External NFC readers - NFC Hacking

I found out my phone doesn't have NFC capabilities (Samsung Galaxy S2) and I hear there are external readers available that use the sim card slot or SD card slot. I was wondering if anyone has tried them and if there are any limitations compared to integrated NFC on a standard mobile phone.
I'm doing a project on NFC and its basically buy one of these or get my hands on a Nexus S.

Careful there buddy, your confusing things. What is it you want to do? Do you want to use your phone like a card, or do you want to read other cards? Either way, if your phone does not have any nfc capabilities, then that means you have neither the nfc antenna, nor the nfc controller, nor a secure element. The only way to get NFC capability to a non capable phone would be to use an sd card that brings all the components I just mentioned with it. I don't know of any company to currently sell that.
But before you go running after a new phone, be warned, if your project has anything to do with using your phone as a card, just let it go. Not worth buying a phone just for that as your project may probably fail.

My project deals with reading data off a card, altering the data and either writing the new data to the card or emulating it.
Are you saying this isn't possible with the SD readers or current phones ?

You could try to find a NFC-enabled battery for your S2.

Fennem said:
My project deals with reading data off a card, altering the data and either writing the new data to the card or emulating it.
Are you saying this isn't possible with the SD readers or current phones ?
Click to expand...
Click to collapse
Reading and writing to a card is possible as long as it complies to the nfc forum specifications. That means your phone can read most of the NFC Forum Tags and cards that generally comply to iso 14443 A or B. Some of the phones can also write Mifare Classic cards. It basicly depends on the NFC controller inside your smartphone. Smartphones that use NXP's PN544 chip for example have the capability to read and write them.
As for the SD, this is rather an open case. Adding NFC functionality to a non capable phone is not that easy to acchieve. In most cases you ned to equip your phone with secure element, nfc controller and nfc antenna. In order to do so you need hardware that basicly provides all of that. I read about some microSD cards that may bring all the components, but I haven't seen anyone sell them. It's definitly easier to buy a new phone that has all the capabilities you need.
Emulating a card is currently a dead end for third party devs. Unless you can talk to one of the big players like MNOs, TSMs or handsetmanufacturer you will be out of luck. If you are ok with rooting your phone and loosing warranty etc. you can maybe get card emulation to work. An example for it to work would be the app simplytapp that is available only for users of the cyanogenmod 9.1 and 10.

Buy a galaxy nexus
Sent from my GT-I9300 using xda premium

Related

So would this nfc really work?

