Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-01-19 23:53:01

jsark983
Contributor
Registered: 2020-01-17
Posts: 4

"lf hid watch" vs "lf search" for active sniffing

Hello!

I know based on a previous post by someone here that "lf search" can be tuned to sniff constantly for a valid card, and then stop once it reads the first one it can.

While "lf hid watch" is super useful, I fear using this during a pen test due to the fact that I may accidentally pick up a few badges given range of antenna, proximity of people, etc., and then have to determine which of those cards is the one I actually need.

My question is this: with either of those two commands, where do I need to modify the firmware to then re-flash it for this functionality? I have searched here but can't find the location to do so.

Thanks!

Last edited by jsark983 (2020-01-19 23:53:46)

Offline

#2 2020-04-18 15:34:18

adameng
Contributor
Registered: 2020-04-15
Posts: 20

Re: "lf hid watch" vs "lf search" for active sniffing

jsark983 wrote:

Hello!

I know based on a previous post by someone here that "lf search" can be tuned to sniff constantly for a valid card, and then stop once it reads the first one it can.

While "lf hid watch" is super useful, I fear using this during a pen test due to the fact that I may accidentally pick up a few badges given range of antenna, proximity of people, etc., and then have to determine which of those cards is the one I actually need.

My question is this: with either of those two commands, where do I need to modify the firmware to then re-flash it for this functionality? I have searched here but can't find the location to do so.

Thanks!

did you manage to make any progress with the lf search request which runs constantly ?

Offline

#3 2020-04-18 16:08:13

jsark983
Contributor
Registered: 2020-01-17
Posts: 4

Re: "lf hid watch" vs "lf search" for active sniffing

No unfortunately not. Any help is appreciated!

Offline

#4 2020-04-18 17:08:08

adameng
Contributor
Registered: 2020-04-15
Posts: 20

Re: "lf hid watch" vs "lf search" for active sniffing

ok will try to write something, also looking for a way

Offline

#5 2020-04-18 18:34:29

app_o1
Contributor
Registered: 2013-06-22
Posts: 247

Re: "lf hid watch" vs "lf search" for active sniffing

"lf search" if you are random-reading HID Prox cards in the field of your antenna will decode them as HID Prox.
That the exact same thing as doing a "lf hid fskdemod"/"lf hid demod"/"lf hid watch"
=

d18c7db wrote:

FSK demodulation and manchester decoding of the waveform to return the tag ID as a hex number

(see #p237)

With one difference being that "lf search" will stop after finding ANY LF card in the field.

But, in case you are not talking about HID Prox's.

My question is this: with either of those two commands, where do I need to modify the firmware to then re-flash it for this functionality?

For what functionality?
It already exists.

those cards is the one I actually need

You just need to know what card you need exactly and use the correct command instead of shooting in the dark with "lf search"

What card are you "working" with? There is most likely already an existing command for continuous reading..

Last edited by app_o1 (2020-04-18 18:37:49)

Offline

Board footer

Powered by FluxBB