Use Android Phone as NFC Tag?
- Thread starter Nightskill
- Start date
any luck with doors?
tried this w/my card and no luck reading it w/several nfc apps. however, the door reader will beep when i try my phone on it. so i think door readers use a different frequency for security. makes sense.
If they were operating at a different frequency then your phone likely wouldn't be recognised.
None of you will get your phones to open your doors. Google have not provided access to card emulation mode, so there's nothing for the door readers to read. Somebody here on XDA claimed that they wrote an application to send NDEF messages containing the data on their access cards and that this worked for doors etc, but they didn't share this app so I'm not sure how true that is.
the guy have made the app's have share it with some people and it work but only on rooted devices.
Google Wallet has access to embedded Secure Elements, and therefore it is allowed to emulate a card.
The only thing you can do now is make the phone share a NDEF message to other readers which is not that useful.
So for this to work you have to get access to the Secure Elements with hidden API + patch some stuff in the source and make a custom rom.
The only thing you can do now is make the phone share a NDEF message to other readers which is not that useful.
So for this to work you have to get access to the Secure Elements with hidden API + patch some stuff in the source and make a custom rom.
What I'm going to try is get security at where I work (they do all the access cards and all) and see if they'll be willing to program the NFC chip in the phone. To provide access to a card they program it and swipe against a writer. Going to see if they can do that. Flaws in logic?
Sent from my GT-I9300 using Tapatalk 2
Sent from my GT-I9300 using Tapatalk 2
Developers can access the embedded secure element with the classes
Developers can access the embedded secure element with the classes in the package com.android.nfc_extras, especially the NfcAdapterExtras.java and NfcExecutionEnvironment.java.
But still don't know how to proceed to card emulation with that classes file.
Developers can access the embedded secure element with the classes in the package com.android.nfc_extras, especially the NfcAdapterExtras.java and NfcExecutionEnvironment.java.
But still don't know how to proceed to card emulation with that classes file.
definately not going to work. Your phone may be able to read the write command, and save this as a file, or whatever. But you will need a different approach if you want to actually emulate the card.
What if you run something like this on your phone (of possible at all..) <URL removed since I'm new and not allowed to post URLs yet... hxxp://openpcd.org/Live_RFID_Hacking_System> ?
Will that OS be able to use the phones hardware as a RFID/NFC writer, and thus be able to emulate a card?
I have some insight how access systems work. Nothing but the tag serial number is usually used. Simply a cards NFC serial is attached to a user profile, which then allows different access rights like times and place, doors point... Some use cards to log door entries, esp. if reader is on the door like in a hotel room.
It would be insane to allow phones to emulate this, then everybody would ride the train for free, enter storage areas with other ppl's tag etc.
The best option is to buy a NFC chip that suits you, and have security add the chip you have chosen to the system, rather than the card you use.
(the cantina money might be stored on the memory, which security usually do not use anyhow) You might be able to recharge this yourself if you get a card r/w for your PC. Depends how pro the cantina solution is.
It would be insane to allow phones to emulate this, then everybody would ride the train for free, enter storage areas with other ppl's tag etc.
The best option is to buy a NFC chip that suits you, and have security add the chip you have chosen to the system, rather than the card you use.
(the cantina money might be stored on the memory, which security usually do not use anyhow) You might be able to recharge this yourself if you get a card r/w for your PC. Depends how pro the cantina solution is.
I thought that you needed the key in order to read all of the sectors & blocks. So, there is a key exchange between the card and reader meaning that it is a lot harder to copy the card entirely, leaving it somewhat useless.Then it would be ridiculously insecure. Ex. If I took a friends paywave and was able to emulate it then now I in theory just stole their credit card
How is that different from copying the Mifare Classic card to a new card?
Since the NFC is able to write to the tags and thus write out info, why wouldn't it be able to write to for instance a card reader.
The free train rides are already happening widely, and every 'fake' card is being banned instantly, but since you're already on the transport of choice it doesn't matter anymore. You just don't want to walk into a control check/sweep
Correct me if I'm wrong, since I'm really new to this NFC and phone hacking in general, but if the OS of the phone supports NFC output, it really should be possible to emulate a card, right?
This is false. These systems are based on the UID of the NFC card. The vast majority of access systems for schools and places of work don't write anything onto the card. They simply make an association in their backend system with that person's user account and the UID of their NFC card.
Because of this, it is indeed possible to get your phone's NFC chip associated with your account instead of a NFC card. However, the issue with Android is that your phone generates a random UID with each NFC interaction. This means that, once the security guy swipes your phone to associate it with your account, the UID will change the next time you swipe it. The only way to fix this and get a static UID would be to enable card emulation. This was done in the Nexus S with custom firmware a while ago, but has not been repeated on any other phones. If you are able to enable card emulation, your phone will emulate a generic Mifare NFC card with a static UID, and you would then be able to replace your door access card with your phone (in most cases).
