Nfc

From miki
Jump to navigation Jump to search

libnfc

libnfc is the open source Near Field Communication library on Linux. It supports most hardware based on NXP chips (PN53x).

Install:

  • Add apt repository
sudo add-apt-repository ppa:jdthood/nfc-tools
  • Package is only available for release quantal, so if needed edit apt file /etc/apt/sources.list.d/jdthood-nfc-tools-precise.list
  • Install libnfc packages:
sudo apt-get install libnfc-bin libnfc-dev libnfc-examples mfoc
sudo apt-get install libccid pcscd          # As per install instruction http://nfc-tools.org/index.php?title=Libnfc

References:

SCL3711

The SCL3711 is a very small smartcard reader from Identive. It contains a PN533 chip from NXP.


The reader works very well with libnfc. To use it on a recent kernel (like Ubuntu Precise) however, you must blacklist the pn533 and nfc modules:

# To make my SCL3711 works:
sudo vi /etc/modprobe.d/blacklist-libnfc.conf   # As per http://www.libnfc.org/community/topic/668/solved-scl3711-interface-0-claimed-by-pn533-nfclist-sets-conf/
                                                # Type:
                                                #    blacklist pn533
                                                #    blacklist nfc 
# unplug device
sudo modprobe -r pn533 nfc                      # Unload the modules

Once detected, you can easily tags in the reader field with:

nfc-list

References:

MIFARE Classic keys

Dump memory

Dump MIFARE Classic memory:

nfc-mfclassic r a test.dump      # Read, using A key (no key given, so assuming one in default keyset)

mfoc

mfoc can brute-force MIFARE Classic, if at least one key is known (needed to be able to collect some information leaking from random generator).

  • Search for keys, assuming one key in the default keyset (see mfoc source code for a list)
mfoc -O test.dump

More information:

mfcuk

mfcuk may brute a key even if no keys are known. Ideally we use it to guess one key, and then switch back to mfoc.

Best line:

./mfcuk -C -R 0 -v 3 -s 250 -S 250 -o dump.bin      # Search sector 0

References: