I attach the patches I have created and that should be applied to stock AOSP 2.3.4_r1.
The patches enable card emulation mode on Nexus S (original credit goes to Nemik, who posted the first working patches on Android Developers Group). They are basically a rewrite of my own patches but allowing also SWP mode for UICC sporting a SE.
I modified the Settings application to add a pair of options related to NFC:
Card Emulation Only Mode. This disables reader function. Card emulation mode is always enabled. Be careful because P2P mode may not work (not tested)
Use External Secure Element if Available. This makes the phone to use the SE of the UICC if available instead of embedded one.
To test card emulation, just approach your Nexus S to a Mifare compatible card reader. Embedded element (SmartMX) has a 4K Mifare card with stock keys (all FF).
As a bonus I also modified Bluetooth settings so discoverable option makes phone discoverable without stupid time limits.
Important BUGFIX Update 01/05/2012
The patch was not well created, since NFC was not enabled in building process. You could see NFC Settings but options were not enabled. The corrected version has date of today.
I would love to test this, but it's a catch 22 situation for me... AFAIK the only place in the UK that accepts contactless payment is McDonalds, and the only time I go to McDonalds is after a night of heavy drinking, so with a hangover there is no chance that I would be able to operate my phone.
Sent from the future to put right what once went wrong.
i think i don't really get it...
with this patch i can "store" a NFC card at my phone and use the phone instead of the card??
eiabea said:
i think i don't really get it...
with this patch i can "store" a NFC card at my phone and use the phone instead of the card??
Click to expand...
Click to collapse
Yes and No. With this patch you can enable card emulation mode for experimental purposes. With an external reader you can read/write the Mifare memory area inside the embedded secure element. If you happen to use Mifare classic for a purpose (i.e. ticketing transport), you know the map, and you know the keys you can store a clone of the card you are using on your phone by means of a external reader.
You could load smartcard cardlets (to implement advanced smart card applications such as paywave/paypass, etc.) if you knew the smartcard access keys, but unfortunatelly they are only known by google.
This hack is only intentended for experimentation/research. Beware, do not use it if you do not know what card emulation is or what it is useful for.
This is great stuff. I've been waiting for something like this for a while. are you in the UK? If so do you have any idea about the oyster card? I have a visa paywave card as well. It is it possible to read these cards from the nexus s and then emulate them? Also, can the nfc chip in the nexus read 125khz cards? I know that's out of the nfc standard range, just curious. sorry for the number of questions, but if we could get this to work it would be the best use of this underused nfc chip! I'm on 2.3.6 though, I heard they enabled access to the secure element on this version.
Sent from my Nexus S using XDA App
grippa said:
This is great stuff. I've been waiting for something like this for a while. are you in the UK? If so do you have any idea about the oyster card? I have a visa paywave card as well. It is it possible to read these cards from the nexus s and then emulate them? Also, can the nfc chip in the nexus read 125khz cards? I know that's out of the nfc standard range, just curious. sorry for the number of questions, but if we could get this to work it would be the best use of this underused nfc chip! I'm on 2.3.6 though, I heard they enabled access to the secure element on this version.
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
Well, answering to your questions ... No I am not in UK, but I have heard about Oyster card. In fact I work developing ticketing systems. It used to be a plain Mifare Classic 1K but Wikipeda states it has been replaced by Mifare DESfire. The embedded secure element of the Nexus S sports a Mifare 4K, which is backwards compatible with Mifare Classic 1K. Mifare DESFire is a different story. Classic Mifare Cards are memory cards divided into sectors that requiere a key authentication against each sector. Every sector has two keys, one usually configured for reading and the other one configured for writing. Real world ticketing systems usually configure different keys for every card. These keys could be derived from CSN of the card using hardware encryption modules (such as SAMs). However I have seen real systems working with prefixed keys for all the cards (which is just insane).
All that being said, you could theoretically configure the embedded Mifare 4K card to work as a plain old Oyster card, which is nowadays useless. I said theoretically because you should know the map of the key (how to write the correct values in the correct blocks) and the matching keys for your card. If you knew how to get the matching keys (read and write keys) obviously the security of the system would be broken.
