Skip to content
  • faq

FAQ

General

Section titled “General”

What is ATLAS?

Section titled “What is ATLAS?”

ATLAS is a professional Android platform for physical security operations. It brings together access control defeat, project management, situational awareness, OSINT collection, TAK integration, and post-operations reporting in one app.

What devices are supported?

Section titled “What devices are supported?”

Any Android device running Android 7.0 or higher. We recommend running deGoogled Pixel devices with a secure OS such as GrapheneOS.

Section titled “Is this legal to use?”

ATLAS is designed for authorized penetration testing, protective security operations, and security assessments. You must have explicit authorization before testing any system. Unauthorized use is illegal.

Pricing

Section titled “Pricing”

How much does ATLAS cost?

Section titled “How much does ATLAS cost?”

Standard License: $120/year per device

For government, law enforcement, and enterprise licensing, contact us for pricing and features: [email protected]

What’s included in the license?

Section titled “What’s included in the license?”
  • Full access to all app features
  • 1-year license (must be renewed annually)
  • License validation services

Support contracts are available separately.

Are there refunds?

Section titled “Are there refunds?”

No. All sales are final. See our Terms of Service for details.

Can I transfer my license to another device?

Section titled “Can I transfer my license to another device?”

Licenses are bound to one device at a time. You can rotate to a new device once every 90 days.

Hardware

Section titled “Hardware”

What hardware does ATLAS support?

Section titled “What hardware does ATLAS support?”
  • Proxmark3 RDV4 with Blueshark Bluetooth module
  • Doppelgänger Core - WiFi longrange reader
  • Doppelgänger Stealth - Decoy reader with PIN capture
  • MSRX6-BLE - Magnetic stripe reader

Do I need any hardware?

Section titled “Do I need any hardware?”

No. Many ATLAS features work without hardware: project management, situational awareness mapping, OSINT collection, TAK integration, and GPS intelligence. Hardware is required for card reading and cloning operations.

Where do I buy hardware?

Section titled “Where do I buy hardware?”

Visit store.physicalexploit.com

Do you support Proxmark3 Easy or other knockoff devices?

Section titled “Do you support Proxmark3 Easy or other knockoff devices?”

No. We do not support the Proxmark3 Easy, Chinese clones, or other knockoff hardware.

We’re a small business that supports other businesses building quality hardware. The Proxmark3 RDV4 is manufactured by Lab401 and RFID Research Group with proper QC, documentation, and ongoing firmware support. Knockoff devices often have hardware defects, unstable firmware, and no support.

If you’re serious about physical security, invest in quality tools.

What about wired Proxmark3 or MSR connections?

Section titled “What about wired Proxmark3 or MSR connections?”

Wired USB OTG connections for Proxmark3 and wired MSR operations are available exclusively under Government and Law Enforcement contracts where reduced RF signatures are required.

Contact [email protected] for information on low-signature configurations.

Features

Section titled “Features”

What card types can I work with?

Section titled “What card types can I work with?”

Low Frequency (125 kHz):

  • HID Prox, AWID, Indala, EM4100, Paxton, Net2

High Frequency (13.56 MHz):

  • iCLASS Legacy/SE/SEOS, MIFARE Classic, PIV, DESFire

Magstripe:

  • 3-track HiCo/LoCo

Can I clone cards?

Section titled “Can I clone cards?”

Yes, to compatible target cards:

  • Low Frequency (Prox, Indala, Paxton, EM, AWID, etc.) → T5577 cards
  • High Frequency (iCLASS/SE/SEOS) → iCLASS 2K cards (downgrade attack)
  • Hospitality (MIFARE) → UID-rewritable magic cards
  • Magstripe → 3-track rewritable cards

Does ATLAS work offline?

Section titled “Does ATLAS work offline?”

Yes. All operational features work offline. License validation requires occasional internet access (except for Government/LE licenses which work fully offline for one year).

Is my data encrypted?

Section titled “Is my data encrypted?”

Yes. All operational data is encrypted with AES-256-GCM and stored locally on your device. We never transmit your card data, GPS locations, or project files.

Training

Section titled “Training”

Where do I learn physical penetration testing?

Section titled “Where do I learn physical penetration testing?”

There’s a lot of bad information and so-called experts teaching physical penetration testing. With workplace violence, campus attacks, and facility security incidents at historic levels, we take this seriously.

What physical penetration testing is NOT:

  • Tailgating is not a penetration test
  • Walking a lobby is not an assessment
  • Checklists are not security
  • Hobby gear has no place in life-safety environments

If you’re a security professional or looking to enter the industry, we highly recommend Mayweather Group’s Practical Physical Exploitation (PPE) course. It teaches modern tools, disciplined methodology, and real-world operational tradecraft.

Training formats:

Professional Services

Section titled “Professional Services”

Do you offer professional penetration testing services?

Section titled “Do you offer professional penetration testing services?”

Yes. Mayweather Group provides professional physical penetration testing, Red Team operations, Red Cell exercises, M&A due diligence assessments, secure facility design, and policy consulting.

Why does the firm I hire matter?

Section titled “Why does the firm I hire matter?”

Not all penetration testing companies are the same. Physical security testing requires a rare combination of technical expertise, operational tradecraft, and safety discipline. Very few firms in the industry possess the resources and experience to competently and safely execute these engagements.

When critical data, human life, or brand reputation are at stake, do not hire an ill-equipped firm simply because you have an existing relationship. Many firms sub-contract physical work to sub-contractors of sub-contractors—operators you’ve never vetted, using methodologies you’ve never reviewed.

Questions to ask before hiring:

  • Do you perform physical assessments with your own staff, or sub-contract?
  • Have your consultants attended the Practical Physical Exploitation course? Are they certified Physical Exploitation Experts?
  • What tools and methodology do you use?
  • Can you provide references for similar engagements?
  • What safety protocols are in place for high-risk operations?

Contact Mayweather Group for professional engagements.

Security

Section titled “Security”

Should I use a rooted device?

Section titled “Should I use a rooted device?”

No. We do not recommend running ATLAS on rooted devices. Root access weakens Android’s security model and can expose your operational data.

Is screenshot protection enabled?

Section titled “Is screenshot protection enabled?”

Yes, by default. You can toggle it in Settings → Security.

What data do you collect?

Section titled “What data do you collect?”

Only license validation data (device ID, app version). We do NOT collect your cards, GPS, projects, or any operational data. See our Privacy Policy.

Support

Section titled “Support”

How do I get help?

Section titled “How do I get help?”

Standard licenses do not include support. For bug reports and general inquiries, email [email protected].

Government and Enterprise support contracts are available for organizations requiring dedicated support. Contact [email protected] for details.

How do I report a bug?

Section titled “How do I report a bug?”

Email [email protected] with:

  • Android version
  • Device model
  • Steps to reproduce
  • Screenshots if applicable