Detecting NFC Tag removal hacking [Powerd with Xposed, Broadcast Intent to Tasker]

Search This thread
By:
Advanced…
M

madfish73

Senior Member
Oct 29, 2011
121
99
m3meems said:
Would it be possible to make a mod for the Sprint Galaxy note 2 running 4.1.2? I attached the Nfc.apk and put a link for the framework files. I'm on a deodexed rom so I don't have the nfc.odex. Would it be possible to make the mod only for deodexed roms? Thanks for all the help and let me know if you need anything else!

Link to framework files: https://www.dropbox.com/s/v0gozjauxm6ypj4/framework.zip
Click to expand...
Click to collapse

I've upload the mod to post#1, try it and tell me the result
 
  • Like
Reactions: m3meems
M

madfish73

Senior Member
Oct 29, 2011
121
99
zygmalian said:
Should have thought of that earlier:

Link for framework zip file from Note 2 LTE N7105: Looks as though I cannot include a link yet, so:

The usual drop box https, ending .com then /s/o16etk2kdar4onm/framework.zip

Regards
Click to expand...
Click to collapse

done it, you can get it from post#1, try it and tell me the result.
 
M

madfish73

Senior Member
Oct 29, 2011
121
99
m3meems said:
I've had a couple issues where Nfc doesn't work and I have to toggle it off and on for it to work again. Is that normal?
Click to expand...
Click to collapse

Did you have this kind of problem before you applied this nfc apk mod ?
I also did some "off screen scan" mod to the nfc apk you've downloaded, i'm not sure if it was caused by the mod or just a bug of the stock ROM.
This is a similar issue about "deep sleep" of nfc:
http://xdaforums.com/showthread.php?t=2178170
 
  • Like
Reactions: m3meems
M

m3meems

Member
Nov 13, 2012
42
4
K

klau1

Senior Member
Jan 1, 2008
1,794
392
Re: Detecting NFC Tag removal hacking [add video demo & apk !!!]

madfish73 said:
hi klau1, have you checked the TAG FOUND function? some guy has the similar "sleep" problem with stock rom without nfc mod:
http://xdaforums.com/showthread.php?t=2178170
Click to expand...
Click to collapse

I don't have the same problem. I never have to toggle my NFC switch just to get it to read the tags.

I haven't gotten a chance to get the logs yet but I think it has something to do with deep sleep slowing down the pooling rate of the NFC.

The reason is this: when I tested the phone today after a night of inactivity, by swiping the phone on a tag -ON OFF ON OFF etc, the phone would not produce the NFC sound on the first few 3 or 4 times, finally on the 5th time it worked (evidenced by the NFC sound).

I'll have to try a few more times to confirm this.

Sent from my SGH-I747M using Tapatalk 2
 
M

madfish73

Senior Member
Oct 29, 2011
121
99
klau1 said:
I don't have the same problem. I never have to toggle my NFC switch just to get it to read the tags.

I haven't gotten a chance to get the logs yet but I think it has something to do with deep sleep slowing down the pooling rate of the NFC.

The reason is this: when I tested the phone today after a night of inactivity, by swiping the phone on a tag -ON OFF ON OFF etc, the phone would not produce the NFC sound on the first few 3 or 4 times, finally on the 5th time it worked (evidenced by the NFC sound).

I'll have to try a few more times to confirm this.

Sent from my SGH-I747M using Tapatalk 2
Click to expand...
Click to collapse

maybe you should be more patient :)
I also have problem like you: sometimes when putting the phone on a tag after screen is off, I have to wait for several seconds to get the NFC sound.
 
M

MohammadAG

Inactive Recognized Developer
Sep 7, 2009
1,080
5,504
30
Jerusalem
mohammadag.xceleo.org
I've installed the Note 2 version but it doesn't seem to work.
Logcat shows a signature mismatch for shared user android.uid.nfc.
Any tips on how to make it work?

Edit: Nevermind, pulling AndroidManifest and META-INF from original apk worked, thanks.
Now to patch Llama
 
Last edited:
M

madfish73

Senior Member
Oct 29, 2011
121
99
MohammadAG said:
I've installed the Note 2 version but it doesn't seem to work.
Logcat shows a signature mismatch for shared user android.uid.nfc.
Any tips on how to make it work?

Edit: Nevermind, pulling AndroidManifest and META-INF from original apk worked, thanks.
Now to patch Llama
Click to expand...
Click to collapse

could you upload your mod here, and your ROM version detail, your phone type detail, so I can attach it to post#1
 
hollywoodfrodo

hollywoodfrodo

Senior Member
Mar 2, 2011
189
153
Long Beach
This is a great concept. So how is the phone detecting the removal from the tag? After it initially detects a tag, does it continually poll to see if the tag is still present? Any potential negatives to that happening?

Great idea cause I have a tag on my car dock, but since the phone randomly re-detects the tag (if I hit a bump or something), I had to change it from being a toggle tag and also change what it did to only settings stuff so it wouldn't bring up an app in the middle of me google navigation or anything.
 
M

madfish73

Senior Member
Oct 29, 2011
121
99
hollywoodfrodo said:
This is a great concept. So how is the phone detecting the removal from the tag? After it initially detects a tag, does it continually poll to see if the tag is still present? Any potential negatives to that happening?

Great idea cause I have a tag on my car dock, but since the phone randomly re-detects the tag (if I hit a bump or something), I had to change it from being a toggle tag and also change what it did to only settings stuff so it wouldn't bring up an app in the middle of me google navigation or anything.
Click to expand...
Click to collapse

Detecting tag removal is the function of original NFC module. The evidence is that you can find the "tag lost" message in logcat with stock ROM when tag removing. I just mod the Nfc module and add a little code to broadcast this message out to app level.

And, about your "bump" and "randomly re-detect", maybe you can mod your dock with something like magnet. I mod my Galaxy Nexus with TouchStone and it working very well like a car dock.

DSC06416.JPG

DSC06418.JPG

DSC06420.JPG

DSC06424.JPG
 

看你妹

Member
Mar 16, 2013
5
0
:crying::crying:我使用我的GS3-I9300 4.2.2NEDLI 下載你的NFC.APK放到SYSTEM/APP/裏面去修改成了RW-R`R然後。NFC重啟後失效了.系統設置也找不到NFC設置了。:mad::mad:View attachment Nfc.apk
 
Last edited:
X

xaxoo

Member
Aug 31, 2010
18
1
HI madfish73
If it's possible to modify NFC.apk from slimrom (I9300)?
Pretty please :eek:
Thank You for Awesome work:)
 

Attachments

  • Nfc.apk
    214.1 KB · Views: 7
Last edited:
You must log in or register to reply here.

Similar threads

N
Use Android Phone as NFC Tag?
Replies
113
Views
616K
P
petiofi
one5
  • Sticky
[List] Things to scan with your NFC Phone
Replies
410
Views
398K
S
spyjim
tr.slate
[LIST] Where to Buy NFC Tags (updated 06/29/2012)
Replies
173
Views
149K
roger-wxr
roger-wxr
D
[APP] NFC Classic Tag Reader / Writer v1.1 (BETA)
Replies
63
Views
81K
Jay_9090
Jay_9090
FragmentedLogik
App to Clone or Store NFC tags?
Replies
4
Views
74K
carhustler
carhustler

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 42
    M
    madfish73
    [2014-03-13] back to Nfc.apk mod again( since xposed won't work under KitKat ART mode)
    http://xdaforums.com/showpost.php?p=51047371&postcount=404

