I have a bunch of blank NFC tags from Texas Instruments (about 40 in total) in varying sizes (both physical and storage-wise), shapes, and casings. While I'm able to read them on my Galaxy S3, none of the apps I've tried are able to write to them.
After some poking around, I determined that these are all NFC-V tags (ISO/IEC 15693 compliant), which are apparently not NDEF-compatible. While the Android OS supports them, it provides no functionality to interface with them other than transcieve (raw read/write). Lacking the knowledge to write my own interface app, I'm reduced to research, questions, and experimentation.
Does anybody have any experience using Android to write to NFC-V tags? If so, what were you able to store and how did you do it?
https://play.google.com/store/apps/...1bGwsMSwxLDEsImNvbS5ueHAubmZjLnRhZ3dyaXRlciJd
try this app, it might work for you.
Thanks for the reply. That's actually the first app I tried, and no matter what type of data I try to write, I get the following: ow.ly/c5ubE
I've been putting a lot of my effort into getting this (ow.ly/c5uaz) app to work since it specifies NFC-V and ISO/IEC 15693 compatibility, but I still can't get it to write any data (NDEF or raw). From reading up on NFC-V, I get the impression this may be an issue with one-bit vs two-bit addressing and the app assuming which it is wrongly, but I have no way to confirm that. That said, the source for that app is available for download from its developer here (ow.ly/c5uaR) if anybody is interested in picking it apart.
Aren't they locked?
I can't give you more clues as I've just started reading about NFC.
daniel_loft said:
Aren't they locked?
I can't give you more clues as I've just started reading about NFC.
Click to expand...
Click to collapse
Not that I'm aware. I can read them, and the access conditions allow writes. TI also advertises that they're shipped unlocked and unprotected.
Having done a fair amount of research since, it seems the issue is that NFC-V tags are not part of the NFC Forum standard, and there's no standard way to store NDEF data on them. Short of writing my own app with a proprietary method of doing so, I think the only option for those tags is to wait until NXP, TI, the NFC Forum, etc decide on a standard, then all the NFC Android apps update appropriately.
Fortunately, I've since gained access to the NXP Semiconductors samples ordering system, and their MiFARE tags are differently complicated but NDEF-formatable, so I'm making some headway.
rowanator0 said:
Not that I'm aware. I can read them, and the access conditions allow writes. TI also advertises that they're shipped unlocked and unprotected.
Having done a fair amount of research since, it seems the issue is that NFC-V tags are not part of the NFC Forum standard, and there's no standard way to store NDEF data on them. Short of writing my own app with a proprietary method of doing so, I think the only option for those tags is to wait until NXP, TI, the NFC Forum, etc decide on a standard, then all the NFC Android apps update appropriately.
Fortunately, I've since gained access to the NXP Semiconductors samples ordering system, and their MiFARE tags are differently complicated but NDEF-formatable, so I'm making some headway.
Click to expand...
Click to collapse
Hm, I belive that NFCIP-2 specifies something according to vicinity cards, but I don't remember what exactly. The main problem is though that the NFC chip of the SG3, which should be PN544 (not 100% sure, but I tihnk its the same as in the predecessor, and NXP didn't release PN547 yet) does not have the capability to write vicinity cards. I think there were datasheets on this though.
Damastus said:
Hm, I belive that NFCIP-2 specifies something according to vicinity cards, but I don't remember what exactly. The main problem is though that the NFC chip of the SG3, which should be PN544 (not 100% sure, but I tihnk its the same as in the predecessor, and NXP didn't release PN547 yet) does not have the capability to write vicinity cards. I think there were datasheets on this though.
Click to expand...
Click to collapse
Can you define "vicinity" in this context? If you're referring specifically to NFC-V, you may be on to something. If you just mean proximity cards in general, though, I am able to write to MiFARE tags. Furthermore, as I understand it, with the right software behind an NFC reader/writer, you can theoretically read/write just about anything that uses 13.56MHz, simply as a result of the way the active field works.
Additionally, you seem to be correct about the NFC chip in the S3 (see ow.ly/foV15), but according to the NXP spec sheet for that chip (ow.ly/foUYj), it should be able to read/write tags that meet the same ISO standards as my TI tags. Apologies for the shortened URLs; I don't have enough posts yet to post links and that seems to be the only way to get around it.
rowanator0 said:
Can you define "vicinity" in this context? If you're referring specifically to NFC-V, you may be on to something. If you just mean proximity cards in general, though, I am able to write to MiFARE tags. Furthermore, as I understand it, with the right software behind an NFC reader/writer, you can theoretically read/write just about anything that uses 13.56MHz, simply as a result of the way the active field works.
