Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NFC: initial support for NFC-F (FeliCa) #2093

Closed
wants to merge 51 commits into from

Conversation

nullableVoidPtr
Copy link
Contributor

What's new

  • Added initial support for NFC-F
  • Amended NFC structs to accommodate either NFC-A or NFC-F. This can be extended for NFC-B/Calypso

Verification

  • I've had only a pre-issued consumer Lite-S card to verify a portion of the code; I plan to later issue my own Lite-S cards with my own keys to implement and verify authentication flow.
    • Actual standard FeliCa cards are hard to come by outside of Japan, so it may prove difficult to implement and verify Auth1 and Auth2 command flows, especially when the AES/DES keys are unknown

Checklist (For Reviewer)

  • PR has description of feature/bug or link to Confluence/Jira task
  • Description contains actions to verify feature/bugfix
  • I've built this code, uploaded it to the device and verified feature/bugfix

@dogtopus
Copy link
Contributor

dogtopus commented Mar 1, 2023

Actual standard FeliCa cards are hard to come by outside of Japan, so it may prove difficult to implement and verify Auth1 and Auth2 command flows, especially when the AES/DES keys are unknown

Smartcardfocus used to carry them but not anymore. However I found this https://www.amazon.co.jp/gp/product/B009L0R2Z6/ on Amazon Japan. They seem to ship to outside Japan as well. It's a bit pricey except not really (single card price in line with some of the DESFires that I saw) and given that no open source FeliCa stuff really exist I think it might be a good investment.

@nullableVoidPtr
Copy link
Contributor Author

nullableVoidPtr commented Mar 1, 2023

@dogtopus Unfortunately, they are of little usefulness due to the lack of documentation around authentication, let alone issuance (actually preparing the cards for authenticated uses).

I actually have some cards both newer and old generation just in case, but what would really be nice is some code or software one could analyse for a clean-room implementation, but one price quote is around 230000 JPY.
Dumping the firmware of official PaSoRi readers or otherwise experimenting with them are also an option though, as they have a separate command set which maps onto NFC messages

@dogtopus
Copy link
Contributor

dogtopus commented Mar 1, 2023

@nullableVoidPtr So if I understand correctly, the problem is less about finding blanks, but more about the fact that we don't know much about FeliCa Standard application management and how to access the encrypted portion of the card, similar to how DESFire was before libfreefare?

(I guess it doesn't really matter for Flipper usage since Flipper never supported managing DESFire applications nor accessing encrypted DESFire applications either even though libfreefare is a thing.

Although I'm kinda curious: Are FeliCa Standard encrypted applications ever used outside transit networks and payment? Even the SDKs Sony provide (probably under NDA but definitely not directly public) support only unencrypted applications.)

@nullableVoidPtr
Copy link
Contributor Author

nullableVoidPtr commented Mar 1, 2023

So if I understand correctly, the problem is less about finding blanks, but more about the fact that we don't know much about FeliCa Standard

Eh, bit of both; we don't know how to access the cards even if we know the encryption keys, which we don't have and would only know if we issued it in the first place. There may be card printers/issuing machines which attempt to automate this process whose drivers may be useful for an analysis.

Indeed, the point of this (admittedly slightly inactive fork) is just to read as much data. We may be able to issue Lite or Lite-S cards from a Flipper as that process is entirely public and documented.

Are FeliCa Standard encrypted applications ever used outside transit networks and payment? Even the SDKs Sony provide (probably under NDA but definitely not directly public) support only unencrypted applications.)

In practice, basically transport cards which serve as de-facto cash cards. There may be uses of HCE-F or on Android or Mobile FeliCa in general which may fall out of this domain.
Other than that mostly more cash cards: WAON, Rakuten Edy, nanaco (which apparently falls under FeliCa Networks' Common Area which is a whole other barrel of fish), and QUICPAY.
There is a model of Standard cards which also implement EMV, which is used by SMBC and AEON cards.
Some Japanese campuses appear to use something called FCF as a form of identity, which uses FeliCa Standard cards.
My Number cards also appear to use FeliCa standard and hence you can file taxes etc. online.
Moreover, Blackboard Transact is a identity and payment solution for university campuses, and apparently Fuji Xerox printers uses standard FeliCa cards.
There are mentions of something called FeliCa Secure ID, which appears to be solution for authenticating to cloud services.
And who knows what FeliCa Plug is used for.

