by Rysc Corp

A handheld RFID & NFC test instrument optimized for untethered use in the field

View all updates May 22, 2019

Brute-forcing HID Tags

This post covers how to do a brute-force attack with an HID tag on the ProxmarkPro. A brute-force attack is done by trying to guess multiple tag UID’s similar to a known working tag UID to gain access.

For this post you will need the following:

  • ProxmarkPro
  • HID tag saved
  • Tag reader

There will be no client setup necessary for this action. All will be done on the ProxmarkPro using its buttons and LCD. We will be using an HID tag that is already saved on the SD Card to start the brute force process.

HID Brute with ProxmarkPro

  1. Connect the LF Antenna and navigate to the Load Tag Menu option. Select HID and then your desired tag. We will be using a tag that we have named “Office” on the SD Card.

  2. Navigate to the HID menu and then the Brute option.

  3. In the Brute menu select Method, Card Random. Select From Current. The current tag loaded will now be set for the brute-force attack.

  4. In the Brute menu select Start. The ProxmarkPro will now attempt to brute-force the reader with card numbers similar to the tag you have loaded.

Note: In the Brute menu, you also have the option to manually change the HID tag UID, Facility Code, and format length. Some readers may require a faster or slower replay rate, and you can change this in the menu options as well.

$36,900 raised

of $25,000 goal

147% Funded! Order Below

Product Choices


ProxmarkPro Kit

Everything you need get started with your NFC and RFID experiments, including a ProxmarkPro main unit with enclosure and 1200 mAh battery, one low-frequency (LF) antenna, one high-frequency (HF) antenna, a bundle of three HF tags, a bundle of three LF tags, one 16 GB microSD card, and a carrying pouch.


Rysc Corp

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects: