Proxmark3 es una herramienta de hardware diseñada para la investigación y manipulación de sistemas RFID (Radio Frequency Identification) y NFC (Near Field Communication). Es ideal para quienes trabajan con seguridad informática y desean analizar, clonar o emular tarjetas RFID utilizadas en accesos, pagos y control de activos. En este tutorial, te guiaremos paso a paso para instalar y configurar Proxmark3 en tu sistema, permitiéndote explorar las capacidades de esta potente herramienta para pruebas de seguridad y auditorías de sistemas RFID/NFC.
Descarga del software
Lo primero que deberemos de hacer, es descargar el software para luego poder compilarlo en nuestro sistema operativo. Para ello lo descargaremos del repositorio oficial:
git clone https://github.com/RfidResearchGroup/proxmark3.gitDetección de Proxmark3 en nuestro sistema
Una vez hemos descargado el software, tendremos que conectar la tarjeta al USB de nuestro ordenador y comprobar que ha sido detectada correctamente, para ello usaremos este comando:
sudo dmesg | grep -i usbDeberemos de obtener algo similar a esto:
[ 1863.145571] usb 1-1.4: Product: proxmark3
[ 1863.145575] usb 1-1.4: Manufacturer: proxmark.org
[ 1863.145579] usb 1-1.4: SerialNumber: iceman__0XXXXXXXXXXX
[ 1863.169110] cdc_acm 1-1.4:1.0: ttyACM0: USB ACM deviceConfiguraremos los permisos necesarios:
make accessrightsY comprobaremos que podemos acceder a ttyACM0 correctamente:
[ -r /dev/ttyACM0 ] && [ -w /dev/ttyACM0 ] && echo okCompilamos el software
Es momento de acceder al repositorio descargado y compilar el software, para ello primero deberemos de revisar que tengamos estas dependencias instaladas:
apt-get install --no-install-recommends git ca-certificates build-essential pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev qtbase5-dev libbz2-dev liblz4-dev libbluetooth-dev libpython3-dev libssl-dev libgd-devAccedemos al repositorio:
cd proxmarkE iniciamos la compilación:
make clean && make -j
sudo make installResultado del make install
===================================================================
Version info: Iceman/master/v4.18994-249-gdc7649241
Platform name: Proxmark3 RDV4
PLATFORM: PM3RDV4
PLATFORM_FPGA: xc2s30
PLATFORM_SIZE: 512
Platform extras: No extra selected
Included options: SMARTCARD FLASH -DRDV4 LF HITAG EM4x50 EM4x70 ZX8211 GENERAL_HF ISO15693 LEGICRF ISO14443b ISO14443a ICLASS FELICA NFCBARCODE HFSNIFF HFPLOT COMPRESSION
Standalone mode: LF_SAMYRUN[*] MAKE client/installVersion info: Iceman/master/v4.18994-249-gdc7649241
Client platform: Linux
GUI support: QT5 found, enabled (Qt version 5.15.13 in /usr/lib/x86_64-linux-gnu)
native BT support: Bluez found, enabled
Jansson library: system library not found, using local library
Lua library: system library not found, using local library
Python3 library: Python3 v3.12 found, enabled
GD library: GD v2.3.3 found, enabled
Readline library: enabled
Whereami library: system library not found, using local library
Lua SWIG: wrapper found
Python SWIG: wrapper found
compiler version: cc (Ubuntu 13.2.0-23ubuntu4) 13.2.0
[=] CHECK src/version_pm3.c
[] MAKE deps/amiitool/libamiibo.a
make[2]: Nothing to be done for 'all'.
[] MAKE deps/cliparser/libcliparser.a
PLATFORM Linux
make[2]: Nothing to be done for 'all'.
[] MAKE deps/hardnested/libhardnested.a
make[2]: Nothing to be done for 'all'.
[] MAKE deps/id48/libid48.a
make[2]: Nothing to be done for 'all'.
[] MAKE deps/liblua/liblua.a for linux
make[3]: Nothing to be done for 'all'.
[] MAKE deps/jansson/libjansson.a
make[2]: Nothing to be done for 'all'.
[] MAKE obj/libmbedtls.a
make[2]: Nothing to be done for 'all'.
[] MAKE deps/reveng/libreveng.a
make[2]: Nothing to be done for 'all'.
[] MAKE deps/tinycbor/tinycbor.a
make[2]: Nothing to be done for 'all'.
[] MAKE deps/whereami/libwhereami.a
make[2]: Nothing to be done for 'all'.
[@] Installing client to /usr/local...
[] MAKE bootrom/install
compiler version: arm-none-eabi-gcc (15:13.2.rel1-2) 13.2.1 20231009
[=] CHECK version_pm3.c
[@] Installing bootrom to /usr/local...
