Add initialization command response interpretation on the ksx6924 (Tmoney) card
61 KiB
Proxmark3 command dump
Some commands are available only if a Proxmark3 is actually connected.
Check column "offline" for their availability.
command | offline | description |
---|---|---|
help |
Y | Use help for details of a command |
auto |
N | Automated detection process for unknown tags |
clear |
Y | Clear screen |
hints |
Y | Turn hints on / off |
msleep |
Y | Add a pause in milliseconds |
rem |
Y | Add a text line in log file |
quit |
Y | `` |
exit |
Y | Exit program |
prefs
{ Edit client/device preferences... }
command | offline | description |
---|---|---|
prefs help |
Y | This help |
prefs show |
Y | Show all preferences |
prefs get
{ Get a preference }
command | offline | description |
---|---|---|
prefs get barmode |
Y | Get bar mode preference |
prefs get clientdebug |
Y | Get client debug level preference |
prefs get clientdelay |
Y | Get client execution delay preference |
prefs get color |
Y | Get color support preference |
prefs get savepaths |
Y | Get file folder |
prefs get emoji |
Y | Get emoji display preference |
prefs get hints |
Y | Get hint display preference |
prefs get output |
Y | Get dump output style preference |
prefs get plotsliders |
Y | Get plot slider display preference |
prefs set
{ Set a preference }
command | offline | description |
---|---|---|
prefs set help |
Y | This help |
prefs set barmode |
Y | Set bar mode |
prefs set clientdebug |
Y | Set client debug level |
prefs set clientdelay |
Y | Set client execution delay |
prefs set color |
Y | Set color support |
prefs set emoji |
Y | Set emoji display |
prefs set hints |
Y | Set hint display |
prefs set savepaths |
Y | ... to be adjusted next ... |
prefs set output |
Y | Set dump output style |
prefs set plotsliders |
Y | Set plot slider display |
analyse
{ Analyse utils... }
command | offline | description |
---|---|---|
analyse help |
Y | This help |
analyse lcr |
Y | Generate final byte for XOR LRC |
analyse crc |
Y | Stub method for CRC evaluations |
analyse chksum |
Y | Checksum with adding, masking and one's complement |
analyse dates |
Y | Look for datestamps in a given array of bytes |
analyse lfsr |
Y | LFSR tests |
analyse a |
Y | num bits test |
analyse nuid |
Y | create NUID from 7byte UID |
analyse demodbuff |
Y | Load binary string to DemodBuffer |
analyse freq |
Y | Calc wave lengths |
analyse foo |
Y | muxer |
analyse units |
Y | convert ETU <> US <> SSP_CLK (3.39MHz) |
data
{ Plot window / data buffer manipulation... }
command | offline | description |
---|---|---|
data help |
Y | This help |
data biphaserawdecode |
Y | Biphase decode bin stream in DemodBuffer |
data detectclock |
Y | Detect ASK, FSK, NRZ, PSK clock rate of wave in GraphBuffer |
data fsktonrz |
Y | Convert fsk2 to nrz wave for alternate fsk demodulating (for weak fsk) |
data manrawdecode |
Y | Manchester decode binary stream in DemodBuffer |
data modulation |
Y | Identify LF signal for clock and modulation |
data rawdemod |
Y | Demodulate the data in the GraphBuffer and output binary |
data askedgedetect |
Y | Adjust Graph for manual ASK demod using the length of sample differences to detect the edge of a wave |
data autocorr |
Y | Autocorrelation over window |
data dirthreshold |
Y | Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev. |
data decimate |
Y | Decimate samples |
data undecimate |
Y | Un-decimate samples |
data hide |
Y | Hide graph window |
data hpf |
Y | Remove DC offset from trace |
data iir |
Y | Apply IIR buttersworth filter on plot data |
data grid |
Y | overlay grid on graph window |
data ltrim |
Y | Trim samples from left of trace |
data mtrim |
Y | Trim out samples from the specified start to the specified stop |
data norm |
Y | Normalize max/min to +/-128 |
data plot |
Y | Show graph window |
data rtrim |
Y | Trim samples from right of trace |
data setgraphmarkers |
Y | Set blue and orange marker in graph window |
data shiftgraphzero |
Y | Shift 0 for Graphed wave + or - shift value |
data timescale |
Y | Set a timescale to get a differential reading between the yellow and purple markers as time duration |
data zerocrossings |
Y | Count time between zero-crossings |
data convertbitstream |
Y | Convert GraphBuffer's 0/1 values to 127 / -127 |
data getbitstream |
Y | Convert GraphBuffer's >=1 values to 1 and <1 to 0 |
data asn1 |
Y | asn1 decoder |
data bin2hex |
Y | Converts binary to hexadecimal |
data bitsamples |
N | Get raw samples as bitstring |
data clear |
Y | Clears bigbuf on deviceside and graph window |
data diff |
Y | diff of input files |
data hexsamples |
N | Dump big buffer as hex bytes |
data hex2bin |
Y | Converts hexadecimal to binary |
data load |
Y | Load contents of file into graph window |
data print |
Y | Print the data in the DemodBuffer |
data samples |
N | Get raw samples for graph window (GraphBuffer) |
data save |
Y | Save signal trace data (from graph window) |
data setdebugmode |
Y | Set Debugging Level on client side |
data tune |
N | Measure tuning of device antenna. Results shown in graph window |
emv
{ EMV ISO-14443 / ISO-7816... }
command | offline | description |
---|---|---|
emv help |
Y | This help |
emv exec |
N | Executes EMV contactless transaction |
emv pse |
N | Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory |
emv search |
N | Try to select all applets from applets list and print installed applets |
emv select |
N | Select applet |
emv gpo |
N | Execute GetProcessingOptions |
emv readrec |
N | Read files from card |
emv genac |
N | Generate ApplicationCryptogram |
emv challenge |
N | Generate challenge |
emv intauth |
N | Internal authentication |
emv scan |
