I recently purchased a Proxmark3 clone from GeZhi Electronic. Being able to duplicate a proxcard is very cool, but the requirement to have almost direct contact between the card and the antenna is a less than desirable situation during a real world penetration test.
This project was inspired by “HID Reader + Arduino = RFID Card Catcher” (http://colligomentis.com/2012/05/16/hid-reader-arduino-rfid-card-catcher/) and “ProxClone – Long Range Reader / Cloner” (http://www.proxclone.com/Long_Range_Cloner.html), while being frustrated by both.
Following the instructions from the former will result in a failed project and a burnt out MicroSD card, while the latter doesn’t provide enough details to recreate it.
Here’s the overview, I’ll post a step-by-step later.
- HID 5375AGN00 MaxiProx (https://www.hidglobal.com/products/readers/hid-proximity/5375)
- 10pcs RFID 125KHz Writable Rewrite T5567 T5577 thick card (eBay)
- Proxmark3 (http://www.xfpga.com/html_products/proxmark3-20.html)
- Proxmark3 LF antenna (http://www.xfpga.com/html_products/proxmark3-lf-ant-22.html)
- Pro Micro – 3.3V/8MHz (https://www.sparkfun.com/products/10999)
- Breakout Board for microSD Transflash (https://www.sparkfun.com/products/544)
- Serial Enabled 16×2 LCD – White on Black 5V (https://www.sparkfun.com/products/9395)
- Breadboard Power Supply Stick 5V/3.3V (https://www.sparkfun.com/products/10804)
- JST Jumper 3 Wire Assembly (https://www.sparkfun.com/products/9915)
- Battery Holder – 4xAA Square x3 (https://www.sparkfun.com/products/552)
- Breadboard – Mini Modular x3 (https://www.sparkfun.com/products/11662)
- Break Away Headers – Straight (https://www.sparkfun.com/products/116)
- 192.57 from eBay
- 13.99 from eBay
BAT: Battery – 12 volts worth
HID: HID 5375AGN00 MaxiProx
LCD: Serial Enabled 16×2 LCD
PM: Pro Micro 3.3V/8MHz
PS: Breadboard Power Supply Stick 5V
SD: Breakout Board for microSD
BAT+ <> HID TB1-1 (+DC/RED)
BAT- <> HID TB1-3 (GND/BLK)
PM Pin 2 <> HID TB2-1 (DATA0/GREEN)
PM Pin 3 <> HID TB2-2 (DATA1/WHITE)
PM RAW <> PS 5+
PM GND <> PS GND
SD CS <> PM Pin 10
SD DI <> PM Pin 16
SD VCC <> PM VCC
SD SCK <> PM Pin 15
SD GND <> PM GND
SD DO <> PM Pin 14
LCD RX <> PM Pin 4
LCD 5V <> PS 5V+
LCD GND <> PS GND
I am still having tuning issues with the antenna and can only get about a 1-foot range.
The following pictures are from a bench power supply with a prototype breadboard.
Waiting for a card…