Air Filter DRM? Hacker Opts Out With NFC Sticker

August 13, 2022 by Donald Papp 54 Comments

[Flamingo-tech]’s Xiaomi air purifier has a neat safety feature: it will refuse to run if a filter needs replacement. Of course, by “neat” we mean “annoying”. Especially when the purifier sure seems to judge a filter to be useless much earlier than it should. Is your environment relatively clean, and the filter still has legs? Are you using a secondary pre-filter to extend the actual filter’s life? Tough! Time’s up. Not only is this inefficient, but it’s wasteful.

Every Xiaomi filter contains an NTAG213 NFC tag with a unique ID and uses a unique password for communications, but how this password was generated (and therefore how to generate new ones) was not known. This meant that compatible tags recognized by the purifier could not be created. Until now, that is. [Flamingo-tech] has shared the discovery of how Xiaomi generates the password for communication between filter and purifier.

A small NFC sticker is now all it takes to have the purifier recognize a filter as new.

[Flamingo-tech] has long been a proponent of fooling Xiaomi purifiers into acting differently. In the past, this meant installing a modchip to hijack the DRM process. That’s a classic method of getting around nonsense DRM on things like label printers and dishwashers, but in this case, reverse-engineering efforts paid off.

It’s now possible to create simple NFC stickers that play by all the right rules. Is a filter’s time up according to the NFC sticker, but it’s clearly still good? Just peel that NFC sticker off and slap on a new one, and as far as the purifier is concerned, it’s a new filter!

If you’re interested in the reverse-engineering journey, there’s a GitHub repository with all the data. And for those interested in purchasing compatible NFC stickers, [Flamingo-tech] has some available for sale.

Cracking The MiFare Classic Could Get You Free Snacks

July 13, 2022 by Lewin Day 22 Comments

[Guillermo] started a new job a while back. That job came with an NFC access card, which was used for booking rooms and building access. The card also served as a wallet for using the vending machines. He set about hacking the card to see what he could uncover.

Initial scans with NFC Tools revealed the card was an Infineon MIFARE Classic Card 1k. These cards are considered fairly old and insecure by now. There’s plenty of guides online on how to crack the private keys that are supposed to make the card secure. Conveniently, [Guillermo] had a reader/writer on hand for these very cards.

[Guillermo] was able to use a tool called mfoc to dump the keys and data off the card. From there, he was able to determine that the credit for the vending machines was stored on the card itself, rather than on a remote server.

This means that it’s simple to change the values on the card in order to get free credit, and thus free snacks. However, [Guillermo] wisely resisted the urge to cash in on candy and sodas. When totals from the machine and credit system were reconciled, there’d be a clear discrepancy, and a short investigation would quickly point to his own card.

He also managed to successfully clone a card onto a “Magic Mifare” from Amazon. In testing, the card performed flawlessly on all systems he tried it on.

It goes to show just how vulnerable some NFC-based access control systems really are. RFID tags are often not as safe as you’d hope, either!

NFC Performance: It’s All In The Antenna

November 10, 2021 by Jenny List 15 Comments

NFC tags are a frequent target for experimentation, whether simply by using an app on a mobile phone to interrogate or write to tags, by incorporating them in projects by means of an off-the-shelf module, or by designing a project using them from scratch. Yet they’re not always easy to get right, and can often give disappointing results. This article will attempt to demystify what is probably the most likely avenue for an NFC project to have poor performance, the pickup coil antenna in the reader itself.

The tags contain chips that are energised through the RF field that provides enough power for them to start up, at which point they can communicate with a host computer for whatever their purpose is.

“NFC” stands for “Near Field Communication”, in which data can be exchanged between physically proximate devices without their being physically connected. Both reader and tag achieve this through an antenna, which takes the form of a flat coil and a capacitor that together make a resonant tuned circuit. The reader sends out pulses of RF which is maintained once an answer is received from a card, and thus communication can be established until the card is out of the reader’s range. Continue reading “NFC Performance: It’s All In The Antenna” →

NFC Tags Add Old-School Functionality To New Phone

December 14, 2015 by Bryan Cockfield 27 Comments

Back in the day, we had smartphones with physical buttons. Not just power, volume, and maybe another button on the front. Whole, slide-out QWERTY keyboards right on the underside of the phone. It was a lawless wasteland, but for those who yearn for the wild-west days of the late 2000s, [Liviu] has recreated the shortcut buttons that used to exist on the tops of these keyboards for modern-day smartphones.

