Scroll to navigation

nfc-emulate-uid(1) libnfc's examples nfc-emulate-uid(1)

NAME

nfc-emulate-uid - NFC target emulation command line tool based on libnfc

SYNOPSIS

nfc-emulate-uid [OPTIONS] [UID]

DESCRIPTION

nfc-emulate-uid is a tag emulation tool that allows one to choose any tag UID. Tag emulation is one of the main added features in NFC. But to avoid abuse of existing systems, manufacturers of the NFC controller intentionally did not support emulation of fully customized UID but only of "random" UIDs, which always start with 0x08. The nfc-emulate-uid tool demonstrates that this can still be done using transmission of raw frames, and the desired UID can be optionally specified.

This makes it a serious threat for security systems that rely only on the uniqueness of the UID.

Unfortunately, this example can't directly start in fully customisable target mode. Just after launching this example, you will have to go through the hardcoded initial anti-collision with the 0x08-prefixed UID. To achieve it, you can e.g. send a RATS (Request for Answer To Select) command by using a second NFC device (placed in target's field) and launching nfc-list or nfc-anticol. After this first step, you now have a NFC device (configured as target) that really emulates a custom UID. You could view it using the second NFC device with nfc-list.

Timing control is very important for a successful anti-collision sequence:

- The emulator must be very fast to react: Using the ACR122 device gives many timing issues, "PN53x only" USB devices also give some timing issues but an embedded microprocessor would probably improve greatly the situation.

- The reader should not be too strict on timing (the standard is very strict). The OmniKey CardMan 5321 is known to be very large on timings and is a good choice if you want to experiment with this emulator with a tolerant reader. Nokia NFC 6212 and Pegoda readers are much too strict and won't be fooled.

OPTIONS

UID 8 hex digits format that represents desired UID (default is DEADBEEF).

IMPORTANT

ACR122 devices (like touchatag, etc.) can be used by this example (with timing issues), but if something goes wrong, you will have to unplug/replug your device. This is not a libnfc's bug, this problem is due to ACR122's internal MCU in front of NFC chip (PN532).

BUGS

Please report any bugs on the libnfc issue tracker at:
https://github.com/nfc-tools/libnfc/issues

LICENCE

libnfc is licensed under the GNU Lesser General Public License (LGPL), version 3.
libnfc-utils and libnfc-examples are covered by the the BSD 2-Clause license.

AUTHORS

Roel Verdult <roel@libnfc.org>

This manual page was written by Romuald Conty <romuald@libnfc.org>. It is licensed under the terms of the GNU GPL (version 2 or later).

June 26, 2009 libnfc