I had to take a closer look to see why you set them up at a best buy.
Yeah it does look a bit like a computer store
That there is a small part of a row of test computers at one of our suppliers’.
One guy called me and said “Those readers you set up, can you give me a password to write to them?” A bit confused, I asked what password. He said “Well, I got curious, so I downloaded this thing called NFC Tools and tried to write my password to the reader. It beeped but the computer said Login Failed. So I need another password I suppose.”
What the fuck was he on about about… No idea.
So I popped by and here’s what happened: in fact, when he approached his cellphone, NFC card emulation was on, so the reader took it for a passive NFC card and rejected the UID for login. Normal. But the guy was also trying to write an NDEF with his password at the same time, hoping to feed it to the normal login through NFC. I can see how that can be confusing if you don’t know how NFC works. Amusing that he tried and actually got somewhere though…
Anyway, long story short, I registered his phone’s emulated UID into the computers he wanted to use, and lo, now he too can login without a password. He’s all happy about it and telling his workmates! Hopefully he’ll soon get into his head that he could do without the cellphone too
What phone model? Some (most) phones randomize the emulated UID each time.
Not sure. It was a black slab and that’s really all I see in a phone.
The UID came out as 01020304 hex each and every time. I wasn’t too impressed by that from a security standpoint, but I figured I’d register it anyway to avoid dashing the guy’s newfound interest in NFCness. It doesn’t matter too much as it’s a login to a custom test program rather than a general account login, and the machine is behind a firewall.
Haha omg sounds like a Chinese phone to me
I’ll ask him what phone he has tomorrow.
By the way, I have a Chinese phone (a Ulefone Armor 3W) and I can’t enable NFC emulation at all, as it says it’s missing security elements. So it’s very very secure - as in it-doesn’t-work-at-all kind of secure. Who says Chinese phones are bad eh?
hah uhh… HCE (host card emulation) was Android’s response to hardware makers NOT putting secure elements into their hardware
The guy’s phone is a OnePlus 7. Chinese alright.