I’ve been seeing a lot of posts about issues setting up the Proxmark 3 Easy on various platforms (seems that Mac users have it the hardest).
I’m curious as to what people’s experiences (if any) have been with trying to run it in a container (Docker/Podman), and if that might be a worthwhile alternative.
The Iceman Fork documentation has some links to Docke Hub containers, but it looks like they haven’t been updated in many years.
I have a Proxmark 3 Easy that I bought a couple of years ago. I set it up in Windows and didn’t have any issues. But that was several clean installs ago and I’m going to set it up again soon and thought I might try doing a Debian install in a container running on Windows 10 instead.
Docker Desktop and WSL2 have come a long way in usability and instillation simplicity in the past few years. I imagine there might be some issues around serial pass-through, but I’ve used Docker with other serial-attached hardware before (thank you privileged mode).
Any other big-ticket issues/concerns that might make this fool’s errand?
I don’t have experience with the proxmark3 in docker specifically, but I do have docker containers that use local USB devices which are passed through using the device flag (well, device section if you’re using compose) to the containers as StacyHunter mentioned above.
I took a look at the images up on docker hub for the iceman fork and they seem to be forwarding all devices connected to the host in the examples given by passing the flag -v /dev:/dev and running in privileged mode. It’s not the best approach security wise, better off using the --device flag to pass just the device(s) you need and adjusting the groups which the user running within the container has access to (typically tty or dialout on *nix for these).
Windows hosts might be a bit trickier since they aren’t *nix, and I don’t have much experience with docker there so not really sure what would be involved to pass through devices. WSL might make this easier tho.
I’ll give it a try this weekend or next. I’m hoping I can get the pass-through to work somewhat natively on Windows and Linux (I don’t have a Mac to test on), since that would make the setup process easier for others. More of a “run it and go” kind of thing.
I decided to give it a shot and I was able to get it to work on a linux host. I need to tinker with it some more but I was able to build the code in the container, flash the proxmark, and do some basic actions with it (read and dump an amiibo). I don’t think this would work as is under Windows due to the differences in how OSs handle devices, but I might revisit that after I get this docker image a bit more automated.
The build will install the reqs (tho a slimmed down list), pull the github repo, compile it, and install the commands in the container.
I was originally having issues with the commands if I didn’t explicitly pass the serial port in the command, but now all the commands seems pretty happy after adding in the device cgroup settings. Might be different depending on the vendor of your proxmark? Should be easy to find with ls /dev -l | grep ACM and looking for your proxmark in that list. Also want to make sure the user running docker is part of the required group (usually dialout).
For windows side: I hear people have success sharing USB devices with WSL using usbipd. That does seem like another big hurdle for beginners tho. Maybe virtualization is the answer for an easy windows setup? Or possibly a windows container with a properly configured proxspace?
