This project is the result of a seminal work. It can perform basic authentification relay attack if DESFire EV1 is used.
You need:
- Proxmark3 (i was using proxmark3 easy (40 €))
- Some Arduino board (i was using WeMos D1 mini) & PN532.
- Windows computer to run a simple console application.
For updating code on proxmark, I was using Gator96100 ProxSpace.
https://github.com/Gator96100/ProxSpace/releases
(ProxSpace v3.5 ... ProxSpace-64.7z)
To install C read README.md file.
When ProxSpece environment is set. Copy content of the proxmark3.zip to /pm3 Inside proxmark3.zip file is Iceman Proxmark3 v4.9237 (https://github.com/RfidResearchGroup/proxmark3/releases/tag/v4.9237) + some changes.
To compile and install code on proxmark you need to know 2 commands:
make clean && make all
./pm3-flash-fullimage COM16
(or pm3-flash-all <COM PORT>
first time to upload bootrom)
To run proxmark console:
./client/proxmark3.exe COM16
What is new:
-
hf 14a simx
This cmd is used to simulate DESFire EV1 card. -
hf 14a sniffx
it shows you live packets.
Code was mostly added in to those two files:
- pm3/proxmark3/armsrc/iso14443a.c
- pm3/proxmark3/client/src/cmdhf14a.c
In console application, you will need to change COM ports & path to proxmark3.exe.
In Arduino code you will need to change DESFire application address.
Sorry for ugly code.