Can Android NFC spoof Elk-M1PR card?

[miamicanes]

Does anybody know whether (unofficially) a Samsung Android phone with NFC can spoof a card and be "read" by the M1PR (Elk's proximity-card reader)?

I know you can spoof *some* rfid cards (at least, if your phone's rooted and you aren't depending upon the official API to do it *grin*), but I have no idea what frequency Elk's reader uses, or how 'smart' its cards are.

Alternatively, how "smart" is the M1PR? Does it do all the heavy lifting, then just send a ~128-bit id to the keypad via rs485/i2c/spi/whatever? Or is the M1 itself intimately involved in the transaction (picking challenges, exchanging encryption keys, etc)? If the M1PR itself does all the heavy lifting & ultimately just sends a bare ID, I could probably build my *own* Android-compatible reader ;-)

 

[tmbrown97]

I don't know the details of spoofing RFID via NFC - I looked at it a little bit, but didn't go too far with it.

The M1PR and other elk compatible readers are really just very simple Weigand 26-bit decoders communicating via the industry standard weigand protocol. They consist of power and data and that's it; anything with a weigand interface pretty much works including keypads, rf receivers, etc. There's nothing complex going on between the M1PR and the keypad.

I'm gonna hand this one to the android boys on a silver platter - but, I was looking into this while there were rumors of the iPhone getting NFC but once it was determined that it was off the table, I dropped it altogether for the time being.

 

[drozwood90]

Try it. I do something kind of similar.

Install NFC ReTag. https://play.google.com/store/apps/details?id=com.widgapp.NFC_ReTAG_FREE

I use this to take old RFID (NFC in disguise) cards, and actually use them as NFC tags. Works pretty well.

--Dan

 

[Frunple]

Try it. I do something kind of similar.

Install NFC ReTag. https://play.google.....NFC_ReTAG_FREE

I use this to take old RFID (NFC in disguise) cards, and actually use them as NFC tags. Works pretty well.

--Dan

I don't think that's anything like what miamicanes is talking about.
This lets you use NFC cards to do some "activity". I believe what's being looked for is a way to use the phone as the 'card' itself.
Could be wrong though.

 

[drozwood90]

That program has the ability to send out information. So, my assumption is, he has a card he can READ to get the information off of it. Then this program will store that information. Using that, he could then manually EXECUTE a "write" to that tag, (in settings there is a mode to "special" write out). IF the phone can replicate a REAL card, there is a good chance he can spoof one.

--Dan

 

[beemer533]

I've tried this at work with my Galaxy S3... we use HID cards and standard Weigand 26 readers, but my phone wouldn't pick anything up from my access card.

I have heard from someone else (i think on XDA) that they got it to work, but I'm guessing it was a different type of card...

 

[Del91574]

The items of contention are if you can get the droid to match up to and broadcast the RF format that the reader is expecting...IE: HID 1000 or another vendor's format (Elk uses Ness for their OEM). I'm sure with enough work it could be done, but realistically, there's far easier ways to go about this.

I'd pick up the RFID/IClass type stickers and put one inside the phone case before all of this. I'd call myself a functionality before elegance person. While not as sexy, I'd get it to work with 0 invested time and reliably the first time, not to mention, inherently more secure, as no data resides on the phone or cloud.

Unless you're using a multiclass reader, it's going to be a very difficult exercise to match A B and C all together reliably.