Difference between revisions of "Proxmark3 RDV4"
Jostrowski (talk | contribs) |
Jostrowski (talk | contribs) (Antennas) |
||
| Line 1: | Line 1: | ||
== Summary == | == Summary == | ||
[[File:Prox no case size.jpg|thumb|500px|Proxmark3 RDV4]] | |||
The Proxmark is an RFID swiss-army tool, allowing for both high and low-level interactions with the vast majority of RFID/NFC tags and systems worldwide (proxmark.com). | The Proxmark is an RFID swiss-army tool, allowing for both high and low-level interactions with the vast majority of RFID/NFC tags and systems worldwide (proxmark.com). | ||
The Proxmark3 Dev Kit 4 (RDV4) is more compact and portable than the older versions and brings various improvements to the open-source design. Antennas are highly customizable and there is a new multifunction multiplexing interface to support additional components such as external battery, external active high powered antenna, Bluetooth interfaces and SIM/Smart card reader (hackerwarehouse.com). | The Proxmark3 Dev Kit 4 (RDV4) is more compact and portable than the older versions and brings various improvements to the open-source design. Antennas are highly customizable and there is a new multifunction multiplexing interface to support additional components such as external battery, external active high powered antenna, Bluetooth interfaces and SIM/Smart card reader (hackerwarehouse.com). | ||
This write-up concentrates on the improvements of the RDV4 over the RDV2 and will not cover the basic operations. For more, please visit [[Proxmark3: Useful commands]] or [[Proxmark3: FH-Campus Card NFC Security Valuation]] | |||
== Requirements == | == Requirements == | ||
| Line 21: | Line 25: | ||
To enable this feature you need to install the newest RfidResearchGroup/proxmark3 repo and enable the Bluetooth setting in the makefile: please follow the instructions at [https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/bt_manual_v10.md Blue Shark Installation] | To enable this feature you need to install the newest RfidResearchGroup/proxmark3 repo and enable the Bluetooth setting in the makefile: please follow the instructions at [https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/bt_manual_v10.md Blue Shark Installation] | ||
== Smart Card | == Smart Card == | ||
== Antennas == | |||
The Proxmark3 RDV4 optionally ships with high-frequency (hf) and low-frequency (lf) antenna kits. They include a medium and long-range antenna. The following will show the differences between them. | |||
=== High-Frequecy Antenna Kit === | |||
The hf-antenna kit comes with two antennas that are advertised as medium- and long-range antennas. The store [https://lab401.com/products/proxmark-3-rdv4-long-range-hf-antenna-1 lab401] says the range of the default antenna is about 40-85mm, medium-range antenna about 90mm, and the long-range has a reach of 100-120mm. A small test of mine concludes that this statement is only partially true. | |||
<div><ul> | |||
<li style="display: inline-block;"> [[File:Prox hf normal.jpg|thumb|none|x300px|Default HF-Antenna]] </li> | |||
<li style="display: inline-block;"> [[File:Prox hf med.jpg|thumb|none|x300px|Medium-Range HF-Antenna]] </li> | |||
<li style="display: inline-block;"> [[File:Prox hf long.jpg|thumb|none|x300px|Long-Range HF-Antenna]] </li> | |||
</ul></div> | |||
I tested the range of 4 different cards: | |||
* Card 1: HF-Card shiped with the RDV4: NXP MIFARE CLASSIC 1k Gen1A S50 | |||
* Card 2: Student-Card: NXP MIFARE DESFire 4k | |||
* Card 3: Portugal, Proto MetroCard: Ultralight EV1 48bytes (MF0UL1101) | |||
* Card 4: SkiData Card: EM-Marin SA (Skidata); EM4233 | |||
(!) denotes that the readings were inconsistent: | |||
The card only got recognized from time to time | |||
(!!) denotes that the readings were '''very''' inconsistent: | |||
Only if lucky the card got recognized | |||
/ denotes that the card got not read at all | |||
{| class="wikitable" | |||
|- | |||
! scope="col" | Card | |||
! scope="col" | Default-Antenna | |||
! scope="col" | Medium-Range Antenna | |||
! scope="col" | Long-Range Antenna | |||
|- | |||
! scope="row" | Shipped HF-Card | |||
| 8 cm | |||
| (!!) 0 cm | |||
| (!!) 2 cm | |||
|- | |||
! scope="row" | Student-Card | |||
| 5 cm | |||
| (!) 0 cm | |||
| (!) 7 cm | |||
|- | |||
! scope="row" | Metro-Card | |||
| 8 cm | |||
| / | |||
| (!) 11 cm | |||
|- | |||
! scope="row" | SkiData-Card | |||
| 7 cm | |||
| 7 cm | |||
| 11 cm | |||
|} | |||
The results show that the antenna reach depends heavily on the card trying to read. The most consistent results came from the default-antenna that ships with the RDV4. As shown, the optional antennas did cope with the NXP Mifare cards very poorly but show improvements for the SkiData card. | |||
=== Low-Frequency Antenna Kit === | |||
Sadly I do not have any lf-cards on hand and could not test the range of the given antennas. | |||
The lf-antenna kit comes with two antennas that are advertised as medium- and long-range antennas. The store [https://lab401.com/products/proxmark-3-rdv4-01-long-range-lf-antenna-pack lab401] says the range of the default antenna is about 66 - 72mm, medium-range antenna about 90mm, and the long-range has a reach of 110 - 133mm. But as shown above for the hf-antenna this depends heavily on the lf-card itself. | |||