N | Scan EMV card and save it contents to json file for emulator |
emv test |
Y | Crypto logic test |
emv list |
Y | List ISO7816 history |
emv roca |
N | Extract public keys and run ROCA test |
hf
{ High frequency commands... }
command | offline | description |
---|---|---|
hf help |
Y | This help |
hf list |
Y | List protocol data in trace buffer |
hf plot |
N | Plot signal |
hf tune |
N | Continuously measure HF antenna tuning |
hf search |
Y | Search for known HF tags |
hf sniff |
N | Generic HF Sniff |
hf 14a
{ ISO14443A RFIDs... }
command | offline | description |
---|---|---|
hf 14a help |
Y | This help |
hf 14a list |
Y | List ISO 14443-a history |
hf 14a antifuzz |
N | Fuzzing the anticollision phase. Warning! Readers may react strange |
hf 14a config |
N | Configure 14a settings (use with caution) |
hf 14a cuids |
N | Collect n>0 ISO14443-a UIDs in one go |
hf 14a info |
N | Tag information |
hf 14a sim |
N | Simulate ISO 14443-a tag |
hf 14a sniff |
N | sniff ISO 14443-a traffic |
hf 14a raw |
N | Send raw hex data to tag |
hf 14a reader |
N | Act like an ISO14443-a reader |
hf 14a apdu |
N | Send ISO 14443-4 APDU to tag |
hf 14a apdufind |
N | Enumerate APDUs - CLA/INS/P1P2 |
hf 14a chaining |
N | Control ISO 14443-4 input chaining |
hf 14a ndefformat |
N | Format ISO 14443-A as NFC Type 4 tag |
hf 14a ndefread |
N | Read an NDEF file from ISO 14443-A Type 4 tag |
hf 14a ndefwrite |
N | Write NDEF records to ISO 14443-A tag |
hf 14b
{ ISO14443B RFIDs... }
command | offline | description |
---|---|---|
hf 14b help |
Y | This help |
hf 14b apdu |
N | Send ISO 14443-4 APDU to tag |
hf 14b dump |
N | Read all memory pages of an ISO-14443-B tag, save to file |
hf 14b info |
N | Tag information |
hf 14b list |
Y | List ISO-14443-B history |
hf 14b ndefread |
N | Read NDEF file on tag |
hf 14b raw |
N | Send raw hex data to tag |
hf 14b reader |
N | Act as a ISO-14443-B reader to identify a tag |
hf 14b sim |
N | Fake ISO ISO-14443-B tag |
hf 14b sniff |
N | Eavesdrop ISO-14443-B |
hf 14b rdbl |
N | Read SRI512/SRIX4x block |
hf 14b sriwrite |
N | Write data to a SRI512 or SRIX4K tag |
hf 14b view |
Y | Display content from tag dump file |
hf 15
{ ISO15693 RFIDs... }
command | offline | description |
---|---|---|
hf 15 help |
Y | This help |
hf 15 list |
Y | List ISO-15693 history |
hf 15 demod |
Y | Demodulate ISO-15693 from tag |
hf 15 dump |
N | Read all memory pages of an ISO-15693 tag, save to file |
hf 15 info |
N | Tag information |
hf 15 sniff |
N | Sniff ISO-15693 traffic |
hf 15 raw |
N | Send raw hex data to tag |
hf 15 rdbl |
N | Read a block |
hf 15 rdmulti |
N | Reads multiple blocks |
hf 15 reader |
N | Act like an ISO-15693 reader |
hf 15 restore |
N | Restore from file to all memory pages of an ISO-15693 tag |
hf 15 samples |
N | Acquire samples as reader (enables carrier, sends inquiry) |
hf 15 eload |
N | Load image file into emulator to be used by 'sim' command |
hf 15 esave |
N | Save emulator memory into image file |
hf 15 eview |
N | View emulator memory |
hf 15 sim |
N | Fake an ISO-15693 tag |
hf 15 slixdisable |
N | Disable privacy mode on SLIX ISO-15693 tag |
hf 15 wrbl |
N | Write a block |
hf 15 findafi |
N | Brute force AFI of an ISO-15693 tag |
hf 15 writeafi |
N | Writes the AFI on an ISO-15693 tag |
hf 15 writedsfid |
N | Writes the DSFID on an ISO-15693 tag |
hf 15 csetuid |
N | Set UID for magic card |
hf cipurse
{ Cipurse transport Cards... }
command | offline | description |
---|---|---|
hf cipurse help |
Y | This help. |
hf cipurse info |
N | Get info about CIPURSE tag |
hf cipurse select |
N | Select CIPURSE application or file |
hf cipurse auth |
N | Authenticate CIPURSE tag |
hf cipurse read |
N | Read binary file |
hf cipurse write |
N | Write binary file |
hf cipurse aread |
N | Read file attributes |
hf cipurse awrite |
N | Write file attributes |
hf cipurse formatall |
N | Erase all the data from chip |
hf cipurse create |
N | Create file, application, key via DGI record |
hf cipurse delete |
N | Delete file |
hf cipurse updkey |
N | Update key |
hf cipurse updakey |
N | Update key attributes |
hf cipurse default |
N | Set default key and file id for all the other commands |
hf cipurse test |
Y | Regression tests |
hf epa
{ German Identification Card... }
command | offline | description |
---|---|---|
hf epa help |
Y | This help |
hf epa cnonces |
N | Acquire encrypted PACE nonces of specific size |
hf epa replay |
N | Perform PACE protocol by replaying given APDUs |
hf epa sim |
N | Simulate PACE protocol |
hf emrtd
{ Machine Readable Travel Document... }
command | offline | description |
---|---|---|
hf emrtd help |
Y | This help |
hf emrtd dump |
N | Dump eMRTD files to binary files |
hf emrtd info |
Y | Display info about an eMRTD |
hf emrtd list |
Y | List ISO 14443A/7816 history |
hf felica
{ ISO18092 / FeliCa RFIDs... }
command | offline | description |
---|---|---|
hf felica help |
Y | This help |
hf felica list |
Y | List ISO 18092/FeliCa history |
hf felica reader |
N | Act like an ISO18092/FeliCa reader |
hf felica info |
N | Tag information |
hf felica sniff |
N | Sniff ISO 18092/FeliCa traffic |
hf felica raw |
N | Send raw hex data to tag |
hf felica rdbl |
N | read block data from authentication-not-required Service. |
hf felica wrbl |
N | write block data to an authentication-not-required Service. |
hf felica rqservice |
N | verify the existence of Area and Service, and to acquire Key Version. |
hf felica rqresponse |
N | verify the existence of a card and its Mode. |
hf felica scsvcode |
N | acquire Area Code and Service Code. |
hf felica rqsyscode |
N | acquire System Code registered to the card. |
hf felica auth1 |
N | authenticate a card. Start mutual authentication with Auth1 |
