FAQ

---

General

What is ATLAS?

ATLAS is a professional Android platform for physical security operations. It brings together access control defeat, project management, situational awareness, OSINT collection, TAK integration, and post-operations reporting in one app.

What devices are supported?

Android 12+ (API 31+) devices. We intentionally do not support end-of-life Android versions due to security risks—Android 11 and below no longer receive security patches from Google.

For Proxmark3 Bluetooth connectivity, we recommend Google Pixel devices running:

• GrapheneOS — Our recommended secure OS (supported devices)
• Stock Android — Factory Pixel software works well

Known Compatibility Issues:

• Samsung devices — Modified Bluetooth stack may cause Proxmark3 connectivity issues
• Other OEM ROMs (Xiaomi, OnePlus, etc.) — Untested with Proxmark3

Note: WiFi-based hardware (Doppelganger Core, Stealth) works across all supported Android versions. Stock Android users may need to manually grant some permissions. See the Android Permissions section below.

Is this legal to use?

ATLAS is designed for authorized penetration testing, protective security operations, and security assessments. You must have explicit authorization before testing any system. Unauthorized use is illegal.

---

Pricing

How much does ATLAS cost?

Standard License: Annual per-device subscription. View pricing →

For government, law enforcement, and enterprise licensing, contact: [email protected]

What’s included in the license?

• Full access to all app features
• 1-year license (must be renewed annually)
• License validation services

Support contracts are available separately.

Are there refunds?

No. All sales are final. See our Terms of Service for details.

Can I transfer my license to another device?

Licenses are bound to one device at a time. You can rotate to a new device once every 90 days.

---

Hardware

What hardware does ATLAS support?

• Proxmark3 RDV4 with Blueshark Bluetooth module (Iceman firmware required)
• Doppelgänger Core - WiFi longrange reader
• Doppelgänger Stealth - Decoy reader with PIN capture
• MSRX6-BLE - Magnetic stripe reader

Do I need any hardware?

No. Many ATLAS features work without hardware: project management, situational awareness mapping, OSINT collection, TAK integration, and GPS intelligence. Hardware is required for card reading and cloning operations.

Where do I buy hardware?

Visit store.physicalexploit.com

Do you support Proxmark3 Easy or other knockoff devices?

No. We do not support the Proxmark3 Easy, Chinese clones, or other knockoff hardware.

We’re a small business that supports other businesses building quality hardware. The Proxmark3 RDV4 is manufactured by Lab401 and RFID Research Group with proper QC, documentation, and ongoing firmware support. Knockoff devices often have hardware defects, unstable firmware, and no support.

If you’re serious about physical security, invest in quality tools.

What about wired Proxmark3 or MSR connections?

Wired USB OTG connections for Proxmark3 and wired MSR operations are available exclusively under Government and Law Enforcement contracts where reduced RF signatures are required.

Contact [email protected] for information on low-signature configurations.

---

Features

What card types can I work with?

Low Frequency (125 kHz):

• HID Prox, AWID, Indala, EM4100, Paxton, Net2

High Frequency (13.56 MHz):

• iCLASS Legacy/SE/SEOS, MIFARE Classic, PIV, DESFire

Magstripe:

• 3-track HiCo/LoCo

Can I clone cards?

Yes, to compatible target cards:

• Low Frequency (Prox, Indala, Paxton, EM, AWID, etc.) → T5577 cards
• High Frequency (iCLASS/SE/SEOS) → iCLASS 2K cards (downgrade attack)
• Hospitality (MIFARE) → UID-rewritable magic cards
• Magstripe → 3-track rewritable cards

Does ATLAS work offline?

Yes. All operational features work offline. License validation requires occasional internet access (except for Government/LE licenses which work fully offline for one year).

What if my device doesn’t have cellular data?

Many operators run ATLAS on WiFi-only devices (tablets, deGoogled phones without SIM). For license activation and updates:

• WiFi tethering — Connect to a phone’s mobile hotspot
• Public WiFi — Use any available network for initial activation
• Pre-activation — Activate the license before going to the field

Once activated, the app works fully offline. License re-validation is only needed periodically.

Is my data encrypted?