You said something about reading cards. Nexus S can act as a reader and in card emulation mode. To read cards you need to know the read keys, which usually are not public either.
I do not know how Visa Paywave works, but I guess it is a command (APDU) based card. The same happens here. You wont even have access to card application to copy it to other card. In fact card applications (cardlets) can not be extracted from cards, only replaced or deleted.
Paypass can work with Google's Wallet because Visa itself installs its cardlets on the embedded element of the Nexus S surely via some kind of TSM service provided by Google (who owns the access keys to load new cardlets)
Hi everyone,
I just found thie thread on another website (don't remember which one btw)... And I'm wondering something...
Here at work, we have RFID cards for opening the door, Mifare 4k I think.
We also have the writer so we can program cards when we need one or two...
So could I use our writer on my Nexus S so I could open the door with my phone ?
remi.serriere said:
Hi everyone,
I just found thie thread on another website (don't remember which one btw)... And I'm wondering something...
Here at work, we have RFID cards for opening the door, Mifare 4k I think.
We also have the writer so we can program cards when we need one or two...
So could I use our writer on my Nexus S so I could open the door with my phone ?
Click to expand...
Click to collapse
This is what i am after, would this ever be possible?
m0rtadelo said:
I attach the patches I have created and that should be applied to stock AOSP 2.3.4_r1.
The patches enable card emulation mode on Nexus S (original credit goes to Nemik, who posted the first working patches on Android Developers Group). They are basically a rewrite of my own patches but allowing also SWP mode for UICC sporting a SE.
I modified the Settings application to add a pair of options related to NFC:
Card Emulation Only Mode. This disables reader function. Card emulation mode is always enabled. Be careful because P2P mode may not work (not tested)
Use External Secure Element if Available. This makes the phone to use the SE of the UICC if available instead of embedded one.
To test card emulation, just approach your Nexus S to a Mifare compatible card reader. Embedded element (SmartMX) has a 4K Mifare card with stock keys (all FF).
As a bonus I also modified Bluetooth settings so discoverable option makes phone discoverable without stupid time limits.
Click to expand...
Click to collapse
Guess you used the SmartMX java applet to emulate?
Is this the part where UID is generated?
Code:
/*
+ * Utility to recover UID from target infos
+ */
static phNfc_sData_t get_target_uid(phLibNfc_sRemoteDevInformation_t *psRemoteDevInfo)
{
phNfc_sData_t uid;
switch(psRemoteDevInfo->RemDevType)
{
case phNfc_eISO14443_A_PICC:
case phNfc_eISO14443_4A_PICC:
case phNfc_eISO14443_3A_PICC:
case phNfc_eMifare_PICC:
uid.buffer = psRemoteDevInfo->RemoteDevInfo.Iso14443A_Info.Uid;
uid.length = psRemoteDevInfo->RemoteDevInfo.Iso14443A_Info.UidLength;
break;
case phNfc_eISO14443_B_PICC:
case phNfc_eISO14443_4B_PICC:
uid.buffer = psRemoteDevInfo->RemoteDevInfo.Iso14443B_Info.AtqB.AtqResInfo.Pupi;
uid.length = sizeof(psRemoteDevInfo->RemoteDevInfo.Iso14443B_Info.AtqB.AtqResInfo.Pupi);
break;
case phNfc_eFelica_PICC:
uid.buffer = psRemoteDevInfo->RemoteDevInfo.Felica_Info.IDm;
uid.length = psRemoteDevInfo->RemoteDevInfo.Felica_Info.IDmLength;
break;
case phNfc_eJewel_PICC:
uid.buffer = psRemoteDevInfo->RemoteDevInfo.Jewel_Info.Uid;
uid.length = psRemoteDevInfo->RemoteDevInfo.Jewel_Info.UidLength;
break;
case phNfc_eISO15693_PICC:
uid.buffer = psRemoteDevInfo->RemoteDevInfo.Iso15693_Info.Uid;
uid.length = psRemoteDevInfo->RemoteDevInfo.Iso15693_Info.UidLength;
break;
case phNfc_eNfcIP1_Target:
case phNfc_eNfcIP1_Initiator:
uid.buffer = psRemoteDevInfo->RemoteDevInfo.NfcIP_Info.NFCID;
uid.length = psRemoteDevInfo->RemoteDevInfo.NfcIP_Info.NFCID_Length;
break;
default:
uid.buffer = NULL;
uid.length = 0;
break;
}
return uid;
}
Is it possible to tell the app to emulate UID i.e. AA BB CC DD?
