Proxmark 3 Easy Clone Hangs when Emulating HID iClass

ChocolateKid · February 1, 2026, 8:41am

Hey all! I’ve been perusing through this forum for the last couple of weeks and really loved reading about all this stuff here. I want to start off by saying I am definitely a beginner in the field, so let me know if I have any large misunderstandings.

I bought the Proxmark 3 Easy with the understanding that it was the best and most general device that could read, clone, and specifically emulate cards all from one device.

Unfortunately when trying to clone HID iClass I ran into a bunch of trouble and wanted to highlight my debugging steps here.

After running hf search to which i confirmed valid iCLASS tag / PicoPass tag found, I found the default key worked to dump the card’s memory hf iclass dump --ki 0. I then ran hf iclass eload -f hf-iclass-B12FAE14FEFF12E0-dump.bin to store the info.

Finally I ran this.

[usb] pm3 --> hf iclass sim -t 3

[=] Starting iCLASS simulation

[=] Press `pm3 button` to abort

[?] Hint: Try `hf iclass esave -h` to save the emulator memory to file

[usb] pm3 -->

Immediately it prompted me for a new command. The red LED flashed for a half second when i ran the command but that’s about it. Just in case it was emulating in the background I tried it with my reader which did showed a quick red light (incorrect).

Note that when I run -t 2 I got this output (although it still didn’t work with my reader). Leading me to think it needs the full emulation.

[usb] pm3 --> hf iclass sim -t 2

[=] Starting iCLASS sim 2 attack (elite mode)

[=] Press <Enter> to abort

[#] CSN: 0c .... e0 OK

[#] CSN: 10 .... e0 OK

[#] CSN: 13 .... e0 OK

[#] CSN: 07 .... e0 OK

In both situations though after trying to abort, it always timed out. After running this I would see the following

[usb] pm3 --> hw status

[!] ⚠️  Status command timeout. Communication speed test timed out

Which could only be fixed by a power cycle or pressing the pm3 button.

Doing some debugging I ran this, which showed me that my HF antenna has pretty low voltage compared to what it should have.

[usb] pm3 --> hw tune


[=] -------- LF Antenna ----------

[+] 125.00 kHz ........... 31.42 V

[+] 134.83 kHz ........... 17.18 V

[+] 122.45 kHz optimal.... 33.88 V

[+] 

[+] Approx. Q factor measurement

[+] Frequency bandwidth... 8.7

[+] Peak voltage.......... 9.8

[+] LF antenna............ ok



[=] -------- HF Antenna ----------

[+] 13.56 MHz............. 15.95 V

[+] 

[+] Approx. Q factor measurement

[+] Peak voltage.......... 4.6

[+] HF antenna ( ok )



[=] -------- LF tuning graph ------------

[+] Orange line - divisor 95 / 125.00 kHz

[+] Blue line - divisor   88 / 134.83 kHz


[=] Q factor must be measured without tag on the antenna

My final hypotheses are either:

The simulation isn’t working because it’s a bad quality clone.
It is simulating, but I copied the card in the wrong way, thus it’s not working in my reader.
The low voltage HF antenna is the problem.

I would love to get thoughts on this . the reason I want to emulate is that I don’t want to find a Picopass2k card, as I feel like they’re really hard to come by and I think I can only really find them on eBay plus, they are generally expensive and can only be written to once from my understanding.

amal · February 1, 2026, 8:55am

Whenever there is strange behavior the first thing to check is the very first screen that loads when you run the pm3 client. It will output a bunch of info, specifically client version, bootloader version z and firmware image version. Can you screenshot or paste the text of that screen?

ChocolateKid · February 1, 2026, 5:54pm

Ah good point.



./pm3[=] Session log /Users/krishshah/.proxmark3/logs/log_20260201175305.txt[+] 
loaded /Users/krishshah/.proxmark3/preferences.json[+] 
Using UART port /dev/tty.usbmodemiceman1[+] 
Communicating with PM3 over USB-CDC

[ I have received a coded signal! ☕ ]

[ Proxmark3 ]
MCU....... AT91SAM7S512 Rev B
Memory.... 512 KB ( 71% used )
Target.... PM3 GENERIC

Client.... Iceman/master/v4.20728-316-g04bbd0334-dirty 2026-01-31 15:06:15
Bootrom... Iceman/master/v4.20728-316-g04bbd0334-dirty-suspect 2026-01-31 15:06:11 481b15240
OS........ Iceman/master/v4.20728-316-g04bbd0334-dirty-suspect 2026-01-31 15:06:13 481b15240


[usb] pm3 --> hw version

 [ Proxmark3 ]

 [ Client ]
  Iceman/master/v4.20728-316-g04bbd0334-dirty-suspect 2026-01-31 15:06:15 481b15240
  Compiler.................. Clang/LLVM Apple LLVM 17.0.0 (clang-1700.6.3.2)
  Platform.................. OSX / aarch64
  Readline support.......... present
  QT GUI support............ present
  Native BT support......... absent
  Python script support..... present ( 3.14.2 )
  Python SWIG support....... present
  Lua script support........ present ( 5.4.7 )
  Lua SWIG support.......... present

 [ Model ]
  Firmware.................. PM3 GENERIC

 [ ARM ]
  Bootrom.... Iceman/master/v4.20728-316-g04bbd0334-dirty-suspect 2026-01-31 15:06:11 481b15240
  OS......... Iceman/master/v4.20728-316-g04bbd0334-dirty-suspect 2026-01-31 15:06:13 481b15240
  Compiler... GCC 13.3.1 20240614

 [ FPGA ] 
 fpga_pm3_hf.ncd image 2s30vq100 31-01-2026 14:47:37
 fpga_pm3_lf.ncd image 2s30vq100 31-01-2026 14:47:37
 fpga_pm3_felica.ncd image 2s30vq100 31-01-2026 14:47:37
 fpga_pm3_hf_15.ncd image 2s30vq100 31-01-2026 14:47:37

 [ Hardware ]
  --= uC: AT91SAM7S512 Rev B
  --= Embedded Processor: ARM7TDMI
  --= Internal SRAM size: 64K bytes
  --= Architecture identifier: AT91SAM7Sxx Series
  --= Embedded flash memory 512K bytes ( 71% used )

amal · February 1, 2026, 7:30pm

Hmm. Looks good to me.

@Iceman do you know if this is a known issue in the current release?

Alternatively this may also be a problem with the hardware. There is a known sim bug that has to do with simulation but I can’t remember if it’s LF or HF that borks.