The Proxmark3 kit includes everything you need to get started doing RFID / NFC research in style. It has always been our mission to prevent DOA shipments and so all of our Proxmark gear is thoroughly tested in-house prior to shipping.
Inside the box you'll find an Enclosed Proxmark 3, LF Antenna, HF Antenna, EM4100, 1 HID 1326 ProxCard II, 1 T5577 tag, 1 Mifare 1K, 1 Mifare 4K, and 1 Mifare Ultralight, 2 antenna cables, and 1 power/communication cable. The Proxmark client software and firmware are open source and available for download. We offer pre-compiled versions that correspond to the current version in use on the board (see the links tab).
The Proxmark is the only SDR targeting NFC and RFID frequencies that is capable of both transmitting and receiving while meeting the timing requirements of most proximity protocols. The Proxmark also provides full control over the radio layer in addition to software support for several higher-level protocols (ex. Mifare).
The LF Antenna enables communication with tags that operate at 125kHz and 134kHz (including HID Prox II, HITAG, and EM4100). The HF Antenna enables communication with tags operating at 13.56Mhz (including Mifare Classic/Ultralight, and iClass).
The Proxmark has proven itself to be an invaluable tool within the research community. Here are some examples of how the Proxmark has been used to perform research:
Rysc Corp. pioneered the first commercial Proxmark offering back in 2008. Prior to that point, obtaining a Proxmark meant building one yourself. Since that first commercial offering we have continued developing the device and have assisted thousands of individuals and companies, large and small.
The Proxmark also makes a great educational tool. The entire platform (including hardware and software) is open source and can be readily analyzed and inspected. The Proxmark includes many of the major components found in a general purpose SDR but is simpler and therefore easier to understand. Faculty members should contact us about educational discounts if interested in incorporating the Proxmark into a course of study.
Naked Proxmark3, Enclosed Proxmark3, LF and HF Antenna can be purchased separately. Please email email@example.com for more information.
WARNING: The Proxmark3 is a research and development tool. It has not been evaluated for compliance with regulations governing transmission and reception of radio signals. You are responsible for using this product in compliance with your local laws.
In The Box: Enclosed Proxmark, LF Antenna, HF Antenna, 1 HF Tag Bundle, 1 LF Tag Bundle, All Required Cables
HF Tag Bundle: 1x Mifare 1K, 1x Mifare 4k, and 1x Mifare Ultralight Tags
LF Tag Bundle: EM4100, 1x HID 1326 ProxCard II, 1x T5577 Tags
Tested With: Windows XP, Windows 7, Windows 8, Windows 10, Linux, MacOS
The Proxmark3 Easy is a new addition to the Proxmark family. This redesign offers increased portability through a one piece design featuring an integrated HF Antenna and an LF Antenna that is connected with screws. The entire package measures a mere 82 mm x 52 mm.
Inside the box you'll find an Proxmark3 Easy, Shell Assembly, 125 kHz LF Antenna, 13.56 MHz HF Antenna, Power Cable, and Tag Bundle. The specific tags included in the bundle can be found under the Specifications tab. The Proxmark client software and firmware are open source and available for download. The Proxmark3 Easy ships preprogrammed running V2.0. See the links tab for client software builds.
In The Box: Proxmark3 Easy, Shell Assembly, LF Antenna, Integrated HF Antenna, Power Cable, Tag Bundle.
Tag Bundle: Mifare 1 S50, 2x Mifare Ultralight UID (Chinese Magic Card), 1x HID ProxCard, and 2x T5577.
The Magspoof, originally created by Samy Kamkar is a wireless magnetic stripe emulator. This amazing little device can emulate all three tracks of a magnetic stripe card without actually being swiped.
Rysc Corp revised the original design to include an integrated antenna, on/off switch and a convenient coin cell battery holder. The MagSpoof comes fully assembled, programmed and tested (batteries included).
To work with the MagSpoof you will need the following:
This kit includes the HackRF One, injection modled plastic enclosure, micro USB cable, and can include an ANT500 or ANT700 for getting started with SDR.
HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 10 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.
10 MHz to 6 GHz operating frequency
up to 20 million samples per second
8-bit quadrature samples (8-bit I and 8-bit Q)
compatible with GNU Radio, SDR#, and more
software-configurable RX and TX gain and baseband filter
software-controlled antenna port power (50 mA at 3.3 V)
SMA female antenna connector
SMA female clock input and output for synchronization
convenient buttons for programming
internal pin headers for expansion
Hi-Speed USB 2.0
open source hardware
WARNING: HackRF One is test equipment for RF systems. It has not been tested for compliance with regulations governing transmission of radio signals. You are responsible for using your HackRF One legally.
In The Box: HackRF One PCB, Plastic Enclosure, micro USB cable, can include ANT500 or ANT700
The credit-card sized ChameleonMini Rev.G is a versatile tool for practical NFC and RFID security analysis, compliance and penetration tests, and various end-user applications. The freely programmable platform can create perfect clones of various existing commercial smartcards, including cryptographic functions and the Unique Identifier (UID). It can be employed to assess security aspects in RFID and NFC environments in different attack scenarios, such as replay or relay attacks, state restoration attacks, sniffing of NFC communication, or functional tests of RFID equipment. New firmware for the ChameleonMini can be comfortably uploaded via a USB bootloader. A convenient, human-readable command set allows to configure its behavior and update the settings and content of up to eight internally stored, virtualized contactless cards. During battery-powered stand-alone operation, the integrated buttons and LEDs enable user interaction and feedback.
The ChameleonMini firmware can be configured and uploaded via USB to emulate a passive NFC device (e.g. a contactless card), act as an active NFC device (e.g. an RFID reader), sniff the communication (i.e. monitor the bits on the RF interface), and log the communication (during emulation and sniffing). The ChameleonMini can be interfaced with standard terminal software, via the command line, or controlled by user-written scripts and applications. The modular firmware structure allows for easy expandability to other not yet supported cards and standards. Various functions and settings can be assigned to the buttons and LEDs. Card contents can be easily uploaded and downloaded via USB using X-MODEM.
Features of the ChameleonMini:
Firmware support for ISO14443A Codec (emulation and reader)
Firmware support for Mifare Classic 1K and 4K emulation (4 and 7-byte UID)
Firmware support for Mifare Ultralight emulation
Hardware support for ASK modulation (Both 10% and 100%) to cover almost any card standard available
Hardware support for ASK and BPSK load modulation using a subcarrier
Modular firmware structure allows for easy expandability of other cards and standards
Support for quick and reliable firmware update via Atmel DFU bootloader, thus programming hardware is required only once
Can be controlled using a fully documented AT-like command set via CDC using the LUFA USB stack
Up to eight virtualized cards with a size of up to 8 kB per card can be stored in the non-volatile memory of ChameleonMini
Card contents can be easily uploaded and downloaded by means of the command line and X-MODEM
UID of ISO14443A cards can be obtained easily in reader mode
ChameleonMini can be interfaced with standard terminal software as well as user written scripts and applications
In The Box: 1x ChameleonMini, 1x 3ft Micro USB Cable, 1x LIR2032 Lithium Battery
Dimensions: 111.0 mm (L) x 53.0 mm (W) x 5.8 mm (H)
Weight: 20 g
Operating Frequency: 13.56 MHz
Operating Distance: Up to 60 mm
Firmware: Available on Github (note that the ChameleonMini Rev.G is delivered with test firmware only)
The Wundertooth is a remix of the Ubertooth One by Great Scott Gadgets. Each Wundertooth is programmed, tested, and fully assembled prior to shipping. A quick comparison of the two devices is shown below.
The Wundetooth is an open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
2.4 GHz transmit and receive.
Transmit power and receive sensitivity comparable to a Class 1 Bluetooth device.
In-System Programming (ISP) serial connector.
Expansion connector: intended for inter-Ubertooth communication or other future uses.
Six indicator LEDs.
In addition to monitoring bluetooth communications, the Ubertooth One can also be used as a 2.4Ghz spectrum analyzer.
WARNING: The Wundertooth is test equipment for Bluetooth systems. It has not been tested for compliance with regulations governing transmission of radio signals. You are responsible for using your Ubertooth One legally.
