Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-10-18 22:05:47

31415
Contributor
Registered: 2016-10-18
Posts: 5

Wired flash

Hello,

In my team we have two proxmarks. One of them is now in my hands. I had issues with mifare cards, like unable to check default keys on sure card - just no results. So i decided to move software up.

Here is the log before flash:

#db# Prox/RFID mark3 RFID instrument
#db# bootrom: master/v1.0.0-32-gc7324be-suspect 2014-07-02 20:46:28
#db# os: HEAD/v2.0.0-suspect 2016-03-19 08:06:38
#db# HF FPGA image built on 2015/03/09 at 08:41:42
Prox/RFID mark3 RFID instrument

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 0 bytes ( 0%). Free: 262144 bytes (100%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

And what i did:

git clone
git checkout v2.3.0
make clean
make

First i tried to upgrade image:

./flasher /dev/ttyACM29 ../armsrc/obj/fullimage.elfLoading ELF file '../armsrc/obj/fullimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x000293c8->0x000293c8) [R X] @0x94
1: V 0x00200000 P 0x0012b3c8 (0x00001954->0x00001954) [RW ] @0x2945c
Note: Extending previous segment from 0x293c8 to 0x2ad1c bytes

Waiting for Proxmark to appear on /dev/ttyACM10. Found.
Entering bootloader...
(Press and release the button only to abort)
Waiting for Proxmark to reappear on /dev/ttyACM10...... Found.

Flashing...
Writing segments for file: ../armsrc/obj/fullimage.elf
 0x00102000..0x0012cd1b [0x2ad1c / 343 blocks].........^C

The proxmark's watchdog bite and proxmark rebooted during writing segments. I tried this several times, same behavior.

Then bootloader:

./flasher /dev/ttyACM14 -b ../bootrom/obj/bootrom.elf
Loading ELF file '../bootrom/obj/bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00000b28->0x00000b28) [RWX] @0x298

Waiting for Proxmark to appear on /dev/ttyACM14. Found.
Entering bootloader...
(Press and release the button only to abort)
Waiting for Proxmark to reappear on /dev/ttyACM14...... Found.

Flashing...
Writing segments for file: ../bootrom/obj/bootrom.elf
 0x00100000..0x001001ff [0x200 / 1 blocks]. OK
 0x00100200..0x00100d27 [0xb28 / 6 blocks]...... OK

Resetting hardware...
All done.

Have a nice day!

And after this proxmark's watchdog bites on every boot.

I tried also flash with fullimage:

./flasher /dev/ttyACM29 ../armsrc/obj/fullimage.elf
Loading ELF file '../armsrc/obj/fullimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x0002d9ef->0x0002d9ef) [R X] @0x98
1: V 0x00200000 P 0x0012f9ef (0x00002bc8->0x00002bc8) [RWX] @0x2da88
Note: Extending previous segment from 0x2d9ef to 0x305b7 bytes

Waiting for Proxmark to appear on /dev/ttyACM29. Found.
Sending bytes to proxmark failed

But watchdog is always biting.

And my question to you, can you help me?

Offline

#2 2016-10-18 22:22:29

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Wired flash

This is what happens when you don't follow instructions.
Your old firmware, should have been flashed with bootrom first,  then fullimage.

Now you need to press button,  keep it pressed,  flash bootrom,  release button.  flash fullimage,  and you should be ok.

Offline

#3 2016-10-19 07:04:25

31415
Contributor
Registered: 2016-10-18
Posts: 5

Re: Wired flash

With button pressed i did:

./flasher /dev/ttyACM18 -b ../bootrom/obj/bootrom.elf
Loading ELF file '../bootrom/obj/bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00000af8->0x00000af8) [RWX] @0x298

Waiting for Proxmark to appear on /dev/ttyACM18............... Found.

Flashing...
Writing segments for file: ../bootrom/obj/bootrom.elf
 0x00100000..0x001001ff [0x200 / 1 blocks]. OK
 0x00100200..0x00100cf7 [0xaf8 / 6 blocks]...... OK

Resetting hardware...
All done.

Have a nice day!

But proxmark is still in the watchdog's loop.

The ttyACM device is only visible in the system when button is pressed. With button pressed the fullimage hangs and watchdog bite:

./flasher /dev/ttyACM19 ../armsrc/obj/fullimage.elf
Loading ELF file '../armsrc/obj/fullimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x0002d9ef->0x0002d9ef) [R X] @0x98
1: V 0x00200000 P 0x0012f9ef (0x00002bc8->0x00002bc8) [RWX] @0x2da88
Note: Extending previous segment from 0x2d9ef to 0x305b7 bytes

Waiting for Proxmark to appear on /dev/ttyACM19......................................... Found.

