October 4, 2012 By: Jimmy McGee
Near-Field Communications, or NFC, is a new and exciting technology. The mainstream media likes to tout its ability to allow for contact-less payments with your mobile device. However, there is so much more you can do with NFC. In the sixth in a series of XDA Pro Tips, XDA Elite Recognized Developer and TV Producer AdamOutler showed you some of the possibilities of NFC tags.
Now, XDA Forum Member wedjohn57 has shared an application that allows you to do almost anything with NFC tags. In this video, XDA Developer TV Producer TK reviews AnyTAG NFC Launcher. TK shows off the application, its uses and functionality, and gives his thoughts of the application.
NFC technology is poised to become the core of the mobile payment world. Nearly every cutting edge smartphone released in the next year will feature some form of NFC and mobile payments. Every major player from Verizon to Google, from MasterCard to American Express is in some way attempting to enter the market and gain a foothold in the thriving industry. Yet this is not without cost: Near-Field Communication technology is new and relatively untested. By linking it with our smartphones, a device we use for nearly every aspect of our lives, we’ve created the most potent bait an identify thief or malicious life hacker could desire.
Yet until recently, few cared to think about the malicious possibilities that NFC posed to the user. Just over a week ago at Mobile Pwn2Own, this changed when MWR Labs demonstrated that NFC users (and vendors) have a whole lot more to think about. While the exact details of the exploit are still withheld, using the Samsung Galaxy S3’s NFC chip, a file is downloaded and automatically opened. Next, the file was able to elevate its privileges and thereby gain control over every aspect of the device. As explained on the team’s blog:
The first vulnerability was a memory corruption that allowed us to gain limited control over the phone. We triggered this vulnerability 185 times in our exploit code in order to overcome some of the limitations placed on us by the vulnerability.
We used the second vulnerability to escalate our privileges on the device and undermine the application sandbox model. We used this to install a customised version of Mercury, our Android assessment framework. We could then use Mercury’s capabilities to exfiltrate user data from the device to a remote listener, including dumping SMS and contact databases, or initiating a call to a premium rate number.
While this type of attack may seem complicated and far fetched, the reality is that criminals will go to great lengths to formulate a method by which to steal your information and money. The more reliant on mobile technology we become, the more vigilant we must be in safeguarding our information. Having NFC enabled 24/7 is like having your credit card, phone number, address, name, and Social Security Number dangling from your belt loop. So while the exploit will undoubtedly be patched quickly, just remember: You never know who may be watching.
NFC has slowly been gaining in popularity since it started making its way into mobile phones. While the most common usage for NFC is mobile payment through services like ISIS and Google Wallet, there are actually a number of other ways to use NFC tags. The latest application of the technology is to use it as a pseudo-task manager using an application called AnyTAG.
AnyTAG basically allows you to open and close a variety of tasks and applications via NFC. This could be useful for a number of reasons. One such example is toggling WiFi off when you leave your house, toggling silent mode when you lay down to go to bed or toggling Bluetooth on in your car. It was posted to the forums by XDA Forum Member wedjohn57. And although it was posted in the Samsung Galaxy S III section, the application should be compatible with any NFC-enabled device.
Here’s a list of all the things you can currently do with AnyTAG:
✔ Bluetooth (on/off/toggle)
✔ Bluetooth discoverable (on)
✔ WiFi (on/off/toggle)
✔ WiFi Hotspot (on/off/toggle)
✔ Connect to specific WiFi SSID
✔ Mobile data (on/off/toggle)
✔ Airplane mode (on)
✔ GPS (on/off/toggle)
✔ Capture photo (front/back camera)
✔ Screenshot – root only (Beta)
✔ Launch an app
✔ Launch an activity
✔ Make a call or USSD
✔ Send an SMS
✔ Open a web page
✔ Launch tasker
✔ Silent mode (off/vibrate/mute)
✔ Set volume (ringer/notification/media/alarm)
✔ Auto rotate screen (on/off/toggle)
✔ Auto brightness (on/off/toggle)
✔ set screen brightness
✔ Stay Awake While Charging (on/off/toggle)
✔ Auto sync (on/off/toggle)
✔ Display Timeout
According to the Google Play description, there are also more features yet to be implemented. Additionally, you don’t need re-writable NFC tags. As the app description explains:
Every NFC tags come with a unique tag ID.
