Hi,
Does anybody know if the new features introduced in ICS (Beam feature for instance) may help in the use of 'NFC card emulation' ?
Thanks,
Javier
This is indeed a million dollar question. I would really like to know an official answer to it.
Current research lead me to the following information:
1) Unofficial Android 2.3.4+ supports Card Emulation for Nexus S. This custom Android OS has no official Google support and the APIs may not fully work.
2) You can have card emulation using Inside's Open NFC Stack 4.3.3 for ICS. I checked the website, and the documentation, live working examples were very weak/almost non-existant. Inside attemps to compete with NXP. With such a website, I see failure for Inside.
I also do not fully understand the hype around NFC if the most important feature - Card Emulation - is not functional.
Some companies, such as Assa Abloy have implement mobile keys based on NFC. I do not know whether they used custom-hacked phones to act as card-emulated phones.
Please share any additional info you find on this topic!
A plain reader/writer can't do much in my opinion. In order for interesting applications such as mobile payments, mobile keys etc to work, card emulation should be enabled.
Any news on this topic?
// Offtopic
Another question is whether the Galaxy Nexus supports the single-wire protocol or not? Particularly, is the SIM card physically connected to the NFC controller?
Cheers,
koRn
NFC UID on Nexus S with ICS 4.0.3
Hi there,
I am using a Samsug Google Nexus S (I9023) with ICS v4.0.3
Does anyone know how can i get a Unique Identifier (UID) in my card emulation application (Mifare 1K) instead of the Random Identifier (RID) ?
I can't use NFC in my company access control if the Identifier is never the same...
Is there any form to pass trough this?
Is this one intentional leak on google official API?
It appears that nobody has yet performed card-emulation on the Nexus S running ICS 4.0.x.
Update:
I tried it myself, and obtained limited functionality. I was also not able to read the ID of the emulated card when the phone was off. (that somehow defies the purpose of card emulation.)
UPDATE (05.05.2012):
I managed to force the ID of the secure element to be fixed. The phone can now be read by an NFC reader even when the phone is off. The Nexus S' NFC antenna (found on the back cover, under a black coating) is powered by the RF field generated by the reader and the embedded SE can be read by the external reader.
If anybody is still interested in the above subject, I will post my steps and compiled sources.
marco-f.nunes said:
Does anyone know how can i get a Unique Identifier (UID) in my card emulation application (Mifare 1K) instead of the Random Identifier (RID) ?
Click to expand...
Click to collapse
Yes, with the hacked Gingerbread OS provided by M0rtadelo (you have to compile from source - nasty procedure, requires good knowledge and confidence with Linux) or by softy007 (search his blog for the compiled binaries), you will be able to have card-emulation working. It is for experimental purposes only. The UID will be fixed, but you cannot do much from there.
marco-f.nunes said:
I can't use NFC in my company access control if the Identifier is never the same...
Click to expand...
Click to collapse
Card emulation is too much in its infancy to be able to do what you want right now. You may do some research on SEEK for Android. I don't know about your company, but the latter might not like a hacked android phone due to security issues.
marco-f.nunes said:
Is this one intentional leak on google official API?
Click to expand...
Click to collapse
Yes, this is intentional. Nick Pelly and Jeff Hamilton officially state so on the official Google IO 2011 presentation. (http://www.google.com/events/io/2011/sessions/how-to-nfc.html)
Hi shailentj,
I'm really interested in this post. Currently, I'm doing the same thing that marco-f.nunes wants to do.
I would like to emulate all the Galaxy Nexus of my company to allow them to open every locked doors. Thus, I just want to emulate a passive NFC tag (through an app for now) [EDIT: but it's just a POC!]
shailentj said:
If anybody is still interested in the above subject, I will post my steps and compiled sources.
Click to expand...
Click to collapse
So, I would be really interested and grateful if you could post it!
Thanks.
Software Developer
Hi Shailentj,
I am trying to develop a NFC application to read the nfc tag, this works fine on emulator, but not working on device/phone.
Please do advice me the steps that help me to read nfc tag through the phone. the app is also having other non nfc model along with it. all others models are working fine expect the nfc part.
Please do help me. also please provide me the steps that you performed and also the compiled source.
Thanks and Regards
Srikanth k
shailentj said:
It appears that nobody has yet performed card-emulation on the Nexus S running ICS 4.0.x.
Update:
I tried it myself, and obtained limited functionality. I was also not able to read the ID of the emulated card when the phone was off. (that somehow defies the purpose of card emulation.)
UPDATE (05.05.2012):
I managed to force the ID of the secure element to be fixed. The phone can now be read by an NFC reader even when the phone is off. The Nexus S' NFC antenna (found on the back cover, under a black coating) is powered by the RF field generated by the reader and the embedded SE can be read by the external reader.
