Date invented | 2007 |
---|---|
FPGA | Xilinix Spartan®-II |
Processor | Atmel AT91SAM7S256 |
Memory | 256Kb flash |
Proxmark3 is a a RFID analysis open source hardware platform designed to operate with low and high frequency systems at 125 kHz, 134 kHz and 13.56 MHz. It was originally created as a PHD project by Jonathan Westhues as an instrument for the research of RFID systems.
Applications
editProxmark3 platform is used for analysis and interaction with various systems operating at 125 kHz, 134 kHz and 13.56 MHz e.g. cloning, copying and emulating differnt types of cards and tags[1]. It simplified the work of the researchers in security analysis of near-field communication[2], reverse engineering[3] and cryptography.[4]
Not only it has found its use in academic research, product development and penetration testing, but also created a strong community, which was able to continue to develop and maintain the project over the years due to the unchanging architecture used across several hardware revisions.[5]
Principles of operation
editA simplified functional diagram of Proxmark3 is given in figure below. The antenna connector has four connection pins. Two of them are used to connect a high frequency (HF) antenna. Emission paths and high-frequency receiver are connected in parallel to these two pins. The two others pins are used in the same way with a low-frequency (LF) antenna and paths low-frequency transmission and reception.
In operation, only two pins are connected to an antenna. On each of the reception paths, a possible radio-frequency signal arrives from the connector and then passes through a demodulating circuit. The choice between high-frequency and low-frequency is made by a multiplexer which selects the output of one of the two demodulation circuits. The signal is then digitized on 8 bits by the analog-to-digital converter, the output of which is connected to the FPGA. For transmission, the FPGA sends a signal to one of the two amplifier circuits which then relays it to the antenna connector.
The FPGA helps to lighten the treatment microcontroller which could be overwhelmed by signal processing, especially at 13.56 MHz. The FPGA code consists of a main file and several auxiliary files each containing a module. The main file implements the reception of commands sent by the ARM microcontroller. In the command sent by the microcontroller.
Proxmark3 community
editThe original hardware design was created before the microcontrollers became capable of providing the the high-bandwidth signal processing required by the RFID protocols. Therefore Proxmark3 had a split-architecture of a microcontroller with the high-level functionality while an FPGA used for the heavy lifting[6]. Therefore most of the the signal processing is performed in software. This fact allows the strong community of enthusiasts[7] to reconfigure the device for different modulation schemes and contribute to further enhancing the Proxmark3 project. The official repository of the volonteers is based on GitHub.[8]
The latest hardware revision of the Proxmark 3 Platform presented on BlackAlps cyber security conference in 2018[9] was designed by the moderators of the proxmark forums Chris Hermann (iceman), Kevin Barker (0xFFFF) and others.
Comparison of existing versions
editProxmark 3 | Proxmark 3 RDV 2 | Proxmark 3 Easy | Proxmark 3 EVO | Proxmark 3 RDV4 | |
---|---|---|---|---|---|
CPU | AT91SAM7S512 | AT91SAM7S512 | AT91SAM7S256 | AT91SAM7S512 | SAM7S512 |
Storage | 512Kb SPI flash | 512Kb SPI flash | 256Kb SPI flash | External 2MBits / 512Kb SPI flash | External 2MBits / 256Kb SPI flash |
Interface | 1x mode LEDs, 1x button | 4x mode LEDs, 1x button | 4x mode LEDs, 1x button | 1x RGB LED, 1x button | 4x power LEDs, 4x mode LEDs, 1x button |
Antennas | LF and HF
Untuned, Internal |
LF and HF
Pretuned, Removable |
LF Attached
HF Integrated |
LF and HF
Pretuned, Internal |
LF (125KHz): 70mm @ 65V
HF (13.56MHz): 88mm @ 44V |
- ^ "A Test Instrument for HF/LF RFID". cq.cx. Retrieved 2021-05-03.
- ^ Security Analysis of Near-Field Communication (NFC) Payments Dennis Giese, Kevin Liu, Michael Sun, Tahin Syed, Linda Zhang May 16, 2018
- ^ "Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT".
{{cite web}}
: CS1 maint: url-status (link) - ^ Gans, Gerhard de Koning; Hoepman, Jaap-Henk; Garcia, Flavio D. (2008-06-26). "A Practical Attack on the MIFARE Classic". arXiv:0803.2285 [cs].
- ^ "Proxmark 3 | Proxmark". proxmark.com. Retrieved 2021-05-03.
- ^ "Proxmark/proxmark3". GitHub. Retrieved 2021-05-03.
- ^ "Proxmark/proxmark3". GitHub. Retrieved 2021-05-04.
- ^ Proxmark/proxmark3, Proxmark, 2021-05-04, retrieved 2021-05-04
- ^ BlackAlps 2018: Unlocking Secrets Of The Proxmark3 RDV4.0 - Christian Herrmann And Kevin Barker, retrieved 2021-05-04