Realized there are entire pictures stored on some passports; alongside a ton of other data. Can these files be extracted and placed onto an implant like the Apex or flexSecure? Would I need to create some kind of new implementation to store these data at a new applet and make a PR at @StarGate01 's repo? Can imaging data like this be cloned onto the flexDF2? Or should I just ensure to keep NDEF records here only until I read through the NDA stuff?
To refine this qst; I’m asking if it’s possible to copy Passport data at the NFC chip at a passport and clone it completely to exactly any chip sold by Dangerous Things or; perhaps get an identical chip, have it modified by @amal to enable its implantation?
The final implementation I had in mind is to have an exact clone of a passports NFC chip data at exactly any implant; either at this website, or at something I can find online, write to; and potentially get modified for implantation by @amal
last resort is rolling up to HQ and just sending off the passport itself / my old (broken doing Parkour) Spark implant for mods / repairs and just using my other citizenship for travel and the implanted one for emergencies.
Kinda possible yeah. GitHub has some open implementations of “travel documents” code. Getting at passport data is easy enough if you have the key from the photo page… but be careful. Invalid key attempts are limited to like 4 or 5 and then access is locked.
You could likely copy the signed data into an applet and provide the same key access mechanism to emulate a passport.
However, you have to consider a few practical caveats:
Passports are probably one of the hardest to copy documents, by design. This also applies to the (cryptographically attested) data in the NFC chip. Even If you were to copy the data into a new chip, you would be missing the necessary signatures by your countries passport authorities for the passport to be accepted. Imagine the fallout if passport chips were easily copied.
Most passport readers (e.g. at airports) require you to scan the machine-readable pages of your passport on a flatbed-like scanner device. This device reads the NFC data as well. I don’t quite see how any NFC device which is not a passport could work there.
If you figure something out, you are of course welcome to make a PR to the flexSecure-Applets repository! Do note though that most development happens inside the applet-specific submodules, which is why you won’t see much interaction on the main repo.
I don’t think this is true because you can pull the signature out with the data… it’s just part of the data. This is how the passport apps on Android can verify the data is accurate by checking the signature against known government public keys.
The signature protects the data from alteration, but it’s not generated internally by the chip it’s signed by the government(s) before pushing into the NFC chip in the passport.
The question for me is, where are all these government public keys at? Anyone have a source for these?
Interesting. Are there any commercial systems which read passport NFC chips but do not require / expect a full passport? (I.e. what would the use-case be for such an applet)
No idea, but it’s possible there are commercial implementations, just not well known. We may integrate it for identity validation on future services. I could imagine banking and kyc/aml applications… just banks are slow and dumb.
Hm. For passports there seems to be some kind of anti-cloning protocol using an public/private key schema in use (?) see Cloning detection for ePassports .
In some (EU) countries, you can use your citizens ID for some official / bank business. Much more useful than a passport.
Interesting. I guess that makes sense but it’s also still possible for us to use the signed data extracted to validate identity… as long as we have public keys for signature validation for all the countries. Anyone got a source for keys or CAs that can be queried?