If anybody is still interested in the above subject, I will post my steps and compiled sources.
Click to expand...
Click to collapse
I there, been watching this subject for a while ago and things are going slower then we'd like...'cause everyone wants card emulation to work so that you can just forget your card at home and then pull out your phone and still go to work without calling a mate to open up the door for you.
There's still nothing done, pretty and nifty but it seems there are quite a few solutions to turn up...recently i checked this:
hxxps://play.google.com/store/apps/details?id=at.mroland.android.apps.nfctaginfo
which reads all of my MIFARE 1k cards and pulls out a lot information, but it still as a problem to get the KEYs, of course...the sectors are encrypted...but the above app let's you force the keys A and B to use to read all sectors...you just need to crack A and B KEYs.
So i think, dispite the phone beeing able or not to emulate a tag...i think there's still the problem of getting the keys...so it can truelly emulate the tag, am i correct fellows? 'cause i didn't see anyone talking about this...and it's clear for me...
MIFARE Classic algorithm was hacked some years ago that's not the problem, we can get the keys, proof of concept was people got transportation cards cloned (Oysters for ex.)...but to do so they needed to clone the cards, and for that they had to hack MIFARE Classic algorithm...
Still with me?! Bottom line...maybe i'm getting all wrong...so without getting the KEYs of the card (hacking it!) you won't be able to emulate it with your phone...
Correct, a lot of work cards, gate cards, etc have proprietary software and codes. So getting the keys from the card is a huge issue, and a security issue.
Sent from my Nexus S using Tapatalk 2
I have random access to the security systems at ond of my sites and if i hold my nexus up against the reader it beep / pulse the invalid Card witch it should say once, when then go in to the security logs loads of card ids in the log, is there a way to get the phone to always have the same id?
Sent from my Nexus S using Tapatalk 2
I am really want to know this solution. Can you post the steps here?
shailentj said:
UPDATE (05.05.2012):
I managed to force the ID of the secure element to be fixed. The phone can now be read by an NFC reader even when the phone is off. The Nexus S' NFC antenna (found on the back cover, under a black coating) is powered by the RF field generated by the reader and the embedded SE can be read by the external reader.
If anybody is still interested in the above subject, I will post my steps and compiled sources.
Click to expand...
Click to collapse
I am really want to know this solution. Can you post the steps here?
shailentj, would u please post the steps here?
Why card emulation makes so complicate
I might be wrong. I think the card emulation make things too complicate. If a NFC enabled phone, why not just act as a simple tag with no SE, no SWP, no UICC. Or reader just read such emulated card's UID then proceed the server-side data read back. It likes an ID card, no need to store any sensitive data. When reader gets the UID, anything can be done.
card emulation
Cyanogen9.0 (ICS) supports true card emulation as a 14443-4A/B card
xrodriguez said:
Hi,
Does anybody know if the new features introduced in ICS (Beam feature for instance) may help in the use of 'NFC card emulation' ?
Thanks,
Javier
Click to expand...
Click to collapse
[email protected] said:
Cyanogen9.0 (ICS) supports true card emulation as a 14443-4A/B card
Click to expand...
Click to collapse
Ohhh waiting for to come in JB CM
Sent from my Nexus S using Tapatalk 2
Some science on this topic:
Software NFC emulation
This is really an interesting topic.
It would be great to use my phone to open the door instead using my card...
Any development on this?
Cheers!
I too hope there is some progress in this field?
It would be really great to just clone/dump the raw information from my RFID tag (Mifare Classic 1K) at work, and then use card emulation on my phone to access all the doors and elevators.
What I'm struggling to understand, and where I'm hitting a wall in my research, is where the true limitation(s) lie? Is it in the Secure Element access, and that we need it to control the NFC chip? Or is it simple lack of high level APIs to gain access to the low level functionality of the NFC chip?
Mifare 1k classic emulation on Nexus S
shailentj said:
It appears that nobody has yet performed card-emulation on the Nexus S running ICS 4.0.x.
Update:
I tried it myself, and obtained limited functionality. I was also not able to read the ID of the emulated card when the phone was off. (that somehow defies the purpose of card emulation.)
UPDATE (05.05.2012):
I managed to force the ID of the secure element to be fixed. The phone can now be read by an NFC reader even when the phone is off. The Nexus S' NFC antenna (found on the back cover, under a black coating) is powered by the RF field generated by the reader and the embedded SE can be read by the external reader.
If anybody is still interested in the above subject, I will post my steps and compiled sources.
Click to expand...
