Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2008-05-29 22:12:22

cynergysystems
Member
From: United States of Oppression
Registered: 2008-05-24
Posts: 2

Proxmark4? Revision to the proxmark3

I am currently in the process of redesigning the proxmark3. The new build will leave most of the FPGA code intact for simplicity's sake. That is unless someone is willing to rewrite the code. My primary focus in the redesign will be to make the unit more portable by adding a battery, small lcd, buttons, and a place where card data can be stored (either by recoding the arm or adding a eeprom of sorts). I will be posting files as I go along.

So here's my question:

What improvements would you like to see and are there any ways you can help?

Offline

#2 2008-05-30 10:09:21

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Proxmark4? Revision to the proxmark3

Hey,

Good idea, it would be vey nice to have a battery and eeprom. This supplies great features to do tests with.
I worked now some time with my proxmark and it is a little bit anoying that the antenna connection is next to the usb connection. The cables are little bit in the way for each other (when you antenna small and directly attached to the proxmard). So if repositioning of one of this connector to the other side is possible I would vote for this.

Furthermore I was thinking to do some Man-in-the-middle attacks. But to avoid timing issues it would be great to do all the handling in 1 device. So you will get the following setup:

(original tag)
reader-antenna------- Proxmark -------emulated tag antenna
                                                               (Original reader)

But as you can see you need two antenna's for the same frequency op and running. Is this possible to make the two antenna connections available now (one for High one for Low) maybe a little more generic, so you can configure them to be High,High and Low,Low? I do now know if this is possible in the hardware but it would be awesome to use.

Furthermore the new standards are speeding up the transactions. If I talk about the 14443A protocol you will see that a bit period is this long 128/13.56=9,4us. But the new speeds 64/13.56=4,7us and 32/13.56=2,3us are about to be deployed. Discription about them can be found in NXP documentation page 11:
http://www.nxp.com/acrobat_download/oth … 082732.pdf
I already have seen Biometric passports talk in these new speeds. There was some page also talking about the newest speed that will come 16/13.56=1.18us. My question is, can the hardware FPGA handle these speeds or do we need a upgrade from this one? Maybe with twice as much gates? Gerhard needed to wipe away some low-frequency instructions earlier because the 128/13.56 decoding did not fit together with LF. But if they are speeding it up 8 times, we may need to reconcider.

Well that was it for now. I can not really help you with any hardware development. But I can write software for modulation and tests.

Let me know what you think.

  Roel

Offline

#3 2008-05-30 22:49:58

cynergysystems
Member
From: United States of Oppression
Registered: 2008-05-24
Posts: 2

Re: Proxmark4? Revision to the proxmark3

Yes, repositioning the antenna connector and possibly experimenting with a pcb antenna on a mating board are some of the first items on my list. I'm also going to design it to fit into an off the shelf enclosure so that it can be carried around without the danger of damage to the pcb.

I do think it would be possible to do a man in the middle attack. However, my immediate thought is that it would require duplicate tx rx paths. I'll have to see if there is a more elegant solution. Also the secondary antenna would either have to be well out of the tx range of the primary antenna or it would have to be shielded in some way. Perhaps a 3 layer pcb with the center layer as a ground plane and the two patch antennas on either side would work. Great idea though! It's definitely worth testing.

Unfortunately I'm not very familiar with FPGAs. In fact, the FPGA code is one area where I'm really going to need help. Although, I've been reading over the datasheets for the spartan II and it claims performance up to 200MHz. I'm sure that rate changes depending upon your code but if true, it would mean each gate toggles every 5ns. So if the code were clean the FPGA would probably not need to be changed.

Roel, by the way, your components have shipped and are being delivered to me Tuesday. I'll e-mail pictures when the first board is built smile Do you need the connectors for the antennas?

Offline

#4 2008-06-08 15:14:25

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Proxmark4? Revision to the proxmark3

Hey Cynergysystems,

I hope developing the current boards is going quite well?
The code for the new setup should be no problem. We can look into the coding of the FPGA, well at least if the pin-layout is supplied and stuff wink. The shielding could be a problem yes. But maybe it would be possible to have them come out one connector and go with a small cable to 2 different antenna. Then they can be positioned "far" from each other, one at the reader and one at the tag.

Well, attaching an antenna to the proxmark or at least have some casing is already a nice improvement. But an external power source would be handsome as well. If you have time, please test around.

It would be nice if you could start a thread in the trade parts section, since you are the person which currently working on the new range of proxmarks. If you already sold all the boards then it is senseless of course but it is nice to know where people can get info about the costs and delivery time.

