How to scan an implant to autotype a PIN number into a banking app safely with Tasker

Okay, I figured I’d finally take some time to describe how to setup a Tasker script to automatically enters a PIN into a banking app when scanning an NFC implant without hardcoding the PIN in the script.

The app

So I have this banking app from my bank (Nordea) called Nordea Codes. What it does is, when you log into the online banking website, you enter your customer ID. As soon as you hit Submit, the app buzzes and asks you to punch your PIN number on the screen. As soon as you do, you’re logged into the online banking website.

This is a fairly standard cellphone-based online banking authentication scheme, and it works. But it requires me to enter a PIN each time when one of my implants could very well do the job.

Of course, I reached out to Nordea and asked them if they would consider an option to scan an implant as a replacement for the PIN. Of course, being a giant faceless bank with exactly zero interest in helping one single guy, they never bothered to answer. I didn’t hold much hope, mind you.

What’s a half-decent biohacker to do, you ask? Well, hack of course :slight_smile: I needed to trick the banking app into accepting a PIN from Tasker, and do it in a reasonably safe way.

The problems

1 - The app is not helpful

First of all, the banking app only accepts PINs tapped on the touchscreen. I tried connecting a USB keyboard to my cellphone, to see if it would accept the PIN from key events, but no: it has this custom entry form on the screen and there’s no way to feed it outside input events easily.

I’m pretty sure it contravenes a variety of laws on access for people with motor of visual impairment. But nevermind that. The short of it is, the only way to autotype a PIN is to use AutoInput to simulate screen taps.

2 - The app is paranoid

If you “type” the PIN at an impossible speed for a human with Tasker / AutoInput, the app locks up and you have to get a new code from the local branch of the bank, to the tune of 4.50 euros. If you enter the wrong PIN 3 times, the app locks up again, and that’s another 4.50 euros. Guess how I know… Fucking ripoff!

So the Tasker script needs to slow down to human-credible speeds to enter the pin, and there has to be a mechanism to prevent typing any PIN at all if the wrong implant is scanned.

3 - Hardcoding a PIN in a Tasker script is a Really Bad Idea™

The obvious, easy solution to autotype a pin when an NFC implant is scanned with Tasker is to trigger the script on your implant’s UID, and hard-code the PIN to type in the banking app into the script. The major problems with that are, if your phone is stolen:

1/ Your implant’s UID is hardcoded in Tasker. If you use it for other things, like get into your house, someone has the ability to make a clone.

2/ Your banking app’s PIN is hardcoded in Tasker: any idiot can read the script, log into your online banking and clean your account.

Not good. Not good at all… So the script needs to do some math so that the script alone, or the UID alone, aren’t enough to discover the PIN.

Tasker is terrible at math. But it has just enough to make something reasonably secure. It’s not proper security by any means, but it’s better than leaving your balls hanging in the breeze with a hardcoded PIN.

The script

Here is the profile and task you need, described in Tasker “pseudo-code” (I really wish that thing had a proper keyboard input and syntax…). The explanataions are down below:

Profiles:

   * NFC enter banking PIN

      NFC Tag -> NFC UID to PIN type

Tasks:

   * NFC UID to PIN type

      1. NFC Tag

         Output Variables
            %nfc_id
            ID

      2. Variable Convert

         Name
            %nfc_id
         Function
            Hex to Decimal
         Store Result In
            %nfc_id_dec

      3. Variable Clear

         Name
            %nfc_id

      4. Variable Set

         Name
            %header
         To
            %nfc_id_dec * 49 + 813692853
         Do Maths

      5. Variable Clear

         Name
            %nfc_id_dec

      6. Variable Set

         Name
            %trailer
         To
            %floor(%header / 100000000)
         Do Maths

      7. Variable Set

         Name
            %header
         To
            %header - %trailer * 100000000
         Do Maths

      8. Variable Set

         Name
            %pin
         To
            floor(%header / 10000)
         Do Maths

      9. Variable Set

         Name
            %header
         To
            %header - %pin * 10000
         Do Maths

     10. Stop

         If
            %header NEQ 1337
            or
            %trailer NEQ 1337

     11. For

         Variable
            %digitno
         Items
            1:4

        12. Variable Set

               Name
                  %digit
               To
                  %pin % 10
               Do Maths

        13. If

               Condition
                  %digit EQ 0

           14. Autoinput Action

                  Configuration:
                     <Whatever needed to click 0 in your banking app>

        15. End If

        16. If

               Condition
                  %digit EQ 1

           17. Autoinput Action

                  Configuration:
                     <Whatever needed to click 1 in your banking app>

        18. End If

        19. If

               Condition
                  %digit EQ 2

           20. Autoinput Action

                  Configuration:
                     <Whatever needed to click 2 in your banking app>

        21. End If

        22. If

               Condition
                  %digit EQ 3

           23. Autoinput Action

                  Configuration:
                     <Whatever needed to click 3 in your banking app>