There were lots of phones that had shortcut keys on their keyboards, but [Liviu] enjoyed using the ones that allowed him to switch between applications (or “apps” as the kids are saying these days) such as the calendar, the browser, or the mail client. To recreate this, he went with a few NFC tags. These devices are easily programmed via a number of apps from your app store of choice, and can be placed essentially anywhere. In order to make them visible to the phone at any time, though, he placed the tags inside a clear plastic case for his phone and can now use them anytime.

If you’ve never used or programmed an NFC tag, this would be a great project to get yourself acquainted with how they operate. Plus, you could easily upgrade this project to allow the tags to do any number of other things. You can take projects like this as far as you want.

Continue reading “NFC Tags Add Old-School Functionality To New Phone” →

Toddler Jukebox Requires No Quarters Or Button Mashing

October 9, 2014 by Kristina Panos 18 Comments

Ahh, toddlers. They’re as ham-fisted as they are curious. It’s difficult to have to say no when they want to touch and engage with the things that we love and want them to play with. [Shawn] feels this way about his son’s interest in the family Sonos system and engineered an elegant solution he calls Song Blocks.

The Sonos sits on a dresser that hides a RasPi B+. Using bare walnut blocks numbered 1-12, his son can use the Sonos without actually touching it. Each block has a magnet and an NFC tag. When his son sticks a block on the face of the right drawer containing embedded magnets and an NFC controller board, the B+ reads the tag and plays the song. It also tweets the song selection and artist.

The blocks themselves are quite beautiful. [Shawn] numbered them with what look like Courier New stamps and then burned the numbers in with a soldering iron. His Python script is on the git, and he has links to the libraries used on his build page. The Song Blocks demo video is waiting for you after the jump.

Continue reading “Toddler Jukebox Requires No Quarters Or Button Mashing” →

The I2C Programmable NFC Tag

May 30, 2014 by Brian Benchoff 22 Comments

NFC NFC tags are cool, but programming them to do your bidding – whether unlocking your computer, making an Arduino vending machine, or a smart home application – requires using an NFC device to program the tag over the air. An NFC tag programmable with any ‘ol microcontroller would certainly have some interesting applications, and Elecfreaks’ DNFC tag is just the thing to test out these ideas.

While NFC tags are reprogrammable, reprogramming them requires an NFC controller, be that through a dedicated hardware, a phone, or an Arduino shield. The DNFC tag is reprogrammable with a microcontroller with an I2C interface thanks to TI’s RF430CL330H dynamic NFC transponder IC. It still does everything you would expect from a NFC tag – MIFARE compatible. NDEF reading and writing, and everything else – but you can program it through an Arduino, Pi, or any other board with an I2C interface.

TI has an app note on using the chip inside the DNFC for automatic Bluetooth pairing, and Elecfreaks themselves have a few use cases in mind that include putting WiFi credentials on an Arduino board without putting the SSID in code and other Internet of Things™ applications. We’re thinking this is one of those devices that is eminently useful, but for something we just can’t think of off the top of your head. If you’ve got an idea for how to use an I2C programmable NFC tag, drop a note in the comments.

Elecfreaks is doing an Indiegogo campaign for the DNFC, $13 for one. I picked one up, but it’s flexible funding, so buy it or don’t. I don’t care.

Vending Machine Is Now Cyborg Friendly

March 25, 2014 by James Hobson 34 Comments

OZ6dlvn

Don’t you hate having to pull out your wallet or cellphone in order to pay for something? What if you could just wave your hand and transfer money that way? Well [David] did, so he decided to do something about it. He made the vending machine in his hackerspace, FamiLAB, cyborg friendly.

The problem was, the vending machine wasn’t technically his to play around with… so he had to do this hack without actually modifying the machine itself — which we admit, actually makes it quite a bit more interesting!

But first, why is [David] even doing this? Is he a cyborg or something? Well, not quite, but he’s quite enthusiastic about bio-tech (is that what we call it now?) — anyway, he has NFC implants in his hand, and magnets in his fingertips to give him a sixth “electro-sense”. Wanting to take the most advantage of these augmented abilities, he put together this clever NFC credit card emulator.

Continue reading “Vending Machine Is Now Cyborg Friendly” →