Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NFC used as mifare, is it possible?

Tags:

nfc

mifare

We have a mifare card system and are looking into the possibility of using NFC chips in phones as mifare cards.

I have done a bit of research into NFC but the question that I cannot answer is do NFC chips in mobile phoned have a unique identifier that I can read like a mifare card has ?

Also if the NFC chip dies have a unique code can I just read it using the NFC reader or do I need an application on the phone to put it into card-emulation mode ?

like image 779
Skeith Avatar asked Jul 13 '12 13:07

Skeith


2 Answers

I work for a large agency and this same question was proposed. In summary, I was able to successfully emulate a mifare classic chip (our id card) and gain access to all facilities as if I was using my id card (lenel access control). However, in the end the solution was a hack and a half. Only devices with NXP NFC controllers could this be possible on. Further, I had to modify the nfc_access.xml (remount the file system to rw) system file and include the signature of the application. Then using reflection, enable mifare emulation. Then using a mifare reader/writer (hid 6055b), I encode the data (sectors and blocks, in my case sector 1) onto the phone. In essence, I treat the phone as a mifare ID card. That is, i copied my id card to the phone. You can't programmatically set this.

NXP owns mifare. Mifare sits above the iso14443 part 3 specs and implements a proprietary communications protocol. This protocol is only implemented in the secure element which is also owned by NXP. This is why devices equipped with broadcomm chipsets can't read mifare (e.g. nexus 5).

Although I proved it possible, it is not feasible for production.

like image 77
Paul Avatar answered Sep 18 '22 12:09

Paul


The phone can emulate certain chip cards in secure element, but it is a bit difficult procedure and is not available through the normal SDK (See e.g. here or here).

Note that the main problem there is not missing Android support, but the security procedure behind accessing the secure element.

Since the phone cannot emulate chip card you are left with the option of the peer-to-peer communication between the phone and the reader. The unique identifier can be saved in the phone memory - to be sure it is your identifier it must be digitally signed.

If you need to protect it from cloning (i.e. someone cannot copy it to other phone), then it becomes more difficult and it will be never as secure as Mifare.

BR STeN

like image 40
STeN Avatar answered Sep 18 '22 12:09

STeN