Additionally, you seem to be correct about the NFC chip in the S3 (see ow.ly/foV15), but according to the NXP spec sheet for that chip (ow.ly/foUYj), it should be able to read/write tags that meet the same ISO standards as my TI tags. Apologies for the shortened URLs; I don't have enough posts yet to post links and that seems to be the only way to get around it.
Click to expand...
Click to collapse
ISO15693 is the vicinity card standard (basicly the same as the other ISO14443 standard, but those ISO15693 cards have a bigger range up to several meters). Cards that can be read via NFC-V are vicinity cards / tags. Though I checked again, you are right, coming from the data sheet, it should be able to read and write them.
Btw, your idea to be able to read and write anything that uses 13.56MHz is to idealistic. There are many kinds of cards and standards with many different protocols (many of them are even proprietary, like Mifare Classic, Legic, iClass etc.) involved in this. These protocols are most of the time implemented on the hardware level. One of the reasons for that is the fact that there are also very strict timings cards, tags and reader have to comply to. Going up layers of software can be to slow in that case.
You can read most of the ISO 14443 A and B compliant cards for example, but Mifare Classic can only be read with phones that feature chips that implement the ISO 14443-3 A protocol. The PN544 can read Mifare Classic, because hes manufactured by NXP, the same company that holds the patents and rights of the Mifare Classic standard.
Damastus said:
ISO15693 is the vicinity card standard (basicly the same as the other ISO14443 standard, but those ISO15693 cards have a bigger range up to several meters). Cards that can be read via NFC-V are vicinity cards / tags. Though I checked again, you are right, coming from the data sheet, it should be able to read and write them.
Btw, your idea to be able to read and write anything that uses 13.56MHz is to idealistic. There are many kinds of cards and standards with many different protocols (many of them are even proprietary, like Mifare Classic, Legic, iClass etc.) involved in this. These protocols are most of the time implemented on the hardware level. One of the reasons for that is the fact that there are also very strict timings cards, tags and reader have to comply to. Going up layers of software can be to slow in that case.
You can read most of the ISO 14443 A and B compliant cards for example, but Mifare Classic can only be read with phones that feature chips that implement the ISO 14443-3 A protocol. The PN544 can read Mifare Classic, because hes manufactured by NXP, the same company that holds the patents and rights of the Mifare Classic standard.
Click to expand...
Click to collapse
Which leaves us pretty much back where we started.
As for my "WORKS WITH EVERYTHING" comment, you're absolutely right. I should have specified ISO14443/15693 (and even then my original statement would be wrong). Basically, I was referring to the fact that if you have the command set for something that operates on the 13.56MHz frequency, you can in theory write software to interface with it, as you can send and receive pretty much any raw data you want. However, you're right--there are plenty of 13.56MHz devices, both passive and active, that some active modules simply cannot communicate with.
Related
Anyone used this software before? Sounds quite interesting and works on the HD.
http://www.microsoft.com/tag/
Works very well.
I loaded it up a few weeks ago when it was announced.
It starts fine and accesses directly the camera. It searches automatically for tags and then launchs internet to connect to the tag.
I installed it this morning and seems to work pretty well. However I haven't seen any websites or posters with that on it, so it might be a while before we are actually able to use the software.
I to have just installed the app. I like the look of it. I guess we'll just have to wait and see how long before it becomes of use to us.
So useless, why use MS Tags if a worldwide standard - Barcodes - exists already for years - and works on mobile phones with reader software. Just another attempt by MS to waste money.
Lucas0511 said:
So useless, why use MS Tags if a worldwide standard - Barcodes - exists already for years - and works on mobile phones with reader software. Just another attempt by MS to waste money.
Click to expand...
Click to collapse
My thoughts exactly. We have a GREAT 2D-barcode standard QRCode (and to some degree DataMatrix), that's already widely used (by delivery companies, postal workers, public transit companies etc. etc.) and supported, works in black&white and is an open standard (ISO/IEC) that anyone can implement free of charge (Denso Wave has chosen not to exercise it's patent, other than to limit the use of the trademark term QR Code).
Microsoft advertises the technology by comparing the size of the resulting code, naturally a four-color code is smaller than a 1-bit implementation, but 2D barcodes are used to store very little information (shipment ID, URL, phone number etc.), so that's just stupid.