    No more hacking, no more mod(nfc mod, still need AnyTag mod), with Xposed(you can download XposedInstaller.apk in that thread), you just need to install a plugin :
    [2014-02-10, compatiable with AOKP kitkat 4.4.2]
    (I've modified this plugin to support tag removal detecting, so you don't need nfc.apk mod any more)
    [2013-10-25 updated, Add Intent broadcast to support "Tasker Intent receiver", pk.qwerty12.nfclockscreenoffenabler.TAG_EVENT, Extras: state=discovered/lost, uid=XXXXXXXX(HEX of tag id), Tasker variables: %state, %uid]
    [2013-10-24 updated, Add Intent broadcast to support "Tasker Intent receiver", pk.qwerty12.nfclockscreenoffenabler.TAG_DISCOVERED_XXXX, pk.qwerty12.nfclockscreenoffenabler.TAG_LOST_XXXX(where XXXX is the HEX of specified tag id). Don't need AnyTag anymore, with tasker you can receive Intent when tag discovered or tag lost]
    [2013-10-22 updated, Add support for LG G2 (D802 - internationnal version), merged with MohammadAG's code]
    [2013-10-09 updated, NOW ALSO compatible with android 4.1 and before. The Apk version is still v1.4 ]
    [2013-09-20 updated, add tag presence check timeout setting, this can help for battery saving.]
    [2013-09-05 updated, modified by MohammadAG, added taglost sound option]

    View attachment NFCLockScreenOffEnabler19.apk
    View attachment NFCLockScreenOffEnabler1.9-src.zip

    the testing for battery consumption effected by tag presence check timeout setting(GalaxyNexus JB4.3 stock ROM)
    timeout stock setting: 125ms
    wifi off, put phone on tag all night
    begin time: 01:36 battery: 97%
    end time : 10:26 battery: 34%
    battery consumption per hour: 7.134%

    timeout custom setting: 20 seconds
    wifi off, put phone on tag all night
    begin time: 23:27 battery: 98%
    end time : 08:03 battery: 56%
    battery consumption per hour: 4.884%

    timeout custom setting: 4 seconds
    wifi off, put phone on tag all night
    begin time: 00:11 battery: 97%
    end time : 08:12 battery: 54%
    battery consumption per hour: 5.364%


    Battery consumption without nfc tag(Galaxy Nexus JB4.3 Stock ROM)
    reboot, wifi off, Disable Nfc
    begin time 23:56 battery: 98%
    end time 07:30 battery: 90%
    battery consumption per hour: 1.056%

    reboot, wifi off, Nfc on, Disable nfc when screen off
    begin time 23:03 battery: 96%
    end time 07:30 battery: 86%
    battery consumption per hour: 1.182%

    reboot, wifi off, Nfc on, Enable nfc when screen off
    begin time 23:10 battery: 100%
    end time 07:30 battery: 86%
    battery consumption per hour: 1.68%



    Thanks to rovo89 for his great work - Xposed!
    and thanks to Neuer_User for his suggestion.
    The code of the plugin module NFCLockscreenoffEnabler.apk is based on the Xposed mod of NFC lock screen: https://github.com/qwerty12/NFCLockscreenoffEnabler/, thanks to the author of it.

    1. install Xposed
    2. install NFCLockScreenOffEnabler
    3. Checked NFCLockScreenOffEnabler in Xposed
    4. set options you want.
    5. reboot
    5. still need AnyTag mod version, or you can install new version of ReTag, it supports tag lost message now!!


    What this mod can do?

    after did this mod, with AnyTag(mod) + tasker + secure settings plugin + secure settings helper, you can:
    1. put your phone on the "Bedside tag", your phone turn to silence mod, take the phone off the tag, your phone auto turn off silence mod
    2. put your phone on the "CarDock tag", your phone auto unlock, turn to CarHome mode, run some special apps, take the phone off the tag, your phone auto kill some special apps, exit carhome mode, lock screen ...
    3. Other things you can image....