hf felica auth2 |
N | allow a card to authenticate a Reader/Writer. Complete mutual authentication |
hf felica rqspecver |
N | acquire the version of card OS. |
hf felica resetmode |
N | reset Mode to Mode 0. |
hf felica litesim |
N | Emulating ISO/18092 FeliCa Lite tag |
hf felica litedump |
N | Wait for and try dumping FelicaLite |
hf fido
{ FIDO and FIDO2 authenticators... }
command | offline | description |
---|---|---|
hf fido help |
Y | This help. |
hf fido list |
Y | List ISO 14443A history |
hf fido info |
N | Info about FIDO tag. |
hf fido reg |
N | FIDO U2F Registration Message. |
hf fido auth |
N | FIDO U2F Authentication Message. |
hf fido make |
N | FIDO2 MakeCredential command. |
hf fido assert |
N | FIDO2 GetAssertion command. |
hf fudan
{ Fudan RFIDs... }
command | offline | description |
---|---|---|
hf fudan help |
Y | This help |
hf fudan reader |
N | Act like a fudan reader |
hf fudan dump |
N | Dump FUDAN tag to binary file |
hf fudan rdbl |
N | Read a fudan tag |
hf fudan view |
Y | Display content from tag dump file |
hf fudan wrbl |
N | Write a fudan tag |
hf gallagher
{ Gallagher DESFire RFIDs... }
command | offline | description |
---|---|---|
hf gallagher help |
Y | This help |
hf gallagher reader |
N | Read & decode all Gallagher credentials on a DESFire card |
hf gallagher clone |
N | Add Gallagher credentials to a DESFire card |
hf gallagher delete |
N | Delete Gallagher credentials from a DESFire card |
hf gallagher diversifykey |
Y | Diversify Gallagher key |
hf gallagher decode |
Y | Decode Gallagher credential block |
hf ksx6924
{ KS X 6924 (T-Money, Snapper+) RFIDs }
command | offline | description |
---|---|---|
hf ksx6924 help |
Y | This help |
hf ksx6924 select |
N | Select application, and leave field up |
hf ksx6924 info |
N | Get info about a KS X 6924 (T-Money, Snapper+) transit card |
hf ksx6924 balance |
N | Get current purse balance |
hf ksx6924 init |
N | Perform transaction initialization with Mpda (Money of Purchase Transaction) |
hf ksx6924 prec |
N | Send proprietary get record command (CLA=90, INS=4C) |
hf jooki
{ Jooki RFIDs... }
command | offline | description |
---|---|---|
hf jooki help |
Y | This help |
hf jooki clone |
N | Write a Jooki token |
hf jooki decode |
Y | Decode Jooki token |
hf jooki encode |
Y | Encode Jooki token |
hf jooki sim |
N | Simulate Jooki token |
hf iclass
{ ICLASS RFIDs... }
command | offline | description |
---|---|---|
hf iclass help |
Y | This help |
hf iclass dump |
N | Dump Picopass / iCLASS tag to file |
hf iclass info |
Y | Tag information |
hf iclass list |
Y | List iclass history |
hf iclass rdbl |
N | Read Picopass / iCLASS block |
hf iclass reader |
N | Act like a Picopass / iCLASS reader |
hf iclass restore |
N | Restore a dump file onto a Picopass / iCLASS tag |
hf iclass sniff |
N | Eavesdrop Picopass / iCLASS communication |
hf iclass wrbl |
N | Write Picopass / iCLASS block |
hf iclass chk |
N | Check keys |
hf iclass loclass |
Y | Use loclass to perform bruteforce reader attack |
hf iclass lookup |
Y | Uses authentication trace to check for key in dictionary file |
hf iclass sim |
N | Simulate iCLASS tag |
hf iclass eload |
N | Load Picopass / iCLASS dump file into emulator memory |
hf iclass esave |
N | Save emulator memory to file |
hf iclass eview |
N | View emulator memory |
hf iclass configcard |
Y | Reader configuration card |
hf iclass calcnewkey |
Y | Calc diversified keys (blocks 3 & 4) to write new keys |
hf iclass encode |
Y | Encode binary wiegand to block 7 |
hf iclass encrypt |
Y | Encrypt given block data |
hf iclass decrypt |
Y | Decrypt given block data or tag dump file |
hf iclass managekeys |
Y | Manage keys to use with iclass commands |
hf iclass permutekey |
Y | Permute function from 'heart of darkness' paper |
hf iclass view |
Y | Display content from tag dump file |
hf legic
{ LEGIC RFIDs... }
command | offline | description |
---|---|---|
hf legic help |
Y | This help |
hf legic dump |
N | Dump LEGIC Prime tag to binary file |
hf legic info |
N | Display deobfuscated and decoded LEGIC Prime tag data |
hf legic list |
Y | List LEGIC history |
hf legic rdbl |
N | Read bytes from a LEGIC Prime tag |
hf legic reader |
N | LEGIC Prime Reader UID and tag info |
hf legic restore |
N | Restore a dump file onto a LEGIC Prime tag |
hf legic wipe |
N | Wipe a LEGIC Prime tag |
hf legic wrbl |
N | Write data to a LEGIC Prime tag |
hf legic sim |
N | Start tag simulator |
hf legic eload |
N | Load binary dump to emulator memory |
hf legic esave |
N | Save emulator memory to binary file |
hf legic eview |
N | View emulator memory |
hf legic crc |
Y | Calculate Legic CRC over given bytes |
hf legic view |
Y | Display content from tag dump file |
hf lto
{ LTO Cartridge Memory RFIDs... }
command | offline | description |
---|---|---|
hf lto help |
Y | This help |
hf lto dump |
N | Dump LTO-CM tag to file |
hf lto info |
N | Tag information |
hf lto list |
Y | List LTO-CM history |
hf lto rdbl |
N | Read block |
hf lto reader |
N | Act like a LTO-CM reader |
hf lto restore |
N | Restore dump file to LTO-CM tag |
hf lto wrbl |
N | Write block |
hf mf
{ MIFARE RFIDs... }
command | offline | description |
---|---|---|
hf mf help |
Y | This help |
hf mf list |
Y | List MIFARE history |
hf mf darkside |
N | Darkside attack |
hf mf nested |
N | Nested attack |
hf mf hardnested |
Y | Nested attack for hardened MIFARE Classic cards |
hf mf staticnested |
N | Nested attack against static nonce MIFARE Classic cards |
hf mf autopwn |
N | Automatic key recovery tool for MIFARE Classic |
hf mf nack |
N | Test for MIFARE NACK bug |
hf mf chk |
N | Check keys |
hf mf fchk |
N | Check keys fast, targets all keys on card |