The only interesting thing is the fact that Microsoft tags require less image quality to be scanned successfully, but I for one have never had problems with that even with older phones (sub-VGA cameras), let alone modern ones.
It's nice to see interest in physical interfaces to mobile web like these grow, but I really don't think Microsoft Tags bring enough improvements to the table to warrant using them over standardized technology.
Just my $0.2
Thanks for your insight, quality posting. Sad thing is that few consumers are motivated to use barcodes. Offering rebate through them, like virtual coupons, might be a way to change that.
If MS would truly innovate, they would work on something like this, social tagging:
http://tonchidot.com/index_info.html
I agree with most of the comments questioning the usefulness of this app.
I must admit to actually liking it a lot - works well, simple interface, grabs pictures with the crappy HD camera very well.
BUT, I have never seen a MS Tag in the wild yet, maybe in a few years when I've moved to an iphone (ho ho) ...
When I initially read this, I thought it was ground breaking. However, I was under the illusion that it was using OCR to read whatever you take a photo of to intelligently derive tags and therefore referals to websites.
However, the OCR is only based on Microsoft barcodes. This is a very limited market.
Yet, again Microsoft taking over the world but I sense this will fall flat on it's face.
The standard barcode workaround may work, but how many film poster's or bus timetables (for example) do you know that have a barcode ? This strikes me to be more about physical consumer products than anything else.
Having been using QR Codes for a while now, I must admit I think MS tags are brilliant.
So many cameras on phones struggle with QR Codes, but MS tags can be easily read even when out of focus. There are other things I like about the tag: the ability to track the geolocation of where it was scanned (opt-in basis by people running the tag reader). On their site they have detailed info about just how poor some HTC cameras are when passing streams of data over to other apps - makes for interesting reading!
What I absolutely despise about it is
a) the fact that there is no SDK for it and making up tags using the web site is NOT an option for anybody but the hobyist
b) the fact that MS hasn't clarified whether or not they'd be charging for it
c) I'm not comfortable in leaving all the tracking data in the hands of one company
QR Codes have the benefit of not needing to be printed in colour, but MS tag has the benefit of being read easier using mobile phones.
I don't believe QR Codes will disappear but I do believe MS Tags will be successful. I certainly belive that there's room in the market for it, PROVIDED MS doesn't charge for it.
Has anyone heard of using an NFC enabled device to imitate a RFID gate pass? My complex won't give me another one for my fiance. I thought I could copy it, and swipe my Gnex at the gate while my fiance use the proxicard HID.
I'm ignorant of the details of the two technologies, so this is probably impossible. Worth asking. Thanks
I would sure hope not. Sounds like that would be a pretty big security risk for companies that use such cards for sensitive locations.
Sent from my Galaxy Nexus using Tapatalk 2
It is possible I believe. I know for Bamboozle that the NFC wristbands had no security and I was able to get into VIP area with no problems.
I would imagine that it is likely since I doubt that their NFC security is high.
With Regards to cloning an NFC tag and an RFID card. No it won't be possible. You have mentioned two technologies that are similar but not the same. NFC and RFID work the same in theory, but at different radio bands. Think of it like ATT phones vs. T-Mo phones. Some PC adaptors can read/write both, but the GNex can't.
Second flaw is that you probably wouldn't be able to use the GNex itself to open the door. The much more likely solution would be to use the GNex to capture the info on the old tag and write it to a different tag of the same type.
Third, and this ties into what Self Righteos Banana said about the NFC wrist bands at Bamboozle, most places don't have high security on their NFC or RFID solutions, but the software isn't quite there for GNex to fully exploit this. We were able to read the wristbands and determine that all of them, VIP, 1 day, 3 day etc. etc. had the same info stored on the tag. They were relying on the site staff to visually identify the various wristbands as well as scan to see if they were genuine. With this, a little social engineering got us into restricted access. We weren't able to rewrite the wristbands completely without altering other bits yet though. One of us wrote Hello to an unused portion of the memory, but it wrote header info in adjacent bits, not zeroes. I assume this is based on protocols that the phone (or other NFC devices use). So we were able to read and write to the tags, but could not clone them. For that I think you would still need a PC until software catches up.
EDIT: Also since this is a question, I feel I should remind you to post it in the Q&A section and not general. Also there is an NFC Hacking subforum.
Thanks a lot for the valuable info. I'll hunt around in the NFC hacking section. Sorry about posting in the wrong forum. I won't make mistake again.