My package with PCB antenna's and some coils had some delay, but I will be testing with them next week. I hope to put a HOWTO online as soon as I have them optimal working.

The connectors are kind of hard to find, I have a few, but assembly looks also very hard. Cutting some cable with the connector already assembled seems to be much easier but I'm not really aware of the losses during this connecting. I'm also not sure how long a antenna cable possible can be while keeping good reception. I will try to experience with this a little soon, but if you know more about this. Please help me out.

Thanks in advance, Greetz,

  Roel

Offline

#5 2008-08-22 22:18:25

rf_hack
Contributor
Registered: 2008-08-20
Posts: 16

Re: Proxmark4? Revision to the proxmark3

For your antenna, the first question is : Does your emitter output got impedance of 50ohms ?

If yes, you can use a 50ohm coax cable to connect your antenna and the cable lenght is not so important (best target is <50cm)
If no  then you should get less than 10cm to avoid reflexions and parasitic capacitors in the coax cable

What is the value of your antenna or the size with number of turns ? it should be in the range of 1µH to be efficient

Offline

#6 2008-08-24 19:27:36

newseal
Member
Registered: 2008-08-24
Posts: 14

Re: Proxmark4? Revision to the proxmark3

Hey Cynergysystems,

I think having a history of changing the map would be a good idée.v1.0 .... v1.1 ...
- images of your staff changes
- an access the plan (electrical diagram, organizational ,...)

because is not easy for me I'm new is I do not know or begin. i want create one pcb proxmark but i don't have help.

Offline

#7 2008-10-09 19:56:43

Tigereye
Member
From: Toronto, ON
Registered: 2008-10-09
Posts: 3

Re: Proxmark4? Revision to the proxmark3

Just joined this community today, and I'm excited to see a whole COMMUNITY being grown around this one unit!

One thing that I was investigating while reviewing the plans/posts/etc of the Proxmark3 was portability and storing information on the unit itself.

You mentioned an EEPROM for on-device storage, but I'm wondering - have you considered an SDCard slot?
What would be really useful is if the firmware could read information from an RFID tag from the antenna, then save the information as a file on an inserted SDcard using a standard filenaming convention (such as date/time the RFID was read)

Then further testing can be performed when the unit returns to your lab/home/etc by simply removing the SDCard, placing it in your analysis machine, and copying all of the files from the card.

Writing the firmware to analyze the read information, separate out multiple overlapping RFID's signals, and writing each to its own separate file will take some coding though, but it would be a fun project with very useful results.

Hell - with an SDCard slot, who needs a USB port? Firmware upgrades can be performed by writing a prearranged filename to the card (proxfirmware.dat), throwing the SDCard into the Proxmark4, and using your buttons/LCD display to choose "upgrade" from the onscreen menues.

So yeah - if you're still in the design phase of your proposed Proxmark4, I'd recommend adding an SDCard slot!

--TE

Last edited by Tigereye (2008-10-09 19:59:08)

Offline

#8 2008-10-21 02:29:15

shinechou
Contributor
Registered: 2008-10-20
Posts: 35

Re: Proxmark4? Revision to the proxmark3

Hi cynergysystems, I want to order 2 pieces of ProxMark III, the price and how to buy it? thx!

Offline

#9 2008-11-10 04:39:30

d18c7db
Contributor
Registered: 2008-08-19
Posts: 292

Re: Proxmark4? Revision to the proxmark3

Any updates to this redesign project or has it died off?

Offline

#10 2009-02-10 04:01:00

universe
Member
Registered: 2009-02-10
Posts: 3

Re: Proxmark4? Revision to the proxmark3

Hi smile

What is the reading distance of antennas you can use with Proxmark 3 ?

If this Proxmark 3, cant use an antenna, for reading 5 feet

or more on Rfid, it is not a great product !

Range ?

Offline

#11 2009-02-13 03:16:53

henrym97
Contributor
From: North America
Registered: 2009-01-23
Posts: 18

Re: Proxmark4? Revision to the proxmark3

I am also curious if this effort is still in the works.  I've done several 'hacks' to the PM3- added a battery, combined LF/HF antenna, etc- but would really like to see an entire re-spin to address some of the areas discussed. 

Cynergy, are you still working on this?  I'd be willing to help with ideas and/or reviews of the re-design.

