Skip to content

Standalone mode

Iceman edited this page Aug 8, 2021 · 45 revisions

Introduction

The most curious concept of Proxmark3 is standalone mode.

If you can power your device from battery, you can run small modules from the PM3 itself, without needing a computer running the PM3 client.

These modules are usually limited to a single function, eg: "read and emulate a Legic Prime RFID tag". This also means the user interface is limited to the LEDs and the button:

LEDS BUTTON PRESS
4 leds (A,B,C,D) short, long or multiple (twice)

All standalone modes use this differently, and it is hard to figure out what is what. Looking at the source code for each mode generally helps!

To enter the currently flashed standalone mode, press and hold the button until the LEDs play a short animation.

Warning: all standalone modes that target generic PM3 devices will lose data on power loss (or if the battery goes flat). Standalone modes that take advantage of RDV4-specific features can overcome this by storing data to flash.

Supported standalone modes

For any iceman based repo the current most popular public standalone modes is quite easy to compile and install.

In this repo its even easier than before. The default standalone mode is HF_MSDSAL.

Table of built-in standalone modes:

Module Description Author Device target
LF_EM4100EMUL Simulate predefined EM4100 tags Artyom Gnatyuk All
LF_EM4100RSWB Read/simulate/brute/clone EM4100 tags Monster1024 All
LF_EM4100RWC Read/simulate/clone EM4100 tags Artyom Gnatyuk All
LF_HIDBRUTE HID corporate 1000 bruteforce Federico dotta & Maurizio Agazzini All
LF_HIDFCBRUTE HID Facility Code bruteforce ss23 RDV4
LF_ICEHID LF HID / IOprox / AWID / EM4100 collector to flashmem Iceman1001 RDV4
LF_NEXID Nexwatch credentials detection mode jrjgjk & Zolorah RDV4
LF_PROXBRUTE HID ProxII bruteforce Brad Antoniewicz All
LF_SAMYRUN HID26 read/clone/sim Samy Kamkar All
LF_SKELETON Standalone mode skeleton Iceman1001 All
LF_THAREXDE LF EM4x50 simulator/read standalone mode tharexde RDV4
HF_14ASNIFF HF 14a sniff to flashmem Michael Farrell RDV4
HF_AVEFUL MIFARE Ultralight read/simulation Ave Ozkal All
HF_BOG HF 14a sniff ULC/ULEV1/NTAG auth to flashmem Bogito RDV4
HF_CRAFTBYTE UID stealer - Emulates scanned 14a UID Anze Jensterle All
HF_COLIN MIFARE ultra fast sniff/sim/clone to flashmem Colin Brigato RDV4
HF_ICECLASS iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem Iceman1001 RDV4
HF_LEGIC Read/simulate Legic Prime tags (RDV4: + save to flashmem) Stefanie Hofmann & Uli Heilmeier All / RDV4 *
HF_MATTYRUN MIFARE sniff/clone Matías A. Ré Medina All
HF_MFCSIM MIFARE Classic simulate Ray Lee RDV4
HF_MSDSAL (default) Read and emulate MSD Visa cards Salvador Mendoza All
HF_REBLAY 14A relay over BT Salvador Mendoza All
HF_TCPRST IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation Nick Draffen Yes
HF_TMUDFORD Read and emulate ISO15693 card UID Tim Mudford All
HF_YOUNG MIFARE sniff/simulation Craig Young Yes

Warning: some standalone modes takes advantage of RDV4 specific features, which may not work on non-RDV4 devices. You will most likely need to read the source code to understand what is supported.

Installing a different standalone module

The standalone module can be switched in the file Makefile.platform. Only one standalone module can be chosen at a time.

  1. Copy Makefile.platform.sample to Makefile.platform

  2. Edit the STANDALONE variable inside Makefile.platform. You need to uncomment it and chose a standalone mode. For example:

    PLATFORM=PM3RDV4
    #PLATFORM_EXTRAS=BTADDON
    STANDALONE=LF_EM4100RWC

After changing your standalone mode, don't forget to build and flash the code to the Proxmark3:

  1. make clean
  2. make -j
  3. ./pm3-flash-fullimage

Writing your own

See: https://github.com/RfidResearchGroup/proxmark3/blob/master/armsrc/Standalone/readme.md

Additional information

Some members of our community have produced text and video walk-throughs of these modules:

Home

Future

Roadmap
Wishlist

Standalone modes

Standalone mode

Commands help

More cheat sheets

Signal processing

Learn about signals

Clone this wiki locally