Skip to content

commands

Jump to bottom
holiman edited this page Mar 26, 2014 · 25 revisions

Proxmark3 command dump

Some commands are available only if a Proxmark is actually connected, Those commands are flagged with "@" in front of their description.

command offline description
help Y This help. Use '<command> help' for details of a particular command.
quit Y Exit program
exit Y Exit program

data

{ Plot window / data buffer manipulation... }

command offline description
data help Y This help
data amp Y Amplify peaks
data askdemod Y <0 or 1> -- Attempt to demodulate simple ASK tags
data autocorr Y <window length> -- Autocorrelation over window
data bitsamples Y Get raw samples as bitstring
data bitstream Y [clock rate] -- Convert waveform into a bitstream
data buffclear Y Clear sample buffer and graph window
data dec Y Decimate samples
data detectclock Y Detect clock rate
data fskdemod Y Demodulate graph window as a HID FSK
data grid Y <x> <y> -- overlay grid on graph window, use zero value to turn off either
data hexsamples Y <bytes> [<offset>] -- Dump big buffer as hex bytes
data hide Y Hide graph window
data hpf Y Remove DC offset from trace
data load Y <filename> -- Load trace (to graph window
data ltrim Y <samples> -- Trim samples from left of trace
data mandemod Y [i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)
data manmod Y [clock rate] -- Manchester modulate a binary stream
data norm Y Normalize max/min to +/-500
data plot Y Show graph window (hit 'h' in window for keystroke help)
data samples Y [512 - 40000] -- Get raw samples for graph window
data save Y <filename> -- Save trace (from graph window)
data scale Y <int> -- Set cursor display scale
data threshold Y <threshold> -- Maximize/minimize every value in the graph window depending on threshold
data zerocrossings Y Count time between zero-crossings

hf

{ HF commands... }

command offline description
hf help Y This help
hf tune Y Continuously measure HF antenna tuning

hf 14a

{ ISO14443A RFIDs... }

command offline description
hf 14a help Y This help
hf 14a list Y List ISO 14443a history
hf 14a reader Y Act like an ISO14443 Type A reader
hf 14a cuids Y <n> Collect n>0 ISO14443 Type A UIDs in one go
hf 14a sim Y <UID> -- Fake ISO 14443a tag
hf 14a snoop Y Eavesdrop ISO 14443 Type A
hf 14a raw Y Send raw hex data to tag

hf 14b

{ ISO14443B RFIDs... }

command offline description
hf 14b help Y This help
hf 14b demod Y Demodulate ISO14443 Type B from tag
hf 14b list Y List ISO 14443 history
hf 14b read Y Read HF tag (ISO 14443)
hf 14b sim Y Fake ISO 14443 tag
hf 14b simlisten Y Get HF samples as fake tag
hf 14b snoop Y Eavesdrop ISO 14443
hf 14b sri512read Y Read contents of a SRI512 tag
hf 14b srix4kread Y Read contents of a SRIX4K tag
hf 14b raw Y Send raw hex data to tag

hf 15

{ ISO15693 RFIDs... }

command offline description
hf 15 help Y This help
hf 15 demod Y Demodulate ISO15693 from tag
hf 15 read Y Read HF tag (ISO 15693)
hf 15 record Y Record Samples (ISO 15693)
hf 15 reader Y Act like an ISO15693 reader
hf 15 sim Y Fake an ISO15693 tag
hf 15 cmd Y Send direct commands to ISO15693 tag
hf 15 findafi Y Brute force AFI of an ISO15693 tag
hf 15 dumpmemory Y Read all memory pages of an ISO15693 tag

hf epa

{ German Identification Card... }

command offline description
hf epa help Y This help
hf epa cnonces Y <m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses

hf legic

{ LEGIC RFIDs... }

command offline description
hf legic help Y This help
hf legic decode Y Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)
hf legic reader Y [offset [length]] -- read bytes from a LEGIC card
hf legic save Y <filename> [<length>] -- Store samples
hf legic load Y <filename> -- Restore samples
hf legic sim Y [phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)
hf legic write Y <offset> <length> -- Write sample buffer (user after load or read)
hf legic fill Y <offset> <length> <value> -- Fill/Write tag with constant value

hf iclass

{ ICLASS RFIDs... }

command offline description
hf iclass help Y This help
hf iclass list Y List iClass history
hf iclass snoop Y Eavesdrop iClass communication
hf iclass sim Y Simulate iClass tag
hf iclass reader Y Read an iClass tag

