A handheld RFID & NFC test instrument optimized for untethered use in the field

May 22, 2019

Project update 3 of 14

Brute-forcing HID Tags

This post covers how to do a brute-force attack with an HID tag on the ProxmarkPro. A brute-force attack is done by trying to guess multiple tag UID’s similar to a known working tag UID to gain access.

For this post you will need the following:

There will be no client setup necessary for this action. All will be done on the ProxmarkPro using its buttons and LCD. We will be using an HID tag that is already saved on the SD Card to start the brute force process.

HID Brute with ProxmarkPro

  1. Connect the LF Antenna and navigate to the Load Tag Menu option. Select HID

and then your desired tag. We will be using a tag that we have named "Office" on the SD Card.

  1. Navigate to the HID menu and then the Brute option.

  2. In the Brute menu select Method, Card Random. Select From Current. The

current tag loaded will now be set for the brute-force attack.

  1. In the Brute menu select Start. The ProxmarkPro will now attempt to brute-force

the reader with card numbers similar to the tag you have loaded.

Note: In the Brute menu, you also have the option to manually change the HID tag UID, Facility Code, and format length. Some readers may require a faster or slower replay rate, and you can change this in the menu options as well.

Sign up to receive future updates for ProxmarkPro.

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects