Proxmark3 v4.18994 "Backdoor" Released

Version 4.18994 “Backdoor” of the Iceman fork of the Proxmark3 firmware and client is available. This release adds dedicated tooling for the FM11RF08S backdoor, a major standalone mode rewrite, and many MIFARE and iClass improvements.

Highlights

  • Added several new tools to tackle FM11RF08S cards, including hf mf isen for analyzing static encrypted nonces, with support for n=0 first-auth capture, nt indexes, and per-sector increment options.
  • Rewrote the HF MattyRun standalone mode, which now loads additional user-defined keys from emulator memory and fixes partial emulation state display and LED signalling.
  • Added extended authentication support to hf mf rdbl, wrbl, rdsc, and nested, so cards using extended AUTH can be read and written.
  • Changed hf mf fchk to allow cracking a single key with live progress reporting, improving feedback during long key checks.
  • Implemented a VB6 RNG for iClass elite key search in hf iclass chk and lookup, based on the Flipper Zero Picopass implementation, with --ns no-save support added to hf iclass dump.
  • Fixed ISO 14443-B tag simulation, correcting reversed bit coding and PICC state machine handling so emulated Type B tags can be read reliably.
  • Fixed mf_nonce_brute so it searches the full keyspace and tracks candidate counts, avoiding false positives from valid-looking decrypts.
  • Added native output grabbing for Python and Lua, a cleaner replacement for the previous output_grabber.py approach that also works on ProxSpace.

Contributors

This release landed thanks to @iceman1001, @doegox, @ry4000, @douniwan5788, @Antiklesys, @michaelroland, @CiRIP, @dandri, @micsen, @gentilkiwi, @jmichelp, @bettse, and others.

Read the full changelog and downloads on GitHub.

← All Proxmark News