http://tinyurl.com/6sxqgwo
Sent from my SPH-D710 using xda premium
In theory, sure. It's along the same lines as SDHC cards that give Wi-Fi ability. The real issue is whether or not it's worth it to forgo the extra storage space of a memory card in favor of a NFC capability.
The concept of NFC is really cool, but isn't there yet in terms of practicality. I only use 1 credit card so, for me, having to use my phone to do transactions will more than likely take more time than just using my credit card. There are security benefits to NFC as thieves won't be able to steal information from the magnetic strip.
Megatr0n. said:
There are security benefits to NFC as thieves won't be able to steal information from the magnetic strip.
Click to expand...
Click to collapse
I actually am worried this would make things less secure than currently using your credit card.
Here is what I found on there site
Will I lose data on my original microSD?
No. The great thing about moneto is the fact that the microSD doubles as a storage source on non-iPhone smartphones. If you have any data or media, such as application folders, music, videos, or pictures on your microSD that you’d like to keep you can easily transfer that content to the moneto microSD.
* * Transferring data from my microSD to my moneto microSD
Load your microSD onto your computer. You can do this by using a microSD to USB converter, a microSD to SD card converter with an onboard SD slot, or by leaving your microSD in your phone and connecting your phone to your computer via USB cable.
Copy all desired files from your microSD card to the new folder. Simply drag and drop the files or folders you wish to transfer
Right click your microSD card and select “Eject” to safely remove it
Insert the second microSD card as you did in step 1
Copy the files you moved in step two and paste them in the moneto microSD, eject the drive to safely remove the card. Removing the microSD without ejecting on your computer or unmounting on your phone can damage any data stored on the card.
*
cds0699 said:
I actually am worried this would make things less secure than currently using your credit card.
Click to expand...
Click to collapse
How so?
Sent from my SPH-D710 using xda premium
My thoughts on it being less secure would be if someone has a receiver for NFC, they could access your chip. There was a news story here in Denver, I don't remember the station, where they went yo the airport with said receiver and started pulling up information from people with the NFC credit cards. I have no idea if that would be an issue on phones, as I have not done any research on it, so it may not be an issue...
mikey80021 said:
My thoughts on it being less secure would be if someone has a receiver for NFC, they could access your chip. There was a news story here in Denver, I don't remember the station, where they went yo the airport with said receiver and started pulling up information from people with the NFC credit cards. I have no idea if that would be an issue on phones, as I have not done any research on it, so it may not be an issue...
Click to expand...
Click to collapse
You have to actually load an app and do an authorization in order to make a payment with a wallet through NFC.
ddrt said:
How so?
Sent from my SPH-D710 using xda premium
Click to expand...
Click to collapse
I am trying to think about the hacking possibilities. Also when you think about credit card theft, cell phone theft is also pretty high. For example, if you have an NFC sd card, and your phone gets stolen, how easy would it be to hack in and get the pin and have access to everything?
I haven't learned enough about it though, I could possibly be mistaken/misunderstanding/paranoid.
How would you get the Google wallet app on your phone if u get this? I love Google wallet and use it all the time withmy nexus.
Sent from my Nexus S 4G using xda premium
cds0699 said:
I am trying to think about the hacking possibilities. Also when you think about credit card theft, cell phone theft is also pretty high. For example, if you have an NFC sd card, and your phone gets stolen, how easy would it be to hack in and get the pin and have access to everything?
I haven't learned enough about it though, I could possibly be mistaken/misunderstanding/paranoid.
Click to expand...
Click to collapse
Ya but u can track ur phone with avast and look out. So if anything its more secure
Sent from my SPH-D710 using xda premium
musclehead84 said:
How would you get the Google wallet app on your phone if u get this? I love Google wallet and use it all the time withmy nexus.
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
I believe it has nothing to do with google wallet. You have to download their own app in the market
mikey80021 said:
My thoughts on it being less secure would be if someone has a receiver for NFC, they could access your chip. There was a news story here in Denver, I don't remember the station, where they went yo the airport with said receiver and started pulling up information from people with the NFC credit cards. I have no idea if that would be an issue on phones, as I have not done any research on it, so it may not be an issue...
Click to expand...
Click to collapse
That's more likely with RFID chips (the kind new passports have), not NFC. NFC has a very short range (literally, a few cm's) and as another person mentioned, you need to initiate a transaction for it to even show up. The only way they'd be able to do that would be to try and hijack the payment terminal itself since the range is so short. And even then, I'd imagine someone would notice if the card didn't seem like it was going through, but the customer was showing that they paid or it looked like two charges were trying to be made.
Security wise, NFC shows a lot more promise than RFID. It's really going to come down to how fast it expands (currently only uses MasterCard PayPass system and not all stores have those) and whether or not it's more convenient to use compared to traditional payment methods.

