Skip to content

commands

Jump to bottom
holiman edited this page Mar 26, 2014 · 25 revisions

Proxmark3 command dump

Some commands are available only if a Proxmark is actually connected, Those commands are flagged with "@" in front of their description.

  • help This help. Use ' help' for details of a particular command.
  • data { Plot window / data buffer manipulation... }
    • data help This help
    • data amp Amplify peaks
    • data askdemod <0|1> -- Attempt to demodulate simple ASK tags
    • data autocorr -- Autocorrelation over window
    • data bitsamples @ Get raw samples as bitstring
    • data bitstream [clock rate] -- Convert waveform into a bitstream
    • data buffclear Clear sample buffer and graph window
    • data dec Decimate samples
    • data detectclock Detect clock rate
    • data fskdemod Demodulate graph window as a HID FSK
    • data grid -- overlay grid on graph window, use zero value to turn off either
    • data hexsamples @ [] -- Dump big buffer as hex bytes
    • data hide Hide graph window
    • data hpf Remove DC offset from trace
    • data load -- Load trace (to graph window
    • data ltrim -- Trim samples from left of trace
    • data mandemod [i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)
    • data manmod [clock rate] -- Manchester modulate a binary stream
    • data norm Normalize max/min to +/-500
    • data plot Show graph window (hit 'h' in window for keystroke help)
    • data samples @ [512 - 40000] -- Get raw samples for graph window
    • data save -- Save trace (from graph window)
    • data scale -- Set cursor display scale
    • data threshold -- Maximize/minimize every value in the graph window depending on threshold
    • data zerocrossings Count time between zero-crossings
  • hf { HF commands... }
    • hf help This help
    • hf 14a { ISO14443A RFIDs... }
      • hf 14a help This help
      • hf 14a list @ List ISO 14443a history
      • hf 14a reader @ Act like an ISO14443 Type A reader
      • hf 14a cuids @ Collect n>0 ISO14443 Type A UIDs in one go
      • hf 14a sim @ -- Fake ISO 14443a tag
      • hf 14a snoop @ Eavesdrop ISO 14443 Type A
      • hf 14a raw @ Send raw hex data to tag
    • hf 14b { ISO14443B RFIDs... }
      • hf 14b help This help
      • hf 14b demod Demodulate ISO14443 Type B from tag
      • hf 14b list @ List ISO 14443 history
      • hf 14b read @ Read HF tag (ISO 14443)
      • hf 14b sim @ Fake ISO 14443 tag
      • hf 14b simlisten @ Get HF samples as fake tag
      • hf 14b snoop @ Eavesdrop ISO 14443
      • hf 14b sri512read @ Read contents of a SRI512 tag
      • hf 14b srix4kread @ Read contents of a SRIX4K tag
      • hf 14b raw @ Send raw hex data to tag
    • hf 15 { ISO15693 RFIDs... }
      • hf 15 help This help
      • hf 15 demod Demodulate ISO15693 from tag
      • hf 15 read @ Read HF tag (ISO 15693)
      • hf 15 record @ Record Samples (ISO 15693)
      • hf 15 reader @ Act like an ISO15693 reader
      • hf 15 sim @ Fake an ISO15693 tag
      • hf 15 cmd @ Send direct commands to ISO15693 tag
      • hf 15 findafi @ Brute force AFI of an ISO15693 tag
      • hf 15 dumpmemory @ Read all memory pages of an ISO15693 tag
    • hf epa { German Identification Card... }
      • hf epa help This help
      • hf epa cnonces @ Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses
    • hf legic @ { LEGIC RFIDs... }
      • hf legic help This help
      • hf legic decode @ Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)
      • hf legic reader @ [offset [length]] -- read bytes from a LEGIC card
      • hf legic save @ [] -- Store samples
      • hf legic load @ -- Restore samples
      • hf legic sim @ [phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)
      • hf legic write @ -- Write sample buffer (user after load or read)
      • hf legic fill @ -- Fill/Write tag with constant value
    • hf iclass { ICLASS RFIDs... }
      • hf iclass help This help
      • hf iclass list @ List iClass history
      • hf iclass snoop @ Eavesdrop iClass communication
      • hf iclass sim @ Simulate iClass tag
      • hf iclass reader @ Read an iClass tag
    • hf mf { MIFARE RFIDs... }
      • hf mf help This help
      • hf mf dbg @ Set default debug mode
      • hf mf rdbl @ Read MIFARE classic block
      • hf mf urdbl @ Read MIFARE Ultralight block
      • hf mf urdcard @ Read MIFARE Ultralight Card
      • hf mf uwrbl @ Write MIFARE Ultralight block
      • hf mf rdsc @ Read MIFARE classic sector
      • hf mf dump @ Dump MIFARE classic tag to binary file
      • hf mf restore @ Restore MIFARE classic binary file to BLANK tag
      • hf mf wrbl @ Write MIFARE classic block
      • hf mf chk @ Test block keys
      • hf mf mifare @ Read parity error messages.
      • hf mf nested @ Test nested authentication
      • hf mf sniff @ Sniff card-reader communication
      • hf mf sim @ Simulate MIFARE card