I am aware that this is a Non-NFC query in the NFC Hacking forum. If I've inappropriately placed it here, please forgive me.
I am far from a developer, but am getting more and more into development as of late. I feel like there must be a way to read MetroCards with an Android device to find out its balance. When I first delved into this, I found out about Farebot [and this is why I've posted in the NFC forum].
http://forum.xda-developers.com/showthread.php?t=1458068
Using an NFC enabled phone, one can read subway cards from certain cities. However, my current phone is a Captivate [aka non-NFC].
Then, I thought that if a Square reader can read credit card information as well as manipulate this info in the form of taking payment, there must be a way to simply be able to read info on the MetroCard.
Each MetroCard stored value card is assigned a unique, permanent ten-digit serial number when it is manufactured. The value is stored magnetically on the card itself, while the card's transaction history is held centrally in the Automated Fare Collection (AFC) Database. When a card is purchased and fares are loaded onto it, the MetroCard Vending Machine or station agent's computer stores the amount of the purchase onto the card and updates the database, identifying the card by its serial number. Whenever the card is swiped at a turnstile, the value of the card is read, the new value is written, the customer is let through, and then the central database is updated with the new transaction as soon as possible.
I'm wondering, given the aforementioned info, if its simply a matter of getting the serial number and accessing the AFC Database. If so, wouldn't a developer, using an external reader such as Square, be able to create a series of commands that could do this?
Curiouser and curiouser...
23rdstreet said:
I am aware that this is a Non-NFC query in the NFC Hacking forum. If I've inappropriately placed it here, please forgive me.
I am far from a developer, but am getting more and more into development as of late. I feel like there must be a way to read MetroCards with an Android device to find out its balance. When I first delved into this, I found out about Farebot [and this is why I've posted in the NFC forum].
http://forum.xda-developers.com/showthread.php?t=1458068
Using an NFC enabled phone, one can read subway cards from certain cities. However, my current phone is a Captivate [aka non-NFC].
Then, I thought that if a Square reader can read credit card information as well as manipulate this info in the form of taking payment, there must be a way to simply be able to read info on the MetroCard.
Each MetroCard stored value card is assigned a unique, permanent ten-digit serial number when it is manufactured. The value is stored magnetically on the card itself, while the card's transaction history is held centrally in the Automated Fare Collection (AFC) Database. When a card is purchased and fares are loaded onto it, the MetroCard Vending Machine or station agent's computer stores the amount of the purchase onto the card and updates the database, identifying the card by its serial number. Whenever the card is swiped at a turnstile, the value of the card is read, the new value is written, the customer is let through, and then the central database is updated with the new transaction as soon as possible.
I'm wondering, given the aforementioned info, if its simply a matter of getting the serial number and accessing the AFC Database. If so, wouldn't a developer, using an external reader such as Square, be able to create a series of commands that could do this?
Curiouser and curiouser...
Click to expand...
Click to collapse
1. Metrocards are non-NFC. I assume the cards listed in the Play Store page are only compatible because you can tap them instead of swiping them (NFC chip).
2. If you want this thread to remain open, ONLYtalk about reading. Writing to a MetroCard constitutes [possible] fraud. You'd also get caught since there's a transaction database that keeps track of all swiping history and values.
EDIT: I thought you were talking about NYC Metrocards because that's what they're called. Here's an interesting read (scroll down to how they built the reader):
http://blog.metrochange.org/
Product F(RED) said:
1. Metrocards are non-NFC. I assume the cards listed in the Play Store page are only compatible because you can tap them instead of swiping them (NFC chip).
Click to expand...
Click to collapse
You're correct. I should have had my facts straight. I guess I jumped with the whole Farebot set up.
Product F(RED) said:
2. If you want this thread to remain open, ONLYtalk about reading. Writing to a MetroCard constitutes [possible] fraud. You'd also get caught since there's a transaction database that keeps track of all swiping history and values.
Click to expand...
Click to collapse
Absolutely. This entire inquiry comes from having a bunch of MetroCards lying around at any given time [with no idea what is on any of them ] I am only looking for a way to read what is left on a MetroCard.
Product F(RED) said:
EDIT: I thought you were talking about NYC Metrocards because that's what they're called. Here's an interesting read (scroll down to how they built the reader):
http://blog.metrochange.org/
Click to expand...
Click to collapse
I am, in fact, talking about NY MetroCards. The link is great! I'm going to have to amp my development knowledge.
Thanks for the response!
