在iOS和Android智能手机上使用NFC解锁的门;阅读NFC芯片的UID
我遇到了这个讨论使用HCE模式获得静态NFC标记我对NFC技术在智能手机上的仿真模式下的工作方式有一些疑问,尤其是在解锁门上。
在这方面,iPhone设备与三星设备有何不同?我最感兴趣的手机型号是iPhone 13,三星Galaxy S21和三星Galaxy A32。
- 支持NFC的智能手机是否需要应用程序才能模仿打开门的卡?
- 在手机静态还是动态的NFC芯片的安全元件的UID?
- 当使用模拟卡的应用程序时,读者是否读取了对该卡的UID读取的UID,还是与智能手机中NFC芯片的UID相同?
- 如果“该设备在打开时会生成新的随机UID”,这是否意味着我们可以模仿具有相同UID的多个卡?
- 智能手机可以复制标签的内容(键)然后模拟吗?
- 依靠NFC芯片的UID需要将哪些安全措施添加到拆卸系统中?
I came across this discussion Get Static NFC Tag Id with HCE mode and I have some questions on how NFC technology works in card emulation mode on smartphones, particularly when it comes to unlocking doors.
How do iPhone devices differ from Samsung devices in this regard? The phone models I am mostly interested in are iPhone 13, Samsung Galaxy S21 and Samsung Galaxy A32.
- Does an NFC-enabled smartphone need an application in order to emulate a card that opens a door?
- Is the UID of the secure element of the NFC chip in the phone static or dynamic?
- When using an application that emulates a card, is the UID read by the reader an UID specific for that card or is it the same as the UID of the NFC chip in the smartphone?
- If “the device generates a new random UID whenever it is turned on” does that mean that we can emulate more than one card with the same UID?
- Can a smartphone copy the content of a tag (key) and then emulate it?
- What security measures need to be added to a door-unlocking system relying on the UID of an NFC chip?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,NFC UID的设计不是唯一的,也不是附加了任何级别的安全性。当多个标签在范围内时,它只需要不同。
因此,现在许多手机都会生成一个随机的UID作为安全功能,以防止其在跟踪电话中的使用。
某些标签类型具有可编程的UID,或者在通常无法编程的情况下,有可编程UID的克隆,
因此忘记将UID用于门锁。
但是,为了尝试回答您的问题
像Passkit这样的公司具有与内置软件一起使用的商业解决方案。
但是,作为iPhone上的普通开发人员,您无法在Android上访问此功能,它允许您模仿4型标签的行为(您需要和应用程序来提供此功能并安装服务,但它不需要应用程序即可跑步以使其工作)。
UID不是安全元素通常会做的,并且UID主要是动态生成的。安全元素大多数处理AID的仿真(应用ID)的4型标签。
uid的大多是随机生成的,如前所述。
主要是UID对标签仿真不重要,因此您可以模仿多个4型标签(具有相同辅助的标签更加困难,但您不太可能拥有它)
如果数据是可以自由阅读的,或者它具有该数据必要的密码和 /或解密键,那么是的,它可以读取标签并复制数据。如果它是4型标签,则将其效仿。 (并非所有标签都是类型4)
需要添加大量的安全措施,实际上很难/不可能真正制作安全的NFC门锁。 (是的,您可以使黑客更加困难,但从来都不是不可能的,例如“中间人中的人”攻击,自定义硬件,甚至是扎根的Android手机)
)
您也可以扭转思维方式,而效仿的是门锁标签和手机只需是NFC阅读器/作家,所有启用NFC的手机都可以做到。
或更常见的是在门锁中使用蓝牙,因为手机中更加无处不在。
First off a NFC UID is not designed to be Unique or have any level of security attached to it. It just has to be likely to be different when multiple Tags are in range.
Thus a lot of phones now generate a random UID as a security feature to prevent it's use in tracking phones.
Some Tag types have a programmable UID's or where not normally programmable there are clones available with programmable UID's
So forget about using UID's for a door lock.
But to try and answer your questions
There re companies like Passkit that have commercial solutions that work with the built in software.
But as a normal developer on iPhone you don't have access to this on Android it allows you to emulate the behaviour of a Type 4 Tag (you need and app to provide this functionality and install the service but it does not need the app to be running for it to work).
UID is not something the secure element usually does and the UID is mostly dynamically generated. The secure element most handles emulation of AID's (Application ID's) of Type 4 Tags.
UID's are mostly randomly generated as explained before.
Mostly UID's are unimportant to Tag emulation, therefore you can emulate more than one Type 4 Tag (having Tags with the same AID is more difficult but you are less likely to have that)
If the data is freely readable or it has the necessary password and or decryption keys then yes it can read a tag and copy the data. And emulate it if it is a Type 4 Tag. (Not all Tags are Type 4)
Lots of security measures need to be added and it is quite difficult/impossible to actually make a secure NFC door lock. (yes you can make it more difficult to hack but never impossible, there are too many ways like "man in the middle" type attacks, custom hardware, even rooted Android phones)
You can also reverse your thinking and it's the door lock that emulates the Tag and the phone just needs be a NFC reader/writer which all NFC enabled phones can do.
Or more common is to use bluetooth in the door lock as that is more ubiquitous in phones.