Handy Dandy Tips and Tricks

I thought it might be Handy Dandy to have a place for those little tips and tricks that may not be common knowledge.

Things that make our implanted life just a little easier

I would ask that people don’t ask questions in this thread

Just read or post your Tips and Tricks and move on…

I’ll let it fill up a bit and then probably seperate it up into a “Proxmark Tips and tricks” Thread and “Other Tips and tricks”

5 Likes

Proxmark add a delay to Proxmark3 commands

@Amal

add a delay to Proxmark3 commands for implantees

1 Like

Proxmark issue several commands

@Jirvin

1 Like

2-to-3-different-em41xx-on-a-single-t5577

@anon3825968

1 Like

ProxMark ERROR

plugged in on the short side of the device orange and green lights stay lit until after the error message comes up

Orange and green… might be something with the bootloader. Unplug… hold button in and plug in… keep holding the button… after com port shows up, fun pm3-flash-all and let it update again. After it’s finished updating it will reboot… keep holding the button until you get the rainbow flashy LEDs that indicate headless operation, then unplug… wait… plug back in and use normally
@amal

1 Like

Write NDEF to Mifare Classic

Smallified so you dont have to scroll as far when browsing this thread
clause

This may not work on all phones, but from testing Samsung Androids I have had success.

I am unsure if it works on iPhones

Open NXP TagWriter
:logo_nxp_tagwriter:

you can skip the first two steps if you want

Try to read your Magic Mifare 1k

It will prompt to format

Do this

Then This

If you get this…

you can then write something like this

Now you can Rick Roll people with your Mifare Classic implants also

:x_ray_hand:

Boring data sheet reference

AN1305.pdf

:logo_nxp:

1 Like

Google authentication with Spark2

@pips

1 Like

DT Forum App

If you want a cleaner and better forum browsing experience but you dismissed the option when you first visited the forum, simply clear your cookies, log back in and follow the prompts

Screenshot_20211028-224253_One UI Home

4 Likes

PROXMARK Remove Blue Cloner Password
:blue_cloner:

There are a couple of approaches to this, but for simplicity sake, I will post the one I THINK is the easiest

Wipe the implant / fob / card back to T5577 using the password, something like this:-

lf t5 wipe --p 51243648

Then write the new mode to it as per Proxmark instructions ( Found elsewhere )

Thanks @TomHarkness for the Blue Cloner Password

1 Like

Use the KBR1 with Windows a bit more seamlessly

1 Like

.pdf Repository

Kinda speaks for itself…Just a link to the thread

2 Likes

PROXMARK3 Abridged setup

Amal has done a bang-up and thorough job of a walk-through for setting up a Proxmark from scratch.
His thread explains ALL the what where and whys, and is worth a read if you want to understand what you are doing

Here

Getting started with the proxmark3 easy

…If you just want to get up and running, this might be for you

Open for Guide

I thought I would throw together a “quick guide” using his steps.
If you have any issues, go back through his guide ( Sometimes short cuts lead to long cuts )
I wrote this as I did a clean build and it worked, so if you do the same, you SHOULD get the same results

2 Parts - Environment Set Up - Proxmark Set Up

**Environment SetUp**
  • Get the latest environment from here (download the ProxSpace.7z file.)
    Getting started with the proxmark3 easy

  • Must use 7zip to extract ( Extract to root level folder C:\ProxSpace for example )
    Download

  • Open and run runme64.bat

  • Wait a while
    If you get a green
    pm3 ~$
    You are good to go for the next step

  • copy this
    git clone https://github.com/RfidResearchGroup/proxmark3.git

  • right-click - it should automatically paste for you Hit Enter

  • Wait a while
    If you get a green
    pm3 ~$
    You are good to go for the next step

  • We now change directory with the command
    cd proxmark3

  • You should now have this new line
    pm3 ~/proxmark3$

  • Blah blah blah omission blah reasons blah don’t worry why blah next step…

  • If you are using Proxmark3 RDV4 you can skip this step
    If you are using Proxmark3 Easy…Copy this
    notepad Makefile.platform

You will see something like this ( Thanks Amal )

Change this ( just move the # )
PLATFORM=PM3RDV4
#PLATFORM=PM3GENERIC

to this
#PLATFORM=PM3RDV4
PLATFORM=PM3GENERIC

File - Save - Close

  • Next big step and welcome back RDV4 owners, this is for you also
    make clean && make all
    wait a while
    When it finishes
**Proxmark3 SetUp**