Upgrade MiFare classic tags to NFC Forum Compliant + Sony RC-S320

Hey there everyone, I'm making this thread to follow my plans on attempting to convert MiFare classic/1k tags to Desfire of FeliCa type tags.
Before people go telling me it cannot be done, IS THIS NOT THE 'NFC HACKING' FORUM!?
Let me have my fun and see what i'm able to do and learn on my own.
For now, I'm getting my hands on some different types of tags and cards, and i'm getting a Sydney Opal card soon (don't know what this uses yet)
I have also ordered a Sony RC-S320 Contactless IC Card Reader/Writer from eBay, got this for $30.
I know it can read/write FeliCa type, and NDEF type tags, interested in if it can do anything else too, can't find much documentation on it.. D:
Anyway basically my point with this is a family member that is techie in my family has set up some secret messages on NFC tags he got off eBay, and refuses to tell me what they are even though he got MiFare classic tags, and my I9505 cannot read them. He said just this: 'Deal With It'
>>
So my boredom helped me decide that I will get myself a bunch of different cards, a USB writer, and ill give a shot at making an app/program to do things with them.
This thread will also serve as documentation for the RC-S320 because there is none available and from the little I have seen, I THINK that it can emulate an NFC tag, which is something I see come up often on here. So I'll just write down what I find.
According to our manufacturer they're all NDEF formatted but even if it was detected as a DESFire chip it would still not work with any Broadcom controller. It's like trying to make a Pentium 4 an AMD Athlon.
TaggerNFC said:
According to our manufacturer they're all NDEF formatted but even if it was detected as a DESFire chip it would still not work with any Broadcom controller. It's like trying to make a Pentium 4 an AMD Athlon.
Click to expand...
Click to collapse
Are you able to shed me some light on why it is incompatible, yet able to detect the cards and their unique ID? c:
>serious question
CountParadox said:
Are you able to shed me some light on why it is incompatible, yet able to detect the cards and their unique ID? c:
>serious question
Click to expand...
Click to collapse
Simply put, we just know that NXP sell's our manufacturer the chips and they pre-program them. This can not be changed. It's not technically impossible but it would have to be done at the chip manufacturing level.
I know the MiFare Classic can have it's unique ID read by the Broadcom controller but for it to actually read the rest of the tag you would need to modify the reader itself. You can't make the MiFare Classic tag a NFC Forum type tag and unfortunately it will stay that way. I have consulted the engineers at our manufacturer that deals with NXP and he said that it's a possibility that needs to be explored but the first step he say's is to write to the read-only partitions which is seemingly impossible.
On another note, we offer competitive pricing on NFC tags. Please refer to my sig to visit our website.
There is nothing read-only if you have the right card - for example UID is fixed on all consumer cards, but cards with changeable UID still exist. So unless the card is different on a hardware-level (like some additional crypto-support) then it is possible to make it into almost anything.
zvieratko said:
There is nothing read-only if you have the right card - for example UID is fixed on all consumer cards, but cards with changeable UID still exist. So unless the card is different on a hardware-level (like some additional crypto-support) then it is possible to make it into almost anything.
Click to expand...
Click to collapse
Well we only sell consumer cards so we wouldn't know much about cards that are fully rewriteable. It's easier just to buy NFC Forum type tags so that compatibility isn't a issue.

NFC bus tickets

So the country I'm visiting has these nfc bus fare tickets and they're pretty cheap and I'd like to use them after they're useless as nfc tags. Problem is they seem to be write protected. Does that mean there's no way to write to them or can they be overwritten? I'm a total noob at this whole nfc thing but I did manage to figure out that it's mifare ultralight. Any program I could use on Win7? And if there is can I use my phone (S4) as some usb nfc reader?
Write protected means you can't override them. However, you can use your phone and NFC Retag to do some cool stuff
you can't overwrite them, but there's already something written on them that you can use to identify that tag. so you could still use it to let your phone do something when you put it near it
I-TensE-I said:
Problem is they seem to be write protected. Does that mean there's no way to write to them or can they be overwritten?
Click to expand...
Click to collapse
How do you know they are write protected ?
Ive used an android app to read nfc tags which also claims to be able to write to them... I dont remember its name, but there's a few that do.
They have introduced NFC bus cards here in Australia over the past 12-18 months and ive become curious.
Stores have the ability to 'add credit' to them via some device they posses so I doubt they are (at least the ones here) write protected... just probably encrypted.
I only have a galaxy S2 which has no NFC so I havent had much chance to investigate, but I did have a quick look at a few cards with my friends S5, which reads the cards fine.
I would be curious what happens if you 'cash up' a card... read and store the nfc data, then write it back to the same card once the card runs low. Though in all honesty I doubt it is that easy... but who knows... maybe it is
We've had these cards in England... Since... Forever?
Shops can top them up, but I think that it doesn't actually write anything to them. Instead, it gets the cards ID then looks it up on the bus companies database, tops it up. And probably charges something from the guy in the shop.
I don't know for sure, but I think this is what is going on. Or someone would have cracked the encryption on these already.
there are different versions of cards, and also different security settings.
there is a soft protection, a permanent protection and it is also possible to password protect some cards
Re-Tagging the tags should do the trick, i guess