Offline

#12 2009-02-15 23:37:28

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

I have just designed new board. Whats added/changed:
- HF long distance mode PKD (HF preamp + log detector)
- HF long distance mode RAW (HF preamp + high gain opamp)
- active multiplexer
- LCD onboard
- joystick
- faster, 10b ADC
- battery charging circuit
- Spartan 3
- RGB LED
- PCB size 55mm x 97mm (2 layer)

I forgot, it has also:
- 4 MB flash for data storing
- 256kB version ARM7
- dimmable (by PWM0) step-up DC/DC for LCD

Soon i will order PCB, and then tests.

Last edited by BizonGod (2009-02-16 09:29:51)

Offline

#13 2009-02-16 07:26:32

edo512
Contributor
Registered: 2008-10-07
Posts: 103

Re: Proxmark4? Revision to the proxmark3

BizonGod wrote:

I have just designed new board. Whats added/changed:
- HF long distance mode PKD (HF preamp + log detector)
- HF long distance mode RAW (HF preamp + high gain opamp)
- active multiplexer
- LCD onboard
- joystick
- faster, 10b ADC
- battery charging circuit
- Spartan 3
- RGB LED
- PCB size 55mm x 97mm (2 layer)

Soon i will order PCB, and then tests.

Sounds exctiting! Let us know if you intend to open source your design in the same way the author of the original proxmark3 device did, I'm sure this would be appreciated by the whole community here.

Ed

Offline

#14 2009-02-16 08:18:51

shinechou
Contributor
Registered: 2008-10-20
Posts: 35

Re: Proxmark4? Revision to the proxmark3

BizonGod wrote:

I have just designed new board. Whats added/changed:
- HF long distance mode PKD (HF preamp + log detector)
- HF long distance mode RAW (HF preamp + high gain opamp)
- active multiplexer
- LCD onboard
- joystick
- faster, 10b ADC
- battery charging circuit
- Spartan 3
- RGB LED
- PCB size 55mm x 97mm (2 layer)

Soon i will order PCB, and then tests.

so great, wait for ur good newes!

Offline

#15 2009-02-16 11:17:18

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Proxmark4? Revision to the proxmark3

Very nice work! we really would like to add your designs to the website. If you share your results I know for sure there are lots of users here that want to help developing and testing your schemes.

edo512 wrote:
BizonGod wrote:

I have just designed new board. Whats added/changed:
- HF long distance mode PKD (HF preamp + log detector)
- HF long distance mode RAW (HF preamp + high gain opamp)
- active multiplexer
- LCD onboard
- joystick
- faster, 10b ADC
- battery charging circuit
- Spartan 3
- RGB LED
- PCB size 55mm x 97mm (2 layer)

Soon i will order PCB, and then tests.

Sounds exctiting! Let us know if you intend to open source your design in the same way the author of the original proxmark3 device did, I'm sure this would be appreciated by the whole community here.

Ed

Offline

#16 2009-02-16 19:50:04

henrym97
Contributor
From: North America
Registered: 2009-01-23
Posts: 18

Re: Proxmark4? Revision to the proxmark3

BizonGod- need any help debugging or testing your new design?  I'm sure there are several people in the community (myself included) that would help put it through testing!

Offline

#17 2009-02-18 20:54:00

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

I ordered PCB and parts. In 2 weeks i will have most of them.
I decided to choose XC3S200 instead of about 3$ cheaper XC3S50.

Soon i will provide some documentation of my redesign.
Is anybody insterested in software development?

What (in software) could be added and who can maintance this?

Last edited by BizonGod (2009-02-18 20:54:44)

Offline

#18 2009-02-18 21:12:20

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Proxmark4? Revision to the proxmark3

Hey BizonGod,

I'm willing to help out there with the software, my main expertise. It would be very nice to have it work standalone with LCD output. It would be a good improvement to redesign the software communication framework. The bigbuf thingy is kind of ugly way of dumping back to the computer.

Let's see if others want to join here. I think there are quite some people around here now that own the proxmark3, so a backwards compatibility would be nice.

People that want to join this new developing process, please leave a message in this thread.

Cheers,

  Roel

Offline

#19 2009-02-18 23:14:29

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

Here are my proposals for software:
- some nice menu with joystick navigation
- add to FPGA decoding data from log detector
- expand dynamic due to 10b ADC
- store data, including timestamp on DataFlash
- standalone mode, with unconnected USB

Offline

#20 2009-02-19 03:37:22

shinechou
Contributor
Registered: 2008-10-20
Posts: 35

Re: Proxmark4? Revision to the proxmark3

BizonGod, very nice idea!

I think I just can do some test because I'm not very familiar with the protocol.