Click to collapse
Hi, would you please sharing your steps with us, may be with some code snippets. I am also trying to reach similar goals with Mifare 1k emulation on Nexus S. I would like to know your steps to make the phone respond even when it is turned off with desired UID.
As you may or may not know, there is still a bug in Cyanogenmod's sources that causes the NFC chip to hang when a Mifare card is placed on it. In order to scan any other tag, the screen must be turned off then on, or NFC disabled then enabled again. BACON-161 on cyanogenmod JIRA
Reading and writing Mifare tags works perfectly on ColorOS and OxygenOS but both of these are closed source.
UPDATE:CM and most other ROM nightlies now have changed the config to MIFARE_READER_ENABLE=0x00 which disables reading mifare cards - it only reads the UID and does not hang anymore, but this is more of a triage than a fix.
As far as I can tell, the error is first called:
Code:
E/NxpTml: _i2c_write() errno : 5
E/NxpTml: PN547 - Error in I2C Write.....
E/NxpHal: write error status = 0x1ff
E/NxpHal: write_unlocked failed - PN547 Maybe in Standby Mode - Retry
from function _i2c_write() which is found in system/lib/hw/nfc_nci.pn54x.default.so. In ColorOS and OxygenOS, this library is split (I think) into system/lib/hw/nfc_nci_pn547.msm8974.so and (possibly) system/lib/hw/nfc.default.so.
Does anyone know if it would be possible to add nfc_nci_pn547.msm8974.so as a proprietary blob? If so how could I do this and do I need anything else from OnePlus like headers to do it?
mmec2 said:
Does anyone know if it would be possible to add nfc_nci_pn547.msm8974.so as a proprietary blob? If so how could I do this and do I need anything else from OnePlus like headers to do it?
Click to expand...
Click to collapse
*bump*
*added the files I mentioned*
So, what did you do with those files? Did you fix the problem in the end?
I still cant read mifare tags on my OPO.
doulis7 said:
So, what did you do with those files? Did you fix the problem in the end?
I still cant read mifare tags on my OPO.
Click to expand...
Click to collapse
Nothing yet, sorry.
I had a month long conversation with OnePlus customer support, getting passed between different tech support guys, but they either didn't understand or just don't care about supporting Cyanogenmod now that they have their own competing OS.
I haven't given up just yet, but I can't find any useful information on how to add these new proprietary blobs.
If you don't use too many of CMs extra features (or whichever ROM you currently use) then you could try flashing OxygenOS. Its actually not that bad, but missing quite a few CM features that I use and comes with some extra bloatware.
Hamster Tian has fixed this bug. http://review.cyanogenmod.org/#/c/151239/1/configs/libnfc-brcm.conf
i.imgur .com/cG0lAAf.jpg - apparently cant post links...
According to some guide I'm supposed to be able to pick Android Device between the 61883 Device Class and AVC Devices but as you can see it's not there I tried installing various USB/ADB drivers but nothing seems to work. I'm totally new to this and tbh know nearly nothing about flashing etc...
I wouldn't be here if not for a certain dev of a certain japanese game that blocked emulators/rooted/admin option phones... even tho I've got none of those things on the game is still blocked on my phone... So I started thinking it might be cause of MIUI ? That it works like sort of emulation and causes the problem... honestly no idea I'm just grasping at straws here ...
Netami said:
i.imgur .com/cG0lAAf.jpg - apparently cant post links...
According to some guide I'm supposed to be able to pick Android Device between the 61883 Device Class and AVC Devices but as you can see it's not there I tried installing various USB/ADB drivers but nothing seems to work. I'm totally new to this and tbh know nearly nothing about flashing etc...
I wouldn't be here if not for a certain dev of a certain japanese game that blocked emulators/rooted/admin option phones... even tho I've got none of those things on the game is still blocked on my phone... So I started thinking it might be cause of MIUI ? That it works like sort of emulation and causes the problem... honestly no idea I'm just grasping at straws here ...
Click to expand...
Click to collapse
Hi,
There's no dedicated forum for your device here. This thread seems to be the most relevant for your issue:
Redmi Note3 PRO[Kenzo]FULL GUIDE:ROMs,BootLoader Unlock,ROOT,TWRP,XPOSED,HardWareMODs
Try posting your query there. Experts there may be able to help you.
Good luck
Hello!
I would like to ask for help installing either a new Cubot X6 Android or a linux based system. Until recently I wasn't aware of what kind of aggressive trojans for Android happen to compromise a phone to a degree where the solution is to buy a new one. I do not want to accept that. Therefor I am here to ask for help.