Yes. All operational data is encrypted with AES-256-GCM and stored locally on your device. We never transmit your card data, GPS locations, or project files.

---

Training

Where do I learn physical penetration testing?

There’s a lot of bad information and so-called experts teaching physical penetration testing. With workplace violence, campus attacks, and facility security incidents at historic levels, we take this seriously.

What physical penetration testing is NOT:

• Tailgating is not a penetration test
• Walking a lobby is not an assessment
• Checklists are not security
• Hobby gear has no place in life-safety environments

If you’re a security professional or looking to enter the industry, we highly recommend Mayweather Group’s Practical Physical Exploitation (PPE) course. It teaches modern tools, disciplined methodology, and real-world operational tradecraft.

Training formats:

• Public Training
• Private Training
• Government / LEO Training

---

Professional Services

Do you offer professional penetration testing services?

Yes. Mayweather Group provides professional physical penetration testing, Red Team operations, Red Cell exercises, M&A due diligence assessments, secure facility design, and policy consulting.

Why does the firm I hire matter?

Not all penetration testing companies are the same. Physical security testing requires a rare combination of technical expertise, operational tradecraft, and safety discipline. Very few firms in the industry possess the resources and experience to competently and safely execute these engagements.

When critical data, human life, or brand reputation are at stake, do not hire an ill-equipped firm simply because you have an existing relationship. Many firms sub-contract physical work to sub-contractors of sub-contractors—operators you’ve never vetted, using methodologies you’ve never reviewed.

Questions to ask before hiring:

• Do you perform physical assessments with your own staff, or sub-contract?
• Have your consultants attended the Practical Physical Exploitation course? Are they certified Physical Exploitation Experts?
• What tools and methodology do you use?
• Can you provide references for similar engagements?
• What safety protocols are in place for high-risk operations?

Contact Mayweather Group for professional engagements.

---

Security

Should I use a rooted device?

No. We do not recommend running ATLAS on rooted devices. Root access weakens Android’s security model and can expose your operational data.

Is screenshot protection enabled?

Yes, by default. You can toggle it in Settings → Security.

What data do you collect?

Only license validation data (device ID, app version). We do NOT collect your cards, GPS, projects, or any operational data. See our Privacy Policy.

---

Android Permissions

What permissions does ATLAS need?

ATLAS requires the following permissions for full functionality:

Permission	Purpose
Internet	License validation, TAK server sync, software updates
Location	GPS tagging card captures, map features, project coordinates
Bluetooth	Connecting to Proxmark3, MSR, and Doppelgänger devices
Nearby Devices	Discovering Bluetooth devices (Android 12+)
All Files Access	Exporting reports, importing card dumps, managing the ATLAS folder
Install packages	Installing app updates from the Vault server

Note: Not all permissions are required for basic operation. The app will request permissions as needed when you access specific features.

GPS/Location is not working

1. Ensure Location Services is enabled in your device settings
2. Go to Settings → Apps → ATLAS → Permissions → Location
3. Select Allow only while using the app or Allow all the time
4. If using ATLAS for extended operations, “Allow all the time” provides better reliability

”Permission denied” when exporting or creating folders

This is typically an All Files Access permission issue on stock Android:

1. Go to Settings → Apps → Special app access → All files access
2. Find ATLAS and enable the toggle
3. Restart the app

Note: GrapheneOS handles storage permissions differently and may not require this step.

App updates not installing

ATLAS can update itself from the Vault server. If updates fail to install:

1. Go to Settings → Apps → Special app access → Install unknown apps
2. Find ATLAS and enable the toggle
3. Try the update again

Stock Android vs. GrapheneOS

Stock Android (Google Pixel with factory software, Samsung, etc.) requires manual permission grants in some cases. The system may not prompt for all permissions automatically.

GrapheneOS typically prompts for all required permissions during app installation or first launch. GrapheneOS also provides more granular permission controls.

---

Support

How do I get help?

Standard licenses do not include support. For bug reports and general inquiries, email [email protected].

Government and Enterprise support contracts are available for organizations requiring dedicated support. Contact [email protected] for details.

How do I report a bug?

Email [email protected] with:

• Android version
• Device model
• Steps to reproduce
• Screenshots if applicable