Proxmark3: Debricking

From Embedded Lab Vienna for IoT & Security
Revision as of 15:45, 2 December 2019 by Jostrowski (talk | contribs)
Jump to navigation Jump to search

Summary

Description on how to debrick the Proxmark3 using a Bus Pirate. This tutorial is based on https://scund00r.com/all/rfid/2018/05/18/debrick-proxmark.html

Requirements

  • Proxmark3
  • Bus Pirate v3 (or higher)
  • Linux: Debian

Description

Update the Bus Pirate
you can use following guide: Bus Pirate: First steps
Get the latest Proxmark3 repository & build
git clone https://github.com/Proxmark/proxmark3.git
cd proxmark3
install needed components:
sudo apt install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi libstdc++-arm-none-eabi-newlib libpcsclite-dev pcscd
make clean && make all
Install proxmark3 driver:
sudo cp -rf driver/77-mm-usb-device-blacklist.rules /etc/udev/rules.d/77-mm-usb-device-blacklist.rules
sudo udevadm control --reload-rules
Add user
sudo adduser $USER dialout
Now logout and login in again
Install OpenOCD
sudo apt-get install openocd
Connect the Proxmark3 to the Bus Pirate
use this pin configuration:
Proxmark3 Bus Pirate
TMS CS
TDI MOSI
TDO MISO
TCK CLK
GND GND
3.3V 3.3V
Flashing
check on with Port the Bus Pirate is connected:
ls /dev/tty*
Set OpenOCD config
nano tools/at91sam7s512-buspirate.cfg
# Interface
interface buspirate
buspirate_port /dev/ttyUSB0
adapter_khz 1000
Launch OpenOCD
sudo openocd -f tools/at91sam7s512-buspirate.cfg
Start OpenOCD
Launch OpenOCD
sudo openocd -f tools/at91sam7s512-buspirate.cfg
:~/git/proxmark3$ sudo openocd -f tools/at91sam7s512-buspirate.cfg
[sudo] password for j:               
Open On-Chip Debugger 0.10.0-rc1-dev-gc404ff5d-dirty (2019-11-11-15:43)
Licensed under GNU GPL v2
For bug reports, read
   http://openocd.org/doc/doxygen/bugs.html
Warn : Adapter driver 'buspirate' did not declare which transports it allows; assuming  legacy JTAG-only 
Info : only one  transport option; autoselect 'jtag' 
adapter speed: 1 000 kHz 
srst_only srst_p ulls_tr st srst_gates_jtag srst_open_drain connect_deassert_srst 
Info : Buspirate  Interf ace ready! 
Info : This adap ter doe sn't suppo rt configurable speed 
Info : JTAG tap:  sam7x. cpu tap/de vice found: 0x3f0f0f0f (mfg: 0x787 (<unknown>), part:  0xf0f0, ver: 0x3 ) 
Info : Embedded ICE version 1 
Info : sam7x.cpu: hardware has 2 breakpoint/watchpoint units
Info : accepting 'telnet' connection on tcp/4444
Open a new terminal window
and type: telnet localhost 4444
j@laptop:~/git/proxmark3$ telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
>
Halt the Proxmark3
halt
Erase the flash content:
flash erase_sector 0 0 15
flash erase_sector 1 0 15</code
Flash the new firmware:
flash write_image ./armsrc/obj/fullimage.elf
This will take a while (about 6 minutes)
flash write_image ./bootrom/obj/bootrom.elf


Used Hardware

Proxmark3 RDV2 Kit Bus Pirate v3.6 Universal serial interface

References
Retrieved from "https://wiki.elvis.science/index.php?title=Proxmark3:_Debricking&oldid=2343"