Skip to content

RFID Research#

The resources here focus on RFID and access-control research from a defensive, educational, and authorized testing perspective. They range from official firmware and hardware pages to community writeups that explain how credential families differ, where common misconceptions come from, and what practical limitations researchers run into.

Only use these tools and techniques in environments you own or are explicitly authorized to test.

Core Proxmark3 Resources#

  • RfidResearchGroup/proxmark3 — The main open-source Proxmark3 firmware and client repository maintained by the RFID Research Group. This is the primary reference point for firmware, client commands, hardware support, documentation, and the broader ecosystem around Proxmark3 research.
  • Proxmarkbuilds.org — Download portal for Proxmark3 builds, with notes about firmware differences and installation expectations. Useful when you want prebuilt packages instead of compiling everything yourself.
  • Emulating legacy iClass / iCLASS / Proxmark3 community — Archived Proxmark forum discussion focused on legacy iCLASS behavior and memory layout questions. Helpful as a niche reference when you are trying to understand how older iCLASS credentials store data and where certain assumptions break down.

Hardware and Accessories#

  • Proxmark3 RDV4 Kit — Retail listing for the RDV4 kit from Hacker Warehouse. It is useful mainly as a quick reference for current availability, approximate pricing, and the optional accessory ecosystem around the platform.
  • Proxmark3 RDV4.01 — Another storefront listing for the RDV4.01 hardware. It gives a second source for pricing and product availability and helps show how the device is positioned in red team and hardware research circles.
  • Bluetooth + Battery Module for Proxmark3 RDV4 — Add-on module that gives the RDV4 portable, standalone use with onboard battery and Bluetooth connectivity. Useful if you want to understand how researchers make the platform more field-friendly instead of strictly desk-tethered.
  • SAMadams for Flipper Zero — Product page for a Flipper Zero add-on built around an HID Secure Access Module. This page is useful less as a shopping link and more as a concise explanation of what a SAM board is, what kinds of credential families it can interact with, and where its limits are.

Community Threads and Troubleshooting Notes#

  • Cloning a "NXP MIFARE Classic MFC1C14_x" to a MIFARE Classic 1K? — Reddit thread from a beginner working through MIFARE Classic identification and compatibility questions. Good example of the kinds of practical card-type confusion that come up early when using Proxmark3.
  • Prng detection....... hard (Help with MIFARE Classic 1K - Unable to Retrieve Keys with Proxmark3MAX) — Troubleshooting thread centered on failed key-recovery attempts against a MIFARE Classic card. Useful as a reminder that field results often depend on card generation, reader behavior, and attack preconditions rather than just running the expected commands.
  • HID iClass Picopass 2K Cloning help — Community support thread that shows how experienced users help identify whether an iCLASS credential is using standard or elite-style keys and why that distinction matters. Helpful as a real-world troubleshooting example rather than a polished tutorial.
  • HID Iclass proxmark3 — Short Dangerous Things forum reply that points readers toward a more complete background thread on iCLASS work. Best treated as a navigation breadcrumb into the wider community knowledge base.
  • Need help cloning HID iClass Legacy — Forum post documenting one user's experience working through a legacy iCLASS migration problem. Useful as an example of how much care and card-specific validation these workflows require, especially when community posts warn about the risk of damaging tags with incorrect writes.

HID iCLASS Primers and Technical Notes#

  • iClass — Compact technical primer covering legacy, elite, SR, SE, and SEOS terminology in the HID iCLASS ecosystem. One of the most useful quick-reference pages for understanding credential families, data layout, and why certain attacks work on some cards but not others.
  • HID Secure Identity Object downgrade guide — A community writeup explaining the concepts behind SIO-based credentials, logical copies, downgrade paths, and reader compatibility caveats. Even if you never follow the workflow itself, it is valuable for understanding the security model and why secure and legacy deployments behave differently.
  • HID iClass proxmark3 — Useful supporting reference because it points into a broader discussion about practical HID iCLASS research and the tooling commonly used around it.
  • Need help cloning HID iClass Legacy — Worth keeping nearby as a cautionary real-world example of the gap between theory and practice when working with legacy iCLASS credentials.

Suggested Reading Order#

If you are new to this area, start with the RfidResearchGroup/proxmark3 repository to understand the core platform, then read the iClass primer to get familiar with HID credential families. After that, use the Reddit and Dangerous Things threads as troubleshooting references so you can see how terminology, card type, keys, and reader support interact in real-world cases.