WLAN enabled - the phone runs nutts. It causes unknown apps to be installed, ruining the function of the phone completely. I bought it via ebay, a used Cubot X6. I had the device years ago until i sat on it which happened to break the display, but I liked it and bought it again, used. (The used one cost 60 bucks, a replace-display would have cost 35, so I ran with the used one - big mistake as it turned out).
Now, it's root-system is compromised. I set it to only allow apps from trusted sources. I did not download any apps beside well known trust-worthy ones, like google-maps, WhatsApp, all together.
When I first enabled WLAN, it suddenly started to display a message of the shutting down of "org.rain.ball.update" and also "ssCleaner ("suc", "chengele") is trying to obtain your current position", "ymm" cancelled, and several others. If I allow WLAN it automatically downloads 10-20 apps, some of which correlate with my laptop visited websites (alibaba), others apps from sites I have never visited ("sexy videos"). Basically the phone gets so busy that it needs to be restarted to allow any control of the phone.
I tried to fix it with Avaast, Avira, and Malewarebytes without success. With Avaast it also displays: "/storage/sdcard0/.androidsdata/is.jar", but is unable to fix it. I guess I would have to erase the SD-Card too, if I were to have the system replaced, once. None of the above things can be fixed with the tools at hand. The deletions are always interrupted, nothing gets improved permanently.
I immediately did a "Reset to factory condition", but when I enabled WLAN I didn't even install an app - it all started again, as described above.
So, a quick Google-Research turned out, there are trojan-horses, that cover themselves by pretending to be system applications, so that it would be nearly impossible to get rid of the trojan - only solution: buy a new one (See this article wwwDOTblog.lookout.com/blog/2015/11/04/trojanized-adware/).
Now, while I have a broken device and a trojan device, one solution would be to mount the display of the compromised one onto the broken one. I know it's easy to break the display during this. That's why I am here to ask, if someone might have suggestions of what else could be done to have this fixed?
Maybe it would be possible to get an uncompromised mirror-image of a Cubot X6 from the internet that would replace every data on mine? Would it fix it, if I were to install this: "Ubuntu Touch - Version 15.04 Phone"?
Any help would be appreciated. If I were to take a wild guess, I'ld say the trojan horses might have been developed by Apple...... So what am I to do now? Buy a new one?
EDIT: If you were to not believe this to be true, I could shoot a video of it with my laptop. It's really strange, but it is as it is. EDIT 2: Avaast displays a message, the phone has been rooted.
Please help!! Thank you so much!!
You won't get the virus to YOUR phone from replying ...
Am I here at the right forum for this technical problem?
Thanks
Do a search for your rom and instructions on how to flash. It will replace system partition and problem should then be gone.
tys0n said:
Do a search for your rom and instructions on how to flash. It will replace system partition and problem should then be gone.
Click to expand...
Click to collapse
I will try that. Im total newb to smartphone software. any linking would be appreciated. thanks so far!
CubotX6 said:
I will try that. Im total newb to smartphone software. any linking would be appreciated. thanks so far!
Click to expand...
Click to collapse
A google search for "cubot x6 firmware" will give you some good results.
Here's also Cubot forums, with link to downloads.
Hope that will help, and be sure to read up on the subject on how to flash before you start
So many Thanks! You linked me to the perfect spot! Thank you!
While i will redo my laptop with linux soon, you got experience with having linux on the phone? If i wee to try and mes up, it still were possible to go bac to the original cubot files u linked to, correct?
Thank you!!
Hey ya'll!
Been running snooping around the xda forums for a while now (2017?), and even compiled lineageos for myself last year for the first time! Gots a question not phone related though. (o:
I have acquired a sony alpha 6500, and it still has the original firmware on it that it shipped with when it was new (2016). I'd sure like to save that before updating to the newest one, as it seems it could have some value for developers as well as for historical/museum value for archive.org. It seems like it's android based as some of the documentation I was reading suggests that opening an android shell might be useful to me, which I've never done/don't know what to do with.
Some folks have had some success with this tool: https://github.com/ma1co/fwtool.py . I did run the tool with the "--help" command, but it didn't offer any insight to the switches that are available or how to use them and I can't seem to find a manual for the fwtool. I think this is the tool I'm supposed to use to get the camera to give up everything that's on it right now, but i don't actually know.
This site won't let me make an account right now to ask for help: https://www.personal-view.com/talks/discussion/12756/sony-alpha-hacks-talk/p11 which seems to be the developer of the software that fwtool.py is a fork of possibly? It didn't have any information about how to use the flags/switches for the app either. That's why I'm asking here
Is anyone able to explain from this information I've found so far what command I would need to run (from linux terminal or windows cmd/powershell) or if there are additional steps needed in order to save or backup the current "ROM/OEM Firmware" that's currently on the camera? Or point me in the right direction?
Thanks!