In The Box: Wundertooth with Antenna and Enclosure
InputStick is a wireless USB receiver, compatible with Android and iOS devices. It allows your smartphone to become a wireless keyboard, mouse, multimedia and game controller. Applications can use InputStick to remotely control your PC: type, move mouse, etc. You can use InputStick to remotely control your PC: USB Remote, type passwords: KP2A plugin or use it in your application: InputStick API.
InputStick is detected as a generic USB keyboard and mouse. Bluetooth link is used to communicate with smartphone. See How does it work? and FAQ for details.
InputStick is compatible with wide range of hardware and operating systems, see: Compatibility for details.
InputStick is extremely easy to use, (see: Getting started): plug it into USB port and in a few seconds it's ready to go. You don't have to install any server software, custom drivers, configure network or root /"jailbreak" your phone. See: Why InputStick?
Last but not least, InputStick is very portable: you can easily carry it in your pocket or attach to a keyring. You can also use multiple InputStick devices: one at home and one at the office, or use separate one for each device (PC, laptop, console).
WARNING: You are responsible for using this product in compliance with your local laws.
In The Box: InputStick
Dimensions: 57mm x 19mm x 9cm
Wireless connectivity: Bluetooth 4.0
Approximate Range: up to 10m
Compatibility: Any USB host, any OS (*)
Requirements: Android 2.3 or higher / iPhone 4S or later, Bluetooth
The USB Armory from Inverse Path is an open source hardware design, implementing a flash drive sized computer. The USB Armory comes with an enclosure. The USB Armory can also be purchased as a Kit which includes an Enclosure, Host Adapter and SD Card with Debian.
The compact USB powered device provides a platform for developing and running a variety of applications.
The security features of the USB Armory System on a Chip (SoC), combined with the openness of the board design, empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications.
The hardware design features the Freescale i.MX53 processor, supporting advanced security features such as secure boot and ARM® TrustZone®.
The USB armory hardware is supported by standard software environments and requires very little customization effort. In fact vanilla Linux kernels and standard distributions run seamlessly on the tiny USB armory board.
USB host powered (<500 mA) device with compact form factor (65 x 19 x 6 mm)
ARM® TrustZone®, secure boot + storage + RAM
microSD card slot
5-pin breakout header with GPIOs and UART
customizable LED, including secure mode detection
excellent native support (Android, Debian, Ubuntu, Arch Linux)
USB device emulation (CDC Ethernet, mass storage, HID, etc.)
Open Hardware & Software
The USB armory board has been created by Inverse Path to support the development of a variety of security applications.
The capability of emulating arbitrary USB devices in combination with the i.MX53 SoC speed, the security features and the flexible and fully customizable operating environment, makes the USB armory the ideal platform for all kinds of personal security applications.
The transparency of the open and minimal design for the USB armory hardware facilitates auditability and greatly limits the potentiality and scope of supply chain attacks.
The secure boot feature allows users to fuse verification keys that ensure only trusted firmware can be ever executed on a specific USB armory board.
The support for ARM® TrustZone®, in contrast to conventional TPMs, allows developers to engineer custom trusted platform modules by enforcing domain separation, between the "secure" and "normal" worlds, that propagates throughout all SoC components, and therefore not only limited to the CPU core.
An excellent overview of the technology and its support for the i.MX53 SoC can be found at the Genode framework project.
Proof of concept applications have already been tested and will soon be released.
The following example security application ideas illustrate the flexibility of the USB armory concept:
Hardware Security Module (HSM)
File storage with advanced features such as automatic encryption, virus scanning, host authentication and data self-destruct
OpenSSH client and agent for untrusted hosts (kiosk)
Router for end-to-end VPN tunnelling, Tor
Password manager with integrated web server
Electronic wallet (e.g. pocket Bitcoin wallet)
Portable penetration testing platform
Low level USB security testing
Standard connectivity options:
HS USB 2.0 On-The-Go (OTG) with device emulation
TCP/IP communication via CDC Ethernet emulation
Flash drive functionality via mass storage device emulation