Termux got NFC support: cyborg scripting on your smartphone!

So, I’m a bit late to the party since NFC support was merged into termux-api's master branch last December: if everybody already knows about this, sorry for the post :slight_smile:

Anyway, long story short:

  • termux is a nice terminal emulator for Android. Think bash (or zsh, if you’re so inclined) on your phone. Clone it here or get it from f-droid.
  • termux-api is a termux addons allowing scriptable, terminal access to Android’s api. Clone it here or get it from f-droid.

I’ve been loving the project since forever: it allows me to compile c and go on my phone, do things the unix way (especially useful for file system scraping and networking) and to script repetive tasks using bash scripts, which - to my unix brain - are easier, quicker and more powerful than visual scripting alternatives, like Tasker and similia.
One thing that I deeply missed till now was access to the NFC api, but - as you can guess from the title - it finally arrived and this obviously opens up cyborg friendly possibilities.

First thing I did was a 1 tap script to launch and authenticate into my password manager (which is pass, btw). I’m now playing a bit with the gpg applet on my flex-one.
Obviously all you can do in termux you could do by writing a native Android app; and I will possibly “go native” with some of my own scripts. But personally I really enjoy the spontaneous flow you get from a scriptable shell: you can put together something useful just when you need it, in a few minutes, even without accessing a real computer (I know I could compile native Android apps from Android, but it’s too painful to be more than a party trick :smiley: ).

I hope this is going to make somebody as happy as I was when I checked the changelog of termux-api :slight_smile:

7 Likes

I wonder if NFC support will allow SSH keys to be stored on an NFC secure element like YubiKey or Apex?

3 Likes

This is one of the things I’m curious about: the termux-nfc script provided focuses on the NDEF side of things, but I want to have a look into the relevant part of the termux-api source code, to see what other tricks can be pulled.

At the same time, Yubikey/FlexOne/Apex already work well with OpenKeychain. And OpenKeychain seems to integrate nicely with Termux, which offers a few interesting possibilities.

Not sure what the status of Termux is now, but I’ve been using TermBot with my Yubikey for the past few months without issues. I use the same yubikey for SSH auth on my linux laptop too.

Does anyone know whether we need to wait for Apex to ‘support’ smartcard emulation, or will it just work if I play with gpg --card-edit on my laptop as I would with a yubikey?

With pgp applet Apex should work like this

1 Like

Any chance you could share your code? I’d like to be able to authenticate keepass with NFC on my Android, probably beyond my abilities but can’t learn shit without trying right :smile:

1 Like

Which Keepass app for Android are you using? I use Keepass2Android + ykDroid on Android, which reads a KeepassXC database that is encrypted using a Yubikey in HMAC-SHA1 challenge-response mode. This works great for me, and on desktop as well.

For code, you can check these projects:

Furthermore, read up on NFC, PC/SC, Javacards and HMAC-SHA1.

1 Like

At this point my scripts are very specific to my setup, so unfortunately I don’t have something that would plug and play for other people.
Anyway I can share the NFC specific bits:

something like this will get the whole NDEF partition in JSON format:

#!/bin/sh
ALL_NDEF=$(termux-nfc -r short)

So if you want a specific record (record 1 in this example):

RECORD=$(termux-nfc -r short | jq .Record[1].Payload | tr -d \")
1 Like