Instead of writing task/action into the NFC tags like what other does.
AnyTAG NFC Launcher let user stored list of tasks and tied it with the NFC tag ID. So when user scanned NFC tag, AnyTAG will recognize the tag ID and perform configured tasks accordingly.
No modification of NFC tags stored data at all.
So if you’re looking for another way to use your NFC tags, this is a pretty good option to try out. For additional details, check out the original thread.
August 30, 2012 By: Ian Stacy
While CyanogenMod 10 becomes the norm for many cutting-edge device, it appears that CyanogenMod 9.1 still has a trick up its sleeve when it debuts. In an industry first, CyanogenMod (a community-maintained Android ROM that isn’t directly affiliated with the AOSP) has partnered with NFC cloud-based payment company SimplyTapp to produce a new method of paying for real goods and services with NFC-capable devices.
Much like Google Wallet, Google’s NFC payment system, SimplyTapp allows users of NFC capable devices (flashed with CM 9.1) to store payment method information in the cloud. By installing the app and signing up for a card ($0 to $5 depending on the type of card, with fixed amount gift cards, re-loadable cards and some local store cards available) your device can be used in a similar fashion to a debit or credit card but with the added simplicity of waving your NFC capable device to make a payment and the added security of storing your payment information in the cloud until needed.
According to the announcement at the Cyanogenmod homepage, enhancements to the Ice Cream Sandwich NFC stack were necessary to make this service work, and those changes have been implemented in the upcoming CyanogenMod 9.1 release. CyanogenMod 10, which is based on Jelly Bean (Android 4.1), will eventually see Tapp as well, but not until changes to the AOSP Jelly Bean tree slow down.
The announcement also mentions that while CM 9.1 will not contain new features, it ushers in a host of bug-fixes. This also serves as an indicator that new features will no longer be introduced to CM9.
Announced months earlier, the ISIS NFC mobile payments project seems to be getting much attention in the media lately. The collaborative effort between T-Mobile, AT&T and Verizon Wireless, which is set to launch shortly, aims to bring NFC-based mobile payments to the subscribers of these carriers across United States as a competitor to Google Wallet.
In the change log of the latest software updated released for the T-Mobile Galaxy S II, mention of an ISIS/NFC update was spotted by XDA Senior Member manekineko. This can be considered evidence that support is coming to the Galaxy S II. Also, XDA Senior Member sn0warmy has started a Google Wallet vs. ISIS thread comparing the merits and demerits of each of these mobile payment platforms. ISIS is expected to support the other Android devices on these networks that feature an NFC chip, including variants of Nexus S, Galaxy Nexus, Galaxy S II, Galaxy S III, and other possible devices.
According to the official ISIS website, it is expected to launch some time this summer, starting with Salt Lake City and Austin serving as initial markets before expanding the rollout.
While Google Wallet started off with a partnership with MasterCard and Citi, ISIS is launching with partnerships with BarclayCard US, Discover, MasterCard, VISA, and American Express. This bringing a far wider direct payment card support than its Google competitor. However, given how Google Wallet can now work with any major credit card, this advantage is somewhat moot.
As mobile payments gain more and more popularity in the US, it’s great to see a new entrant in the industry, as that will lead to competition in which winners are often the consumers.
August 11, 2012 By: Haroon Q. Raja
If you have one of the Samsung Galaxy S II variants that shipped with NFC and are currently running a custom Jelly Bean ROM, you might have noticed the lack of functional NFC capabilities on your phone. Fortunately, you needn’t wait any longer. Thanks to XDA Senior Member jthatch12, you can now enable NFC on any custom Jelly Bean ROM on your Galaxy S II.