Kind regards
Jonas
I can see the NFC settings changed in teh application.Thanks.
See here for the steps for applying patches and buiding the Android and Flashign it on Nexus S.All credit goes to the patch writer.
Rgds,
Softy
anyone can give a link to the firmware for Nexus S compiled with this NFC-patch ?
please !
This is a real hacker method. I went though the patches. The main modifications are in the NFCService.java file.
Side question:
Why does the ID of the eSE (embedded Secure Element) change all the time with an unhacked phone?
With this hack, the Id of my eSE is 4246981811.
In the source code however, it appears that the ID is hard coded to 11259375. I used the patched provided here. Why do I get a different ID?
can we use on another phones
msm8260 etc. ???
anyone succed doing this ?
TNIxeye said:
anyone succed doing this ?
Click to expand...
Click to collapse
Would be nice to get this working on the 4.0.4...
im using ICS my NFC doesnt work...someone pls help me...pls pls pls pls
can this work with sony xperia s ICS? or any one can port this to xperia S?
shailentj said:
Why does the ID of the eSE (embedded Secure Element) change all the time with an unhacked phone?
Click to expand...
Click to collapse
I think thats for Privacy reasons, but don't know exactly. German identy card for example has every time another ID to make it impossible to track a user.
SamsungPisser said:
I think thats for Privacy reasons, but don't know exactly. German identy card for example has every time another ID to make it impossible to track a user.
Click to expand...
Click to collapse
Thats a security feature of SmartMX - Random UID.
Can be set on "normal" SmartMX to either fixed UID or random UID.
sooo...this has to be run on Ginger Bread? Any chance of even ICS?
Related
I just bought a bunch of NFC tags, and I can't get them to write with the LG G2. http://forum.xda-developers.com/showthread.php?t=2457159 we were hijacking that thread so I moved it here.
Has anyone successfully written an NFC tag with any variant of the LG G2 (most notably the Verizon).??
What software did you use?
What type of NFC tags did you use?
I am wondering if there is either an incompatibility with NFC Task Launcher or with the TAGS I bought which are here
http://www.amazon.com/NFC-Tags-Anti-Metal-Waterproof-Compatible/dp/B00B42K5BM/ref=sr_1_4?s=wireless&ie=UTF8&qid=1380128869&sr=1-4&keywords=nfc+tags
Anyone have any thoughts?
I was able to write to a tag with Tag Launcher. It happens to be a tag I got through them. Using NFC Tag Info app, this is how it is identified:
Type A
NTAG203
NFC Forum Type 2 Tag
Maximum Message Size 142Byte
I just programmed it to put phone in Desktop dock mode.
jasonsf said:
I was able to write to a tag with Tag Launcher. It happens to be a tag I got through them. Using NFC Tag Info app, this is how it is identified:
Type A
NTAG203
NFC Forum Type 2 Tag
Maximum Message Size 142Byte
I just programmed it to put phone in Desktop dock mode.
Click to expand...
Click to collapse
What location on the phone was the tag.. maybe I just need to touch it to a different place.
dlang123 said:
What location on the phone was the tag.. maybe I just need to touch it to a different place.
Click to expand...
Click to collapse
I've been playing with different locations. It seems to work best a quarter to a third up from the bottom. Sometimes is works near the buttons. I think the inductive charging coils on the Verizon version are blocking the NFC antenna.
Thanks, I'll try that again tonight before sending the tags back.
So apparently what I bought was :
MIFARE 1K
and not the NTAG203s...
going to try and do some research.. I have never looked into NFC tags before. Never been on my radar except the concept. Wonder if they are not compatible..
dlang123 said:
So apparently what I bought was :
MIFARE 1K
and not the NTAG203s...
going to try and do some research.. I have never looked into NFC tags before. Never been on my radar except the concept. Wonder if they are not compatible..