[Q] Copying NfcA Tag to another Tag

Hey guys. What I would like to ask is would it be possible to create another card for myself to school so I don't have to take my card out every time i can just use an NFC tag sticked to the back of my phone. I cannot find an answer to this and I would really like an expert to answer it. Preferable you developer guys. All i want to achieve is read the info of card then just write the read info to an NFC tag.
Thank you so much!
Sorry, it's a MIFARE Classic card MF1S50
Give this a try: https://play.google.com/store/apps/details?id=com.skjolberg.nfc.clone2
Yeah i tried Tag Cloner before sadly it says it's unsupported
if its mifare classic and you have a modern phone it wont work.
the broadcom chipset used in phones like the samsung s4, nexus 5 etc, doesnt support mifare classic/s50.
try on an older device
you may ave to clone the UID though, send milkyzone a message on ebay and they might be able to get you fully blank cards that you can change the UID of....
you might wanna check with your school though if youre allowed to do this
CountParadox said:
if its mifare classic and you have a modern phone it wont work.
the broadcom chipset used in phones like the samsung s4, nexus 5 etc, doesnt support mifare classic/s50.
try on an older device
you may ave to clone the UID though, send milkyzone a message on ebay and they might be able to get you fully blank cards that you can change the UID of....
you might wanna check with your school though if you're allowed to do this
Click to expand...
Click to collapse
Hey, well I have an LG G2 so it most likely doesn't have the NXP chip. Yeah the thing is i'd want to use my phone as the card reader for cloning, not sure if that would work. I was thinking of the NFC tools in Kali and booting that from my phone so maybe then it would recognize the reader, not sure though. Yeah I heard of the fully blank cards I was more concerned about doing it without buying an NFC reader for my PC. Yeah haha school might nit allow it but my goal is to just be able to do it haha, the sense of achievement.
Would i be able to write MiFare Classic cards with my phone using Kali? Or does the writing capability depend on the card? Cuz for sure my phone detects it as i used the app NFC ReTag to just assign functions depending on the UID. THanks
Simple and short answer, almost all modern Smart-phones can't read or write Mifare Classic, because they use Broadcom chips to handle NFC. And those Broadcom chips can't handle the proprietary Mifare Classic protocol from NXP. But you can try it with your computer and maybe a reader with a chip like the PN533 and libnfc.
Is it possible to clone tags to another tag. My work phone Samsung S5 mini is the reader and I have to scan the tags to say I'm at this place. My Samsung S6 Edge reads the tag type as Ultralight C, NTAG216.
Your Help would be appreciated
sammie786 said:
Is it possible to clone tags to another tag. My work phone Samsung S5 mini is the reader and I have to scan the tags to say I'm at this place. My Samsung S6 Edge reads the tag type as Ultralight C, NTAG216.
Your Help would be appreciated
Click to expand...
Click to collapse
Probably not with your phone alone. As stated above these newer phones do not have a compatible chipset. If you buy an nfc reader/writer online with the correct chipset you might be able to but its not simple especially if you have to overcome protection. Investing money in this might not be worth it especially if you are not 100% certain it will work. You can buy empty or unlocked cards on ebay they aren't too expensive but to actually write them you'd have to acquire information from the TAG with a good reader. Replaying the card with your phone is not possible.

[Q] What to but, ACR122U or SCL3711?

Hi!
I have been looking a lot in cracking a Mifare Classic 1k card that is used for a transportation system in sweden. The thing is that I've tried to find a way to us emy phone nfc reader but I can't get it to work.
I have now started to look for a recommended nfc reader and I find that ACR122U is the best one for the job, I also encountered another one which seems to be able to read the same cards (SCL3711). The question is, is SCL3711 compatible with "nfclib" and those programs or should I buy the ACR122U?
SCL3711 is compatible with libnfc as you can see in this matrix http://nfc-tools.org/index.php?title=Devices_compatibility_matrix and I can confirm to myself because I have one.
What is nfclib?

Categories

Resources