Offline

#21 2009-02-19 06:44:36

d18c7db
Contributor
Registered: 2008-08-19
Posts: 292

Re: Proxmark4? Revision to the proxmark3

Is the FLASH storage in your design a chip soldered on the board or a removable medium like an SD card?

Offline

#22 2009-02-19 10:14:03

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

Storage is onboard 4MB flash (AT45DB321).
I think it's enought for one day of data collecting.

Offline

#23 2009-02-19 13:44:31

henrym97
Contributor
From: North America
Registered: 2009-01-23
Posts: 18

Re: Proxmark4? Revision to the proxmark3

I am mostly a HW guy but have been working with some other people locally who are already porting some of the decoding to the FPGA.  I/we'd be interested in the development process.

Offline

#24 2009-02-23 10:39:55

gerhard
Contributor
Registered: 2008-05-21
Posts: 5

Re: Proxmark4? Revision to the proxmark3

This opens possibilities for very accurate timing! If (hopefully) all of the en/decoding can be done in the FPGA. And accurate timing on its turn opens possibilities for interesting protocol research... ;-)

Offline

#25 2009-02-25 01:09:51

doob
Member
Registered: 2008-07-21
Posts: 15

Re: Proxmark4? Revision to the proxmark3

Sounds pretty good BizonGod, good luck with that.

I'd be more that happy to help out on some software, I've done quite a bit extending the software to support Iso15693 tag simulation, on-board 15693 decoding (in the arm) and various bits to support further commands for iso14443a.

It would be nice to see the enhanced 15693 support in any new board.

cheers

d

Offline

#26 2009-02-25 16:04:56

doob
Member
Registered: 2008-07-21
Posts: 15

Re: Proxmark4? Revision to the proxmark3

Sure, I can send you the binary firmware and gui software (bootload and fpga remain the same) or post the rather messy source code.

Offline

#27 2009-02-25 22:06:06

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Proxmark4? Revision to the proxmark3

Hey doob,

Well all the source-code that is on this website is quite messy right now. At may help other developers to add/rewrite the code for a next release. I will add it to the source-code section in the files. you can just upload it there in the upload map.

It would be very cool if you help the community.

Thanks in advance,

  Roel

Offline

#28 2009-02-26 08:56:33

doob
Member
Registered: 2008-07-21
Posts: 15

Re: Proxmark4? Revision to the proxmark3

Cool sounds like a plan.

I'll identify all of the source code that has changed and upload the relevant files, I have half made a bunch of other changes which are not finished (e.g. passing parameters from the GUI to the ARM for things like UIDs in simulator mode etc.)

I'll have a go tonight but it may be friday before I get the time I need

cheers

Offline

#29 2009-02-26 09:26:47

shinechou
Contributor
Registered: 2008-10-20
Posts: 35

Re: Proxmark4? Revision to the proxmark3

doob wrote:

Cool sounds like a plan.

I'll identify all of the source code that has changed and upload the relevant files, I have half made a bunch of other changes which are not finished (e.g. passing parameters from the GUI to the ARM for things like UIDs in simulator mode etc.)

I'll have a go tonight but it may be friday before I get the time I need

cheers

just wait for ur good newes, thx a ton for ur work!

Offline

#30 2009-02-26 10:19:08

edo512
Contributor
Registered: 2008-10-07
Posts: 103

Re: Proxmark4? Revision to the proxmark3

doob wrote:

Sounds pretty good BizonGod, good luck with that.

I'd be more that happy to help out on some software, I've done quite a bit extending the software to support Iso15693 tag simulation, on-board 15693 decoding (in the arm) and various bits to support further commands for iso14443a.

It would be nice to see the enhanced 15693 support in any new board.

cheers

d

Sounds good, are your extensions in any of the released versions of the firmware already ?

Offline

#31 2009-03-01 14:42:08

doob
Member
Registered: 2008-07-21
Posts: 15

Re: Proxmark4? Revision to the proxmark3

Hello,

I've uploaded a modified version of the source code from d18c7db (the 20081211 release.) There are binaries in there as well. The coding is poor to say the least but it mostly works.

New commands are:
hi15reader and
hi15sim

ISO14443a has also been extended to deal with cascade 2 selects and some other stuff

It's in the uploads directory - cheers

Offline

#32 2009-03-01 17:16:27

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Proxmark4? Revision to the proxmark3

Thank you for uploading!

I have moved it to the source folder in the files section.
I changed the date to today, since it is the "newest" source-code so far.
http://www.proxmark.org/files/files.php … s/windows/

Thanks again, cheers,

  Roel

Offline

#33 2009-03-05 11:25:08

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

I have uploaded sch and gif's of pcb of my revision of proxmark (3.1b)
Soon i will upload adapted software.

