Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-02-08 22:13:15

jbf
Contributor
Registered: 2015-06-25
Posts: 22

Standalone mifare/14a sniffing/snooping

Hi,

I needed to sniff tag without having a PC connected.

If someone is interested here is what you can do :

WARNING/DISCLAIMER : for this to work, you need to plug the proxmark3 on an external usb battery and the PC at the same time. I am NOT sure at all if this is a safe thing to do (I'm pretty sure it is not!). By doing this you may break your PC, do it at your own risk.
(I did it on 2 PC without issue, but I still think this is something risky for the PC).

1/ Get a Y usb cable (I cut one from a 2,5 hard drive and solder a micro usb connector on one side while keeping the 2 usb connector on the other side)
2/ I made some quick & dirty changes to proxmark code in order to be able to start sniffing by pressing the button (https://github.com/jbfuzier/proxmark3/tree/standalone_sniff)
3/ Plug the Y usb cable to an external battery in order to power the proxmark3
4/ Press 1sec the button, wait for led to light on in order to confirm sniffing is enabled
5/ Sniff..
6/ Press the button to stop sniffing
7/ Plug the other usb connector to a PC
8/ Launch proxmark3 client as usual
9/ hf 14a list

Offline

#2 2016-02-09 22:20:41

jbf
Contributor
Registered: 2015-06-25
Posts: 22

Re: Standalone mifare/14a sniffing/snooping

After playing around with sniffing/snooping, I think I have stumbled uppon the following bug :

1/ Sniff some exchange (hf 14a snoop or sniff)
2/ Stop by pressing button
3/ Print the result (hf list 14a) => You see the whole exchange
4/ exit proxmark client
5/ Open proxmark client
6/ hf list 14a => You get a corrupted trace


I have had this issue both on the code from the official repos and from @iceman's repo.

Could someone check if you are having the same issue ?

Offline

#3 2016-02-10 09:32:33

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Standalone mifare/14a sniffing/snooping

When you exit the client,  and then open it,  it unpacks the fpga code on device side,  so yes,  the devicememory is voilatile and will be overwritten by the unpacking of the fpga_mode code.  (see piwi's zlib memory saving changes)

Offline

#4 2016-02-10 17:27:23

jbf
Contributor
Registered: 2015-06-25
Posts: 22

Re: Standalone mifare/14a sniffing/snooping

Are you sure that the fpga code is reloaded when the client is reopened ? I am not cutting power to the device.

From what I can understand in appmain.c FpgaDownloadAndGo is called when the board is poweringup. Then is is just looping waiting for command. Am I wrong ?

Offline

#5 2016-02-10 17:38:12

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Standalone mifare/14a sniffing/snooping

You are right,  once it loops the Fpgadownloadandgo is not called.
Question is if the client sends something to the device when shutting down.
Next possible reason would be the "hf list" command, if it clears the mem afterwards.

Offline

#6 2016-02-10 17:43:39

jbf
Contributor
Registered: 2015-06-25
Posts: 22

Re: Standalone mifare/14a sniffing/snooping

hf list does not seems to clear memory afterwards, if you run it twice you still get the result.

I am gonna look into what commands the client is sending on start/exit...

Offline

#7 2016-04-12 21:48:40

benoit37000
Contributor
From: France
Registered: 2013-10-10
Posts: 21

Re: Standalone mifare/14a sniffing/snooping

Hi,
i had the same issue
so i put some debug print and see tha function  BigBuf_free() was called many time after proxmark client starting.

After hours, i just found tha the Readmen() function launched  at startup  call fpga  loading  which call   the function BigBuf_free()  sad
put some comment in  appmain.c
in  ReadMem() and in AppMain(void)
recompile and done


Now i can plug in and plug out the pm3 without losing the collected data
i tested and  it work fine .

see below what i comment in appmain.c
it is quite dirty but it helps when you need snoop  in stand alone mode


pm3 /proxmark3-master/armsrc$ cat appmain.c | grep "//Fpga" -n
293:    //FpgaGatherVersion(FPGA_BITSTREAM_LF, temp, sizeof(temp));
295:    //FpgaGatherVersion(FPGA_BITSTREAM_HF, temp, sizeof(temp));
1374:   //FpgaDownloadAndGo(FPGA_BITSTREAM_HF);


Ben

Offline

Board footer

Powered by FluxBB