Flashing...
Writing segments for file: ../armsrc/obj/fullimage.elf
 0x00102000..0x001325b6 [0x305b7 / 387 blocks]...................

Offline

#4 2016-10-19 09:21:01

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Wired flash

ok,
either your linux system kicks out the device. are you sure its not blacklisted? modemmanager?
or you successfully bricked your device which will need fullimage flash over JTAG so solve.

I'm leaning towards the former at the moment.

Offline

#5 2016-10-20 08:25:04

31415
Contributor
Registered: 2016-10-18
Posts: 5

Re: Wired flash

I'm using Kali Linux 2.0 and I didn't blacklisted anything:

cat /etc/modprobe.d/*
# The microcode module attempts to apply a microcode update when
# it autoloads.  This is not always safe, so we block it by default.
blacklist microcode
blacklist nfc
blacklist pn533
# modprobe information used for DKMS modules
#
# This is a stub file, should be edited when needed,
# used by default by DKMS.
# This file blacklists most old-style PCI framebuffer drivers.

blacklist arkfb
blacklist aty128fb
blacklist atyfb
blacklist radeonfb
blacklist cirrusfb
blacklist cyber2000fb
blacklist kyrofb
blacklist matroxfb_base
blacklist mb862xxfb
blacklist neofb
blacklist pm2fb
blacklist pm3fb
blacklist s3fb
blacklist savagefb
blacklist sisfb
blacklist tdfxfb
blacklist tridentfb
blacklist vt8623fb
# The microcode module attempts to apply a microcode update when
# it autoloads.  This is not always safe, so we block it by default.
blacklist microcode
# Blacklist these following modules at boot

blacklist snd_pcsp
blacklist pcspkr
options radeon modeset=1

# This system has librtlsdr0 installed in order to
# use digital video broadcast receivers as generic
# software defined radios.
blacklist dvb_usb_rtl28xxu
blacklist e4000
blacklist rtl2832

Offline

#6 2016-10-20 08:46:46

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Wired flash

sudo cp -rf driver/77-mm-usb-device-blacklist.rules /etc/udev/rules.d/77-mm-usb-device-blacklist.rules
sudo udevadm control --reload-rules

Offline

#7 2016-10-21 06:41:35

31415
Contributor
Registered: 2016-10-18
Posts: 5

Re: Wired flash

The watchdog still bites when button is not pressed, but I was able to flash fullimage with pressed button. and proxmark works smile

The full recovery instruction (holding button all the time) :

sudo cp -rf driver/77-mm-usb-device-blacklist.rules /etc/udev/rules.d/77-mm-usb-device-blacklist.rules
sudo udevadm control --reload-rules

# ./flasher /dev/ttyACM20 -b ../bootrom/obj/bootrom.elf
Loading ELF file '../bootrom/obj/bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00000af8->0x00000af8) [RWX] @0x298

Waiting for Proxmark to appear on /dev/ttyACM20. Found.

Flashing...
Writing segments for file: ../bootrom/obj/bootrom.elf
 0x00100000..0x001001ff [0x200 / 1 blocks]. OK
 0x00100200..0x00100cf7 [0xaf8 / 6 blocks]...... OK

Resetting hardware...
All done.

Have a nice day!

# ./flasher /dev/ttyACM20 ../armsrc/obj/fullimage.elf
Loading ELF file '../armsrc/obj/fullimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x0002d9ef->0x0002d9ef) [R X] @0x98
1: V 0x00200000 P 0x0012f9ef (0x00002bc8->0x00002bc8) [RWX] @0x2da88
Note: Extending previous segment from 0x2d9ef to 0x305b7 bytes

Waiting for Proxmark to appear on /dev/ttyACM20......................................................................... Found.

Flashing...
Writing segments for file: ../armsrc/obj/fullimage.elf
 0x00102000..0x001325b6 [0x305b7 / 387 blocks]................................................................................................................................................................................................................................................................................................................................................................................................... OK

Resetting hardware...
All done.

Have a nice day!

# ./proxmark3 /dev/ttyACM20
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: HEAD/v2.1.0-suspect 2016-10-18 20:01:12
#db# os: HEAD/v2.1.0-suspect 2016-10-18 20:01:12
#db# HF FPGA image built on 2015/06/22 at 21:47:54
Prox/RFID mark3 RFID instrument

uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 0 bytes ( 0%). Free: 262144 bytes (100%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3>

Thanks iceman!

Offline

Board footer

Powered by FluxBB