Phones can't emulate specific UIDs, not because of software limitations, but because of hardware. There are other solutions out there, such as the Proxmark 3, which allows UID cloning. The Proxmark 3 makes it very easy to clone school, university and place of work access cards, as most of these rely purely on UID association.
Here in England, trains, buses etc don't work with the system you've described, and I'd imagine it's the same for most other countries. The data (money stored, top-ups, money deducted) is written to the card in real time. Of course these types of cards have higher levels of security through the use of secret access keys. Without access to these secret access keys, you can't dump the data from an Oyster card, for example. You therefore cannot simply duplicate an Oyster card with your phone, unless the issuer provides you with the access keys or you manage to crack them on your own.
depicip agreeable
Well comments from LoveNFC. I have no idea why sensitive data need to store to the card? Why the authentication need to go through the SE, not from the server-end? Why not just emulate the UID with blank empty card?
Well comments from LoveNFC. I have no idea why sensitive data need to store to the card? Why the authentication need to go through the SE, not from the server-end? Why not just emulate the UID with blank empty card?
I've been trying for quite some time now to see where I'd get stuck.
My scenario: Touch-a-tag NFC reader (usb) on a laptop with BackTrack 5R2, within 20 minutes I had the NFC working, and 10 minutes later I succesfully copied/cracked a Mifare Classic card.
Since the guide I was following proved to be working, I just tried to do the exact same on the S3, with the 'Complete Linux installer' app and a Backtrackv8.img file as LiveOS.
I ran into a lot of compatibility errors, for instance the ARM apt repository isnt as filled/complete as the x86/x64 one, a lot of aps need to be cross compiled by hand, however I got those working.
The driver for the NFC on the other hand won't f****ng compile, but then again, I might not even need it since the chipset of the Touch-a-Tag is different from the S3's NFC.
From there on it was all just getting messy and depended on usb.h (libusb) that sometimes couldn't be found and whatnot.
I don't think this will work from the android shell, since android seems to have limited the NFC capabilities.
Any real hacker got thoughts or would like the give it a try together?
My scenario: Touch-a-tag NFC reader (usb) on a laptop with BackTrack 5R2, within 20 minutes I had the NFC working, and 10 minutes later I succesfully copied/cracked a Mifare Classic card.
Since the guide I was following proved to be working, I just tried to do the exact same on the S3, with the 'Complete Linux installer' app and a Backtrackv8.img file as LiveOS.
I ran into a lot of compatibility errors, for instance the ARM apt repository isnt as filled/complete as the x86/x64 one, a lot of aps need to be cross compiled by hand, however I got those working.
The driver for the NFC on the other hand won't f****ng compile, but then again, I might not even need it since the chipset of the Touch-a-Tag is different from the S3's NFC.
From there on it was all just getting messy and depended on usb.h (libusb) that sometimes couldn't be found and whatnot.
I don't think this will work from the android shell, since android seems to have limited the NFC capabilities.
Any real hacker got thoughts or would like the give it a try together?
New to NFC but what kind of things can we transfer via NFC is it possible to transfer music and video is there a upload limit to transfering
Andoid Beam uses NFC to send data between two devices. 'File Expert' app claims to be able to use NFC to transfer files. It seems to me that part of the reason for NFC standards to define the type of info to be shared. There doesn't seem to be a 'generic' data type, or a profile for file transfer (as with bluetooth).
Speaking of which, there's a cool app (Blue NFC) that uses NFC to setup a bluetooth connection to transfer the files - pretty slick.
Speaking of which, there's a cool app (Blue NFC) that uses NFC to setup a bluetooth connection to transfer the files - pretty slick.
Last edited:
This is going to be hard to get the various libs in arm format. Especially the libnfc and other nfc specific libs. But this is only needed if you really want a certain program to run, but you can always do some heavy work with a read reader on the pc and make an app on the phone to do other stuff not needing such programs.
So according to this thread, NFC card emulation only works
1. Galaxy S series with 2.3 ROM.
2. Nexus S with hacked firmware.
1. Galaxy S series with 2.3 ROM.
2. Nexus S with hacked firmware.
Has anyone been able to use card emulation via OpenNFC? I know this was answered at the beginning of the thread, but that was quite a while ago. It's still utterly confusing on their webpage. They still don't give out examples for the card emulation mode and don't give any useful information regarding requirements for it to be used.
