Documentation and helper scripts to enroll attendee badges in the NFC system.
Go to file
Ed ec1d89298f Initial commit 2023-07-11 22:16:30 +02:00
toys Initial commit 2023-07-11 22:16:30 +02:00 Initial commit 2023-07-11 22:16:30 +02:00 Initial commit 2023-07-11 22:16:30 +02:00 Initial commit 2023-07-11 22:16:30 +02:00
requirements.txt Initial commit 2023-07-11 22:16:30 +02:00 Initial commit 2023-07-11 22:16:30 +02:00
success.wav Initial commit 2023-07-11 22:16:30 +02:00


Due to a flaw of nfcpy (or maybe not?) tags enrolled by this script will have the capability bit set to 0x31. This for some reason makes the NDEF payload only compatible with Android phones!

This script can be used to enroll your NFC tags in the badge system. Effectively, it will:

  1. Enable the READ_CNT flag, to enable the read counter
  2. Add a NDEF Uri so that the badge can be scanned by attendants
  3. Protect the badge with a password, generated uniquely for every tag
  4. Log the UID and badge type, so you can import it in your backend


  1. Check the requirements.txt file for python lib requirements
  2. Install mpv to play a sound at the end of every succesfull write, or don't (and remove the row)
  3. Change the SALT to a very secure password and adjust the iteration count to a sensible number for your computer
  4. Connect a PN532 scanner via USB
  5. Enjoy!

Run the script

python3 [badge/coin] [initial balance]

The badge/coin changes the url, while initial balance changes the column on the data export (the log_*.txt files)

The ASCII mirror!

You will notice that every badge has a generic "" url written to it. This is on purpose since after this write the UID + COUNT mirror is enabled. This is a function of the NDEF tags that lets you "mirror" various registers in ascii format to other arbitrary addresses. The code following the ndef part will effectively make so that when you read the link will actually become "/fz23/b[TAG IDENTIFIER]x[READ COUNT]" (e.g. "/fz23/b048E77929A7181x0000EB") without any manual intervention and in a completely tear-free way.

The "toys" folder

Inside of the toys folder there are two files which were a proof of concept for the storage of monetary transactions inside of NFC tags, for use to buy drinks and similar. Eventually, the system was moved completely server-side (due to slowness in writing the cards and risk of tearing), and the entire system scrapped.

The system consisted in ed25519-based transaction signatures, where offline clients (aka the PoS) would be able to verify and write transactions. The cards would actually store two transactions and then change a pointer atomically to prevent half-written transaction from being considered.

The transaction format is as follows:

[   CA$H   ]
[signature ] * 16
[timestamp ]
[   uuid   ]
[   F0X0   ]
  • CA$H and F0X0 are header and footer of the transaction (4 bytes each)
  • signature = ed25519 signature of the transaction (4 * 16 = 64 bytes)
  • load (2 bytes) + used (2 bytes) = the amount of loaded and used money. These two values can only increase and the balance is calculated from subtracting them so that "replay" attacks are harder
  • keyi = id of the key used to sign the transaction (2 bytes)
  • txid = increasing id of the transaction (2 bytes)
  • timestamp = unix ts of the transaction (4 bytes)
  • uuid = a custom uuid to identify the card (this was added because at one point we accidentally bought counterfeit cards with duplicated NFC identifiers)