User:Ivy Stolz/sandbox/proxmark3

Proxmark3 is a a RFID analysis open source hardware platform designed to operate with low and high frequency systems at 125 kHz, 134 kHz and 13.56 MHz. It was originally created as a PHD project by Jonathan Westhues as an instrument for the research of RFID systems.

Applications
Proxmark3 platform is used for analysis and interaction with various systems operating at 125 kHz, 134 kHz and 13.56 MHz e.g. cloning, copying and emulating differnt types of cards and tags. It simplified the work of the researchers in security analysis of near-field communication, reverse engineering and cryptography.

Not only it has found its use in academic research, product development and penetration testing, but also created a strong community, which was able to continue to develop and maintain the project over the years due to the unchanging architecture used across several hardware revisions.

Principles of operation
A simplified functional diagram of Proxmark3 is given in figure below. The antenna connector has four connection pins. Two of them are used to connect a high frequency (HF) antenna. Emission paths and high-frequency receiver are connected in parallel to these two pins. The two others pins are used in the same way with a low-frequency (LF) antenna and paths low-frequency transmission and reception.

$$\begin{align} \\ \\Antenna \quad connector\Longleftarrow\\\Downarrow\Downarrow\qquad \qquad \qquad \qquad\\ \quad \quad \quad Analog \ demodulation\ circuit  \Longrightarrow Multiplexer \end{align}

\begin{align}Circut \quad amplifier\Longleftarrow \end{align} \begin{align} Microcontroller \\ ARM \\\Downarrow\Uparrow\\FPGA\\\Uparrow\\Analog\ to \ digital\\ converter \end{align}

$$

In operation, only two pins are connected to an antenna. On each of the reception paths, a possible radio-frequency signal arrives from the connector and then passes through a demodulating circuit. The choice between high-frequency and low-frequency is made by a multiplexer which selects the output of one of the two demodulation circuits. The signal is then digitized on 8 bits by the analog-to-digital converter, the output of which is connected to the FPGA. For transmission, the FPGA sends a signal to one of the two amplifier circuits which then relays it to the antenna connector.

The FPGA helps to lighten the treatment microcontroller which could be overwhelmed by signal processing, especially at 13.56 MHz. The FPGA code consists of a main file and several auxiliary files each containing a module. The main file implements the reception of commands sent by the ARM microcontroller. In the command sent by the microcontroller.

Proxmark3 community
The original hardware design was created before the microcontrollers became capable of providing the the high-bandwidth signal processing required by the RFID protocols. Therefore Proxmark3 had a split-architecture of a microcontroller with the high-level functionality while an FPGA used for the heavy lifting. Therefore most of the the signal processing is performed in software. This fact allows the strong community of enthusiasts to reconfigure the device for different modulation schemes and contribute to further enhancing the Proxmark3 project. The official repository of the volonteers is based on GitHub.

The latest hardware revision of the Proxmark 3 Platform presented on BlackAlps cyber security conference in 2018 was designed by the moderators of the proxmark forums Chris Hermann (iceman), Kevin Barker (0xFFFF) and others.