Android Clipboard Wedge

(doubt this is a unique idea, but thought I’d share regardless)

So, I do a lot of work with my phone, SSHing into remote machines of mine, logging into remote file shares, etc. I use my implant via a keyboard wedge for a lot of things, which makes the phone side of things very annoying. I’ve been using an app like NFC tools to read the UID, then manually retype it in the keyboard wedge format.

I’ve done very little Android development, but I decided to try and fix this daily annoyance of mine.

I wrote a super simple Android app that launches automatically when any implant is scanned, copies the UID to the clipboard in the same format as the DT wedge, minimizes itself, waits 5 seconds, then wipes the clipboard (and attempts to wipe any clipboard history) by writing random/pseudo-random data to the clipboard. The app never has to be actually launched (won’t even show in the launcher). It’s using the proper intents, so it assumes control when needed.

Quick demo video with awful editing(I had to up the clipboard override count for Gboard, hence the popup in the video):

I built an APK and signed it, and attached it here:
nfcwedge.apk (2.6 MB)

However, if you don’t trust it (as you probably shouldn’t for random APKs ), you can always download the project from my GitHub, open it in Android Studio, and build it yourself (the code is an absolute template-y mess right now, but I wanted to get it posted).

GitHub repo:

On first use, you’ll see if flash for a moment, then it should run in the background.

Warning: this will override most NDEF openings on android while installed. It has to do this obviously, otherwise your web browser or whatever it is would open instead. This isn’t a big deal for me, as I only usually demo with other people’s phones. For some NDEF types and overall card types, it’ll actually prompt which one you want to use.

Also, to uninstall, since it doesn’t have a launcher icon, just use the application manager in settings.

Future plans:

• Add settings menu to determine formatting
• Add option to change what NDEF types are ignored
• NDEF forwarding of stuff like web URLs if desired

Friggen sweet

This is awesome! There is something you overlooked though. While writing data to the clipboard “deletes” the history of gboard, it doesn’t do much for the system clipboard history (long press on a text field and click clipboard). From that menu, I’m able to see the last couple days of clipboard history… including the uid that was scanned.

Hmm, that’s interesting. What version of Android are you using, and what phone do you have? Wondering if it’s a vendor specific feature. Mine doesn’t have another clipboard history, and as far as I was aware, there wasn’t one in stock android (from reading the developer documentation). Gboard is a special case, since it stores its own history. I’ve got a Pixel, so I’m running close to stock.

I’m using a Samsung Galaxy Note 20 on Android 11. My Huawei phones had it as well, which is what made me think it was a stock feature.

Looked it up, looks like it is indeed a Samsung specific thing (although as you mentioned with Huawei, many other vendors add it as well, including LG). Android normally only has a single clipboard slot. Once it’s cleared, it’s gone.

There’s also several clipboard managers that can be installed on any android phone, that do the same by running in the background. Gboard assumes this functionality as well.

Can you find a limit to the history? It doesn’t seem to be a big performance hit to increase the randomizer count, the android clipboard library seems to be decently efficient.

Obviously this is still a compromise in security, if some app was in the background recording clipboard data without your knowledge. Using a keyboard wedge at all is also a security compromise tbf, and both could be alleviated by combining it with a password or pin.

The only other method I could try is enabling permissions to draw other over apps and directly insert input, the same way apps like Bitwarden can insert password data into whatever app is open. I think I’ll try that in a bit, see if that might work.

It looks like the limit is 40, at least for Samsung. There could also be other factors at play (which app you’re in, time between adding content to the clipboard, etc).

If you’re able to have it directly insert input that would definitely be preferable. It would be much more secure, and I’d rather not mess up my clipboard history if it can be avoided.

So it looks like password managers use the Android autofill framework specifically, which requires whatever app is recieving input to have also integrated support.

However, it looks like I might be able to make a custom input method that would literally act as a wedge reader, including enter support. However, I’m not sure if it would allow me to override NFC intents with a keyboard, or even read NFC data at all. It’s a rather unusual use-case, not sure if Android’s permissions are set up to support it.

It looks like some features might only work if rooted, as well. Samsung clipboard data is just stored in a file, with root permissions you could just back it up and rewrite it whenever the input is finished. As if it never happened.

I’ll keep working on it.

So, still limited by Android permissions slightly, but by making my own IME, I was able to make a new version. This one is enabled as a keyboard in settings. After scanning the implant, it temporarily saves the implant ID as a file within the applications compartmentalized data storage. Then, upon switching to the keyboard, it types out the implant ID, presses enter, then deletes the file, and switches back to the normal keyboard. If you attempt to use the keyboard without having just scanned, it will simply type nothing and return to your previous keyboard. Ideally, it would just be tap, type, return to normal keyboard, but android doesn’t allow non-system apps to change the selected keyboard.

I wasn’t able to do the same side by side (had to borrow someone’s phone for that), but here’s a quick screen recording. Without the outer view it’s a bit hard to tell what’s going on. Immediately after starting the recording, I scanned a magic card. Then I activated the wedge. After that, I executed the ssh command, and swiped my hand implant. Then, immediately after swapping keyboards, I’m logged in.

It’ll also deauthenticate if the wedge keyboard isn’t activated within a set time, by deleting the temporary ID file.

This fixes all potential clipboard issues, and should be much more secure.

Also, after the fact, I fixed the name in the keyboard settings. Not just a template anymore haha.

I really like that system! The “input method” button is always on the nav bar when typing (for most people), so switching inputs isn’t an inconvenience at all. That also prevents it from inputting data when you don’t want it to, which is an added bonus.

On a side note: I tried messing around with tasker for a bit just out of curiosity to see if it could do the same thing. It technically can - I got it to read the uid and type it out automatically - but in addition to always copying the uid to the clipboard, tasker didn’t actually detect scanned NFC tags until I deleted every other nfc app for whatever reason.

Just updated my Pixel 4a to the Android 12 beta, and it broke the new version completely It opens, but typing doesn’t work. Hoping they didn’t remove any functionality I needed for this.

Guess this is a good opportunity to fix it before I post an APK. Not sure if the old version with the clipboard still works.

oh i seem to remember there being a clipboard security thing they changed a while back… but might be able to grant your app “accessibility” permissions to regain access to clipboard and other more sensitive stuff.

That’s the weird thing, I said above:

I just tried it, it works perfectly. So it’s not anything with the clipboard (probably since I’m just writing to it, never reading from it). It’s something with my IME implementation, maybe since I’m reading in a file with my IME? That’s not very conventional, could see it causes issues. I’m basically just using custom keyboard functionality as a shim to shove output into the system, I could see them not liking that.

I decided to try this out myself in tasker, and got it working pretty well. It’ll simulate hardware key presses to type out the UID, followed by the enter key. The clipboard isn’t touched at all, although I did also include a version that copies to the clipboard then overwrites it with 40 other entries if you want to use that for whatever reason.

Only issue with this is that tasker doesn’t seem to be set up to handle every type of tag. For example, scanning my NExT works just fine, but my xM1 won’t open in tasker at all. Not a big deal, since I assume most people will be using an NTAG21X implant for this type of stuff anyways, but it’s something to think about.

I’m also working on a method to unlock the phone with NFC via tasker, but that’s being a pita to get working consistently.

https://taskernet.com/shares/?user=AS35m8luOo1sEef9kcxiC2Xy%2FCkM1bbuUd93Wp6Dm22cv6x3YMuc3ynBUHi%2BN2RSkFBZ1mdxYA%3D%3D&id=Project%3AWrite+UID