High 5 to a fellow New Yorker. Bay Ridge resident
I've never built a piece of hardware extensively like they did, but that looks really interesting. So to summarize, you CAN in fact read a Metrocard balance with a Square card reader (which I have 3 or 4 handy), but the audio signal isn't amplified enough to be decode-able or consistent. So they used a cassette tape player head to try and it worked. They used an open source piece of software to decode the audio signal into binary. Then they converted it into Dec and divided by two. That gives you the value in cents.
All i know is their network is updated every 7 minutes or so with metrocard swipe info.
i know precious little about the nitty-gritty of RFID or NFC stuff, but i'm wondering if there's such a thing as an RFID or NFC spoofer (emulator) that works at the standard nfc frequency of 13.56mhz, and uses the iso 14443 standard.
i'm wondering if it's possible to spoof those sky-landers figures, which use nfc. it's currently impossible to write one figure onto another because of access restrictions on the first little block in the rfid tag. and I'm not aware of any commercially available generic RFID tags that have *quite* the same hardware as the figures.
I believe the sky-landers use MiFare Classic tags, and have a locked block 0 (or UID), in that block 0 is the code which says which character they are.
is it in principle, possible to "project" a fake MiFare tag from an nfc equipped phone, also with a fake UID?
for that matter, are there any breakout boards that can do this, like an arduino shield?
*BUMP*
I'd also like to pull this off with my G-Nex...
The breakout board I use is from Adafruit.com which at the moment is hooked up to a raspberry pi. You could theoretically spoof a tag if you will. But I don't follow the logic to do so. I think what you want to do is more like cloning and siphoning. Check over on the Kali Linux forums, new version of backtrack they are working on something that does just that. I read a little into it about how they were basically bumping into people at a conference or getting in range of someone with there phone out texting or not paying attention and we're able to do just that.
Sent from my SAMSUNG-SGH-I747 using xda premium
Osbor said:
i know precious little about the nitty-gritty of RFID or NFC stuff, but i'm wondering if there's such a thing as an RFID or NFC spoofer (emulator) that works at the standard nfc frequency of 13.56mhz, and uses the iso 14443 standard.
i'm wondering if it's possible to spoof those sky-landers figures, which use nfc. it's currently impossible to write one figure onto another because of access restrictions on the first little block in the rfid tag. and I'm not aware of any commercially available generic RFID tags that have *quite* the same hardware as the figures.
I believe the sky-landers use MiFare Classic tags, and have a locked block 0 (or UID), in that block 0 is the code which says which character they are.
is it in principle, possible to "project" a fake MiFare tag from an nfc equipped phone, also with a fake UID?
for that matter, are there any breakout boards that can do this, like an arduino shield?
Click to expand...
Click to collapse
In theory one is able to emulate a NXP MiFare Classic card using an Android device. However, the firmware of the NFC chip is programmed to produce a different UID with each transmission, therefore the new firmware for the chip would have to modified to produce a static UID. If you want to learn more of the capabilities of the NXP NFC chips used in most Android devices, navigate to NXP's website and there is plenty of info.
From The Q, Of Course
live the life you love, love the life you live
hello everyone, im a bit new to this. i recently saw a video on youtube of someone's proof of concept that it would be possible to emulate disney infinity rfid tags by using some special hardware and listening in on the traffic between the disney figurine base and the xbox 360 by routing it through a laptop. my question was of a similar nature. i have a bunch of these disney infinity figurines, and it gets annoying trying to keep track of them. especially since my little brother is the one that uses them and they wind up in miscellaneous places in the house, occasionally broken. i understand that they are some kind of 13.56 mhz rfid tag with a toy on top of them. my question is, how would i use an android phone, (samsung galaxy s5 rooted) or some kind of rfid reader to determine the hex key that is locking the information that is contained inside the rfid tag, so that i can make a copy of the figurine in case my brother steps on one of them again. so that way i can just have him use a clone of the tag. as far as i understand, since i PAID for these figurines, they are mine, so if i copy them for backup purposes thats completely fine. i have tried a few things, i tried "nfc - war" which was not too usefull, and a couple of other apps to no avail. is there an app, or a windows program (and compatible hardware) that i can use to either brute force the keys out or use some sort of exploit to get the keys? as far as i understand it is a mifare classic ndef formatable tag. help would be greatly appreciated. also im not on here to do anything illegal, or wrong in any way. so anyone whom would like to simply complain to me about how backing up my own property is wrong, please direct your comments elsewhere because i really don't care.