        24. End If

        25. If

               Condition
                  %digit EQ 4

           26. Autoinput Action

                  Configuration:
                     <Whatever needed to click 4 in your banking app>

        27. End If

        28. If

               Condition
                  %digit EQ 5

           29. Autoinput Action

                  Configuration:
                     <Whatever needed to click 5 in your banking app>

        30. End If

        31. If

               Condition
                  %digit EQ 6

           32. Autoinput Action

                  Configuration:
                     <Whatever needed to click 6 in your banking app>

        33. End If

        34. If

               Condition
                  %digit EQ 7

           35. Autoinput Action

                  Configuration:
                     <Whatever needed to click 7 in your banking app>

        36. End If

        37. If

               Condition
                  %digit EQ 8

           38. Autoinput Action

                  Configuration:
                     <Whatever needed to click 8 in your banking app>

           39. End If

        40. If

               Condition
                  %digit EQ 9

           41. Autoinput Action

                  Configuration:
                     <Whatever needed to click 9 in your banking app>

        42. End If

        43. Variable Set

            Name
               %pin
            To
               Floor(%pin / 10)
            Do Maths

        44. Wait

               MS
                  200

     45. End For

     46. Variable Clear

         Name
            %digit

     47. Variable Clear

         Name
            %pin

In case someone wants the importable XML for the task (specifically for the Nordea Codes app in this case) to avoid entering everything manually, here it is:

NFC_UID_to_PIN_type-Nordea_Codes.zip (2.7 KB)

Explanation

So what does it do?

The “NFC enter banking PIN” profile is linked to the task “NFC UID to PIN type” task and triggers when any NFC tag not natively handled by Android is scanned.

In the task, line 1 stores the NFC UID in the %nfc_id variable. A UID is just a number, but at this point it’s a hex string. Line 2 converts it into a decimal integer that you can do math on.

Line 4 is where the black magic happens: it takes the UID number, does a quick operation on it and turns it into another large integer.

In this example, the implant’s UID that’s supposed to trigger entering the PIN is A1B2C3D4. It’s a sample 4 byte Mifare Classic UID, just to illustrate the logic. So this UID is scanned, then turned into the integer 2712847316, then the operation 2712847316 * 49 + 813692853 yields the value 133743211337.

That value is in fact 1337, the PIN to type in reverse (here 1234), then 1337 again, all concatenated into a single integer. Lines 6 - 9 split that value into the variables %header, %trailer and %pin. Then line 10 checks that %header and %trailer contain the magic number 1337 before allowing the rest of the script to autotype the PIN.

That way, if another UID is scanned, %header and %trailer won’t match and the script will not autotype the wrong PIN into the banking app (or rather, strictly speaking, %header and %trailer will be very unlikely to both contain the magic number, but that’s good enough to stop mistakes). And of course, you also need the right UID to extract the right pin.

The trick is to make up the math formula in line 4 so that the right UID yields the right pin and magic header and trailer.

Once the PIN is determined, the rest of the script from lines 11 to 45 extract each of the 4 PIN digits, unit first (hence the need to encode it in reverse) and types it into the banking app using AutoInput.

Line 44 introduces a short wait between each tap in the banking app, so it doesn’t figure out it’s not a human entering the PIN.

Finally, lines 46 and 47, but also 3 and 5 clear any compromising variables from memory, so that nobody can read them later on or manually trigger the script using the last scanned UID. If you’re very paranoid, you can even scan another implant after the “hot” banking implant to really make sure Tasker has forgotten it.

I hope the above will give you ideas. If anything isn’t clear, let me know and I’ll try to explain better.

6 Likes

Apparently Tasker will import / export xml files - you could probably craft your own xml profile / task…

1 Like

Yes, the problem is, the format used in the XML isn’t exactly the most readable thing in the world: all the commands and parameters are numbers.

1 Like

Ouch, didn’t realise tasker was that bad… that really sucks! I never got into tasker much since it was too hard to use, even as someone familiar with IFTTT and programming :man_shrugging:

It’s pretty good. The problem is, it started out as a small tool to automate things easily in Android. Then it grew and grew, and functionalities were added, but it kept the atrocious point-and-click “programming” interface that made it easy to use when it was a simple tool. Now the interface is really cracking at the seams and getting in the way.

The author should add a proper text syntax, so that one can script tasks on the keyboard. But that’s easier said than done. Also, I should point out that if you’re really serious, you can inject Java code in it. But it’s not terribly easy.

Yeah, I wish for a nice scripting language. The material design update helped somewhat with the UI, but its definitely still terrible to this day :frowning:

Python with Tasker-like callbacks is what I want :slight_smile:

1 Like

In case someone wants the importable XML for the task (specifically for the Nordea Codes app in this case) to avoid entering everything manually, here it is:

NFC_UID_to_PIN_type-Nordea_Codes.zip (2.7 KB)

1 Like

Brilliant post, @Rosco! really usefull, complete and, best of all, hilarious!

Also that! I can’t stress enough how much I agree with that single statement!