    How to receive tag discovered Intent with Tasker?
    Tasker->profiles->add->Event->System->Intent Received->Action=pk.qwerty12.nfclockscreenoffenabler.TAG_DISCOVERED_XXXXXXXX
    where XXXXXXXX = HEX string of your tag id, like: 00AABBCC

    How to receive tag lost Intent with Tasker?
    Tasker->profiles->add->Event->System->Intent Received->Action=pk.qwerty12.nfclockscreenoffenabler.TAG_LOST_XXXXXXXX
    where XXXXXXXX = HEX string of your tag id, like: 00AABBCC

    How to use tasker to auto unlock your phone and run some apps?

    tasker + secure settings plugin + secure settings helper
    Create task, add actions:
    1. Secure Settings, Screen & Keyboard Lights On 5 seconds
    2. Wait 60ms
    3. Secure Settins, Keyguard Enabled
    4. Wait 100ms
    5. Secure Settings, Keyguard Disabled/BG
    6. run apps ....
    7. do things you want ...
    8. Secure Settings, Screen & Keyboard Light On 10 Seconds
    ...
    ..

    How to do that
    1. Download the mod AnyTag.apk from attachments. Install it.
    2. Download the mod Nfc.apk (device dependence) from attachments, copy it to /system/app/Nfc.apk, reboot


    download modified anytag.apk: View attachment AnyTAG1.2.6-mod.apk

    =====================obsolete =============================

    #download modified Nfc.apk:
    #AOKP ROMs
    #Galaxy Nexus 4.1.2 AOKP: View attachment 1700757
    #Galaxy Nexus 4.2.1 AOKP: View attachment 1767293
    #Galaxy Nexus 4.2.2 AOKP: View attachment Nfc4.2.2-mod.apk
    #
    #InsertCoin
    #HOX InsertCoinV17 4.1.1(not test): View attachment Nfc-HOX-InsertCoinV17-4.1.1.apk
    #
    #Stock ROMs
    #Galaxy Nexus 4.2.1 (thanks for LoveNFC): View attachment Nfc-mod-combine-GN4.2.1.apk
    #Galaxy Nexus 4.2.1 Tag lost with no sound: View attachment 1781195
    #Galaxy Nexus 4.2.2 : View attachment Nfc-GN-stock422-combine-mod.apk
    #Google Nexus4 4.2.2 (thanks for LoveNFC): View attachment NfcNci-mod-combine-N4-4.2.2.apk
    #Google Nexus4 4.2.2 Tag lost with no sound: View attachment 1781196
    #Galaxy Note2 N719 4.1.1 : View attachment Nfc-Note2-4.1.1(N719).apk
    #Galaxy Note2 N7100 4.1.2 : View attachment 1783180
    #Galaxy Note2 Sprint 4.1.2 : View attachment Nfc-Sprint-note2-4.1.2-mod.apk
    #Galaxy Note2 LTE(N7105 XXDMB2) 4.1.2 : View attachment Nfc-Note2LTE-N7105XXDMB2-4.1.2-mod.apk
    #Galaxy S3 i747 4.1.1 (thanks for klau1): View attachment Nfc-mod-combine.apk
    #Galaxy S3 4.1.2 (tested by fruitloopy) : View attachment Nfc-GS3-4.1.2-mod.apk
    #
    #Others
    #4.1.2-N7100UBDMB1-CRISKELO-v14--->same as----
    #---->AmnoSferum_9.0.1_Mescaline_XXDMD2: View attachment Nfc-N7100UBDMB1-CRISKELO-v14-mod.apk
    #Nexus4 PurityV5.5: View attachment NfcNci-mod-ScreenOn-Signed.apk
    #
    #3. Download tasker, Secure settings plugin for tasker, Secure Settings Helper
    #
    #Video demo
    #
    #

    "Bedside Tag": http://youtu.be/_c9Lo-jwErg
    galaxy note2(china telecom N719): http://youtu.be/UlbxGoGjysI
    TouchStone& "Carmode Tag": http://youtu.be/zeJZ_Cy7_mM
    ES Ftp Tag with PC react: http://www.youtube.com/watch?v=_1oN2vmHwtY

