So, I noticed Android has a “NFCSnoop” format that you can extract using
adb shell dumpsys nfc
but the format is kind of unknown. I went and dug around, eventually finding the code that actually generates the format and working from there.
Turns out, Android saves a ring buffer full of all NFC interactions in NCI (so between the phone and the actual NFC chip in the phone). You can extract them with the command above.
I ended up writing a decoder to decompress and interpret the headers/data, it’s on Github.