Plug in your Proxmark3 :pm3_easy: or :pm3_rdv4: We are almost there…

  • ./pm3-flash-bootrom

  • ./pm3-flash-fullimage

  • pm3

  • hw tune

Future Updates

( Thanks to @TheCyborgFirefighter and @Zwack ORIGINAL POST )

  • cd proxmark3
  • git pull
  • make clean && make all
  • ./pm3-flash-bootrom
  • ./pm3-flash-fullimage
  • pm3
  • hw tune
4 Likes

SUPER DUPER SHORTENED PROXMARK3 SET UP

Open for Guide
  • download the ProxSpace.7z file from Releases · Gator96100/ProxSpace · GitHub

  • Must use 7zip to extract ( Extract to root level folder C:\ProxSpace for example )
    Download

  • Open and run runme64.bat

  • git clone https://github.com/RfidResearchGroup/proxmark3.git

  • cd proxmark3

  • Proxmark3 Easy ONLY
    notepad Makefile.platform

Change to this ( just move the # )

#PLATFORM=PM3RDV4
PLATFORM=PM3GENERIC

File - Save - Close

  • make clean && make all

Plug in your Proxmark3

  • ./pm3-flash-bootrom

  • ./pm3-flash-fullimage

  • pm3

:boom: BOOM - And we are done

Future Updates

( Thanks to @TheCyborgFirefighter and @Zwack ORIGINAL POST )

  • cd proxmark3
  • git pull
  • make clean && make all
  • ./pm3-flash-bootrom
  • ./pm3-flash-fullimage
  • pm3
  • hw tune
4 Likes

Newer version of Proxmark3 EASY: Standalone mode and what the lights indicate!

  • = - = - = - =- = - = - = - =- = - = - = - =- = - = - = - =- = - = - = - =

Hold button 2 seconds – blue/amber/red/green indicator lights flash in sequence and it puts the PM3 EASY into standalone mode; all colored indicator lights go back off. (If you have it connected to the computer, you will be able to follow along on screen.)

#1. Short press – green light stays on, red light blinks. It is looking for an LF HID tag to read into “green” memory slot. When exposed to readable tag, red light goes out and green light flashes, indicating successful read, then both lights go off. If you press the button before a successful read, green light blinks 5 times and PM3 goes into standby mode. Single press here while in standby mode will put it back into #1.

#2. Short press – orange light stays on, indicating simulating previously read HID

#3. Short press – orange and green lights flash one time, then go out, indicating simulating done

#4. Short press – red and green lights blink while cloning previously read HID, then lights go out when done.

#5. Short press – blue light comes on, red light blinks. It is looking for another LF HID tag to put into “blue” memory slot. When exposed to readable tag, red light goes out and blue light flashes, indicating successful read, then all lights go off. If you press the button before a successful read, blue light blinks 5 times and PM3 goes into standby mode. Single press here while in standby mode will put it back into #5.

#6. Short press – orange light stays on, indicating simulating most recently read HID

#7. Short press – orange and blue lights flash one time, then go out, indicating simulating done

#8. Short press – red/green/blue blink while cloning most recently read HID, then lights go out when done.

CYCLE COMPLETE… next short press goes back to #1.

4 Likes

RECOVERY FROM A “BRICKED” HF MAGIC MIFARE GEN-2

If you can’t use or modify your hf magic mifare Gen 2 chip or card (or in my case Magic Ring that I thought I’d killed) because you’ve written bad data to block zero (such as mis-typing data that doesn’t match the checksum) and you get a “BCC0 incorrect” error with “No known/supported 13.56 MHz tags found”, there’s hope! Using your Proxmark3, try this for a 4-byte UID:

hf 14a config --atqa force --bcc ignore --cl2 skip --rats skip

or this for a 7 byte UID:
hf 14a config --atqa force --bcc ignore --cl2 force --cl3 skip --rats skip

From there you should be able to do a hf search and see the device again without serious error.

I suggest that you then write a known good sequence to Block 0. If yours is a 1K chip with a 4-byte UID, an example would be::
hf mf wrbl --blk 0 -k FFFFFFFFFFFF -d 11223344440804006263646566676869 – force

From there you should have a readable 1K Gen2 ring, card, or chip and be able to write to it again.

There’s a good reference at THIS PAGE and it includes alternatives if you have a 4K chip and/or a 7-byte UID.

5 Likes