Physical Access Control 67 to reverse engineer the protocol of the Motorola flexpass and understand what was being transmitted by the card and how it interacted with the reader. He continued his efforts and began to build a card simulator in order to interact with readers and under- stand how the cards worked. After a while and after some revisions, he built his own combination reader and card simulator, since both share many of the same parts. The device, called the proxmark, is not much larger than a credit card and only twice as thick and is dead simple to operate. It consists of two buttons, one for "reader mode" and one for "card mode." "Reader mode" turns the unit into a 125-kHz RFID tag reader that you can hold by any compatible tag and it will read its unique identifier and store it in memory. The "card mode" button simply replays the stored tag infor- mation. This means that he could walk up to someone and surreptitiously scan the contents of their proximity card, walk over to the secure door and replay their card, whereupon he would be granted access as if he had presented the real card. Over the next several years, he has revised his device and greatly improved its capabilities. As of February 2009, the Proxmark 3 is the latest revision and supports most 125-kHz and 13.56-MHz tags (the two most common frequencies) and can read and emulate most any ID-only tag out there.