mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2026-06-07 00:11:46 +00:00
pingu2211
2.0 KiB
2.0 KiB
HF_BOG — 14A Sniffer with ULC/ULEV1/NTAG Auth Capture
Author: Bogito Frequency: HF (13.56 MHz) Hardware: RDV4 (requires flash memory)
Back to Standalone Modes Index | Source Code | Development Guide
What
An enhanced ISO14443A sniffer that specifically extracts and stores ULC, ULEV1, and NTAG authentication passwords from sniffed traffic.
Why
Many MIFARE Ultralight deployments use password authentication (PWD_AUTH) to protect data. By sniffing the communication between a legitimate reader and card, you capture the authentication passwords in plaintext. This is more targeted than generic sniffing — it automatically extracts and logs just the passwords.
How
- Passively sniffs ISO14443A traffic
- Parses captured frames looking for authentication commands (PWD_AUTH, 3DES AUTH for ULC)
- Extracts up to 64 authentication attempts per session
- Saves extracted passwords to
hf_bog.logon flash
LED Indicators
| LED | Meaning |
|---|---|
| A (solid) | Sniffing activity |
Button Controls
| Action | Effect |
|---|---|
| Short press | Stop sniffing, save auth data to flash |
State Machine
stateDiagram-v2
[*] --> Sniffing : Startup
Sniffing --> Sniffing : Parse frames\nExtract auth attempts
Sniffing --> SaveAuth : Button press
SaveAuth --> [*] : Saved to hf_bog.log\n(up to 64 auth attempts)
Flash Storage
- Log file:
hf_bog.log - Stores extracted authentication passwords/keys
- Up to 64 auth attempts per session
Compilation
make clean
make STANDALONE=HF_BOG -j
./pm3-flash-fullimage
Related
- 14A Sniffer — Generic 14A sniffer (captures all frames)
- Aveful UL Reader — Read and emulate UL cards
- UL-C/UL-AES Unlocker — Unlock password-protected UL cards