2011-10-01 14:26:11 +02:00
|
|
|
.TH nfc-emulate-uid 1 "June 26, 2009" "libnfc" "libnfc's examples"
|
2010-10-08 16:05:10 +02:00
|
|
|
.SH NAME
|
|
|
|
|
nfc-emulate-uid \- NFC target emulation command line tool based on libnfc
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
|
.B nfc-emulate-uid
|
|
|
|
|
.RI [ OPTIONS ]
|
|
|
|
|
.RI [ UID ]
|
|
|
|
|
.SH DESCRIPTION
|
|
|
|
|
.B nfc-emulate-uid
|
2012-05-13 15:10:15 +02:00
|
|
|
is a tag emulation tool that allows one to choose any tag UID. Tag emulation is one
|
2010-10-08 21:24:54 +02:00
|
|
|
of the main added features in NFC. But to avoid abuse of existing systems,
|
2010-10-08 16:05:10 +02:00
|
|
|
manufacturers of the NFC controller intentionally did not support emulation of
|
2010-10-08 21:24:54 +02:00
|
|
|
fully customized UID but only of "random" UIDs, which always start with 0x08.
|
|
|
|
|
The nfc-emulate-uid tool demonstrates that this can still be done using
|
|
|
|
|
transmission of raw frames, and the desired UID can be optionally specified.
|
2010-10-08 16:05:10 +02:00
|
|
|
|
|
|
|
|
This makes it a serious thread for security systems that rely only on the
|
|
|
|
|
uniqueness of the UID.
|
|
|
|
|
|
2010-10-08 21:24:54 +02:00
|
|
|
Unfortunately, this example can't directly start in fully customisable
|
|
|
|
|
target mode. Just after launching this example, you will have to go through
|
|
|
|
|
the hardcoded initial anti-collision with the 0x08-prefixed UID.
|
|
|
|
|
To achieve it, you can e.g. send a RATS (Request for Answer To Select) command
|
|
|
|
|
by using a second NFC device (placed in target's field) and launching nfc-list
|
|
|
|
|
or nfc-anticol. After this first step, you now have a NFC device (configured
|
|
|
|
|
as target) that really emulates a custom UID.
|
|
|
|
|
You could view it using the second NFC device with nfc-list.
|
|
|
|
|
|
|
|
|
|
Timing control is very important for a successful anti-collision sequence:
|
|
|
|
|
|
|
|
|
|
- The emulator must be very fast to react:
|
|
|
|
|
Using the ACR122 device gives many timing issues, "PN53x only" USB
|
|
|
|
|
devices also give some timing issues but an embedded microprocessor
|
|
|
|
|
would probably improve greatly the situation.
|
|
|
|
|
|
|
|
|
|
- The reader should not be too strict on timing (the standard is very
|
|
|
|
|
strict). The OmniKey CardMan 5321 is known to be very large on
|
|
|
|
|
timings and is a good choice if you want to experiment with this
|
|
|
|
|
emulator with a tolerant reader.
|
|
|
|
|
Nokia NFC 6212 and Pegoda readers are much too strict and won't be fooled.
|
|
|
|
|
|
2010-10-08 16:05:10 +02:00
|
|
|
.SH OPTIONS
|
|
|
|
|
.IR UID
|
2010-10-14 13:53:27 +02:00
|
|
|
8 hex digits format that represents desired UID (default is DEADBEEF).
|
2010-10-08 16:05:10 +02:00
|
|
|
|
2010-10-18 17:17:31 +02:00
|
|
|
.SH IMPORTANT
|
|
|
|
|
ACR122 devices (like touchatag, etc.) can be used by this example (with timing
|
|
|
|
|
issues), but if something goes wrong, you will have to unplug/replug your
|
|
|
|
|
device. This is not a
|
|
|
|
|
.B libnfc's
|
|
|
|
|
bug, this problem is due to ACR122's internal MCU in front of NFC chip (PN532).
|
2010-10-08 16:05:10 +02:00
|
|
|
.SH BUGS
|
|
|
|
|
Please report any bugs on the
|
|
|
|
|
.B libnfc
|
2011-10-01 14:26:11 +02:00
|
|
|
issue tracker at:
|
|
|
|
|
.br
|
|
|
|
|
.BR http://code.google.com/p/libnfc/issues
|
2010-10-08 16:05:10 +02:00
|
|
|
.SH LICENCE
|
|
|
|
|
.B libnfc
|
2011-10-01 14:26:11 +02:00
|
|
|
is licensed under the GNU Lesser General Public License (LGPL), version 3.
|
|
|
|
|
.br
|
|
|
|
|
.B libnfc-utils
|
2010-10-08 16:05:10 +02:00
|
|
|
and
|
|
|
|
|
.B libnfc-examples
|
2011-10-01 14:26:11 +02:00
|
|
|
are covered by the the BSD 2-Clause license.
|
2010-10-08 16:05:10 +02:00
|
|
|
.SH AUTHORS
|
|
|
|
|
Roel Verdult <roel@libnfc.org>
|
|
|
|
|
.PP
|
|
|
|
|
This manual page was written by Romuald Conty <romuald@libnfc.org>.
|
|
|
|
|
It is licensed under the terms of the GNU GPL (version 2 or later).
|