    Mod Details:

    1. mod nfc.apk(mod android source code and rebuild), when tag lost, broadcast intent with action "android.nfc.action.TAG_LOST"

    Screenshot_2013-02-01-17-21-36.jpg


    2. mod AnyTag NFC Launcher apk, play a trick with TagId, when intent action is "TAG_LOST", Tagid=Tagid + "_TAG_LOST", otherwise, Tagid = Tagid + "_TAG_DISCOVERED"


    =====================obsolete =============================
    apk mod --------------------Step by Step(Note2, Windows)---------------------------------

    1. tools needed
    baksmali and smali
    apktool (1.5.1)
    WinRAR
    2. copy /system/framework from phone to PC folder like D:\qlg\Dev\android\note2(N719)\framework\
    3. copy /system/app/Nfc.apk, Nfc.odex to d:\temp\mod\
    4. cmd box, cd d:\temp\mod\
    5. java -jar D:\tools\android\baksmali1.4.1\baksmali-1.4.1.jar -d D:\qlg\Dev\android\note2(N719)\framework -x -b Nfc.odex
    this will decompile Nfc.odex to d:\temp\mod\out\
    6. d:\tools\android\apktool\apktool1.5.1\apktool.bat d -f --frame-path D:\qlg\Dev\android\note2(N719)\framework Nfc.apk
    this will decompile Nfc.apk to d:\temp\mod\Nfc\
    7. copy taglost.ogg to d:\temp\mod\Nfc\res\raw\
    8. edit d:\temp\mod\Nfc\res\values\public.xml add
    <public type="raw" name="taglost" id="0x7f040006" />
    9. cd d:\tools\android\apktool\apktool1.5.1\
    apktool.bat b d:\temp\mod\Nfc\ d:\temp\mod\Nfc-mod.apk
    10. modify smali files in path d:\temp\mod\out\
    files need to modify:
    NativeNfcManager.smali
    NativeNfcTag$PresenceCheckWatchdog.smali
    NativeNfcTag.smali
    DeviceHost$DeviceHostListener.smali
    DeviceHost$TagEndpoint.smali
    DeviceHost.smali
    NfcDispatcher$DispatchInfo.smali
    NfcDispatcher.smali
    NfcService$NfcServiceHandler.smali
    NfcService.smali
    R$raw.smali

    you can use BeyondCompare to help you do the modification.
    This is the original smali files and modified smali files of N7100 v4.1.2, compare it with your Nfc smali files, and you will know which place need to modify.
    View attachment note2(N7100)-smali.rar
    be aware with lines contain something like "access$xxxx", make sure the number xxx matching your actual number.

    11. cd d:\temp\mod
    12. java -jar D:\tools\android\baksmali1.4.1\smali-1.4.1.jar -o classes.dex out
    this will compile smali files in d:\temp\mod\out , and generate d:\temp\mod\classes.dex
    13. rename stock apk, d:\temp\mod\Nfc.apk--> Nfc.apk.zip,open it with WinRAR,
    rename d:\temp\mod\Nfc-mod.apk -->Nfc-mod.apk.zip,open it with WinRAR
    14. drag resources.arsc and res\raw\taglost.ogg from Nfc-mod.apk.zip into Nfc.apk.zip, drag d:\temp\mod\classes.dex into Nfc.apk.zip, when WinRAR popup the options window, choose the compression mode as Store
    15、rename Nfc.apk.zip to Nfc.apk, copy it to your phone /system/app, delete /system/app/Nfc.odex, change Nfc.apk permission rw-r--r--
    16、reboot

