Proxmark3 RDV4 – Introduction

The Proxmark 3 RDV4.01 is the latest in a long line of the Proxmark3 devices. It is designed and manufactured by RRG, and developed in collaboration with Proxgrind, Iceman, and 0xFFFF to be the best RFID tool for security professionals in the field. It is the smallest and most versatile Proxmark3 currently on the market.

The Proxmark3 RDV4 is compatible with commonly used RFID standards – including Mifare, iClass, and HID – as well as SIM/SAM cards via the SIM card slot and extender cable. Its capabilities allow for sniffing, reading, and cloning RF cards/tags in the field with ease and discretion. The Proxmark3 RDV4 offers standalone functionality when powered by a battery or optional BLE/Battery module, and offers advanced functions like Offline Encryption, Online sniffing, default key cracking, data dumping, or the ability to run simulations.

The Proxmark3 RDV4 is built around a SAM7S512 CPU, with 2 MBit / 256 Kb SPI flash storage. The default LF and HF antennas perform at a range of 70mm @ 65V for 125 kHz and 88mm @ 44V for 13.56 MHz. The LF antenna has an integrated dip switch for toggling between 125 and 134 kHz frequencies and another for selecting Q values of 7 for increased accuracy or 14 for increased range. The included antennas can be easily replaced with various pre-tuned antennas to accommodate longer read/write distances. The board also features a SIM card slot for attaching the included Smart Card reader.

Covert Form-Factor

The Proxmark3 RDV4 was designed with discretion in mind – at a mere 3 ⅜ x 2 ⅛ x ¼ inches (54 x 87 x 10mm), it is the smallest version yet. It is roughly the same size as an RFID card in profile and can be discreetly worn behind  ID badges, tucked into sleeves, or even used from a pocket. The intuitive design allows for quick toggling of functions using a small rubber button and status-indicating LEDs. The textured PVC housing provides a non-slip surface for easy handling in critical moments.

Modularity

The Proxmark3 RDV4 can be customized with an assortment of pre-tuned antennas and a combination battery and bluetooth module to add even more capabilities to its already impressive array of stock features. Accessories for the Proxmark3 RDV4 include: both LF and HF antenna sets for medium and long range applications, an LF ferrite antenna for bio-medical RFID chips, and the Blue Shark bluetooth and battery module.

Scenarios/Usage

The Proxmark3 was originally designed as a security research tool for the analysis and reverse-engineering of the various RFID protocols deployed in keyless entry systems and other wireless ID applications. Since it’s introduction more than a decade ago, the The Proxmark3 has grown substantially in its capabilities due to a strong community of developers and is considered the swiss army knife of RFID hacking. The Proxmark3 RDV4 revolutionizes the field capabilities of this device due to its incredibly small form factor, modular design, and bluetooth connectivity – allowing for quick and discreet sniffing, reading, or emulating of RFID tags.

The Proxmark3 RDV4 can be used to record and playback signals, allowing you to emulate a target card when in proximity of a card reader. Recorded signals can also be copied onto RFID cards and tags, creating a clone of the target card for scenarios where a physical card might be required. The device can be used to gather signals for offline analysis or decryption using site IDs and other signal data, and can even perform brute force attacks on security tags and readers.

Virtually every protocol of RFID card is supported by the Proxmark3 RDV4, but below is a list of confirmed implementations compatible with the device:

Supported low frequency cards:

  • AWID
  • Cotag
  • EM410x
  • EM4x05
  • FDX-B
  • FlexPass
  • HID
  • HiTAG
  • Indala
  • Kantech ioProx
  • Paradox
  • PCF7931
  • Presco
  • Pyramid (Farpointe Data)
  • T55xx
  • TI R/O
  • Visa2000

Supported high frequency cards:

  • iClass
  • Legic
  • Mifare Classic
  • Mifare Ultralight
  • Mifare Ultralight C
  • Mifare Ultralight EV1
  • NTAG 203, 213, 215, 216
  • SRI512
  • SRIX4K
  • Some EID (Electronic Identification Documents)

Whether you are in the lab or in the field, the Proxmark3 RDV4 by RRG is absolutely essential hardware for testing and bypassing RFID security systems. And that is just scratching the surface of this power tool’s capabilities – there is a vast pool of knowledge in the Proxmark community to dive into.

For more information on how to setup and use the Proxmark3 RDV4, make sure to check out the rest of the articles in this series.

Although the Proxmark3 RDV4 is by far the most feature-rich and field-capable device in RFID research and security testing, you may want to check out some other great RFID devices such as the Chameleon Mini RevE and the Keysy, offering some of the same functionality as the RDV4.

Leave a Reply

Your email address will not be published.

Send this to a friend