As far as I get their approach they try to use only the NFC antenna and the operating system. The secure elements are completly excluded from it (or lets say, access to them is not required to use the mode).
I'd appreciate an answer if someone was actually able to use it.
As far as I get their approach they try to use only the NFC antenna and the operating system. The secure elements are completly excluded from it (or lets say, access to them is not required to use the mode).
I'd appreciate an answer if someone was actually able to use it.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
9
This is false. These systems are based on the UID of the NFC card. The vast majority of access systems for schools and places of work don't write anything onto the card. They simply make an association in their backend system with that person's user account and the UID of their NFC card.
Because of this, it is indeed possible to get your phone's NFC chip associated with your account instead of a NFC card. However, the issue with Android is that your phone generates a random UID with each NFC interaction. This means that, once the security guy swipes your phone to associate it with your account, the UID will change the next time you swipe it. The only way to fix this and get a static UID would be to enable card emulation. This was done in the Nexus S with custom firmware a while ago, but has not been repeated on any other phones. If you are able to enable card emulation, your phone will emulate a generic Mifare NFC card with a static UID, and you would then be able to replace your door access card with your phone (in most cases).
Phones can't emulate specific UIDs, not because of software limitations, but because of hardware. There are other solutions out there, such as the Proxmark 3, which allows UID cloning. The Proxmark 3 makes it very easy to clone school, university and place of work access cards, as most of these rely purely on UID association.
Here in England, trains, buses etc don't work with the system you've described, and I'd imagine it's the same for most other countries. The data (money stored, top-ups, money deducted) is written to the card in real time. Of course these types of cards have higher levels of security through the use of secret access keys. Without access to these secret access keys, you can't dump the data from an Oyster card, for example. You therefore cannot simply duplicate an Oyster card with your phone, unless the issuer provides you with the access keys or you manage to crack them on your own.6HID scanners
I just wanted to weigh in and let everyone know that I do the security at my work and I was successfully able to get the Nexus 4 to be scanned by the HID scanner. It passed an ID back to the access control and I was able to set it up under my profile. I can now gain access with my phone to the same places as my badge. I tried to do the same on a Samsung Galaxy S III and it generated a random "ID" for the access control server and I wasn't able to set it up.
-Kr@w
-UPDATE:
I was also successful setting it up for a EVO 4g LTE. This is big since the Nexus 4 uses a Broadcom chip and the EVO 4g LTE uses a NXP chip as far as I can tell. This in my mind points to it possibly being software that causes a random id each time. Just my 2 cents.4Hi everyone,
I recently update my app NFC Tools, and I added a tag emulation feature in the PRO version.
It's a start, and this is a beta feature, so please be indulgent ^^
It works with most devices, but some of them don't work together, I don't know why but I think it's a hardware problem.
So I created this Google Form if you want to send me your tests for I try to list the devices which have problems or not.
http://goo.gl/forms/QetokVxDa5J82T4n2
Feel free to send me your feedback.3
I've been following this thread wondering to my self how long it would take to for someone to finally explain the reason card emulation is difficult on Android devices. Kudos!...yes, the encryption keys are needed to read the encrypted info on the card, for the most part...However, there is a way to dump just raw data from the MiFare Classic card and a way to retransmit, or emulate, this data with the NFC chip on Android without the keys. However, as a previous post states, the problem with emulation is that the NFC chip changes the UID, it's not static. One does need reprogram the firmware, or ROM, of the NFC chip to enable card emulation. I'll find the article I found related to this and throw it in this post a bit later...It's quite the study though! If someone wants to throw some code out for some custom firmware flashing by all means. And even more props if anyone is able to actually flash it on the chip itself (it would require the right testing and development platform and tools of course).
Most devices folks are using carry a NXP brand NFC chip. However, if you are the proud owner of a device with a NXP PN65 NFC chip, it has an embedded SmartMX chip, so you can forget firmware mods; it is a secondary security element that has no pins or contacts on the outside, which means it cannot be flashed.
Interestingly though, the Nexus S has the SmartMX, and it is one of the phones listed in this thread that has effectively emulated the MiFare Classic.
Oh, and a note to any security pros: If success with a project such as this stirs your buckets, then you know what to do...develop a method that is more secure. As you know, any worthy security measure must withstand penetration and hold it's own. Just sayin'
From The Q, Of Course
Live the life you love, Love the life you live3
If they were operating at a different frequency then your phone likely wouldn't be recognised.
None of you will get your phones to open your doors. Google have not provided access to card emulation mode, so there's nothing for the door readers to read. Somebody here on XDA claimed that they wrote an application to send NDEF messages containing the data on their access cards and that this worked for doors etc, but they didn't share this app so I'm not sure how true that is.