    OK, as Orphee said, we should not abandon old things, maybe they would be useful when it's the time you need them.
    Here, I've found another way to mod nfc.apk, we touch less files this time - only 4 files:
    NativeNfcTag$PresenceCheckWatchdog.smali
    NativeNfcTag.smali
    DeviceHost$TagEndpoint.smali
    NfcService$NfcServiceHandler.smali
    Details : View attachment Nfc-taglost-mod-doc.rar
    View
    3
    X
    Xalies
    View
    2
    XlAfbk
    XlAfbk
    naboleo said:
    I'm a bit stucked here too.
    First ID TAG is longer than the op, and rather looks like AABBCCDDEEFFGG. It can be easily found when adding the tag in "autorized" list

    Applying tag on my phone, enable screen when locked ... I guessed it's the general purpose/behavior and module is correctly installed


    But intents doesn't seem to work : "discovered" and "lost" ones doesn't launch the basic tasks created (toast notification only for debug)
    I didn't match any revelent information within logcat, even so I enabled the debug option.
    Checked the intent spellcheck... I may be blind.

    Anyone got a working tasker export I can adapt ?
    Click to expand...
    Click to collapse

    you're probably using the wrong intents, see http://xdaforums.com/showpost.php?p=47213074&postcount=351
    View
    2
    XlAfbk
    XlAfbk
    I'm using this with Tasker:
    Intent Received, Action=android.nfc.action.TAG_CHANGED
    Variable Set: %NFCTAGID to %tag_uuid if %tag_present ~ true
    Variable Clear: %NFCTAGID if %tag_present ~ false

    And then in my tasks I just listen for %NFCTAGID set/cleared
    View
    2
    M
    MohammadAG
    hobbypunk90 said:
    Hello Mohammad,

    i hope this log is better? :)

    Code: 
    10-04 18:05:38.017: W/System.err(1143): java.lang.NullPointerException
10-04 18:05:38.017: W/System.err(1143): at pk.qwerty12.nfclockscreenoffenabler.NFCLockScreenOffEnabler$PresenceCheckWatchdogRunHook.afterHookedMethod(NFCLockScreenOffEnabler.java:146)
10-04 18:05:38.017: W/System.err(1143): at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:483)
10-04 18:05:38.017: W/System.err(1143): at com.android.nfc.nxp.NativeNfcTag$PresenceCheckWatchdog.run(Native Method)

    greets,
    marcel
    Click to expand...
    Click to collapse

    The log is better, but I can't make out which line the bug's at, are you running the latest APK?

    @madfish73 in addition to presence checking, I've added NFC unlocking to the mod for 4.2+ devices, ala Moto X's $20 Skip. The APK is available here, <Link removed, future fork will be available> with the source on my github as usual.

    Also, I think the OP needs a rewrite, it's a bit untidy (no centralized changelog, etc).

    Explanation on the unlock feature:
    The unlocking is done by hooking into the Android keyguard features, when a correct NFC tag is detected, a correct code is simulated and the device is unlocked.
    Due to technical limitations in Xposed, I have to use an intent to unlock the device.
    The intent is "pk.qwerty12.nfclockscreenoffenabler.UNLOCK_DEVICE"

    Leaving the implementation as described above leaves any devices vulnerable to attack, as anyone that knows the APK is installed can use adb shell, or even an app, to bypass the lockscreen.
    A day or two of thinking, I decided to overcome this by intercepting the sendBroadcast() method. Any app that decides to use the intent except the Nfc.apk package, will be denied and a notification posted to the user, if you get this notification, then some app tried to use the intent and was caught.
    Therefore, this mod is very secure. You may skim over the source code if you have any doubts.

    Screenshot for reference:
    hGw3Vzul.png


    And here's a failed attempt using adb:
    Code: 
    mohammad@mohammad-i5desktop:~$ adb shell am broadcast -a pk.qwerty12.nfclockscreenoffenabler.UNLOCK_DEVICE
Broadcasting: Intent { act=pk.qwerty12.nfclockscreenoffenabler.UNLOCK_ATTEMPT_INTERCEPTED }
Broadcast completed: result=0
    View

New posts