hf mf

{ MIFARE RFIDs... }

command offline description
hf mf help Y This help
hf mf dbg Y Set default debug mode
hf mf rdbl Y Read MIFARE classic block
hf mf urdbl Y Read MIFARE Ultralight block
hf mf urdcard Y Read MIFARE Ultralight Card
hf mf uwrbl Y Write MIFARE Ultralight block
hf mf rdsc Y Read MIFARE classic sector
hf mf dump Y Dump MIFARE classic tag to binary file
hf mf restore Y Restore MIFARE classic binary file to BLANK tag
hf mf wrbl Y Write MIFARE classic block
hf mf chk Y Test block keys
hf mf mifare Y Read parity error messages.
hf mf nested Y Test nested authentication
hf mf sniff Y Sniff card-reader communication
hf mf sim Y Simulate MIFARE card
hf mf eclr Y Clear simulator memory block
hf mf eget Y Get simulator memory block
hf mf eset Y Set simulator memory block
hf mf eload Y Load from file emul dump
hf mf esave Y Save to file emul dump
hf mf ecfill Y Fill simulator memory with help of keys from simulator
hf mf ekeyprn Y Print keys from simulator memory
hf mf csetuid Y Set UID for magic Chinese card
hf mf csetblk Y Write block into magic Chinese card
hf mf cgetblk Y Read block from magic Chinese card
hf mf cgetsc Y Read sector from magic Chinese card
hf mf cload Y Load dump into magic Chinese card
hf mf csave Y Save dump from magic Chinese card into file or emulator

hw

{ Hardware commands... }

command offline description
hw help Y This help
hw detectreader Y `['l'
hw fpgaoff Y Set FPGA off
hw lcd Y <HEX command> <count> -- Send command/data to LCD
hw lcdreset Y Hardware reset LCD
hw readmem Y [address] -- Read memory at decimal address from flash
hw reset Y Reset the Proxmark3
hw setlfdivisor Y <19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)
hw setmux Y `<loraw
hw tune Y Measure antenna tuning
hw version Y Show version inforation about the connected Proxmark

lf

{ LF commands... }

command offline description
lf help Y This help
lf cmdread Y <off period> <'0' period> <'1' period> <command> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)
lf flexdemod Y Demodulate samples for FlexPass
lf indalademod Y ['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)
lf indalaclone Y <UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID
lf read Y ['h' or <divisor>] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134, alternatively: f=12MHz/(divisor+1))
lf sim Y [GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)
lf simbidir Y Simulate LF tag (with bidirectional data transmission between reader and tag)
lf simman Y <Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag
lf vchdemod Y ['clone'] -- Demodulate samples for VeriChip

lf em4x

{ EM4X RFIDs... }

command offline description
lf em4x help Y This help
lf em4x em410xread Y [clock rate] -- Extract ID from EM410x tag
lf em4x em410xsim Y <UID> -- Simulate EM410x tag
lf em4x em410xwatch Y ['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)
lf em4x em410xwrite Y <UID> <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate
lf em4x em4x50read Y Extract data from EM4x50 tag
lf em4x readword Y <Word> -- Read EM4xxx word data
lf em4x readwordPWD Y <Word> <Password> -- Read EM4xxx word data in password mode
lf em4x writeword Y <Data> <Word> -- Write EM4xxx word data
lf em4x writewordPWD Y <Data> <Word> <Password> -- Write EM4xxx word data in password mode

lf hid

{ HID RFIDs... }

command offline description
lf hid help Y This help
lf hid demod Y Demodulate HID Prox Card II (not optimal)
lf hid fskdemod Y Realtime HID FSK demodulator
lf hid sim Y <ID> -- HID tag simulator
lf hid clone Y <ID> ['l'] -- Clone HID to T55x7 (tag must be in antenna)(option 'l' for 84bit ID)

lf io

{ ioProx tags... }

command offline description
lf io help Y This help
lf io demod Y Demodulate Stream
lf io fskdemod Y Demodulate ioProx Tag
lf io clone Y Clone ioProx Tag

lf ti

{ TI RFIDs... }

command offline description
lf ti help Y This help
lf ti demod Y Demodulate raw bits for TI-type LF tag
lf ti read Y Read and decode a TI 134 kHz tag
lf ti write Y Write new data to a r/w TI 134 kHz tag

lf hitag

{ Hitag tags and transponders... }

command offline description
lf hitag help Y This help
lf hitag list Y List Hitag trace history
lf hitag reader Y Act like a Hitag Reader
lf hitag sim Y Simulate Hitag transponder
lf hitag snoop Y Eavesdrop Hitag communication

lf t55xx

{ T55xx RFIDs... }

command offline description
lf t55xx help Y This help
lf t55xx readblock Y <Block> -- Read T55xx block data (page 0)
lf t55xx readblockPWD Y <Block> <Password> -- Read T55xx block data in password mode(page 0)
lf t55xx writeblock Y <Data> <Block> -- Write T55xx block data (page 0)
lf t55xx writeblockPWD Y <Data> <Block> <Password> -- Write T55xx block data in password mode(page 0)
lf t55xx readtrace Y Read T55xx traceability data (page 1)

lf pcf7931

{PCF7931 RFIDs...}

command offline description
lf pcf7931 help Y This help
lf pcf7931 read Y Read content of a PCF7931 transponder

script

{ Scripting commands }

command offline description
script help Y This help
script list Y List available scripts
script run Y <name> -- Execute a script

Struggling with this manual? Do you miss some explanation or found something wrong or ambigious? Then please post in the Manual Feedback section of the forum. Any feedback is appreciated.

Proxmark Wiki

Hardware

Firmware Upgrade

Client Software

Usage

Low Frequency (125-134kHz)

High Frequency (13.56MHz)

Clone this wiki locally