The hack is quite straight-forward, and all it requires is an SGS II variant that comes with NFC hardware. So if yours is one of those shipped without it, don’t expect it to magically work just by using this hack. Also, it is meant for devices running Jelly Bean only. This mod has been confirmed to be working on AT&T’s Galaxy S II (SGH-I777) and South Korean KT’s Galaxy S II (SHW-M250K), but should work fine on any NFC-equipped variant. As explained by jthatch12:
Devices Confirmed Working On:
….IDK you tell me!
Devices this should work on:
i9100 = NO
i9100P = YES (it’s an i9100 exactly, but with NFC. ROMs for i9100 will work, but need to be modified to show NFC settings, otherwise no NFC options will show)
i9100G = NO, it’s completely different from the i9100 hardware (TI-OMAP instead of Exynos). ROMs from i9100/P don’t work.
T989 (T-Mobile GS2) = YES, but it’s completely different from the i9100 hardware (Snapdragon S3 instead of Exynos). ROMs from i9100/P don’t work.
i777 (AT&T GS2) = YES* , stock ROMs disable it. ROMs from i9100 work because they’re the same phone (it’s really an i9100P because it has NFC) but you need to modify button layout or the buttons won’t work in the ROM.
D710 (Sprint GS2) = NO
Wanna give it a shot? Simply download the file from the forum thread and flash it to your phone from recovery. For more information, join the discussion at the forum thread.
June 23, 2012 By: Jimmy McGee
In the sixth in a series of XDA Pro Tips, XDA Elite Recognized Developer AdamOutler demonstrates the use of NFC (Near-Field Communication) tags. AdamOutler begins by showing how to used the Tag ID to trigger a scripted event using an Android Application. Next, AdamOutler shows data being written and retrieved to and from a tag. Finally, AdamOutler discusses the NFC technology briefly. So sit back, relax, and check out the video.
June 14, 2012 By: Former Writer
While it hasn’t hit the mainstream yet, Near Field Communication is on the rise. With a number of flagship Android devices shipping with a NFC chip installed, users have been finding more and more uses for NFC. Is the experience perfect? Far from it, but improvements are being made all the time to make NFC a bigger part of the Android experience. There are many tools out there to help NFC users make full use of NFC, and now there’s at least one more way to make the experience even better.
One fault with the current implementation is that it usually requires the screen to be on and an application to be running for NFC to work properly. While some may not mind this, there are users out there who would rather be able to use their NFC more quickly and would prefer to be able to use it with the screen off. This is a problem that XDA Recognized Developer Geniusdog254 is looking to solve on the Samsung Galaxy Nexus.
The mod, which is flashed in recovery, allows users to use NFC with the screen off and on the device’s lock screen. As Geniusdog254 explains:
This is a modified Nfc.apk, which is the system NFC service that runs at boot. It allows you to scan NFC tags either with the screen totally off, or with the screen on but still at the lockscreen. You get to choose which one you want to flash. Just download one of the zips below, and flash it via recovery (tested with ClockworkMod). To restore to stock, just pick the stock version.
This makes the NFC experience easier and more efficient for frequent NFC users and it’s pretty easy to implement. That’s a win-win situation.
For full instructions on use and download links, head over to the original thread.
May 14, 2012 By: Jimmy McGee
In today’s Quick Take of This Week in Development, Jordan takes time out of his birthday celebration to cover a couple stories of interest from the XDA Portal. Giving a nod to the most important women in anyone’s life, Jordan discussed the Top Five Apps for the Hard Working Mom. A mother is the woman who brought you into this world, and according to my mother, is the one woman who can take you out of it.
Jordan then talks about managing files with AROMA file manager and the addition of the NFC Hardware Hacking forum. Finally, Jordan mentions our new Pro Tip series on XDA TV. All in all, this is a video you don’t want to miss!
