This is a short article about recompiling the Proxmark3-Rev4 firmware and adding Bluetooth support.
Note that it requires the Proxmark3 Revision 4 hardware from lab410, and the bluetooth addon hardware.
So, why this article ?. Because I wanted to test out the RFID-Tools app for android, and found that the app did some strange things, and threw up some strange errors.
So, when I began to dig into it, I found out that the bluetooth firmware module is NOT built in, that you have to do yourself. BUT, a laptop can use the PM3 over serial bluetooth without any problem, how strange that may be.
So, this is a short article about building the firmware, and flashing the Proxmark3-REV4, for those inclined to do so :)
First, we have to check that ModemManager is disabled in our OS, before we flash the PM3 firmware, so let's do that..
└─# systemctl status ModemManager
● ModemManager.service - Modem Manager
Loaded: loaded (/lib/systemd/system/ModemManager.service; disabled; vendor>
Active: inactive (dead)
lines 1-3/3 (END)
The reason for this is that IF it's enabled when we flash the firmware, ModemManager can begin transmitting to the PM3, thus destroying the firmware files, so kill it, disable it, or simply remove it. In any case, disabling it is enough.
#stop modemmanager
systemctl stop ModemManager
#disable it
systemctl disable ModemManager
Okay, now that's done, time to install some dependencies. For a Kali, Debian, Ubuntu, that would be
apt-get install --no-install-recommends git ca-certificates build-essential pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev qtbase5-dev libbz2-dev libbluetooth-dev
Next, let's get some sourcecode
git clone https://github.com/RfidResearchGroup/proxmark3.gitNow, in that sourcecode, there's a file called Makefile.platform.sample. we need to rename it to Makefile.platform
cp Makefile.platform.sample Makefile.platformNow, in that makefile.platform, we need to make a couple of changes, If you want to see all possible changes to the Makefile.platform file, you can do it like this
make PLATFORM= Here's a sample file I made, for turning on bluetooth,
PLATFORM=PM3RDV4
#PLATFORM=PM3GENERIC
# If you want more than one PLATFORM_EXTRAS option, separate them by spaces:
PLATFORM_EXTRAS=BTADDON
STANDALONE=
Note the parameter STANDALONE=, that's for setting the button standalone function. Here we say that I want to turn standalone mode off.
That's it, it's compile time.
make clean && make allIf it worked without errors, go ahead and install it, before we flash the Proxmark3
make installFinally we flash the Proxmark3.
pm3-flash-allThe last thing is testing if it worked, so take your PM3 out of the USB port, plug it in again, and run the client
pm3If it worked, and you got the bluetooth addon working, the client status window should look something like this
[ CLIENT ]
client: RRG/Iceman/master/v4.9237-3776-g06a3f4c1b 2021-05-06 21:31:42
compiled with GCC 10.2.1 20210110 OS:Linux ARCH:x86_64
[ PROXMARK3 ]
firmware.................. RDV4
external flash............ present
smartcard reader.......... present
FPC USART for BT add-on... present
[ ARM ]
bootrom: RRG/Iceman/master/v4.9237-3776-g06a3f4c1b 2021-05-06 21:32:22
os: RRG/Iceman/master/v4.9237-3776-g06a3f4c1b 2021-05-06 21:32:44
compiled with GCC 8.3.1 20190703 (release) [gcc-8-branch revision 273027]
[ FPGA ]
LF image built for 2s30vq100 on 2020-07-08 at 23: 8: 7
HF image built for 2s30vq100 on 2020-07-08 at 23: 8:19
HF FeliCa image built for 2s30vq100 on 2020-07-08 at 23: 8:30
[ Hardware ]
--= uC: AT91SAM7S512 Rev A
--= Embedded Processor: ARM7TDMI
--= Internal SRAM size: 64K bytes
--= Architecture identifier: AT91SAM7Sxx Series
--= Embedded flash memory 512K bytes ( 59% used )
[usb] pm3 -->
Note the line " FPC USART for BT add-on... present ". That's bluetooth firmware stack. So now, something like the RFID-Tools app should work, so give it a spin.
Now, let's talk a bit about setting up bluetooth on Linux. First we need to pair the two devices, and we use bluetoothctl for that.
bluetoothctl
[bluetooth]# pairable on
[bluetooth]# scan on
Discovery started
...
[CHG] Device aa:bb:cc:dd:ee:ff Name: PM3_RDV4.0
[bluetooth]# trust aa:bb:cc:dd:ee:ff
[bluetooth]# pair aa:bb:cc:dd:ee:ff
[agent] Enter PIN code: 1234
[bluetooth]# quithcitool scan
Scanning ...
aa:bb:cc:dd:ee:ff PM3_RDV4.0
rfcomm bind rfcomm0 aa:bb:cc:dd:ee:ff
./proxmark3 -p /dev/rfcomm0That's it ;)