demodulate Nedap tag from the GraphBuffer`
|`lf nedap generate `|Y |`Generate Nedap bitstream in DemodBuffer`
|`lf nedap read `|N |`Attempt to read and extract tag data from the antenna`
|`lf nedap clone `|N |`Clone Nedap tag to T55x7`
|`lf nedap clone `|N |`Clone Nedap tag to T55x7 or Q5/T5555`
|`lf nedap sim `|N |`Simulate Nedap tag`
@ -663,23 +765,10 @@ Check column "offline" for their availability.
|`lf noralsy help `|Y |`This help`
|`lf noralsy demod `|Y |`Demodulate an Noralsy tag from the GraphBuffer`
|`lf noralsy read `|N |`Attempt to read and extract tag data from the antenna`
|`lf noralsy clone `|N |`clone Noralsy tag to T55x7 (or to q5/T5555)`
|`lf noralsy clone `|N |`clone Noralsy tag to T55x7 or Q5/T5555`
|`lf noralsy sim `|N |`simulate Noralsy tag`
### lf motorola
{ Motorola RFIDs... }
|command |offline |description
|------- |------- |-----------
|`lf motorola help `|Y |`This help`
|`lf motorola demod `|Y |`Demodulate an MOTOROLA tag from the GraphBuffer`
|`lf motorola read `|N |`Attempt to read and extract tag data from the antenna`
|`lf motorola clone `|N |`clone MOTOROLA tag to T55x7`
|`lf motorola sim `|N |`simulate MOTOROLA tag`
### lf pac
{ PAC/Stanley RFIDs... }
@ -725,8 +814,9 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`lf presco help `|Y |`This help`
|`lf presco demod `|Y |`demodulate Presco tag from the GraphBuffer`
|`lf presco read `|N |`Attempt to read and Extract tag data`
|`lf presco clone `|N |`clone presco tag to T55x7 (or to q5/T5555)`
|`lf presco clone `|N |`clone presco tag to T55x7 or Q5/T5555`
|`lf presco sim `|N |`simulate presco tag`
@ -739,7 +829,7 @@ Check column "offline" for their availability.
|`lf pyramid help `|Y |`this help`
|`lf pyramid demod `|Y |`demodulate a Pyramid FSK tag from the GraphBuffer`
|`lf pyramid read `|N |`attempt to read and extract tag data`
|`lf pyramid clone `|N |`clone pyramid tag to T55x7 (or to q5/T5555)`
|`lf pyramid clone `|N |`clone pyramid tag to T55x7 or Q5/T5555`
|`lf pyramid sim `|N |`simulate pyramid tag`
@ -775,27 +865,27 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`lf t55xx help `|Y |`This help`
|`lf t55xx bruteforce `|N |`<start password> <end password> Simple bruteforce attack to find password`
|`lf t55xx config `|Y |`Set/Get T55XX configuration (modulation, inverted, offset, rate)`
|`lf t55xx chk `|N |`Check passwords from dictionary/flash`
|`lf t55xx clonehelp `|N |`Shows the available clone commands`
|`lf t55xx config `|Y |`Set/Get T55XX configuration (modulation, inverted, offset, rate)`
|`lf t55xx dangerraw `|N |`Sends raw bitstream. Dangerous, do not use!! b <bitstream> t <timing>`
|`lf t55xx detect `|Y |`[1] Try detecting the tag modulation from reading the configuration block.`
|`lf t55xx deviceconfig `|N |`Set/Get T55XX device configuration (startgap, writegap, write0, write1, readgap`
|`lf t55xx dump `|N |`[password] [o] Dump T55xx card Page 0 block 0-7. Optional [password], [override]`
|`lf t55xx restore `|N |`f <filename> [p <password>] Restore T55xx card Page 0 / Page 1 blocks`
|`lf t55xx info `|Y |`[1] Show T55x7 configuration data (page 0/ blk 0)`
|`lf t55xx p1detect `|N |`[1] Try detecting if this is a t55xx tag by reading page 1`
|`lf t55xx protect `|N |`Password protect tag`
|`lf t55xx read `|N |`b <block> p [password] [o] [1] -- Read T55xx block data. Optional [p password], [override], [page1]`
|`lf t55xx resetread `|N |`Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)`
|`lf t55xx recoverpw `|N |`[password] Try to recover from bad password write from a cloner. Only use on PW protected chips!`
