Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi,
Anybody has an idea how doing a relay attack with 2 proxmark plugged on the same machine ?
Does it seem to be feasible ?
I looked up inspiration in "A Practical Relay Attack on ISO 14443 Proximity Cards".
Thanks.
Offline
Currently the communication framework does not really makes it easy to control two readers at the same time.
In the future, with a different communication framework, this problem can be solved. In the mean time, you may be interested in the relay example of libnfc.
If you replace the tag-emulator feature by a Proxmark, you may get rid of the timing problems that some systems require.
Offline
I can't see why it shouldn't work and actually should be relatively simple. I've got access to two PM3 so would be happy to test/collaborate on that.
BTW, I've also implemented MITM in RFIDIOt using the Tikitag readers, which uses the 'automatic' emulation facilities built into the PN532 chip if you're looking for a quick solution, but it has limits as the emulator won't allow full emulation of UID unless it happens to start with '08'. Timing is also an issue as per Roel's version.
Offline
Hi Roel, Hi Adam,
It is really cool you both answer because I follow your 2 work with a lot of attention.
First, with libnfc-svn, I tested the relay exemple but I think I have the same problem : the Timing. After the first SEL and the RATS command, when the relaying is done between 2 Touchatag (ACR122U102 Rev 1.4), if I try to SEL a Mifare 1k with my Omnikey 5553, the result is I only see the REQA but never the ATQ of the card.
On a documentation I find the possibility to change a parameter in the register of the reader named "SEL Time Iso 14443A", that I increase from 10ms to 255ms, but unsuccessfully. Do you think it is the good parameter ? Do you think 255ms is not enough ? What the difference with the Omnikey 5121 ?
Secondly, with RFIDIOt and the same hardware when I do "./pn532mitm -r 0 1", I pass the emulator activation and stand by on "Waiting APDU Command" ; if I try a LOGIN, the result is : session end: Emulator released by Initiator. What's wrong ?
Thank you for yours answers.
Special thank to Adam for your conf at Hack.lu 2008 : I was present and really satisfied.
Offline
The pn532mitm.py command currently doesn't work with Mifare cards. Try it with a smartcard like a Passport or ID card...
I'm also playing with libnfc which uses a completely different (lower level) method for relaying to try and understand the timing issues, so I'll let you know if I get anywhere.
Offline
The pn532mitm.py command currently doesn't work with Mifare cards. Try it with a smartcard like a Passport or ID card...
I'm also playing with libnfc which uses a completely different (lower level) method for relaying to try and understand the timing issues, so I'll let you know if I get anywhere.
Have you thought about implementing it soon mifare card?
would be a great idea
Regards
Offline
Pages: 1