Offline

#34 2009-03-06 06:23:21

shinechou
Contributor
Registered: 2008-10-20
Posts: 35

Re: Proxmark4? Revision to the proxmark3

BizonGod wrote:

I have uploaded sch and gif's of pcb of my revision of proxmark (3.1b)
Soon i will upload adapted software.

thx in advance! be eager for it!

Offline

#35 2009-03-11 19:04:09

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

Yesterday i have received pcb. I soldered and tuned charging circuit today. It seem it works (it's still charging).
I suppose in next few days i will test rf (LNA) part.

Yep, charger works correctly (charging current 400mA, adjustable)

Last edited by BizonGod (2009-03-11 20:16:33)

Offline

#36 2009-03-11 22:29:38

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Proxmark4? Revision to the proxmark3

It sounds VERY promising. Let us know when you have the first test results.
Maybe you can share a few pics of your expansion kit smile

Offline

#37 2009-03-12 20:34:19

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

I have uploaded some photos.
Today i tested RF preamp(it works good -> 37dB gain,
quite wideband) and backlight step-up converter, works too.

Today i started with programmin ARM. I stopped at
HandleRxdData (usb.c), which hangs up all. Does anyone have
problem with this?

Last edited by BizonGod (2009-03-13 20:19:39)

Offline

#38 2009-03-22 05:02:27

d18c7db
Contributor
Registered: 2008-08-19
Posts: 292

Re: Proxmark4? Revision to the proxmark3

BizonGod, I was having a look at your hardware design pdf and noticed that the MAX4312 analog mux hangs off the 3.3v line but its datasheet rates it at 4v min 10.5v max. Might that be a problem?

There's a MAX4617 (2-5.5V range supply) that might fit the bill if the freq response suits but it's not pin compatible with the 4312.

Take care.

Last edited by d18c7db (2009-03-22 05:02:49)

Offline

#39 2009-03-29 17:28:22

BizonGod
Member
Registered: 2009-02-05
Posts: 14

Re: Proxmark4? Revision to the proxmark3

I will test this mux soon.

A have other question. On my board i have SAM7S256 and AT45DB321.
FPGA image will take 130952B. Where do You propose to store it?
In SAM' flash or DataFlash? Simliar question is about user settings
(like backlight brightness or contrast) which will take just few bytes?

Offline

#40 2009-03-29 21:03:50

d18c7db
Contributor
Registered: 2008-08-19
Posts: 292

Re: Proxmark4? Revision to the proxmark3

It would make sense to store the image on the data FLASH leaving more room for code on the ARM. Settings can go anywhere.

Was there any reason you went with the AT45DB321 and not a SD card. Both are serial so low pinout but the SD card could be removable. There is open source code out there for handling the FAT filesystem so that would not require a lot of work and if space was of concern then microSD could be used.

Offline

#41 2009-04-01 21:56:17

d18c7db
Contributor
Registered: 2008-08-19
Posts: 292

Re: Proxmark4? Revision to the proxmark3

BizonGod, another 8:1 analog mux that looks good on paper is LTC1391, the mux is controlled via a SPI bus so it could connect to the ARM SPI bus freeing up the three MUXSEL_* ARM pins.

Offline

#42 2009-05-07 20:40:44

ghaber
Member
Registered: 2008-10-26
Posts: 11

Re: Proxmark4? Revision to the proxmark3

Bisongod,

Would it be possible to get the gerber files of the Proxmark4?? I have access to a LTK for making two layers PCBs, so I can finally build my own pcb.

Thanks in advance

Offline

#43 2009-07-03 01:08:06

samy
Contributor
From: los angeles, california
Registered: 2009-06-18
Posts: 148
Website

Re: Proxmark4? Revision to the proxmark3

Hey guys, trying to resurrect this thread!

What can I do to help with a proxmark4? I wish I were an EE but I'm not. How much learning does it take to understand how to build such a board? Any suggested books or online docs on learning where to start?

Offline

#44 2009-07-06 14:57:07

szymonunion
Contributor
Registered: 2009-07-05
Posts: 46

Re: Proxmark4? Revision to the proxmark3

Hello guys!

any news regarding Proxmark4? I am going to buy Proxmark3 (not from proxmark.com - too expensive), but if there is possibility to buy better device so why not smile


Best Regards,

--
SzYmOn

Offline

Board footer

Powered by FluxBB