Click to expand...
Click to collapse
I vaguely remember when the Nexus 4 came out there were discussions about MIFARE and compatibility. I really don't knwo the details, but here's an article about it. http://www.andytags.com/nfc-tags-compatibility-issues.html#.UkNmQ8afjA0
Not sure where this phone sits in this issue.
Yeah, I think that they are not supported.
Supposedly the 4ks work on all phones, I Ordered some more.. will try them when they get here. But definitely these come up as unsupported.. what a bummer.
I also (blindly) purchased some MIFARE tags from amazon only to find out that they do not work. I get the error in NFC Task Launcher, "Could not write to this tag. It will still work, but you may see the chooser when tapping it." I did some research and found that these types of tags will work for simple phone automation tasks however, the task that I setup was a complex URL which will not work. Will be ordering some NTAG203 tags and will report back. Quick question, are the samsung tectiles NTAG203?
mjfan82 said:
I also (blindly) purchased some MIFARE tags from amazon only to find out that they do not work. I get the error in NFC Task Launcher, "Could not write to this tag. It will still work, but you may see the chooser when tapping it." I did some research and found that these types of tags will work for simple phone automation tasks however, the task that I setup was a complex URL which will not work. Will be ordering some NTAG203 tags and will report back. Quick question, are the samsung tectiles NTAG203?
Click to expand...
Click to collapse
I stayed up way to late last night learning about NFC tags.. so NXP use to make all NFC hardware for phones, and they came out with the MiFare 1ks.. but they were proprietary.
Then when BroadCom made some NFC hardware for phones, they just used what the NFC specs were, which were the NTAG203s (they don't have a lot of memory, 130bytes or so) Topaz 512, and I read that the MiFare 4ks are also compatible.
Samsung's site identifies Tectiles as MiFare 1k. TecTiles 2 I think are, but I can not really find them or any info on them.
My 4ks were expensive, but I will let you know soon if they work.
Just to follow up:
Wanted to confirm that the NTAG203 tags are working with the G2 :victory:: I would post the link but I'm not allowed. lol
Cool. Now if we can find some Topaz and then I'll let you know next week about the Mifare 4k's.
You can get both NTAG203 and Topaz 512 at AndyTags - www.andytags.com
Apologies if it has been asked - didn't find it in a quick search. Anyone used a regular NFC sticker successfully instead of a 20 skip? I really like the idea but would easily make my own. I have tons of tectiles and NFC stickers just kicking around. Heck, even NFC keychains that I'm not using...
I haven't tried it, but if someone can scan a Skip with a phone without the Skip unlock we can make our own.
The Skip is a regular NFC chip with a code, I *think* it is '*motoskip########'
I forget the exact format, but that is close.
According to official docs, you can use non-Skip tags only if you've initially used a Skip tag to activate the app.
Sent from my Moto X
johnny grep said:
According to official docs, you can use non-Skip tags only if you've initially used a Skip tag to activate the app.
Sent from my Moto X
Click to expand...
Click to collapse
I suspect they aren't white listing UUIDs in the app itself so it's either a payload on the tag (which should be fairly simple to replicate in theory) or they are calling home to verify UUIDs. I may have to buy one if I keep the moto x just to find out for sure which is accurate (if someone else doesn't first).
I got a SKIP and you can't scan it with the moto x because the skip app intercepts NFC read.
When I scanned the Skip with a SGS4 the tag payload was close to '*motoskip########'
But since I don't have an non-motox to test with at the moment I can't check right now.
Let me see if I can later. And the Skip comes with 4 tages, the clip on (which I lost on the first day, right after dropping my X) and 3 stickers.
As far as I know any of the 4 can be the master so you shouldn't need anything special.
If I remember correctly the tags are 64kb NXP NFC chips.
#LearnFromMyFail Don't buy a Cellphone while on Vacation
Yoshiofthewire said:
I got a SKIP and you can't scan it with the moto x because the skip app intercepts NFC read.
When I scanned the Skip with a SGS4 the tag payload was close to '*motoskip########'
But since I don't have an non-motox to test with at the moment I can't check right now.