hf mf decrypt |
Y | [nt] [ar_enc] [at_enc] [data] - to decrypt sniff or trace |
hf mf supercard |
N | Extract info from a super card`` |
hf mf auth4 |
N | ISO14443-4 AES authentication |
hf mf acl |
Y | Decode and print MIFARE Classic access rights bytes |
hf mf dump |
N | Dump MIFARE Classic tag to binary file |
hf mf mad |
Y | Checks and prints MAD |
hf mf personalize |
N | Personalize UID (MIFARE Classic EV1 only) |
hf mf rdbl |
N | Read MIFARE Classic block |
hf mf rdsc |
N | Read MIFARE Classic sector |
hf mf restore |
N | Restore MIFARE Classic binary file to tag |
hf mf setmod |
N | Set MIFARE Classic EV1 load modulation strength |
hf mf value |
Y | Value blocks |
hf mf view |
Y | Display content from tag dump file |
hf mf wipe |
N | Wipe card to zeros and default keys/acc |
hf mf wrbl |
N | Write MIFARE Classic block |
hf mf sim |
N | Simulate MIFARE card |
hf mf ecfill |
N | Fill emulator memory with help of keys from emulator |
hf mf eclr |
N | Clear emulator memory |
hf mf egetblk |
N | Get emulator memory block |
hf mf egetsc |
N | Get emulator memory sector |
hf mf ekeyprn |
N | Print keys from emulator memory |
hf mf eload |
N | Load from file emul dump |
hf mf esave |
N | Save to file emul dump |
hf mf esetblk |
N | Set emulator memory block |
hf mf eview |
N | View emulator memory |
hf mf cgetblk |
N | Read block from card |
hf mf cgetsc |
N | Read sector from card |
hf mf cload |
N | Load dump to card |
hf mf csave |
N | Save dump from card into file or emulator |
hf mf csetblk |
N | Write block to card |
hf mf csetuid |
N | Set UID on card |
hf mf cview |
N | View card |
hf mf cwipe |
N | Wipe card to default UID/Sectors/Keys |
hf mf gen3uid |
N | Set UID without changing manufacturer block |
hf mf gen3blk |
N | Overwrite manufacturer block |
hf mf gen3freeze |
N | Perma lock UID changes. irreversible |
hf mf ggetblk |
N | Read block from card |
hf mf gload |
N | Load dump to card |
hf mf gsetblk |
N | Write block to card |
hf mf gview |
N | View card |
hf mf ndefformat |
N | Format MIFARE Classic Tag as NFC Tag |
hf mf ndefread |
N | Read and print NDEF records from card |
hf mf ndefwrite |
N | Write NDEF records to card |
hf mfp
{ MIFARE Plus RFIDs... }
command | offline | description |
---|---|---|
hf mfp help |
Y | This help |
hf mfp info |
N | Info about Mifare Plus tag |
hf mfp wrp |
N | Write Perso command |
hf mfp initp |
N | Fill all the card's keys in SL0 mode |
hf mfp commitp |
N | Move card to SL1 or SL3 mode |
hf mfp auth |
N | Authentication |
hf mfp rdbl |
N | Read blocks |
hf mfp rdsc |
N | Read sectors |
hf mfp wrbl |
N | Write blocks |
hf mfp chk |
N | Check keys |
hf mfp mad |
N | Check and print MAD |
hf mfp ndefread |
N | Read and print NDEF records from card |
hf mfu
{ MIFARE Ultralight RFIDs... }
command | offline | description |
---|---|---|
hf mfu help |
Y | This help |
hf mfu keygen |
Y | Generate 3DES MIFARE diversified keys |
hf mfu pwdgen |
Y | Generate pwd from known algos |
hf mfu otptear |
N | Tear-off test on OTP bits |
hf mfu cauth |
N | Authentication - Ultralight-C |
hf mfu dump |
N | Dump MIFARE Ultralight family tag to binary file |
hf mfu info |
N | Tag information |
hf mfu ndefread |
N | Prints NDEF records from card |
hf mfu rdbl |
N | Read block |
hf mfu restore |
N | Restore a dump onto a MFU MAGIC tag |
hf mfu view |
Y | Display content from tag dump file |
hf mfu wrbl |
N | Write block |
hf mfu eload |
N | Load Ultralight dump file into emulator memory |
hf mfu esave |
N | Save Ultralight dump file from emulator memory |
hf mfu eview |
N | View emulator memory |
hf mfu sim |
N | Simulate MIFARE Ultralight from emulator memory |
hf mfu setpwd |
N | Set 3DES key - Ultralight-C |
hf mfu setuid |
N | Set UID - MAGIC tags only |
hf mfdes
{ MIFARE Desfire RFIDs... }
command | offline | description |
---|---|---|
hf mfdes help |
Y | This help |
hf mfdes info |
N | Tag information |
hf mfdes getuid |
N | Get uid from card |
hf mfdes default |
N | Set defaults for all the commands |
hf mfdes auth |
N | MIFARE DesFire Authentication |
hf mfdes chk |
N | Check keys |
hf mfdes detect |
N | Detect key type and tries to find one from the list |
hf mfdes freemem |
N | Get free memory size |
hf mfdes setconfig |
N | Set card configuration |
hf mfdes formatpicc |
N | Format PICC |
hf mfdes list |
Y | List DESFire (ISO 14443A) history |
hf mfdes mad |
N | Prints MAD records / files from the card |
hf mfdes lsapp |
N | Show all applications with files list |
hf mfdes getaids |
N | Get Application IDs list |
hf mfdes getappnames |
N | Get Applications list |
hf mfdes bruteaid |
N | Recover AIDs by bruteforce |
hf mfdes createapp |
N | Create Application |
hf mfdes deleteapp |
N | Delete Application |
hf mfdes selectapp |
N | Select Application ID |
hf mfdes changekey |
N | Change Key |
hf mfdes chkeysettings |
N | Change Key Settings |
hf mfdes getkeysettings |
N | Get Key Settings |
hf mfdes getkeyversions |
N | Get Key Versions |
hf mfdes getfileids |
N | Get File IDs list |
hf mfdes getfileisoids |
N | Get File ISO IDs list |
hf mfdes lsfiles |
N | Show all files list |
hf mfdes dump |
N | Dump all files |
hf mfdes createfile |
N | Create Standard/Backup File |
hf mfdes createvaluefile |
N | Create Value File |
hf mfdes createrecordfile |
N | Create Linear/Cyclic Record File |
hf mfdes createmacfile |
N | Create Transaction MAC File |
hf mfdes deletefile |
N | Delete File |
hf mfdes getfilesettings |
N | Get file settings |
hf mfdes chfilesettings |
N | Change file settings |
hf mfdes read |
N | Read data from standard/backup/record/value/mac file |
hf mfdes write |
N | Write data to standard/backup/record/value file |
hf mfdes value |
N | Operations with value file (get/credit/limited credit/debit/clear) |
hf mfdes clearrecfile |
N | Clear record File |
hf mfdes test |
Y | Regression crypto tests |
hf ntag424
{ NXP NTAG 4242 DNA RFIDs... }
command | offline | description |
---|---|---|
hf ntag424 help |
Y | This help |
hf ntag424 info |
N | Tag information |
hf ntag424 sdm |
N | Prints NDEF records from card |
hf ntag424 view |
Y | Display content from tag dump file |
hf seos
{ SEOS RFIDs... }
command | offline | description |
---|---|---|
hf seos help |
Y | This help |
hf seos info |
N | Tag information |
hf seos list |
Y | List SEOS history |
hf st25ta
{ ST25TA RFIDs... }
command | offline | description |
---|---|---|
hf st25ta help |
Y | This help |
hf st25ta info |
N | Tag information |
hf st25ta list |
Y | List ISO 14443A/7816 history |
hf st25ta ndefread |
Y | read NDEF file on tag |
hf st25ta protect |
N | change protection on tag |
hf st25ta pwd |
N | change password on tag |
hf st25ta sim |
N | Fake ISO 14443A/ST tag |
hf thinfilm
{ Thinfilm RFIDs... }
command | offline | description |
---|---|---|
hf thinfilm help |
Y | This help |
hf thinfilm info |
N | Tag information |
hf thinfilm list |
Y | List NFC Barcode / Thinfilm history - not correct |
hf thinfilm sim |
N | Fake Thinfilm tag |
hf topaz
{ TOPAZ (NFC Type 1) RFIDs... }
command | offline | description |
---|---|---|
hf topaz help |
Y | This help |
hf topaz dump |
N | Dump TOPAZ family tag to file |
hf topaz list |
Y | List Topaz history |
hf topaz info |
N | Tag information |
hf topaz reader |
N | Act like a Topaz reader |
hf topaz sim |
N | Simulate Topaz tag |
hf topaz sniff |
N | Sniff Topaz reader-tag communication |
hf topaz raw |
N | Send raw hex data to tag |
hf topaz rdbl |
N | Read block |
hf topaz view |
Y | Display content from tag dump file |
hf topaz wrbl |
N | Write block |
hf texkom
{ Texkom RFIDs... }
command | offline | description |
---|---|---|
hf texkom help |
Y | This help |
hf texkom reader |
N | Act like a Texkom reader |
hf texkom sim |
N | Simulate a Texkom tag |
hf xerox
{ Fuji/Xerox cartridge RFIDs... }
command | offline | description |
---|---|---|
hf xerox help |
Y | This help |
hf xerox info |
N | Short info on Fuji/Xerox tag |
hf xerox reader |
N | Act like a Fuji/Xerox reader |
hf xerox dump |
N | Read all memory pages of an Fuji/Xerox tag, save to file |
hf waveshare
{ Waveshare NFC ePaper... }
command | offline | description |
---|---|---|
hf waveshare help |
Y | This help |
hf waveshare loadbmp |
N | Load BMP file to Waveshare NFC ePaper |
hw
{ Hardware commands... }
command | offline | description |
---|---|---|
hw help |
Y | This help |
hw break |
N | Send break loop usb command |
hw connect |
Y | Connect Proxmark3 to serial port |
hw dbg |
N | Set Proxmark3 debug level |
hw detectreader |
N | Detect external reader field |
hw fpgaoff |
N | Set FPGA off |
hw lcd |
N | Send command/data to LCD |
hw lcdreset |
N | Hardware reset LCD |
hw ping |
N | Test if the Proxmark3 is responsive |
hw readmem |
N | Read memory at decimal address from flash |
hw reset |
N | Reset the Proxmark3 |
hw setlfdivisor |
N | Drive LF antenna at 12MHz / (divisor + 1) |
hw setmux |
N | Set the ADC mux to a specific value |
hw standalone |
N | Jump to the standalone mode |
hw status |
N | Show runtime status information about the connected Proxmark3 |
hw tearoff |
N | Program a tearoff hook for the next command supporting tearoff |
hw tia |
N | Trigger a Timing Interval Acquisition to re-adjust the RealTimeCounter divider |
hw tune |
N | Measure antenna tuning |
hw version |
Y | Show version information about the client and the connected Proxmark3, if any |
lf
{ Low frequency commands... }
command | offline | description |
---|---|---|
lf help |
Y | This help |
lf config |
N | Get/Set config for LF sampling, bit/sample, decimation, frequency |
lf cmdread |
N | Modulate LF reader field to send command before read |
lf read |
N | Read LF tag |
lf search |
Y | Read and Search for valid known tag |
lf sim |
N | Simulate LF tag from buffer |
lf simask |
N | Simulate ASK tag |
lf simfsk |
N | Simulate FSK tag |
lf simpsk |
N | Simulate PSK tag |
lf simbidir |
N | Simulate LF tag (with bidirectional data transmission between reader and tag) |
lf sniff |
N | Sniff LF traffic between reader and tag |
lf tune |
N | Continuously measure LF antenna tuning |
lf awid
{ AWID RFIDs... }
command | offline | description |
---|---|---|
lf awid help |
Y | this help |
lf awid demod |
Y | demodulate an AWID FSK tag from the GraphBuffer |
lf awid reader |
N | attempt to read and extract tag data |
lf awid clone |
N | clone AWID tag to T55x7 or Q5/T5555 |
lf awid sim |
N | simulate AWID tag |
lf awid brute |
N | bruteforce card number against reader |
lf awid watch |
N | continuously watch for cards. Reader mode |
lf cotag
{ COTAG CHIPs... }
command | offline | description |
---|---|---|
lf cotag help |
Y | This help |
lf cotag demod |
Y | demodulate an COTAG tag |
lf cotag reader |
N | attempt to read and extract tag data |
lf destron
{ FDX-A Destron RFIDs... }
command | offline | description |
---|---|---|
lf destron help |
Y | This help |
lf destron demod |
Y | demodulate an Destron tag from the GraphBuffer |
lf destron reader |
N | attempt to read and extract tag data |
lf destron clone |
N | clone Destron tag to T55x7 |
lf destron sim |
N | simulate Destron tag |
lf em
{ EM CHIPs & RFIDs... }
command | offline | description |
---|---|---|
lf em help |
Y | This help |
lf em 410x
{ EM 4102 commands... }
command | offline | description |
---|---|---|
lf em 410x help |
Y | This help |
lf em 410x demod |
Y | demodulate a EM410x tag from the GraphBuffer |
lf em 410x reader |
N | attempt to read and extract tag data |
lf em 410x sim |
N | simulate EM410x tag |
lf em 410x brute |
N | reader bruteforce attack by simulating EM410x tags |
lf em 410x watch |
N | watches for EM410x 125/134 kHz tags |
lf em 410x spoof |
N | watches for EM410x 125/134 kHz tags, and replays them |
lf em 410x clone |
N | write EM410x Tag ID to T55x7 or Q5/T5555 tag |
lf em 4x05
{ EM 4205 / 4305 / 4369 / 4469 commands... }
command | offline | description |
---|---|---|
lf em 4x05 help |
Y | This help |
lf em 4x05 brute |
N | Bruteforce password |
lf em 4x05 chk |
N | Check passwords from dictionary |
lf em 4x05 demod |
Y | demodulate a EM4x05/EM4x69 tag from the GraphBuffer |
lf em 4x05 dump |
N | dump EM4x05/EM4x69 tag |
lf em 4x05 info |
N | tag information EM4x05/EM4x69 |
lf em 4x05 read |
N | read word data from EM4x05/EM4x69 |
lf em 4x05 sniff |
Y | Attempt to recover em4x05 commands from sample buffer |
lf em 4x05 unlock |
N | execute tear off against EM4x05/EM4x69 |
lf em 4x05 wipe |
N | wipe EM4x05/EM4x69 tag |
lf em 4x05 write |
N | write word data to EM4x05/EM4x69 |
lf em 4x50
{ EM 4350 / 4450 commands... }
command | offline | description |
---|---|---|
lf em 4x50 help |
Y | This help |
lf em 4x50 brute |
N | Simple bruteforce attack to find password |
lf em 4x50 chk |
N | Check passwords from dictionary |
lf em 4x50 dump |
N | Dump EM4x50 tag |
lf em 4x50 info |
N | Tag information |
lf em 4x50 login |
N | Login into EM4x50 tag |
lf em 4x50 rdbl |
N | Read EM4x50 word data |
lf em 4x50 reader |
N | Show standard read mode data |
lf em 4x50 restore |
N | Restore EM4x50 dump to tag |
lf em 4x50 wrbl |
N | Write EM4x50 word data |
lf em 4x50 wrpwd |
N | Change EM4x50 password |
lf em 4x50 wipe |
N | Wipe EM4x50 tag |
lf em 4x50 eload |
N | Upload EM4x50 dump to emulator memory |
lf em 4x50 esave |
N | Save emulator memory to file |
lf em 4x50 eview |
N | View EM4x50 content in emulator memory |
lf em 4x50 sim |
N | Simulate EM4x50 tag |
lf em 4x70
{ EM 4070 / 4170 commands... }
command | offline | description |
---|---|---|
lf em 4x70 help |
Y | This help |
lf em 4x70 info |
N | Tag information EM4x70 |
lf em 4x70 write |
N | Write EM4x70 |
lf em 4x70 unlock |
N | Unlock EM4x70 for writing |
lf em 4x70 auth |
N | Authenticate EM4x70 |
lf em 4x70 writepin |
N | Write PIN |
lf em 4x70 writekey |
N | Write Crypt Key |
lf fdxb
{ FDX-B RFIDs... }
command | offline | description |
---|---|---|
lf fdxb help |
Y | this help |
lf fdxb demod |
Y | demodulate a FDX-B ISO11784/85 tag from the GraphBuffer |
lf fdxb reader |
N | attempt to read at 134kHz and extract tag data |
lf fdxb clone |
N | clone animal ID tag to T55x7 or Q5/T5555 |
lf fdxb sim |
N | simulate Animal ID tag |
lf gallagher
{ GALLAGHER RFIDs... }
command | offline | description |
---|---|---|
lf gallagher help |
Y | This help |
lf gallagher demod |
Y | demodulate an GALLAGHER tag from the GraphBuffer |
lf gallagher reader |
N | attempt to read and extract tag data |
lf gallagher clone |
N | clone GALLAGHER tag to T55x7 |
lf gallagher sim |
N | simulate GALLAGHER tag |
lf gproxii
{ Guardall Prox II RFIDs... }
command | offline | description |
---|---|---|
lf gproxii help |
Y | this help |
lf gproxii demod |
Y | demodulate a G Prox II tag from the GraphBuffer |
lf gproxii reader |
N | attempt to read and extract tag data |
lf gproxii clone |
N | clone Guardall tag to T55x7 or Q5/T5555 |
lf gproxii sim |
N | simulate Guardall tag |
lf hid
{ HID Prox RFIDs... }
command | offline | description |
---|---|---|
lf hid help |
Y | this help |
lf hid demod |
Y | demodulate HID Prox tag from the GraphBuffer |
lf hid reader |
N | attempt to read and extract tag data |
lf hid clone |
N | clone HID tag to T55x7 |
lf hid sim |
N | simulate HID tag |
lf hid brute |
N | bruteforce card number against reader |
lf hid watch |
N | continuously watch for cards. Reader mode |
lf hitag
{ Hitag CHIPs... }
command | offline | description |
---|---|---|
lf hitag help |
Y | This help |
lf hitag eload |
N | Load Hitag dump file into emulator memory |
lf hitag list |
Y | List Hitag trace history |
lf hitag info |
N | Hitag2 tag information |
lf hitag reader |
N | Act like a Hitag reader |
lf hitag sim |
N | Simulate Hitag transponder |
lf hitag sniff |
N | Eavesdrop Hitag communication |
lf hitag writer |
N | Act like a Hitag writer |
lf hitag dump |
N | Dump Hitag2 tag |
lf hitag cc |
N | Test all challenges |
lf idteck
{ Idteck RFIDs... }
command | offline | description |
---|---|---|
lf idteck help |
Y | This help |
lf idteck demod |
Y | demodulate an Idteck tag from the GraphBuffer |
lf idteck reader |
N | attempt to read and extract tag data |
lf idteck clone |
N | clone Idteck tag to T55x7 or Q5/T5555 |
lf idteck sim |
N | simulate Idteck tag |
lf indala
{ Indala RFIDs... }
command | offline | description |
---|---|---|
lf indala help |
Y | This help |
lf indala brute |
N | Demodulate an Indala tag (PSK1) from the GraphBuffer |
lf indala demod |
Y | Demodulate an Indala tag (PSK1) from the GraphBuffer |
lf indala altdemod |
Y | Alternative method to demodulate samples for Indala 64 bit UID (option '224' for 224 bit) |
lf indala reader |
N | Read an Indala tag from the antenna |
lf indala clone |
N | Clone Indala tag to T55x7 or Q5/T5555 |
lf indala sim |
N | Simulate Indala tag |
lf io
{ ioProx RFIDs... }
command | offline | description |
---|---|---|
lf io help |
Y | this help |
lf io demod |
Y | demodulate an ioProx tag from the GraphBuffer |
lf io reader |
N | attempt to read and extract tag data |
lf io clone |
N | clone ioProx tag to T55x7 or Q5/T5555 |
lf io sim |
N | simulate ioProx tag |
lf io watch |
N | continuously watch for cards. Reader mode |
lf jablotron
{ Jablotron RFIDs... }
command | offline | description |
---|---|---|
lf jablotron help |
Y | This help |
lf jablotron demod |
Y | demodulate an Jablotron tag from the GraphBuffer |
lf jablotron reader |
N | attempt to read and extract tag data |
lf jablotron clone |
N | clone jablotron tag to T55x7 or Q5/T5555 |
lf jablotron sim |
N | simulate jablotron tag |
lf keri
{ KERI RFIDs... }
command | offline | description |
---|---|---|
lf keri help |
Y | This help |
lf keri demod |
Y | demodulate an KERI tag from the GraphBuffer |
lf keri reader |
N | attempt to read and extract tag data |
lf keri clone |
N | clone KERI tag to T55x7 or Q5/T5555 |
lf keri sim |
N | simulate KERI tag |
lf motorola
{ Motorola RFIDs... }
command | offline | description |
---|---|---|
lf motorola help |
Y | This help |
lf motorola demod |
Y | demodulate an MOTOROLA tag from the GraphBuffer |
lf motorola reader |
N | attempt to read and extract tag data |
lf motorola clone |
N | clone MOTOROLA tag to T55x7 |
lf motorola sim |
N | simulate MOTOROLA tag |
lf nedap
{ Nedap RFIDs... }
command | offline | description |
---|---|---|
lf nedap help |
Y | This help |
lf nedap demod |
Y | demodulate Nedap tag from the GraphBuffer |
lf nedap reader |
N | attempt to read and extract tag data |
lf nedap clone |
N | clone Nedap tag to T55x7 or Q5/T5555 |
lf nedap sim |
N | simulate Nedap tag |
lf nexwatch
{ NexWatch RFIDs... }
command | offline | description |
---|---|---|
lf nexwatch help |
Y | This help |
lf nexwatch demod |
Y | demodulate a NexWatch tag (nexkey, quadrakey) from the GraphBuffer |
lf nexwatch reader |
N | attempt to read and extract tag data |
lf nexwatch clone |
N | clone NexWatch tag to T55x7 |
lf nexwatch sim |
N | simulate NexWatch tag |
lf noralsy
{ Noralsy RFIDs... }
command | offline | description |
---|---|---|
lf noralsy help |
Y | This help |
lf noralsy demod |
Y | demodulate an Noralsy tag from the GraphBuffer |
lf noralsy reader |
N | attempt to read and extract tag data |
lf noralsy clone |
N | clone Noralsy tag to T55x7 or Q5/T5555 |
lf noralsy sim |
N | simulate Noralsy tag |
lf pac
{ PAC/Stanley RFIDs... }
command | offline | description |
---|---|---|
lf pac help |
Y | This help |
lf pac demod |
Y | demodulate a PAC tag from the GraphBuffer |
lf pac reader |
N | attempt to read and extract tag data |
lf pac clone |
N | clone PAC tag to T55x7 |
lf pac sim |
N | simulate PAC tag |
lf paradox
{ Paradox RFIDs... }
command | offline | description |
---|---|---|
lf paradox help |
Y | This help |
lf paradox demod |
Y | demodulate a Paradox FSK tag from the GraphBuffer |
lf paradox reader |
N | attempt to read and extract tag data |
lf paradox clone |
N | clone paradox tag |
lf paradox sim |
N | simulate paradox tag |
lf pcf7931
{ PCF7931 CHIPs... }
command | offline | description |
---|---|---|
lf pcf7931 help |
Y | This help |
lf pcf7931 reader |
N | Read content of a PCF7931 transponder |
lf pcf7931 write |
N | Write data on a PCF7931 transponder. |
lf pcf7931 config |
Y | Configure the password, the tags initialization delay and time offsets (optional) |
lf presco
{ Presco RFIDs... }
command | offline | description |
---|---|---|
lf presco help |
Y | This help |
lf presco demod |
Y | demodulate Presco tag from the GraphBuffer |
lf presco reader |
N | attempt to read and extract tag data |
lf presco clone |
N | clone presco tag to T55x7 or Q5/T5555 |
lf presco sim |
N | simulate presco tag |
lf pyramid
{ Farpointe/Pyramid RFIDs... }
command | offline | description |
---|---|---|
lf pyramid help |
Y | this help |
lf pyramid demod |
Y | demodulate a Pyramid FSK tag from the GraphBuffer |
lf pyramid reader |
N | attempt to read and extract tag data |
lf pyramid clone |
N | clone pyramid tag to T55x7 or Q5/T5555 |
lf pyramid sim |
N | simulate pyramid tag |
lf securakey
{ Securakey RFIDs... }
command | offline | description |
---|---|---|
lf securakey help |
Y | This help |
lf securakey demod |
Y | demodulate an Securakey tag from the GraphBuffer |
lf securakey reader |
N | attempt to read and extract tag data |
lf securakey clone |
N | clone Securakey tag to T55x7 |
lf securakey sim |
N | simulate Securakey tag |
lf ti
{ TI CHIPs... }
command | offline | description |
---|---|---|
lf ti help |
Y | This help |
lf ti demod |
Y | Demodulate raw bits for TI LF tag from the GraphBuffer |
lf ti reader |
N | Read and decode a TI 134 kHz tag |
lf ti write |
N | Write new data to a r/w TI 134 kHz tag |
lf t55xx
{ T55xx CHIPs... }
command | offline | description |
---|---|---|
lf t55xx help |
Y | This help |
lf t55xx clonehelp |
N | Shows the available clone commands |
lf t55xx config |
Y | Set/Get T55XX configuration (modulation, inverted, offset, rate) |
lf t55xx dangerraw |
N | Sends raw bitstream. Dangerous, do not use!! |
lf t55xx detect |
Y | Try detecting the tag modulation from reading the configuration block |
lf t55xx deviceconfig |
N | Set/Get T55XX device configuration |
lf t55xx dump |
N | Dump T55xx card Page 0 block 0-7 |
lf t55xx info |
Y | Show T55x7 configuration data (page 0/ blk 0) |
lf t55xx p1detect |
N | Try detecting if this is a t55xx tag by reading page 1 |
lf t55xx read |
N | Read T55xx block data |
lf t55xx resetread |
N | Send Reset Cmd then lf read the stream to attempt to identify the start of it |
lf t55xx restore |
N | Restore T55xx card Page 0 / Page 1 blocks |
lf t55xx trace |
Y | Show T55x7 traceability data (page 1/ blk 0-1) |
lf t55xx wakeup |
N | Send AOR wakeup command |
lf t55xx write |
N | Write T55xx block data |
lf t55xx bruteforce |
N | Simple bruteforce attack to find password |
lf t55xx chk |
N | Check passwords from dictionary/flash |
lf t55xx protect |
N | Password protect tag |
lf t55xx recoverpw |
N | Try to recover from bad password write from a cloner |
lf t55xx sniff |
Y | Attempt to recover T55xx commands from sample buffer |
lf t55xx special |
N | Show block changes with 64 different offsets |
lf t55xx wipe |
N | Wipe a T55xx tag and set defaults (will destroy any data on tag) |
lf viking
{ Viking RFIDs... }
command | offline | description |
---|---|---|
lf viking help |
Y | This help |
lf viking demod |
Y | demodulate a Viking tag from the GraphBuffer |
lf viking reader |
N | attempt to read and extract tag data |
lf viking clone |
N | clone Viking tag to T55x7 or Q5/T5555 |
lf viking sim |
N | simulate Viking tag |
lf visa2000
{ Visa2000 RFIDs... }
command | offline | description |
---|---|---|
lf visa2000 help |
Y | This help |
lf visa2000 demod |
Y | demodulate an VISA2000 tag from the GraphBuffer |
lf visa2000 reader |
N | attempt to read and extract tag data |
lf visa2000 clone |
N | clone Visa2000 tag to T55x7 or Q5/T5555 |
lf visa2000 sim |
N | simulate Visa2000 tag |
mem
{ Flash memory manipulation... }
command | offline | description |
---|---|---|
mem help |
Y | This help |
mem baudrate |
N | Set Flash memory Spi baudrate |
mem dump |
N | Dump data from flash memory |
mem info |
N | Flash memory information |
mem load |
N | Load data to flash memory |
mem wipe |
N | Wipe data from flash memory |
mem spiffs
{ SPI File system }
command | offline | description |
---|---|---|
mem spiffs help |
Y | This help |
mem spiffs copy |
N | Copy a file to another (destructively) in SPIFFS file system |
mem spiffs check |
N | Check/try to defrag faulty/fragmented file system |
mem spiffs dump |
N | Dump a file from SPIFFS file system |
mem spiffs info |
N | Print file system info and usage statistics |
mem spiffs mount |
N | Mount the SPIFFS file system if not already mounted |
mem spiffs remove |
N | Remove a file from SPIFFS file system |
mem spiffs rename |
N | Rename/move a file in SPIFFS file system |
mem spiffs test |
N | Test SPIFFS Operations |
mem spiffs tree |
N | Print the Flash memory file system tree |
mem spiffs unmount |
N | Un-mount the SPIFFS file system |
mem spiffs upload |
N | Upload file into SPIFFS file system |
mem spiffs view |
N | View file on SPIFFS file system |
mem spiffs wipe |
N | Wipe all files from SPIFFS file system * dangerous * |
nfc
{ NFC commands... }
command | offline | description |
---|---|---|
nfc help |
Y | This help |
nfc decode |
Y | Decode NDEF records |
nfc type1
{ NFC Forum Tag Type 1... }
command | offline | description |
---|---|---|
nfc type1 read |
N | read NFC Forum Tag Type 1 |
nfc type1 help |
Y | This help |
nfc type2
{ NFC Forum Tag Type 2... }
command | offline | description |
---|---|---|
nfc type2 read |
N | read NFC Forum Tag Type 2 |
nfc type2 help |
Y | This help |
nfc type4a
{ NFC Forum Tag Type 4 ISO14443A... }
command | offline | description |
---|---|---|
nfc type4a format |
N | format ISO-14443-a tag as NFC Tag |
nfc type4a read |
N | read NFC Forum Tag Type 4 A |
nfc type4a write |
N | write NFC Forum Tag Type 4 A |
nfc type4a st25taread |
N | read ST25TA as NFC Forum Tag Type 4 |
nfc type4a help |
Y | This help |
nfc type4b
{ NFC Forum Tag Type 4 ISO14443B... }
command | offline | description |
---|---|---|
nfc type4b read |
N | read NFC Forum Tag Type 4 B |
nfc type4b help |
Y | This help |
nfc mf
{ NFC Type MIFARE Classic/Plus Tag... }
command | offline | description |
---|---|---|
nfc mf cformat |
N | format MIFARE Classic Tag as NFC Tag |
nfc mf cread |
N | read NFC Type MIFARE Classic Tag |
nfc mf cwrite |
N | write NFC Type MIFARE Classic Tag |
nfc mf pread |
N | read NFC Type MIFARE Plus Tag |
nfc mf help |
Y | This help |
nfc barcode
{ NFC Barcode Tag... }
command | offline | description |
---|---|---|
nfc barcode read |
N | read NFC Barcode |
nfc barcode sim |
N | simulate NFC Barcode |
nfc barcode help |
Y | This help |
reveng
{ CRC calculations from RevEng software... }
[=] reveng: no mode switch specified. Use reveng -h for help.
smart
{ Smart card ISO-7816 commands... }
command | offline | description |
---|---|---|
smart help |
Y | This help |
smart list |
Y | List ISO 7816 history |
smart info |
N | Tag information |
smart reader |
N | Act like an IS07816 reader |
smart raw |
N | Send raw hex data to tag |
smart upgrade |
Y | Upgrade sim module firmware |
smart setclock |
N | Set clock speed |
smart brute |
N | Bruteforce SFI |
script
{ Scripting commands... }
command | offline | description |
---|---|---|
script help |
Y | This help |
script list |
Y | List available scripts |
script run |
Y | <name> - execute a script |
trace
{ Trace manipulation... }
command | offline | description |
---|---|---|
trace help |
Y | This help |
trace extract |
Y | Extract authentication challenges found in trace |
trace list |
Y | List protocol data in trace buffer |
trace load |
Y | Load trace from file |
trace save |
Y | Save trace buffer to file |
usart
{ USART commands... }
command | offline | description |
---|---|---|
usart help |
Y | This help |
usart btpin |
N | Change BT add-on PIN |
usart btfactory |
N | Reset BT add-on to factory settings |
usart tx |
N | Send string over USART |
usart rx |
N | Receive string over USART |
usart txrx |
N | Send string over USART and wait for response |
usart txhex |
N | Send bytes over USART |
usart rxhex |
N | Receive bytes over USART |
usart config |
N | Configure USART |
wiegand
{ Wiegand format manipulation... }
command | offline | description |
---|---|---|
wiegand help |
Y | This help |
wiegand list |
Y | List available wiegand formats |
wiegand encode |
Y | Encode to wiegand raw hex (currently for HID Prox) |
wiegand decode |
Y | Convert raw hex to decoded wiegand format (currently for HID Prox) |
Full help dump done.