@dogtopus
Copy link
Contributor

dogtopus commented Mar 1, 2023

Indeed, the point of this (admittedly slightly inactive fork) is just to read as much data. We may be able to issue Lite or Lite-S cards from a Flipper as that process is entirely public and documented.

IIRC Lite-S is more analogous to Ultralight in terms of application, cost and openness. So read/write/emulate (given that the Flipper NFC hardware supports all the nuances needed to do so) would be great. Besides that, NFC-F IDm emulation would also be a great addition to bring feature parity to Flipper's support of NFC-A.

There is a model of Standard cards which also implement EMV, which is used by SMBC and AEON cards.

(Looks at SmartMX with DESFire partition) Yeah that would be a possibility. Though do we actually have ISO7816 over NFC-F or is it ISO7816 over NFC-A and FeliCa Standard over NFC-F? It's the latter as can be seen here

My Number cards also appear to use FeliCa standard and hence you can file taxes etc. online.

Does eTax actually require Standard features or just IDm is enough? I saw sellers advertise some Lite-S cards being eTax compatible.

Moreover, Blackboard Transact is a identity and payment solution for university campuses

Interesting. I knew that Blackboard Transact uses DESFire. I guess it also supports FeliCa?

There are mentions of something called FeliCa Secure ID, which appears to be solution for authenticating to cloud services.

Looks like it's something supported by hardware (maybe similar to FIDO2) rather than just an application.

dogtopus added 2 commits March 9, 2023 22:12
The goal is to gradually split out NfcWorkerEventReadFelica into more specific decoders, and have the generic NFC-F info screen display info for tags that don't have a specific decoder, similar to how NFC-A works currently.
Move all arrays to allocating actual data rather than pointers to simplify construction and destruction. Also moved to M_EACH for iterating over arrays for less boilerplate code.

Also did some function renaming for extra clarity.

root_area is now a node type for simplified area traversal (coming soon).
@CicadaMikoto
Copy link

I'm in japan and have easy access to felica cards. Tell me what is needed and I am happy to contribute. This is a capability that the hacker scene here really wants, so anything that speeds it up is doable.

dogtopus and others added 7 commits April 19, 2023 02:03
Monolithic NDEF tags are similar to Lites as they don't respond to most commands. The IC code is 0xff and default system code is 12fc. They usually respond to read requests on read-only open random service #0 and seems to terminate the read with an access denied status code instead of invalid block address.

The Lite data viewer is largely based on @nullableVoidPtr's work.
This allows the reader to try out common monolithic systems (i.e. tag doesn't respond to Request System Code but has 1 common systems on the tag) (currently handles Lite and NDEF) when the tag doesn't support Request System Code and the IC code is unknown to the reader.

Things that are left out from this commit and are in future TODO:
- Improve performance by checking obvious IC codes in the magic detection routine
- Update the FelicaData struct to include a monolithic system flag
- Update felica_print_card_stat to depend on monolithic system flag and system code instead of IC code to determine what stat format to use
- Make the NFC stack respect to PMm (low priority, need rebase)
- Move MRT calculation to felica.c and add a version for furi.
- Move felica_read_card to nfc_worker as the new nfcf reader.
- Add a new is_monolithic flag under FelicaData to differentiate between Lite cards and Lite systems.
- Fix stat printing. Now stat printing determines card type by is_monolithic flag and the type of the first system.
Now we use furi_hal_nfc_tx_rx to do exchange since furi_hal_nfc_tx_rx_full isn't technically compatible with NFC-F. They also use the timeout values properly derived from PMm.
Currently only system IDm is displayed. More info can be trivially added later if they can be extracted.
dogtopus and others added 7 commits April 23, 2023 04:30
Looks like NFC-DEP is software-defined and can be anything rather than just NDEF, therefore this check no longer makes sense.
Rebase to latest dev for PR preparation.
Some scenes won't clean it before writing, so we'll take care of it. Saves a bit of memory too.
Copy link

@CicadaMikoto CicadaMikoto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@0chroma
Copy link

0chroma commented May 16, 2023

Had a question, looking at this reddit comment it seems that emulating NFC-F isn't possible. Is this true?