Let me see if I can later. And the Skip comes with 4 tages, the clip on (which I lost on the first day, right after dropping my X) and 3 stickers.
As far as I know any of the 4 can be the master so you shouldn't need anything special.
If I remember correctly the tags are 64kb NXP NFC chips.
#LearnFromMyFail Don't buy a Cellphone while on Vacation
Click to expand...
Click to collapse
Just for reference, you don't need *any* skip tags to set up skip. When you set up the NFC lock screen you get the option to tap your skip to enable. If you use a standard tag (I used an already encoded NTAG203) it will erase this tag and over-write the data set with the appropriate data set. This will then serve as your "master" nfc tag (it's also encoded as a skip tag).
The dump looks like it's an external mime: urn:nfc:ext:motorola.com:xring with a data set that is numeric (I haven't done any sort of testing to find any correlation between the payload, device id, uuid, etc but it's a numeric data set.
NOTE LIST OF ALL PORT INFORMATION IS AT BOTTOM!!
I know it might seem easy to some. Yet it isn't especially with just how specific it is and the scenario I am in and have been in! So 4 months ago my mom (hey don't judge) blocked hundreds and thousands of ports on the network, that directly blocked incoming and outgoing connections of my favorite games and other such things like: steam (even just logging in), minecraft, all the mmorpgs I can find (except for litterely 3), almost every agario sever except for oceania!, and so much more. So here are my two paths one is stupid and rule breaking one is smarter and easy, I don't really care which one you do because I am not using this network 24/7 anymore I use my neighbors wifi to circumvent the issues, and it sucks so I would like to find some ways around the ports. So heres the other things you may want to know which REALLY limits the solutions and is what makes this so hard to solve yet for some so interesting! 1. I am running on a slow (veryy slow) dell optiplex 755. Which is running 32 bit windows 10 besides that the specs are: (I had to google how to copy and paste system specs, what a nub) OS Name Microsoft Windows 10 Home
Version 10.0.10586 Build 10586
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name PC1
System Manufacturer Dell Inc.
System Model OptiPlex 755
System Type X86-based PC
System SKU
Processor Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz, 2327 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Dell Inc. A03, 10/2/2007
SMBIOS Version 2.5
Embedded Controller Version 255.255
BIOS Mode Legacy
BaseBoard Manufacturer Dell Inc.
BaseBoard Model Not Available
BaseBoard Name Base Board
Platform Role SOHO Server
Secure Boot State Unsupported
PCR7 Configuration Binding Not Possible
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "10.0.10586.122"
User Name PC1\aidan
Time Zone Central Daylight Time
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.24 GB
Available Physical Memory 991 MB
Total Virtual Memory 4.86 GB
Available Virtual Memory 1.99 GB
Page File Space 1.63 GB
Page File C:\pagefile.sys
Hyper-V - VM Monitor Mode Extensions Yes
Hyper-V - Second Level Address Translation Extensions No
Hyper-V - Virtualization Enabled in Firmware No
Hyper-V - Data Execution Protection Yes
so thats all that now that you hopefully have all the pc specs you need one last thing I don't have admin access to the network, but I do have access to change almost everything in my pc as I am full owner and should have all admin access, EXCEPT for editing windows files that would be dangerous to edit according to windows,
HERES WHAT YOU NEED TO DO TO FIND A SOLUTION FOR!!!!!
------------------------------------------------------------------------------
find a alternative game that works under the blocked ports
find a bypass or way through the blocked ports like a custum firewall setting, tunnel etc (although I CANT connect to a seperate server as I do not have a way to host anytime of server whether its a tcp, udp, ssh thingy, whatever cant do those
anywase winner gets a tablet cus im desperate alright the tablet is a amazon fire hdrx (or whatever hd something hdx idk) 9.0 either way its new and works worth around 200-300 on ebay I don't need it and im desperate so HELP ME!!!!!
List of all open ports I scanned 0 - 62000 port range so i didnt miss any ports, all open ports are listed all closed left out:
port 80, port 23, port 443, port 1990, port 5431, port 8083, port 8085, (btw the network port scanner I was using crashed (i clicked the close button accidently) so I really got pissed at myself but I went on and restart) (just realized I could simply make the port range 8085 to 62000 to scan I no longer feel like a moron) ah screw it i got to over 30000 and it crashed if u need me to check a port just ask!
