NFCSnoop Decoder (Android NFC Snooping!)

So, I noticed Android has a “NFCSnoop” format that you can extract using

adb shell dumpsys nfc

but the format is kind of unknown. I went and dug around, eventually finding the code that actually generates the format and working from there.

Turns out, Android saves a ring buffer full of all NFC interactions in NCI (so between the phone and the actual NFC chip in the phone). You can extract them with the command above.

I ended up writing a decoder to decompress and interpret the headers/data, it’s on Github.

4 Likes

Oh wow you decoded that? That’s brilliant. Thanks! I tried to make sense of all that a few months ago and gave up.

Also, if you look at the log in adb shell, you can see a lot of stuff being logged in real time by the various bits of Android that handle the tag. There’s quite a few things to learn out of that too, but it’s also not documented.

I was looking into that when I implemented the cellphone-as-tabletop-reader option in SiRFIDaL, but ended up releasing a companion Tasker script to extract the information it needs. Now I’m gonna see if perhaps there’s a way to leverage your work and do away with the tasker script. Thanks!

EDIT: I like the unit test :slight_smile:

Oh, that unit test was the default in the Maven archetype. I didn’t bother loading it onto Jenkins so I didn’t bother writing tests.

Edit: About the program: It doesn’t decode NCI packets yet. It’s kind of clear I need to do so to make any sense of these dumps.