HF_CRAFTBYTE — ISO14443A UID Stealer/Emulator

Author: Anze Jensterle Frequency: HF (13.56 MHz) Hardware: Generic Proxmark3

Back to Standalone Modes Index | Source Code | Development Guide

What

Continuously scans for ISO14443A cards, captures their UIDs, and emulates them. Auto-detects card type (MFC 1K/4K, MIFARE Ultralight, DESFire).

Why

Many access control systems rely primarily (or solely) on the UID of an NFC card for identification, without performing proper cryptographic authentication. CraftByte exploits this by capturing and replaying UIDs — demonstrating that UID-based access control is trivially defeated.

How

READ: Performs ISO14443A anticollision to read the card's UID, ATQA, and SAK
EMULATE: Uses the captured UID to emulate the card at a reader

The mode detects the card type from ATQA/SAK and configures emulation accordingly.

LED Indicators

LED	Meaning
Minimal LED usage	Focus on read/emulate cycle

Button Controls

Action	Effect
Hold 1000ms	Cycle: READ → EMULATE, or exit if held continuously
USB command	Exit standalone mode

State Machine

stateDiagram-v2
    [*] --> READ : Startup

    READ --> EMULATE : UID captured\n(button hold)
    EMULATE --> READ : Button hold\n(scan new card)
    
    READ --> READ : Scanning...
    EMULATE --> EMULATE : Emulating...

    READ --> [*] : Long hold / USB data
    EMULATE --> [*] : Long hold / USB data

Compilation

make clean
make STANDALONE=HF_CRAFTBYTE -j
./pm3-flash-fullimage

Aveful UL Reader — Full UL read/emulate (not just UID)
MattyRun MFC Clone — Full MFC attack (keys + data)
Young MFC Sniff/Sim — MFC UID capture with 2-bank storage

2.0 KiB Raw Blame History