A Tale of Three Firmwares

The first thing to do with any new Proxmark is to update the firmware on it. The client is particularly choosy about being from the same version as the firmware, and generally updating firmware is a good thing to do.

Stock firmware

First, clone the git repository at https://github.com/proxmark/proxmark3. As we’ll come on to, this isn’t actually the firmware which I’m running, but it’s a great place to start.

Compiling the firmware is easy; a simple make all is all it takes, as long as you have all of the dependencies (which are listed in the “COMPILING.txt” file in the root of the repository). Once this completes, then you need to flash the firmware onto the proxmark itself, which slightly weirdly is documented in a PDF file in the doc/ directory in the repository.

A few things are worthy of note here. The first time you do this, you’ll need to update the bootloader before the other firmwares. Subsequent times, you probably won’t need to do this. It’s really easy (i.e. this is the first thing I did to mine) to temporarily “brick” the device when updating the bootloader, but don’t worry, it’s also quite easy to un-brick it. If you end up with an unresponsive Proxmark (like I did), you just need to unplug it, hold down the button on the Proxmark, and plug it in - don’t release the button though. In fact, don’t release the button through the whole time that you’re re-flashing the bootloader 1 and it should get you back up and running.

After flashing the bootloader, go on to flash the FPGA and OS images on to the Proxmark. If these screw up, don’t worry, when you unplug and replug the Proxmark in then the bootloader will make sure that you can re-flash the firmware as needed.

When the Proxmark is fully updated, you chould be able to change into the client directory in the checkout, and run ./proxmark /dev/ttyACM0 2 and see the CLI client connect to your Proxmark.

Iceman firmware

Whilst reading the Proxmark forums I noticed that the user iceman is quite prolific and an administrator, and there is repeated talk of the “Iceman fork” of the firmware. This is at https://github.com/iceman1001/proxmark3, and includes a collection of extras on top of the main repository from various other forks. This is the firmware which I have been running for the past few months.

However, the Iceman fork is now frozen and unmaintained, and efforts have transferred to the RfidResearchGroup (RRG) repository (which itself is a fork of the Iceman repository, and it seems like Iceman1001 is the main person behind the RRG). Most of the “extras” which were collected into the Iceman fork have also now been merged back into the main repository.

I won’t write here about how to compile and flash the Iceman firmware, as you should instead use the RRG firmware (which I am currently running without any problems).

RFID Research Group

This repository is at https://github.com/RfidResearchGroup/proxmark3, and as mentioned is a fork of the Iceman fork. However, it supports more hardware, has more helper scripts, and is where a lot of the future effort is going.

To compile this repository, again you just need to run make all in the root of the checkout.

To flash the firmware, there are a series of helper scripts in the root of the checkout; if you run flash-fullimage.sh then it will guide you through whether the bootloader needs to be flashed first and how to do that, or whether it only needs to flash the OS and FPGA images (which it will then do).

Summary

Whenever I want to update the firmware on my Proxmark (which I do every few weeks) is to run:

  1. git pull on the checkout of https://github.com/RfidResearchGroup/proxmark3
  2. make all
  3. Plug in the Proxmark
  4. ./flash-fullimage.sh

Note that you should also tune the antennas using the hf tune and lf tune commands.

Next, it’s time to use the Proxmark to read some cards.


  1. I’m not sure if this is strictly necessary but it worked for me ↩︎

  2. Or wherever the Proxmark has presented itself; I use Ubuntu and this works for me, although I also have an alias to /dev/pm3-0 just in case something else has grabbed ttyACM0 first ↩︎