@dogtopus
Copy link
Contributor

dogtopus commented May 16, 2023

Had a question, looking at this reddit comment it seems that emulating NFC-F isn't possible. Is this true?

Wait this doesn't really make sense. Cycle-accurate anti-collision makes it a hard real-time task and most hosts won't be able to do it. This would significantly reduce this chip's usefulness on anything other than a very beefy Cortex-R processor. You might as well bitbang at that point.

I don't believe that this won't be handled on the NFC chip itself.

@Astrrra Care to elaborate further?

(Looks like there's indeed no special handling for it, though I could be missing something here. Also: can we cheat? The slots are still very wide (in units of 4 MRT (maximum response time for FeliCa, not the terminology in ST25R with the same name) ticks, ~1.2ms or 16384 / fc) and if we can just land somewhere knowing that it's roughly in range we might still be able to pull it off. Self reminder: SENSEF_RES)

@nullableVoidPtr
Copy link
Contributor Author

The chip itself appears to have API for FeliCa TXRX anyways, and we used it to read cards but maybe they meant how long the timeout the reader waits on a response?

@0chroma Towards emulation though, no; again, red-tape and encryption keys holds us back from emulating most applications like SuiCa and AmusementIC.

(Side note on arcades: DDR/Konami eAmuse readers appears to be a unique case and could probably be fooled as IIRC it can use any arbitrary IDM from a FeliCa (like a FeliCa enabled cell phone) and hence can work with Flipper using basic UID emulation, but this may not needed as there is already NFCA emulation)

@dogtopus
Copy link
Contributor

dogtopus commented May 16, 2023

but maybe they meant how long the timeout the reader waits on a response?

I think they meant FeliCa user manual section 2.3.5.

Towards emulation though, no; again, red-tape and encryption keys holds us back from emulating most applications like SuiCa and AmusementIC.

eAmusement only checks for IDm for login and IIRC most Amusement IC terminals check for IDm and a public Lite-S block.

Besides that there are apparently smart locks that only look for IDm.

That's plenty of use cases already without the keys.

@0chroma
Copy link

0chroma commented May 19, 2023

(Side note on arcades: DDR/Konami eAmuse readers appears to be a unique case and could probably be fooled as IIRC it can use any arbitrary IDM from a FeliCa (like a FeliCa enabled cell phone) and hence can work with Flipper using basic UID emulation, but this may not needed as there is already NFCA emulation)

I did some tests with an iphone to see how mobile emulation works with an on-device pasmo card. The flipper reads it as NFC-A, but the UID changes on each scan (ATQA 0004, SAK: 20). When using my android phone with NFC Tools it reads it as Felica, UID is stable. Not sure if that info helps at all, but it seems like for something like eamuse to work, you'd need to emulate more than just an NFC-A UID.

@dogtopus
Copy link
Contributor

@0chroma The NFC type detection is broken currently, and if you read modern mobile FeliCa it will read the EMV side instead which would be NFC-A with random UID.

@hakusaro
Copy link

hakusaro commented Jun 3, 2023

Towards emulation though, no; again, red-tape and encryption keys holds us back from emulating most applications like SuiCa and AmusementIC.

I just assume this includes Aime (the non-Amusement IC side)?

@dogtopus
Copy link
Contributor

dogtopus commented Aug 9, 2023

So now #2961 is a thing. Do we need to keep going or FeliCa support will be developed in-house instead?

@gornekich
Copy link
Member

Hello everyone!
Recently we released new NFC stack in #3050. Now FeliCa support is our priority task and we are working on it right now. Unfortunately, previous NFC API was not good enough to add new protocols support. Thanks @nullableVoidPtr for PR and everyone else who took part in discussion. I will close it for now. Stay tuned, soon there will be PRs with FeliCa support.

@gornekich gornekich closed this Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants