-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Standalone mode
The most curious concept of Proxmark3 is standalone mode.
If you can power your device from battery, you can run small modules from the PM3 itself, without needing a computer running the PM3 client.
These modules are usually limited to a single function, eg: "read and emulate a Legic Prime RFID tag". This also means the user interface is limited to the LEDs and the button:
| LEDS | BUTTON PRESS |
|---|---|
| 4 leds (A,B,C,D) | short, long or multiple (twice) |
All standalone modes use this differently, and it is hard to figure out what is what. Looking at the source code for each mode generally helps!
To enter the currently flashed standalone mode, press and hold the button until the LEDs play a short animation.
Warning: all standalone modes that target generic PM3 devices will lose data on power loss (or if the battery goes flat). Standalone modes that take advantage of RDV4-specific features can overcome this by storing data to flash.
For any iceman based repo the current most popular public standalone modes is quite easy to compile and install.
In this repo its even easier than before. The default standalone mode is HF_MSDSAL.
Table of built-in standalone modes:
| Module | Description | Author | Device target |
|---|---|---|---|
| LF_SKELETON | Standalone mode skeleton | Iceman1001 | All |
| LF_EM4100EMUL | Simulate predefined EM4100 tags | Artyom Gnatyuk | All |
| LF_EM4100RSWB | Read/simulate/brute/clone EM4100 tags | Monster1024 | All |
| LF_EM4100RWC | Read/simulate/clone EM4100 tags | Artyom Gnatyuk | All |
| LF_HIDBRUTE | HID corporate 1000 bruteforce | Federico dotta & Maurizio Agazzini | All |
| LF_ICEHID | LF HID / IOprox / AWID / EM4100 collector to flashmem | Iceman1001 | RDV4 |
| LF_PROXBRUTE | HID ProxII bruteforce | Brad Antoniewicz | All |
| LF_SAMYRUN | HID26 read/clone/sim | Samy Kamkar | All |
| HF_14ASNIFF | HF 14a sniff to flashmem | Michael Farrell | RDV4 |
| HF_AVEFUL | MIFARE Ultralight read/simulation | Ave Ozkal | All |
| HF_BOG | HF 14a sniff ULC/ULEV1/NTAG auth to flashmem | Bogito | RDV4 |
| HF_COLIN | MIFARE ultra fast sniff/sim/clone to flashmem | Colin Brigato | RDV4 |
| HF_ICECLASS | iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem | Iceman1001 | RDV4 |
| HF_LEGIC | Read/simulate Legic Prime tags (RDV4: + save to flashmem) | Stefanie Hofmann & Uli Heilmeier | All / RDV4 * |
| HF_MATTYRUN | MIFARE sniff/clone | Matías A. Ré Medina | All |
| HF_MSDSAL | (default) Read and emulate MSD Visa cards | Salvador Mendoza | All |
| HF_TCPRST | IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation | Nick Draffen | Yes |
| HF_YOUNG | MIFARE sniff/simulation | Craig Young | Yes |
Warning: some standalone modes takes advantage of RDV4 specific features, which may not work on non-RDV4 devices. You will most likely need to read the source code to understand what is supported.
The standalone module can be switched in the file Makefile.platform. Only one standalone module can be chosen at a time.
-
Copy
Makefile.platform.sampletoMakefile.platform -
Edit the
STANDALONEvariable insideMakefile.platform. You need to uncomment it and chose a standalone mode. For example:PLATFORM=PM3RDV4 #PLATFORM_EXTRAS=BTADDON STANDALONE=LF_EM4100RWC
After changing your standalone mode, don't forget to build and flash the code to the Proxmark3:
make cleanmake -j./pm3-flash-fullimage
See: https://github.com/RfidResearchGroup/proxmark3/blob/master/armsrc/Standalone/readme.md
Some members of our community have produced text and video walk-throughs of these modules:
- @Hacker warehouse did a nice video on youtube.
- Troy also has a nice image of the leds for LF_SAMYRUN.
- TinkerSec blogged about HID Prox badge cloning.
- Iceman, made walk-through videos of the HF_LEGIC and HF_ICECLASS modules.
- quentynblog made a video about the HF_TCPRST (IKEA Rothult) standalone module.
Learn the tools of the trade the hard way +Fravia