[] MAKE fpga_compress/install
[] MAKE armsrc/install
compiler version: arm-none-eabi-gcc (15:13.2.rel1-2) 13.2.1 20231009
[-] CHECK version_pm3.c
[@] Installing fullimage to /usr/local...
[] MAKE recovery/install
[@] Installing recovery to /usr/local...
[] MAKE mfc_card_only/install
[@] Installing nonce2key staticnested_0nt staticnested_1nt staticnested_2nt staticnested_2x1nt_rf08s_1key staticnested_2x1nt_rf08s to /usr/local...
[] MAKE mfc_card_reader/install
[@] Installing mfkey32 mfkey32v2 mfkey32nested mfkey64 mf_nonce_brute mf_trace_brute to /usr/local...
[] MAKE mfd_aes_brute/install
[@] Installing brute_key mfd_aes_brute mfd_multi_brute to /usr/local...
[] MAKE cryptorf/install
[@] Installing cm sm sma sma_multi to /usr/local...
[@] Installing common resources to /usr/local...
Flashear el BOOTROM y la imagen completa (FULLIMAGE)
Ahora tendremos que flashear el BOOTROM con lo que hemos descargado, para ello usaremos el siguiente comando:
pm3-flash-allEsta sería la salida del comando:
[=] Session log /home/t3rr0rz0n3/.proxmark3/logs/log_20241011142258.txt
[+] About to use the following files:
[+] /usr/local/bin/../share/proxmark3/firmware/bootrom.elf
[+] /usr/local/bin/../share/proxmark3/firmware/fullimage.elf
[+] Loading ELF file /usr/local/bin/../share/proxmark3/firmware/bootrom.elf
[+] ELF file version Iceman/master/v4.18994-249-gdc7649241-suspect 2024-10-11 16:19:10 88c757715
[+] Loading ELF file /usr/local/bin/../share/proxmark3/firmware/fullimage.elf
[+] ELF file version Iceman/master/v4.18994-249-gdc7649241-suspect 2024-10-11 16:19:21 88c757715
[+] Waiting for Proxmark3 to appear on /dev/ttyACM0
🕑 59 found
[=] Available memory on this board: 512K bytes
[=] Permitted flash range: 0x00100000-0x00180000
[+] Loading usable ELF segments:
[+] 0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
[+] 1: V 0x00200000 P 0x00100200 (0x000014c0->0x000014c0) [R X] @0x298
[+] Loading usable ELF segments:
[+] 1: V 0x00102000 P 0x00102000 (0x00056e64->0x00056e64) [R X] @0xb8
[+] 2: V 0x00200000 P 0x00158e64 (0x00001ca5->0x00001ca5) [R X] @0x56f20
[=] Note: Extending previous segment from 0x56e64 to 0x58b09 bytes
[+] Flashing...
[+] Writing segments for file: /usr/local/bin/../share/proxmark3/firmware/bootrom.elf
[+] 0x00100000..0x001001ff [0x200 / 1 blocks]
. ok
[+] 0x00100200..0x001016bf [0x14c0 / 11 blocks]
........... ok
[+] Writing segments for file: /usr/local/bin/../share/proxmark3/firmware/fullimage.elf
[+] 0x00102000..0x0015ab08 [0x58b09 / 710 blocks]
...................................................................
@@@ @@@@@@@ @@@@@@@@ @@@@@@@@@@ @@@@@@ @@@ @@@
@@! !@@ @@! @@! @@! @@! @@! @@@ @@!@!@@@
!!@ !@! @!!!:! @!! !!@ @!@ @!@!@!@! @!@@!!@!
!!: :!! !!: !!: !!: !!: !!! !!: !!!
: :: :: : : :: ::: : : : : : :: :
. .. .. . . .. ... . . . . . .. .
...................................................................
...................................................................
...................................................................
...................................................................
...... ok
[+] All done
[=] Have a nice day!Posibles errores
Haciendo este tutorial, me he encontrado con un error que quizás podría ser interesante dejar documentado.
