All geek questions in one place

Is it possible to read the NFC chip for the iPhone as if it were an RFID tag?

I know that iPhone 4 cannot read RFID tags, and I know that the iPhone API allows you to use NFC for Apple Pay, but is it possible to read the NFC chip for iPhone, as if it were an RFID tag

Thus, can an RFID reader get some passive information, such as a unique chip identifier or something like that, using an RFID reader with something like Arduino or Raspberry Pi?

+3
source share
3 answers

It seems that you can detect the signal coming from the iPhone when you hold your thumb to try to pay Apple Pay. However, each time it is pressed, it sends a different identification number. This makes it almost impossible to do something related to security.

Here is a video of who earned it. https://www.youtube.com/watch?v=fhpMVFte2mE

because iPhone spills different NFC # tags every time. the reader is configured to use any tag, this is not suitable for secure applications, such as blocking, as in the video above.

+6
source

As Michael Gillett already wrote, the anti-collision identifier (often used as an identifier in RFID) is dynamic and changes each time a protected element is activated on the iPhone. What you can try to do is access the EMV payment card ("symbolized" credit card) in the secure element. This credit card contains at least a PAN (indicated primary account number) and, possibly, also public keys for verification of the signature. This information must be static (even in the case of tokenzation) and, therefore, can be used to identify the device.

Take a look at the EMV specifications for contactless payment systems ( http://emvco.com ) to learn how to access the payment application. Basically you would do something like the following:

  • SELECT PPSE
  • Find the AID of the payment application in the selected answer
  • SELECTION of a payment application (by AID)
  • RECORD RECORD (file + record number) for a record containing the PAN / ICC public key

You will need a contactless smart card reader to send the necessary APDU commands. An RFID reader that only performs anti-collision to get an identifier is not enough. However, for both Arduino and RPI, such readers exist (for example, an NFC screen).

+8
source

Use a PN532 board. Simplify your work with an Arduino-based host, use this library .

Define a connection.

#include <Arduino.h> #include <SPI.h> #include <PN532_SPI.h> #include <PN532.h> PN532_SPI intfc(SPI,5); PN532 nfc(intfc);

Check for a card or phone:

 success = nfc.inListPassiveTarget(); if (success) { ...

Define communication buffer:

  uint8_t apdubuffer[255] = {}; uint8_t apdulen;

and send the SELECT PPSE command:

 apdulen = 255; success2 = sendAPDU(0x00, 0xA4, 0x04, 0x00, "2PAY.SYS.DDF01", 0x00, &apdubuffer[0], &apdulen);

if successful, then:

 //fromHEX("A0000000031010") - VISA //fromHEX("A0000000041010") - MC success2 = sendAPDU(0x00, 0xA4, 0x04, 0x00, fromHEX("A0000000031010"), 0x00, &apdubuffer[0], &apdulen);

and you can read the internal map files (SFI / REC), for example:

 success2 = sendAPDU(0x00, 0xB2, rec_num, (sfi_num << 3)+4, 0x00, &apdubuffer[0], &apdulen);

It is best to find the PAN / ICC public key, indeed, as unique to the card, but before the PAN / ICC many bytes will be presented, imho, unique enough and sufficient for authentication

In the end, you will need the following overloads:

 bool sendAPDU(byte cla, byte ins, byte p1, byte p2, String aid, byte le, uint8_t *response, uint8_t *resp_len) { uint8_t cmdbuf[255]; memset(&cmdbuf[0],0,255); cmdbuf[0] = cla; cmdbuf[1] = ins; cmdbuf[2] = p1; cmdbuf[3] = p2; cmdbuf[4] = aid.length(); int i; for (i=0;i<aid.length();i++) cmdbuf[5+i] = aid[i]; cmdbuf[6+i] = le; //printbuf((char*)&cmdbuf[0],5+aid.length()); return nfc.inDataExchange(&cmdbuf[0], 5+aid.length(), response, resp_len); } bool sendAPDU(byte cla, byte ins, byte p1, byte p2, uint8_t* aid, byte le, uint8_t *response, uint8_t *resp_len) { uint8_t cmdbuf[255]; memset(&cmdbuf[0],0,255); cmdbuf[0] = cla; cmdbuf[1] = ins; cmdbuf[2] = p1; cmdbuf[3] = p2; cmdbuf[4] = aid[0]; int i; for (i=0;i<aid[0];i++) cmdbuf[5+i] = aid[i+1]; cmdbuf[6+i] = le; //printbuf((char*)&cmdbuf[0],5+cmdbuf[4]); return nfc.inDataExchange(&cmdbuf[0], 5+cmdbuf[4], response, resp_len); } bool sendAPDU(byte cla, byte ins, byte p1, byte p2, byte le, uint8_t *response, uint8_t *resp_len) { uint8_t cmdbuf[255]; memset(&cmdbuf[0],0,255); cmdbuf[0] = cla; cmdbuf[1] = ins; cmdbuf[2] = p1; cmdbuf[3] = p2; cmdbuf[4] = le; //printbuf((char*)&cmdbuf[0],5); return nfc.inDataExchange(&cmdbuf[0], 5, response, resp_len); }

and this too:

 /* Funny, non-C approach to return array from a function Returns ptr to global static buf... Just to improve readability of sendAPDU() function... Not really needed in real app, */ uint8_t fromHexBuf[255]; uint8_t* fromHEX(String hexs) { int i = hexs.length()/2; fromHexBuf[0] = i; int x=0; while (i) { char buf[3]; char *tmp; buf[0] = hexs[2*x]; buf[1] = hexs[2*x+1]; buf[2] = 0; uint8_t v = strtol(&buf[0], &tmp, 16); //Serial.printf("-> %s = %x\n", buf, v); fromHexBuf[x+1] = v; x=x+1; i--; } return &fromHexBuf[0]; }
0
source

Source: https://habr.com/ru/post/1260679/

More articles:


All Articles