      • hf mf eclr @ Clear simulator memory block
      • hf mf eget @ Get simulator memory block
      • hf mf eset @ Set simulator memory block
      • hf mf eload @ Load from file emul dump
      • hf mf esave @ Save to file emul dump
      • hf mf ecfill @ Fill simulator memory with help of keys from simulator
      • hf mf ekeyprn @ Print keys from simulator memory
      • hf mf csetuid @ Set UID for magic Chinese card
      • hf mf csetblk @ Write block into magic Chinese card
      • hf mf cgetblk @ Read block from magic Chinese card
      • hf mf cgetsc @ Read sector from magic Chinese card
      • hf mf cload @ Load dump into magic Chinese card
      • hf mf csave @ Save dump from magic Chinese card into file or emulator
    • hf tune @ Continuously measure HF antenna tuning
  • hw { Hardware commands... }
    • hw help This help
    • hw detectreader @ ['l'|'h'] -- Detect external reader field (option 'l' or 'h' to limit to LF or HF)
    • hw fpgaoff @ Set FPGA off
    • hw lcd @ -- Send command/data to LCD
    • hw lcdreset @ Hardware reset LCD
    • hw readmem @ [address] -- Read memory at decimal address from flash
    • hw reset @ Reset the Proxmark3
    • hw setlfdivisor @ <19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)
    • hw setmux @ <loraw|hiraw|lopkd|hipkd> -- Set the ADC mux to a specific value
    • hw tune @ Measure antenna tuning
    • hw version @ Show version inforation about the connected Proxmark
  • lf { LF commands... }
    • lf help This help
    • lf cmdread @ <'0' period> <'1' period> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)
    • lf em4x { EM4X RFIDs... }
      • lf em4x help This help
      • lf em4x em410xread [clock rate] -- Extract ID from EM410x tag
      • lf em4x em410xsim @ -- Simulate EM410x tag
      • lf em4x em410xwatch @ ['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)
      • lf em4x em410xwrite <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate
      • lf em4x em4x50read Extract data from EM4x50 tag
      • lf em4x readword -- Read EM4xxx word data
      • lf em4x readwordPWD -- Read EM4xxx word data in password mode
      • lf em4x writeword -- Write EM4xxx word data
      • lf em4x writewordPWD -- Write EM4xxx word data in password mode
    • lf flexdemod Demodulate samples for FlexPass
    • lf hid { HID RFIDs... }
      • lf hid help This help
      • lf hid demod Demodulate HID Prox Card II (not optimal)
      • lf hid fskdemod Realtime HID FSK demodulator
      • lf hid sim -- HID tag simulator
      • lf hid clone ['l'] -- Clone HID to T55x7 (tag must be in antenna)(option 'l' for 84bit ID)
    • lf io { ioProx tags... }
      • lf io help This help
      • lf io demod Demodulate Stream
      • lf io fskdemod Demodulate ioProx Tag
      • lf io clone Clone ioProx Tag
    • lf indalademod ['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)
    • lf indalaclone ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID
    • lf read @ ['h'|] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134, alternatively: f=12MHz/(divisor+1))
    • lf sim @ [GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)
    • lf simbidir @ Simulate LF tag (with bidirectional data transmission between reader and tag)
    • lf simman @ [GAP] Simulate arbitrary Manchester LF tag
    • lf ti { TI RFIDs... }
      • lf ti help This help
      • lf ti demod Demodulate raw bits for TI-type LF tag
      • lf ti read @ Read and decode a TI 134 kHz tag
      • lf ti write @ Write new data to a r/w TI 134 kHz tag
    • lf hitag { Hitag tags and transponders... }
      • lf hitag help This help
      • lf hitag list List Hitag trace history
      • lf hitag reader Act like a Hitag Reader
      • lf hitag sim Simulate Hitag transponder
      • lf hitag snoop Eavesdrop Hitag communication
    • lf vchdemod ['clone'] -- Demodulate samples for VeriChip
    • lf t55xx { T55xx RFIDs... }
      • lf t55xx help This help
      • lf t55xx readblock -- Read T55xx block data (page 0)
      • lf t55xx readblockPWD -- Read T55xx block data in password mode(page 0)
      • lf t55xx writeblock -- Write T55xx block data (page 0)
      • lf t55xx writeblockPWD -- Write T55xx block data in password mode(page 0)
      • lf t55xx readtrace Read T55xx traceability data (page 1)
    • lf pcf7931 {PCF7931 RFIDs...}
      • lf pcf7931 help This help
      • lf pcf7931 read Read content of a PCF7931 transponder
  • script { Scripting commands }
    • script help This help
    • script list List available scripts
    • script run -- Execute a script
  • quit Exit program
  • exit Exit program

Struggling with this manual? Do you miss some explanation or found something wrong or ambigious? Then please post in the Manual Feedback section of the forum. Any feedback is appreciated.

Proxmark Wiki

Hardware

Firmware Upgrade

Client Software

Usage

Low Frequency (125-134kHz)

High Frequency (13.56MHz)

Clone this wiki locally