dandri/proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2026-03-29 08:29:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
proxmark3/doc/standalone/hf_young.md

2.8 KiB
Raw Permalink Blame History

HF_YOUNG — MIFARE Classic Sniffer/Simulator (2-Bank)

Author: Craig Young Frequency: HF (13.56 MHz) Hardware: Generic Proxmark3

Back to Standalone Modes Index | Source Code | Development Guide

What

Sniffs MIFARE Classic 1K communications between a reader and card, then simulates or clones the captured data. Features two memory banks for storing different card captures.

Why

MIFARE Classic is the most widely deployed contactless smart card. This mode enables field-based capture of reader-card transactions followed by immediate simulation or cloning — useful for testing access control systems and understanding their authentication sequences without needing a laptop.

How

  1. RECORD: Places the Proxmark3 in sniffer mode to capture ISO 14443A / MIFARE Classic communications. The captured UID, ATQA, SAK, and key data are stored in the selected bank.
  2. PLAY: Emulates a MIFARE Classic card using the captured UID and data, responding to reader authentication requests.
  3. CLONE: Writes captured data to a "magic" Gen1a MIFARE Classic card (one with a writable Block 0).

Each of the two banks can independently store a captured card's data.

LED Indicators

LED Meaning
A (solid) Bank 0 selected
B (solid) Bank 1 selected
C (solid) RECORD mode
D (solid) PLAY (simulate) mode
C+D (solid) CLONE mode
A-D (blink) Activity

Button Controls

Action Effect
Single click Advance state: RECORD → PLAY → CLONE → RECORD
Long hold Switch between Bank 0 and Bank 1

State Machine

stateDiagram-v2
    [*] --> Bank0_RECORD : Startup

    state Bank0 {
        Bank0_RECORD --> Bank0_PLAY : Click
        Bank0_PLAY --> Bank0_CLONE : Click
        Bank0_CLONE --> Bank0_RECORD : Click
    }

    state Bank1 {
        Bank1_RECORD --> Bank1_PLAY : Click
        Bank1_PLAY --> Bank1_CLONE : Click
        Bank1_CLONE --> Bank1_RECORD : Click
    }

    Bank0_RECORD --> Bank1_RECORD : Long hold
    Bank0_PLAY --> Bank1_PLAY : Long hold
    Bank0_CLONE --> Bank1_CLONE : Long hold
    Bank1_RECORD --> Bank0_RECORD : Long hold
    Bank1_PLAY --> Bank0_PLAY : Long hold
    Bank1_CLONE --> Bank0_CLONE : Long hold

    Bank0_RECORD --> [*] : USB connection
    Bank1_RECORD --> [*] : USB connection

Compilation

make clean
make STANDALONE=HF_YOUNG -j
./pm3-flash-fullimage

Related

Reference in New Issue View Git Blame Copy Permalink