El error que me daba era el siguiente:
[+] Waiting for Proxmark3 to appear on /dev/ttyACM0
🕑 49 found
[!!] 🚨 ====================== OBS ! ===========================================
[!!] 🚨 Note: Your bootloader does not understand the new CMD_BL_VERSION command
[!!] 🚨 It is recommended that you first update your bootloader alone,
[!!] 🚨 reboot the Proxmark3 then only update the main firmwareError completo
[+] Waiting for Proxmark3 to appear on /dev/ttyACM0
🕑 49 found
[!!] 🚨 ====================== OBS ! ===========================================
[!!] 🚨 Note: Your bootloader does not understand the new CMD_BL_VERSION command
[!!] 🚨 It is recommended that you first update your bootloader alone,
[!!] 🚨 reboot the Proxmark3 then only update the main firmware
[!!] 🚨 ------------- Follow these steps -------------------
[!!] 🚨 1) ./pm3-flash-bootrom
[!!] 🚨 2) ./pm3-flash-fullimage
[!!] 🚨 3) ./pm3
[=] ---------------------------------------------------
[=] Available memory on this board: UNKNOWN
[!!] 🚨 ====================== OBS ! ======================================
[!!] 🚨 Note: Your bootloader does not understand the new CHIP_INFO command
[=] Permitted flash range: 0x00100000-0x00140000
[+] Loading usable ELF segments:
[+] 0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
[+] 1: V 0x00200000 P 0x00100200 (0x000014c0->0x000014c0) [R X] @0x298
[+] Loading usable ELF segments:
[+] 1: V 0x00102000 P 0x00102000 (0x00056e64->0x00056e64) [R X] @0xb8
[!!] 🚨 Error: PHDR is not contained in Flash
[!!] 🚨 Firmware is probably too big for your device
[!!] 🚨 See README.md for information on compiling for platforms with 256KB of flash memory
[!] ⚠️ The flashing procedure failed, follow the suggested steps!
Si durante el proceso de flasheo no se detecta correctamente Proxmark3, sobretodo si es la primera vez que hacemos esto, tendremos que forzar al dispositivo para cargar el arranque manualmente.
Para hacer esto, deberemos de desconectar el Proxmark3 del ordenador, pulsamos y mantenemos el botón pequeño que hay en un lateral mientas lo conectamos al puerto USB. En este momento, podemos soltar el botón y podremos observar que dos de los cuatro leds de colorines quedarán fijados. Ahora estamos con el bootloader arrancado por defecto y podemos volver a lanzar el comando:
pm3-flash-allAccedemos al cliente de Proxmark3
Una vez ha finalizado el proceso de flasheo, podremos acceder al cliente con el siguiente comando:
pm3Esto mostrará el siguiente contenido:
[=] Session log /home/t3rr0rz0n3/.proxmark3/logs/log_20241011142336.txt
[+] Using UART port /dev/ttyACM0
[+] Communicating with PM3 over USB-CDC
8888888b. 888b d888 .d8888b.
888 Y88b 8888b d8888 d88P Y88b
888 888 88888b.d88888 .d88P
888 d88P 888Y88888P888 8888"
8888888P" 888 Y888P 888 "Y8b.
888 888 Y8P 888 888 888
888 888 " 888 Y88b d88P
888 888 888 "Y8888P" [ ☕ ]
[ Join us: finance creative freedom! ]
Patreon - https://www.patreon.com/iceman1001/
Paypal - https://www.paypal.me/iceman1001/
[=] Creating initial preferences file
[+] Saved to json file `/home/t3rr0rz0n3/.proxmark3/preferences.json`
[ Proxmark3 RFID instrument ]
MCU....... AT91SAM7S512 Rev A
Memory.... 512 KB ( 71% used )
Client.... Iceman/master/v4.18994-249-gdc7649241 2024-10-11 16:19:16
Bootrom... Iceman/master/v4.18994-249-gdc7649241-suspect 2024-10-11 16:19:10
OS........ Iceman/master/v4.18994-249-gdc7649241-suspect 2024-10-11 16:19:21
Target.... device / fw mismatch
[=] No previous history could be loadedY a partir de aquí, ya podremos utilizar los comandos de Proxmark3. por ejemplo, si queremos detectar una tarjeta podemos usar hf search:
[usb] pm3 --> hf search
🕕 Searching for ISO14443-A tag...
[=] ---------- ISO14443-A Information ----------
[+] UID: 5A 6E E1 84 ( ONUID, re-used )
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[=]
[+] Prng detection....... weak
[?] Hint: try `hf mf` commands
[+] Valid ISO 14443-A tag foundEn otro tutorial veremos algunos comandos interesantes y miraremos de entender algunas respuestas que muestra el lector.
Más sobre ./voidNull
- 📖 Aprende todos sobre los comandos de GNU/Linux en nuestro Diccionario "De la A a la Z: Los comandos de GNU/Linux"
- 💪 ¡Forma parte de la Comunidad de ./voidNull!
- 🤖 Disfruta de todos nuestros Cursos sobre Ansible, Proxmox, Home Assistant entre otros.
- 📩 Mantente actualizado con lo último en GNU/Linux y Software Libre. Recibe nuestra Newsletter mensual.
Comentarios