Near Field Communication (NFC) Security Research
NFC Section of my weblog
Python NDEF tools and
Mifare-NDEF are now on my github.
Slides for my SummerCon 2012 talk
PDF and the demo video for the NFC/RFID tag read emulation.
Slides for my NinjaCon 2011 talk
NFC and NDEF Hacking The slides contain some new parts on the Nexus S.
New release of: ndef_mifare v0.3 and Python NFC / NDEF library v0.4.
News
According to Near Field Communications World the NFC Forum created a standard for signing NDEF tags. Apparently they did this after I published my research. (Feb. 2010)
Advisory
Nokia 6212 Classic URI Spoofing and DoS Advisory as posted to BugTraq and Full Disclosure
Paper
Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones IWSS March 2009 Fukuoka Japan.
25C3 Slides
collin_mulliner_25c3_attacking_nfc_phones.pdf
Current version of my Python NDEF library and tools: collins_nfcndef_python_stuff_v030.zip (this version supports the BtNfcAdapter running on both the Nokia 6313 NFC and Nokia 6212 Classic, see below for more details).
Current version of my ndef_mifare reader/writer tool: ndef_mifare_v02.tgz
Advisory
Nokia 6131 NFC URI Spoofing and DoS Advisory as posted to BugTraq and Full Disclosure
EUSecWest2008 Slides
Here are the slides for my EUSecWest talk Attacking NFC Mobile Phones.
Python NDEF library and tools (also contains scripts that will created spoofing demos used for my talk)
NDEF_Mifare is a small librfid based NDEF reading/writing tool I wrote.
Sample badproxy.py for URL spoofing using the @-trick. Simple Man-in-the-middle proxy that logs all traffic. This is based on cgiproxy by James Marshall.
NFC Phone Tools (only tested on Nokia 6131 NFC and Nokia 6212 Classic)
BtNfcAdapter
A small tool that turns your Nokia 6131 NFC and 6212 Classic into a NDEF reader and writer. The tool uses a Bluetooth link (RFCOMM channel 25 on the 6131 and 22 on the 6212) to communicate with the client application (e.g. my Python NDEF library). The tool automatically stores all read NDEF tags for later download via Bluetooth.
BtNfcAdapterRaw
Basically the same as BtNfcAdapter but this on is a low level Mifare Classic reader (no writing yet). The tool will make a snapshot of a Mifare Classic tag if
the read key is a known key (e.g. ffffffffffff, a0a1a2a3a4a5, d3f7d3f7d3f7). Reads complete Mifare Classic (inc. sector 0 and sectors trailers of all sectors).
MfStt (Mifare Sector Trailer Tool)
This tool gives you access to the Mifare Classic Sector trailer. It shows you the read/write permissions of each block of the sector. You can overwrite the trailer (only do this if you know what you are doing!!!).
Get everything here.
Fotos from various NFC tags I made. Also includes my paper tag collection. geri-m also took some pictures of a NFC SmartPoster in London.
Contact
Collin Mulliner collin-nfcmulliner.org
updated:
July 18 2019
-[ Home ]-[ Weblog ]-[ Bluetooth ]-[ Windows Mobile ]-[ Symbian ]-[ PalmOS ]-[ J2ME ]-[ Maemo ]-[ Security ]-[ iPhone ]-[ Android ]-[ Contact ]-