-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Standalone mode
The most curious concept of Proxmark3 is the standalone mode functionalities.
With a battery power option, your device can enter a custom standalone function. You don't need a PC/Laptop with the Proxmark3 client software. The standalone mode is usually limited to a certain function, e.g. reading and then emulating a Legic Prime RFID tag. This also means the user interaction with the device is limited to the LEDs and the button.
| LEDS | BUTTONPRESS |
|---|---|
| 4 leds (A,B,C,D) | short, long or multiple (twice) |
All standalone modes uses this differently and is hard to find out what is what. Looking at the source code might help.
To enter the currently flashed standalone mode, press and hold the button until the LEDs play a short animation.
Remember for all standalone modes that targets all Proxmark3 devices that they will loose of data on the device if you cut the power or drain the battery. This is a serious limit to all NON-RDV4 devices. Standalone modes that takes advantage of RDV4 specific features overcomes this limit.
You can implement your own mode or you can use others already implemented modes. Have a look at https://github.com/RfidResearchGroup/proxmark3/blob/master/armsrc/Standalone/readme.md
For any iceman based repo the current most popular public standalone modes is quite easy to compile and install. In this repo its even easier than before. The default standalone mode is HF_MSDSAL.
Table of built-in standalone modes:
| STANDALONE | DESCRIPTION | AUTHOR | DEVICE TARGET |
|---|---|---|---|
| LF_SKELETON | Standalone mode skeleton | Iceman1001 | All |
| LF_EM4100EMUL | Simulate predefined EM4100 tags | Artyom Gnatyuk | All |
| LF_EM4100RSWB | Read/simulate/brute/clone EM4100 tags | Monster1024 | All |
| LF_EM4100RWC | Read/simulate/clone EM4100 tags | Artyom Gnatyuk | All |
| LF_HIDBRUTE | HID corporate 1000 bruteforce | Federico dotta & Maurizio Agazzini | All |
| LF_ICEHID | LF HID / IOprox / AWID / EM4100 collector to flashmem | Iceman1001 | RDV4 |
| LF_PROXBRUTE | HID ProxII bruteforce | Brad Antoniewicz | All |
| LF_SAMYRUN | HID26 read/clone/sim | Samy Kamkar | All |
| HF_14ASNIFF | HF 14a sniff with to flashmem | Michael Farrell | RDV4 |
| HF_AVEFUL | MIFARE Ultralight read/simulation | Ave Ozkal | All |
| HF_BOG | HF 14a sniff with ULC/ULEV1/NTAG auth to flashmem | Bogito | RDV4 |
| HF_COLIN | MIFARE ultra fast sniff/sim/clone to flashmem | Colin Brigato | RDV4 |
| HF_ICECLASS | iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem | Iceman1001 | RDV4 |
| HF_LEGIC | Read/simulate Legic Prime tags (RDV4: + save to flashmem) | Stefanie Hofmann & Uli Heilmeier | All / RDV4 * |
| HF_MATTYRUN | MIFARE sniff/clone | Matías A. Ré Medina | All |
| HF_MSDSAL (def) | Read and emulate MSD Visa cards | Salvador Mendoza | All |
| HF_TCPRST | IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation | Nick Draffen | Yes |
| HF_YOUNG | MIFARE sniff/simulation | Craig Young | Yes |
* take notice, that some standalone modes takes advantage of RDV4 specific features which may or may not allow for a generic non-rdv4 device to use the mode. You will most likely read the source code to understand what is supported.
The standalone modes can be switched in the file Makefile.platform. Only one standalone mode can be chosen at a time.
- Rename
Makefile.platform.sample->Makefile.platform - Edit the "STANDALONE" row inside
Makefile.platform. You need to uncomment it and chose a standalone mode.
A valid Makefile.platform could look like this:
PLATFORM=PM3RDV4
#PLATFORM_EXTRAS=BTADDON
STANDALONE=LF_EM4100RWC
After changing your standalone mode, don't forget to build and flash the code to the Proxmark3.
make cleanmake -j./pm3-flash-fullimage
Some community efforts has been done to document these.
@Hacker warehouse did a nice video on youtube.
Troy also has a nice image of the leds for LF SAMY_RUN.
A forum user detailed some modes.
The user @Tinker wrote a blogpost about badge cloning by Tinker.
Iceman, @herrmann1001, made a walkthru of the HF legic standalone mode and HF iceclass standalone mode.
The user @quentynblog made a nice video about the HF ST rothult standalone mode.
If you want to write and implement your own standalone mode, the best starting point is to read and understand the readme document found here.
Learn the tools of the trade the hard way +Fravia