NFC lends itself to some pretty interesting and amazing possibilities. With NFC-based task automation and well-publicized mobile payment options, NFC may well become a central component in your future (or current) smartphone. In fact, more and more new phones are coming with the technology, and for those lucky enough to have it, you are probably waiting for the next killer app for the nascent platform.
Maybe you’re an app developer thinking about incorporating NFC into your next application, or perhaps you’re trying to hack NFC onto previously unsupported devices and unsupported carriers. Whatever the situation, we realize that NFC hacking is important. As such, we are creating a new forum for NFC Hacking that will serve as an extension to our Hardware Hacking forum.
What are you waiting for? Head over to our new NFC Hacking forum to get in on the discussion and start some new development projects!
AT&T Samsung Galaxy Note users might want to have a look at this. With all the interesting stuff going on with NFC (Near Field Communication), from using Google Wallet to make real-life purchases with your phone to contact sharing and even initializing multiplayer games, it’d be a shame to have a NFC chip in your device and not be able to use it. Some of the more notable devices that have the NFC chip include the Samsung Galaxy S II, the Motorola Droid RAZR, and the HTC Amaze 4G.
The Korean version of the Galaxy Note has an activated NFC chip. Now, thanks to XDA Forum Member fox689, AT&T Note users can enable the NFC chip on their own devices. From the original thread:
This flash contains an xml permissions file and the Tag.apk from the Canadian ROMs.
Once you’ve flashed this you will have the option to turn on NFC in Wireless Settings as well as be able to install NFC apps from the Play Market.
If you’d like to give it a shot on your Note, check the original thread for download links and install directions. You will have to flash this mod through recovery, so be sure to make a full backup of your device and read all instructions before you jump in.
Google Wallet is all over the headlines lately, first with its release on the Verizon network with the Galaxy Nexus and then with its release on the AT&T network with the Samsung Galaxy S II. Sprint and T-Mobile users have even been able to sideload the Google Wallet app on their respective variants of the Nexus S.
The app itself relies on the devices NFC chip to communicate with non-contact payment stations, like Mastercard’s PayPass. Google Wallet stores your credit card information allowing you to make in-store purchases with a swipe of your phone. Since the information on the chip can be accessed without direct contact several security measures were put in place to protect users. A four digit PIN is required to make purchases with the app, adding an additional layer of security. XDA Member and zvelo employee miasma discovered a flaw in the PIN system, allowing retrieval of credit card information. viaForensics, a company specializing in proactive forensic security (software hacking with the goal of reporting flaws and protecting users), also helped to demonstrate the exploit, proving that the process could be repeated on other devices.
Multiple problem areas were identified but the biggest was in the encryption of the PIN. Using SHA256 hex encoding, the PIN is secured in the app data. Knowing the PIN is 4 digits, viaForensics’ calculations show a brute-force would take, at-most, calculating 10,000 SHA256 hashes. This takes little effort and both miasma and Google have been able to compromise the PIN security in private tests.
Rooted users take note; the security flaw can only be exploited on phones with root privileges. Google has acknowledged the flaw and they are working on a fix. In order to preform this attack a hacker would have to have physical access to your phone, so until a fix is published users can assure their safety by keeping their device within reach. As always, for the security of your phone, stay up to date with the latest software. Don’t forget to keep your phone secure with a lockscreen pattern, PIN or password (or face unlock if your device supports it).
To see the exploit in action, check out the video here. The original thread announcing the vulnerabilities can be found here. Google is working with the banks and card companies involved to make Google Wallet more secure and to patch this security flaw, so hopefully we’ll see some updates soon. Until then, keep those NFC enabled phones within reach at all times!
February 3, 2012 By: Ian Stacy
If you have a phone with an NFC chip and aren’t using Google Wallet, now’s your chance. Check out this thread for reports of working NFC payment locations.