Chameleon Mini RevG RDV2 – Setup in Linux and Windows

Chameleon Mini RevG RDV2 Setup Linux Windows

When you receive the Chameleon Mini RevG RDV2 by RFID Research Group, the device will come pre-loaded with the most recent RRG firmware as of the date of manufacture. This is a fork of the official Chameleon Mini repository maintained by emsec. Though this fork is specifically designed for the RDV2 hardware and its additional BLE module, it is cross compatible with other variations of the device, and the RDV2 hardware can run official branch firmware as well. The project is regularly updated by the dozen or so major contributors active across the various branches – iceman of Proxmark3 fame maintains an experimental branch of the firmware when not contributing to the RRG fork. As of the time this article was written, the most recent build was committed on February 2, 2021, with new commits occurring every month or so. Due to the fast pace of research and development in RFID/NFC security, users will want to regularly monitor the repos and update their firmware to make sure you are taking full advantage of the device.

The primary advantage in using the RDV2 over any other hardware variant on the market is the wireless connectivity afforded by the BLE module in the device, and its compatibility with the RRG Chameleon Android App. These two factors allow for more discreet use in the field, making it more attractive for live engagements and other red team activities. In the procedures below, you will learn how to manually flash firmware to your RDV2 in Linux and Windows environments – these procedures generally extend to any variation of firmware and hardware, but make sure to read the documentation for your particular build before proceeding. We will be using the firmware found in RRG’s repo for this demonstration – https://github.com/RfidResearchGroup/ChameleonMini.

 

Set Up and Flashing Firmware in Linux

NOTE: Many Linux users encounter a variety of errors when attempting the flashing process as prescribed, especially in Debian/Ubuntu environments – this is a known issue and there are many examples of specific errors and solutions/workarounds suggested in a multitude of forums in the RFID community. Do not get too frustrated in your attempt to make this work, as many users (including this researcher) find that using a Windows system to update their Chameleon Mini is easier than troubleshooting in Linux. Note that you can still interact with your device in Linux regardless of how the firmware is flashed.

Before attempting the firmware flashing process in Linux, you are going to want to make sure that you have avrdude installed on your system. Open a terminal and execute the command below:

sudo apt-get install avra avrdude

You may need to do the same for socat if it is not already installed on you machine. Once the install process is complete, move onto cloning the firmware from the GitHub repositiory:

git clone https://github.com/RfidResearchGroup/ChameleonMini

With the directory now copied to your system, connect the device via USB cable while holding the button closest to the device’s USB mini port to trigger the Chameleon Mini’s bootloader mode.

 

From here, navigate to the directory containing the latest .hex and .eep files – in the current build of the firmware, this can be found in the folder called Chameleon AVR Firmware 20200203 – note that the folder name may be updated with a more current date at some point, but recent updates have all maintained this reference to the original build date.

cd ChameleonMini-proxgrind/REV.G User Manual 20200309/Chameleon AVR Firmware 20200203

Next, run avrdude to flash the firmware to you device using the following command:

sudo avrdude -c flip2 -p ATXMega128A4U -B 60 -P usb -U application:w:Chameleon-RevG.hex:i -U eeprom:w:Chameleon-RevG.eep:i

 

Once the program completes the flash process and returns the success message, simply unplug your Chameleon Mini from the USB port and plug it back in to restart the device running the updated firmware. Don’t panic if this doesn’t work for you the first time, or the nth time for that matter – you can do it easier in Windows anyway.

 

To interface directly with the device via your Linux system, simply open up a terminal with the Chameleon connected via USB. From here, simply run the following command to open a teletype connection with the firmware and you’re up and running:

socat - /dev/ttyACM0,crnl

Verify that you are running the correct firmware by running the following command:

VERSION?


If you have other ACM devices already connected to your system, use grep to identify the correct device path.

sudo dmesg | grep -i usb


The Chameleon Mini has its own unique command structure that will require some research and practice on the part to become proficient with the device. The GUI available through the RRG Android App drastically simplifies the operation of the RevG and might be a better place for absolute beginners to start, but there is an excellent doxygen manual from the official branch located in the Doc directory as well as a crash course summary of device functionality specific to the RDV2 included in the RRG repo.

 

Set Up and Flashing Firmware in Windows

To get started with the Chameleon Mini RevG in you Windows environment, you are going to need to download and install a few programs and device drivers used in the flashing process. Beginning with the firmware, visit the RRG Chameleon Mini repository page on GitHub and click the green Code button to download the zip file and extract this to a directory of your choosing. From here you are going to need to download and extract DFU Programmer for Windows and within that file directory, locate and install the driver atmel_usb_dfu.inf to your system. There will be a file called dfu-programmer.exe in the root of this folder, select and copy this file.

 

Now navigate into the Chameleon Mini directory and extract the zip file labelled REV.G User Manual, inside you will find a folder called Chameleon AVR Firmware. Paste the copy of dfu-programmer.exe in this folder. You will now duplicate that procedure by locating and copying the file ChameleonFirmwareUpgrade.bat to this directory. Once complete, there should be a total of four files in this folder: a .hex, a .eep, a .bat, and a .exe.

 

Now that your directory is prepared to run the flashing program, connect your Chameleon Mini to your system via USB cable while holding the button closest to the USB mini port on the device to trigger the bootloader. Run ChameleonFirmwareUpgrade.bat as Administrator. The LED on the right should light up green when the firmware has successfully flashed to the device. Finally, go to the Drivers folder in the Chameleon Mini directory and install the files labeled ChameleonDriver.inf and ChameleonDriver.cat before unplugging and reconnecting the device to restart it. The device is now updated and ready to use with your Windows environment.

 

In Windows you can connect to the Chameleon Mini’s firmware via a terminal emulator like TeraTerm. To do this, all you need to do is go to the device management portion of the control panel and identify the com port number associated with your Chameleon Mini. Then simply run TeraTerm and connect to the appropriate com port and you are up and running. The device uses the same command structure regardless of your OS environment.

 

For users less experienced in command-line applications, the RRG repo includes a copy of the Chameleon Mini GUI. This program was made by iceman and replicates the workflow of the android app in a Windows environment, making use of the device a bit more intuitive. This application can be found within the REV.G User Manual folder, simply locate Chameleon Mini Rebooted GUI.exe and run the program.

 


From hardware capability to device accessibility, the RevG RDV2 by RRG provides cutting-edge firmware compatibility for veteran users and beginners alike. If you have not yet acquired a Chameleon Mini for you RFID lab or physical security engagements, visit Hacker Warehouse, exclusive North American distributor for RRG. Stay tuned for our next article, setting up the Chameleon Mini in Android, which. Until then, keep it between the laws and between LOLs.

Leave a Reply

Your email address will not be published.

Send this to a friend