<div><ul> | |||
<li style="display: inline-block;"> [[File:Prox lf med.jpg|thumb|none|x300px|Medium-Range LF-Antenna]] </li> | |||
<li style="display: inline-block;"> [[File:Prox lf long.jpg|thumb|none|x300px|Long-Range LF-Antenna]] </li> | |||
<li style="display: inline-block;"> [[File:Prox lf switch.jpg|thumb|none|300px|LF-Antenna Switch]] </li> | |||
</ul></div> | |||
The optional antennas come with 2 switches: (source: [https://lab401.com/products/proxmark-3-rdv4-01-long-range-lf-antenna-pack lab401]) | |||
; Q-Switch | |||
: The Q-Switch has two settings: 14 (Extended Range) and 7 (Extended Accuracy). | |||
:: Q-Switch setting of 14 will give up to 30% further read range (on lf search / lf hid read etc commands). | |||
:: Q-Switch setting of 7 will give better writing performance on T55XX and EM410XX tags. | |||
; Frequency Switch | |||
: The frequency switch allows for tuning to specific tag types: 125KHz or 134KHz. | |||
== Used Hardware == | == Used Hardware == | ||
| Line 39: | Line 121: | ||
== References == | == References == | ||
* proxmark.com | * https://www.proxmark.com | ||
* hackerwarehouse.com | * https://www.hackerwarehouse.com | ||
* https://www.lab401.com | |||
* https://github.com/RfidResearchGroup/proxmark3 | |||
[[Category:Documentation]] | [[Category:Documentation]] | ||
Revision as of 21:05, 28 January 2020
Summary
The Proxmark is an RFID swiss-army tool, allowing for both high and low-level interactions with the vast majority of RFID/NFC tags and systems worldwide (proxmark.com).
The Proxmark3 Dev Kit 4 (RDV4) is more compact and portable than the older versions and brings various improvements to the open-source design. Antennas are highly customizable and there is a new multifunction multiplexing interface to support additional components such as external battery, external active high powered antenna, Bluetooth interfaces and SIM/Smart card reader (hackerwarehouse.com).
This write-up concentrates on the improvements of the RDV4 over the RDV2 and will not cover the basic operations. For more, please visit Proxmark3: Useful commands or Proxmark3: FH-Campus Card NFC Security Valuation
Requirements
- Proxmark3 RDV4
To use the Bluetooth module & for new features of the RDV4 use the new new repository
Setting-up & compiling are explained in the original documentation
For a quick introduction to the default commands please visit: Proxmark3: Useful commands
Bluetooth Module
With the Blue-Shark Module it is now possible to wirelessly communicate with the Proxmark RDV4!
To enable this feature you need to install the newest RfidResearchGroup/proxmark3 repo and enable the Bluetooth setting in the makefile: please follow the instructions at Blue Shark Installation
Smart Card
Antennas
The Proxmark3 RDV4 optionally ships with high-frequency (hf) and low-frequency (lf) antenna kits. They include a medium and long-range antenna. The following will show the differences between them.
High-Frequecy Antenna Kit
The hf-antenna kit comes with two antennas that are advertised as medium- and long-range antennas. The store lab401 says the range of the default antenna is about 40-85mm, medium-range antenna about 90mm, and the long-range has a reach of 100-120mm. A small test of mine concludes that this statement is only partially true.
I tested the range of 4 different cards:
- Card 1: HF-Card shiped with the RDV4: NXP MIFARE CLASSIC 1k Gen1A S50
- Card 2: Student-Card: NXP MIFARE DESFire 4k
- Card 3: Portugal, Proto MetroCard: Ultralight EV1 48bytes (MF0UL1101)
- Card 4: SkiData Card: EM-Marin SA (Skidata); EM4233
(!) denotes that the readings were inconsistent:
The card only got recognized from time to time
(!!) denotes that the readings were very inconsistent:
Only if lucky the card got recognized
/ denotes that the card got not read at all
| Card | Default-Antenna | Medium-Range Antenna | Long-Range Antenna |
|---|---|---|---|
| Shipped HF-Card | 8 cm | (!!) 0 cm | (!!) 2 cm |
| Student-Card | 5 cm | (!) 0 cm | (!) 7 cm |
| Metro-Card | 8 cm | / | (!) 11 cm |
| SkiData-Card | 7 cm | 7 cm | 11 cm |
The results show that the antenna reach depends heavily on the card trying to read. The most consistent results came from the default-antenna that ships with the RDV4. As shown, the optional antennas did cope with the NXP Mifare cards very poorly but show improvements for the SkiData card.
Low-Frequency Antenna Kit
Sadly I do not have any lf-cards on hand and could not test the range of the given antennas.
The lf-antenna kit comes with two antennas that are advertised as medium- and long-range antennas. The store lab401 says the range of the default antenna is about 66 - 72mm, medium-range antenna about 90mm, and the long-range has a reach of 110 - 133mm. But as shown above for the hf-antenna this depends heavily on the lf-card itself.
The optional antennas come with 2 switches: (source: lab401)
- Q-Switch
- The Q-Switch has two settings: 14 (Extended Range) and 7 (Extended Accuracy).
- Q-Switch setting of 14 will give up to 30% further read range (on lf search / lf hid read etc commands).
- Q-Switch setting of 7 will give better writing performance on T55XX and EM410XX tags.
- Frequency Switch
- The frequency switch allows for tuning to specific tag types: 125KHz or 134KHz.
Used Hardware
Proxmark3 RDV4.0 BT & Battery Addon Blue Shark