Why did she block it in the first place? Anyway I hope someone helps you
Sent from my Moto G using Tapatalk
First, probably most obvious solution: ask your mom to unblock them
Otherwise.. Can't you unblock them yourself? Just log in to your router page from your pc and change settings
On to a possible solution without you even touching the blocked ports, a VPN should(!) be able to get you online without restrictions. Downside is that most cost money on a subscription basis and others have a network speed limit but this seems like the easiest solution, although I'm not 100% sure it'll work.
Talk to your mom. Or forget about it. Her house, her rules. She may have an excellent reason for doing this. Besides, if you succeed, she'll know immediately by the increased data usage.
Plus, you are basically asking how to hack someone's network that does not belong to you. Not a topic allowed on XDA.
Also, offering goods for services isn't allowed on XDA.
Thread closed.
Darth
Forum Moderator
Hello,
Galaxy series is wunderfull piece of hardware because of S-Pen. To use its full potential you need propper software for it.
Original S Note is great software, but has some reasonless limitations:
- password (max 10 chars, no chars like [email protected]#...)
- sounds (can't be turned off)
- pens (cannot rearange possition of user defined pen styles)
- can't easly insert space in memo...
(connected app --> "Action Memo", has too few editing options, formating options...)
I don't belive that it will be fixed in future versions. So the one and only solution seems to be create new S Note clone.
There was nice attempt "Write beta", you can find it on google play, but it is probably no more supported and developed.
So the foolish question is:
Is someone willing to start develop S Note clone?
Artichouke said:
Hello,
Galaxy series is wunderfull piece of hardware because of S-Pen. To use its full potential you need propper software for it.
Original S Note is great software, but has some reasonless limitations:
- password (max 10 chars, no chars like [email protected]#...)
- sounds (can't be turned off)
- pens (cannot rearange possition of user defined pen styles)
- can't easly insert space in memo...
(connected app --> "Action Memo", has too few editing options, formating options...)
I don't belive that it will be fixed in future versions. So the one and only solution seems to be create new S Note clone.
There was nice attempt "Write beta", you can find it on google play, but it is probably no more supported and developed.
So the foolish question is:
Is someone willing to start develop S Note clone?
Click to expand...
Click to collapse
Maybe I'm missing something important, but I just use Google keep. I use "S Pen Toolkit" to auto-launch Keep when I remove the S-Pen, and it seems to work well enough for what I use it for.
StevePritchard said:
Maybe I'm missing something important, but I just use Google keep. I use "S Pen Toolkit" to auto-launch Keep when I remove the S-Pen, and it seems to work well enough for what I use it for.
Click to expand...
Click to collapse
The point is that you cannot compare Google Keep or EverNote with S-Note. S-Note is very complex with many functions. But as I wrote, S-Note has pointless restrictions. Also it is written here:
http://forum.xda-developers.com/showthread.php?t=2551326
(Of course I know, recreate S-Note-clone is complicated, but it could be a challenge for someone )
I know it's an obsolete tech in many countries, but I still need it working, because it comes with a static UID, and I can use the phone as a contactless access card
People report that it worked on Pixel 6 and any older pixel, but not 7. Can someone confirm if you have experience with it?
P.S. If you have any other way to generate a static UID so the phone can be used as an access card, please also share info, much appreciated!
The Pixel 7 does have NFC, and I'm pretty sure you can use use an app like NFC Manager to read the access card you want to use, then configure it for use with the appropriate readers.
V0latyle said:
The Pixel 7 does have NFC, and I'm pretty sure you can use use an app like NFC Manager to read the access card you want to use, then configure it for use with the appropriate readers.
Click to expand...
Click to collapse
It can read tag, but HCE keep changing UID with each scan and can't emulate access card that use static UID.
SWP-SIM is a sim card that has static UID in it, and use the phone's NFC to amplify the signal.
Some Asian regions like Hong Kong and Taiwan still have it for putting public transit card into the phone.