Author: Anze Jensterle Frequency: HF (13.56 MHz) Hardware: Generic Proxmark3
Back to Standalone Modes Index | Source Code | Development Guide
Continuously scans for ISO14443A cards, captures their UIDs, and emulates them. Auto-detects card type (MFC 1K/4K, MIFARE Ultralight, DESFire).
Many access control systems rely primarily (or solely) on the UID of an NFC card for identification, without performing proper cryptographic authentication. CraftByte exploits this by capturing and replaying UIDs — demonstrating that UID-based access control is trivially defeated.
- READ: Performs ISO14443A anticollision to read the card's UID, ATQA, and SAK
- EMULATE: Uses the captured UID to emulate the card at a reader
The mode detects the card type from ATQA/SAK and configures emulation accordingly.
| LED | Meaning |
|---|---|
| Minimal LED usage | Focus on read/emulate cycle |
| Action | Effect |
|---|---|
| Hold 1000ms | Cycle: READ → EMULATE, or exit if held continuously |
| USB command | Exit standalone mode |
stateDiagram-v2
[*] --> READ : Startup
READ --> EMULATE : UID captured\n(button hold)
EMULATE --> READ : Button hold\n(scan new card)
READ --> READ : Scanning...
EMULATE --> EMULATE : Emulating...
READ --> [*] : Long hold / USB data
EMULATE --> [*] : Long hold / USB data
make clean
make STANDALONE=HF_CRAFTBYTE -j
./pm3-flash-fullimage
- Aveful UL Reader — Full UL read/emulate (not just UID)
- MattyRun MFC Clone — Full MFC attack (keys + data)
- Young MFC Sniff/Sim — MFC UID capture with 2-bank storage