You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
nfcgate / nfcgate Public
An NFC research toolkit application for Android
Notifications You must be signed in to change notification settings
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Go to fileNFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic modifications.
This application was developed for security research purposes by students of the Secure Mobile Networking Lab at TU Darmstadt. Please do not use this application for malicious purposes.
As instructions differ per mode, each mode is described in detail in its own document in doc/mode/ :
Captured traffic can be exported in or imported from the pcapng file format. For example, Wireshark can be used to further analyze NFC traffic. A detailed description of the import and export functionality is documented in doc/pcapng.md.
NFCGate provides an in-app status check. For further notes on compatibility see the compatibility document.
Please consider the following issues and caveats before using the application (and especially before filing a bug report).
When using modes, that utilize HCE, the phone has to implement the NFC Controller Interface (NCI) specification. Most of the phones should implement this specification when offering HCE support.
To ensure confidentiality and integrity, use Transport Layer Security (TLS), which can be enabled in NFCGate settings. You need a CA-issued or self-signed certificate. Certificates from system-trusted CAs are trusted automatically. Self-signed certificates can be trusted by the user on first use ( TOFU).
We can only proxy tags supported by Android. For example, Android no longer offers support for MiFare classic chips, so these cards are not supported. When in doubt, use an application like NFC Tag info to find out if your tag is compatible. Also, at the moment, every tag technology supported by Android's HCE is supported (A, B, F), however NFC-B and NFC-F remain untested. NFC-A tags are the most common tags (for example, both the MiFare DESFire and specialized chips like the ones in electronic passports use NFC-A), but you may experience problems if you use other tags.
This application only works with readers which do not implement additional security measures. One security measure which will prevent our application from working in relay mode is when the reader checks the time it takes the card to respond (or, to use the more general case, if the reader implements "distance bounding"). The network transmission adds a noticeable delay to any transaction, so any secure reader will not accept our proxied replies.
This does not affect other operating modes.
Some features of NFC are not supported by Android and thus cannot be used with our application. We have experienced cases where the NFC field generated by the phone was not strong enough to properly power more advanced features of some NFC chips (e.g. cryptographic operations). Keep this in mind if you are testing chips we have not experimented with.
An early version of this application was presented at WiSec 2015. The extended Abstract and poster can be found on the website of one of the authors. It was also presented in a brief Lightning Talk at the Chaos Communication Camp 2015.
Any use of this project which results in an academic publication or other publication which includes a bibliography should include a citation to NFCGate:
@inproceedings , title = Security Research with a Smartphone-Based Toolkit>, booktitle = Workshop on Offensive Technologies ( 20)>, year = , url = , publisher = Association>, month = aug, > The initial NFCGate paper describing the first version of NFCGate can be cited as follows:
@inproceedings, author=ller and Tom Schons and Daniel Wegemer and Matthias Schulz>, booktitle=, year= > Copyright 2015-2024 NFCGate Team Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.