ContextQMD
Back to Proxmark3

HF_CRAFTBYTE — ISO14443A UID Stealer/Emulator

doc/standalone/hf_craftbyte.md

4.92372.0 KB
Original Source

HF_CRAFTBYTE — ISO14443A UID Stealer/Emulator

Author: Anze Jensterle Frequency: HF (13.56 MHz) Hardware: Generic Proxmark3

Back to Standalone Modes Index | Source Code | Development Guide

What

Continuously scans for ISO14443A cards, captures their UIDs, and emulates them. Auto-detects card type (MFC 1K/4K, MIFARE Ultralight, DESFire).

Why

Many access control systems rely primarily (or solely) on the UID of an NFC card for identification, without performing proper cryptographic authentication. CraftByte exploits this by capturing and replaying UIDs — demonstrating that UID-based access control is trivially defeated.

How

  1. READ: Performs ISO14443A anticollision to read the card's UID, ATQA, and SAK
  2. EMULATE: Uses the captured UID to emulate the card at a reader

The mode detects the card type from ATQA/SAK and configures emulation accordingly.

LED Indicators

LEDMeaning
Minimal LED usageFocus on read/emulate cycle

Button Controls

ActionEffect
Hold 1000msCycle: READ → EMULATE, or exit if held continuously
USB commandExit standalone mode

State Machine

mermaid
stateDiagram-v2
    [*] --> READ : Startup

    READ --> EMULATE : UID captured\n(button hold)
    EMULATE --> READ : Button hold\n(scan new card)
    
    READ --> READ : Scanning...
    EMULATE --> EMULATE : Emulating...

    READ --> [*] : Long hold / USB data
    EMULATE --> [*] : Long hold / USB data

Compilation

make clean
make STANDALONE=HF_CRAFTBYTE -j
./pm3-flash-fullimage