RawNFC command library

RawNFC Android App

RawNFC is an open source application developed by Dangerous Things to enable raw communication with compatible transponders, including non-NFC compliant transponders like Mifare Classic chips (only on compatible hardware).

You can sideload the APK from here;

RawNFC.apk (538.0 KB)

The Google Play link is forthcoming.

Custom URI command import

The app supports a custom URI scheme which allows you to simply tap a link to load a series of commands into RawNFC to be executed on whatever tag is tapped to the phone. This post / thread will stand as a library of commands meant to be used with the RawNFC app for Android.

The format of this URI is as follows;

dnfc://{tag technology}/{commands in hex}

As a simple example, the following command will return the GET_VERSION (0x60) data for any NTAG family transponders;

NTAG GET_VERSION

If you have RawNFC installed and tap the link above, RawNFC will open and 60 will be pre-loaded into the input window;

Now tap any NTAG family chip to execute the command and get back the VERSION information from the chip;

The line numbers of the input textbox correspond to the line numbers in the output textbox. To share the output, long tap the output textbox to get an option to copy the command and response history to the clipboard;

-----BEGIN RAW NFC DUMP-----
android.nfc.tech.NfcA
> 60
< 0004040201001303
-----END RAW NFC DUMP-----
12 Likes

NTAG TAG FIXES

This post contains various fixes for NTAG based products like the xNT, NExT, flexNT, xSIID, etc.

Setting a blank NDEF on your Type 2 NFC tag

Sometimes NDEF records get borked which can cause problems writing or updating your NTAG / Ultralight. This is the first step in attempting a recovery.

Write blank NDEF

This command will simply write a blank NDEF record starting at page 04 and null blank the following pages 07, 08, and 09 just for good measure. Each successful write should return 0A in acknowledgement.

Authenticate first, then write blank NDEF

For people with write-protected user memory, the first line is an PWD_AUTH command using the default FF FF FF FF password.

It is not possible to unset or remove the password, it must always be set to something, so usually that is the factory default of FF FF FF FF. If you have set your password to something else, swap out the FF FF FF FF for your 4 byte password in hexadecimal format before executing this command.

7 Likes

That’s cool! It’s also pretty much what I started building in Zinc. If I had known I would have waited :sweat_smile:
The custom Uri trick is going to be great for sharing, you could even store a series of commamds in an ndef this way. I can’t wait for someone to create some sort of trick where they load and write commamds off and on to a chip in a loop :joy:

3 Likes

No trick, it just works…

The only reason I have to choose the OS tags intent is I have MCT loaded too

5 Likes

Haha awesome!
I was thinking of having some basic non ncf commands in mine to make automation easier
Ie:
Basic loop
Condition on the previous output
Delay

So you can write something along the lines of:

60
IFOUTPUT( 00 01 00 02 04…)
39:02

WAIT (10)

GOTO 0

Is that on your roadmap?

1 Like

Not really… didn’t see the need to make a mini interpreted language out of it hahah :slight_smile: go nuts!

3 Likes

4 Likes

Is this opensourced?

1 Like
8 Likes

hell yeah, love to see it

4 Likes

This is awesome; a much-needed tool in the current ecosystem. Thank you for sharing it with the community!

However, it appears to be missing a license file? Without it, it’s less ‘Open Source’ than ‘source-available’, as (in the US at least) no license doesn’t grant a right to let us do much with it. Please consider adding a free / open source software license!

An oversight really… will pick a license and add … eventually :slight_smile:

4 Likes