|`lf t55xx sniff `|N |`Attempt to recover T55xx commands from sample buffer`
|`lf t55xx special `|N |`Show block changes with 64 different offsets`
|`lf t55xx restore `|N |`f <filename> [p <password>] Restore T55xx card Page 0 / Page 1 blocks`
|`lf t55xx trace `|Y |`[1] Show T55x7 traceability data (page 1/ blk 0-1)`
|`lf t55xx wakeup `|N |`Send AOR wakeup command`
|`lf t55xx wipe `|N |`[q] Wipe a T55xx tag and set defaults (will destroy any data on tag)`
|`lf t55xx write `|N |`b <block> d <data> p [password] [1] -- Write T55xx block data. Optional [p password], [page1]`
|`lf t55xx bruteforce `|N |`<start password> <end password> Simple bruteforce attack to find password`
|`lf t55xx chk `|N |`Check passwords from dictionary/flash`
|`lf t55xx protect `|N |`Password protect tag`
|`lf t55xx recoverpw `|N |`[password] Try to recover from bad password write from a cloner. Only use on PW protected chips!`
|`lf t55xx sniff `|Y |`Attempt to recover T55xx commands from sample buffer`
|`lf t55xx special `|N |`Show block changes with 64 different offsets`
|`lf t55xx wipe `|N |`[q] Wipe a T55xx tag and set defaults (will destroy any data on tag)`
### lf viking
@ -807,7 +897,7 @@ Check column "offline" for their availability.
|`lf viking help `|Y |`This help`
|`lf viking demod `|Y |`Demodulate a Viking tag from the GraphBuffer`
|`lf viking read `|N |`Attempt to read and Extract tag data from the antenna`
|`lf viking clone `|N |`clone Viking tag to T55x7 (or to q5/T5555)`
|`lf viking clone `|N |`clone Viking tag to T55x7 or Q5/T5555`
|`lf viking sim `|N |`simulate Viking tag`
@ -820,7 +910,7 @@ Check column "offline" for their availability.
|`lf visa2000 help `|Y |`This help`
|`lf visa2000 demod `|Y |`demodulate an VISA2000 tag from the GraphBuffer`
|`lf visa2000 read `|N |`attempt to read and extract tag data from the antenna`
|`lf visa2000 clone `|N |`clone Visa2000 tag to T55x7 (or to q5/T5555)`
|`lf visa2000 clone `|N |`clone Visa2000 tag to T55x7 or Q5/T5555`
|`lf visa2000 sim `|N |`simulate Visa2000 tag`
@ -831,19 +921,21 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`mem help `|Y |`This help`
|`mem spiffs `|N |`High level SPI FileSystem Flash manipulation [rdv40]`
|`mem spibaud `|N |`Set Flash memory Spi baudrate [rdv40]`
|`mem info `|N |`Flash memory information [rdv40]`
|`mem load `|N |`Load data into flash memory [rdv40]`
|`mem dump `|N |`Dump data from flash memory [rdv40]`
|`mem wipe `|N |`Wipe data from flash memory [rdv40]`
|`mem baudrate `|N |`Set Flash memory Spi baudrate`
|`mem spiffs `|N |`High level SPI FileSystem Flash manipulation`
|`mem info `|N |`Flash memory information`
|`mem load `|N |`Load data into flash memory`
|`mem dump `|N |`Dump data from flash memory`
|`mem wipe `|N |`Wipe data from flash memory`
### reveng
{ CRC calculations from RevEng software }
### sc
[=] reveng: no mode switch specified. Use reveng -h for help.
### smart
{ Smart card ISO-7816 commands... }
@ -865,9 +957,9 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`script help `|Y |`This help`
|`script help `|Y |`Usage info`
|`script list `|Y |`List available scripts`
|`script run `|Y |`<name> -- Execute a script`
|`script run `|Y |`<name> -- execute a script`
### trace
@ -907,7 +999,7 @@ Check column "offline" for their availability.
|------- |------- |-----------
|`wiegand help `|Y |`This help`
|`wiegand list `|Y |`List available wiegand formats`
|`wiegand encode `|Y |`Convert `
|`wiegand decode `|Y |`Convert raw hex to wiegand format`
|`wiegand encode `|Y |`Encode to wiegand raw hex`
|`wiegand decode `|Y |`Convert raw hex to decoded wiegand format`