官方的指南:
https://github.com/Proxmark/proxmark3/wiki/Ubuntu-Linux
我的系統是 ubuntu 18.04 x64
1)安裝工具,編譯器等
sudo apt install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi libstdc++-arm-none-eabi-newlib libpcsclite-dev pcscd
2)獲取源代碼
git clone https://github.com/proxmark/proxmark3.git
cd proxmark3
git pull
3)安裝linux的usb規則
sudo cp -rf driver/77-mm-usb-device-blacklist.rules /etc/udev/rules.d/77-mm-usb-device-blacklist.rules
sudo udevadm control --reload-rules
4)把用戶加入到 dialout 組,並且註銷重新進入確保成功
sudo adduser $USER dialout
5)編譯
make clean && make all
6)插入 proxmark3
dmesg | grep -i usb
[95101.025870] usb 3-4: new full-speed USB device number 2 using xhci_hcd
[95101.845904] usb 3-4: device descriptor read/64, error -71
[95112.550785] usb 3-4: New USB device found, idVendor=2d2d, idProduct=504d, bcdDevice= 0.01
[95112.550788] usb 3-4: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[95112.550790] usb 3-4: Product: PM3
[95112.550792] usb 3-4: Manufacturer: proxmark.org
[95112.646926] cdc_acm 3-4:1.0: ttyACM0: USB ACM device
這是新版的 cdc 驅動,也就是模擬串口,對應的設備是 /dev/ttyACM0
7)燒錄鏡像(可選)
最開始使用的 libusb 的 HID 驅動,後來改了 CDC 虛擬串口驅動,但已經有好幾年時間了。
所以這裏不介紹老的HID驅動,可以自己去官方wifi看。
這裏介紹 CDC 驅動
如果中途退出了,別怕,只要bootrom還在,就可以重新燒錄
按着板上的按鍵不放,重新插拔usb,則強制進入升級模式,不要鬆開按鍵,一直按着
執行升級命令,直到升級完成才鬆手。
升級很快,10秒就完成,如果失敗了,可以按照這個步驟重新做。
1,燒錄 bootrom,!!!!!! 沒有必要,不要隨便燒bootrom,可能變磚 !!!!!!!!!!
變磚了只能用jtag來重新燒錄了,不過好在有JTAG接口,也不是難事。
首先需要強制進入升級模式,方法是:按着板上的按鍵不放,重新插拔usb,按鍵不要送收,運行命令
$ client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf
Loading ELF file 'bootrom/obj/bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00000cd4->0x00000cd4) [R X] @0x298
Waiting for Proxmark to appear on /dev/ttyACM0 ......
Found.
Flashing...
Writing segments for file: bootrom/obj/bootrom.elf
0x00100000..0x001001ff [0x200 / 1 blocks]. OK
0x00100200..0x00100ed3 [0xcd4 / 7 blocks]....... OK
Resetting hardware...
All done.
Have a nice day!
2,燒錄單片機和FPGA固件
$ client/flasher /dev/ttyACM0 armsrc/obj/fullimage.elf
Loading ELF file 'armsrc/obj/fullimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x00030250->0x00030250) [R X] @0x94
1: V 0x00200000 P 0x00132250 (0x00001238->0x00001238) [RW ] @0x302e4
Note: Extending previous segment from 0x30250 to 0x31488 bytes
Waiting for Proxmark to appear on /dev/ttyACM0 ...............
Found.
Flashing...
Writing segments for file: armsrc/obj/fullimage.elf
0x00102000..0x00133487 [0x31488 / 395 blocks]........................................................................................................................................................................................................................................................................................................................................................................................................... OK
Resetting hardware...
All done.
Have a nice day!
8)使用
運行客戶端軟件:運行硬件的一些信息
$ client/proxmark3 /dev/ttyACM0
Prox/RFID mark3 RFID instrument
bootrom: master/v3.1.0-197-gebf1404-suspect 2020-06-29 02:15:00
os: master/v3.1.0-197-gebf1404-suspect 2020-06-29 02:15:01
fpga_lf.bit built for 2s30vq100 on 2019/11/21 at 09:02:37
fpga_hf.bit built for 2s30vq100 on 2020/03/05 at 19:09:39
SmartCard Slot: not available
uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 210055 bytes (80%). Free: 52089 bytes (20%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
簡單的使用 :
運行客戶端,連接上的話顯示版本信息,CPU信息等
$ client/proxmark3 /dev/ttyACM0
Prox/RFID mark3 RFID instrument
bootrom: master/v3.1.0-197-gebf1404-suspect 2020-06-29 02:15:00
os: master/v3.1.0-197-gebf1404-suspect 2020-06-29 02:15:01
fpga_lf.bit built for 2s30vq100 on 2019/11/21 at 09:02:37
fpga_hf.bit built for 2s30vq100 on 2020/03/05 at 19:09:39
SmartCard Slot: not available
uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 210055 bytes (80%). Free: 52089 bytes (20%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3>
例如一些命令
1)系統命令,獲取狀態,版本等
proxmark3>hw status
proxmark3>hw version
proxmark3>hw tune
proxmark3>quit
2)讀取iso14443a 卡的信息,這裏是 m1卡
proxmark3> hf 14a info
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
UID : 6f 91 aa e9
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
#db# ISO14443A Timeout set to 1060 (10ms)
No chinese magic backdoor command detected
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
Prng detection: WEAK
proxmark3>
3)模擬作爲一張M1卡,uid=12345678 ,可以放到讀卡器上面讀取。
proxmark3> hf mf sim u 12345678
mf sim cardsize: 1K, uid: 12 34 56 78, numreads:0, flags:2 (0x02)
#db# 4B UID: 12345678
#db# SAK: 08
#db# ATQA: 00 04
#db# ISO14443A Timeout set to 1060 (10ms)
proxmark3>