Initial commit

Ed 2023-07-11 21:49:11 +02:00
commit 384fb4805f
3 changed files with 120 additions and 0 deletions

13 Normal file
View File

@ -0,0 +1,13 @@
# Where should i send the readings?
# Should i verify the nfc tags (authenticating password)?
SECURE = False
# Is this a boopbox?
# This is used to verify the tags
SALT = b"This is used to generate the password that will be used to encrypt/verify each tag"

91 Normal file
View File

@ -0,0 +1,91 @@
import nfc
from nfc.clf import RemoteTarget
import httpx
import logging
import binascii
from base64 import b16encode
from os.path import join
from config import *
from time import sleep
from hashlib import sha3_512
import coloredlogs
def password(tag):
x = tag.identifier
for i in range(ITERATIONS):
x = sha3_512(x + SALT).digest()
return x[:6]
"NXP NTAG213": (0x29, 0x2A, 0x2B, 0x2C),
"NXP NTAG215": (0x83, 0x84, 0x85, 0x86),
"NXP NTAG216": (0xE3, 0xE4, 0xE5, 0xE6),
if __name__ == '__main__':
log = logging.getLogger('nfc')
clf = nfc.ContactlessFrontend()
except TimeoutError:
log.error('Got TimeoutError on reader connection attempt.')
except AssertionError:
log.error('There is no reader connected.')
# Set baud rate to 115200 to prevent reader from dying
clf.device.chipset.transport.baudrate = 115200
while 1:
target = clf.sense(RemoteTarget('106A'), iterations=10, delay=0.1)
if not target: continue
count = None
tag_id = target.sdd_res
is_secure = False
if not BOOPBOX_ID:
tag = nfc.tag.activate(clf, target)
log.error(f"TAG {tag_id} is gone.")
if SECURE and tag.product == "NXP NTAG215":
has_password =[tag.product][0])[3] < 0xFF
if has_password:
psw = password(tag)
if tag.authenticate(psw):
is_secure = True
log.error("Couldn't verify tag.")
# Try to get the read count as well.
if tag.product == "NXP NTAG215":
count = tag.transceive(binascii.unhexlify('3902'), timeout=0.05) # READ_CNT command
count = int.from_bytes(count, byteorder='little')
except nfc.tag.tt2.Type2TagCommandError:
log.error("Tag count is enabled, couldn't get a response")
except AttributeError:
log.error("Lost connection to tag...")
res =, json={'id': b16encode(tag_id).decode(), 'is_secure': is_secure, 'count': count, 'boopbox_id': BOOPBOX_ID})
except Exception as e:
else:"Booped {b16encode(tag_id).decode()} (secure = {is_secure}) (count = {count})")
while clf.sense(RemoteTarget('106A')): sleep(0.1)
except KeyboardInterrupt:

16 Normal file
View File

@ -0,0 +1,16 @@
# Boopbox/POS NFC Client
This is a simple script that implements an "HTTP Client" that will send every read NFC tag to an http server.
Additionally, it is possible to set the reader as "secure" and this will - other than verify the id of the tag - also try to authenticate the originality of it.
## What reader?
The used reader is a raw PN532 connected through a CH430 to usb. The baud rate is immediately set to 115200 to prevent the reader from entering a "locked" state in case of connection loss with the nfcpy library. Setting the baud rate to 115200 makes sure the chip is always available to init again.
## How do you generate the password?
The password is generated by hashing the NFC identifier with a SALT numerous times, and then truncating the resulting hash. The nfc cards we used (NDEF213, 215) only supported 6 byte passwords.
## What is the read count?
During provisioning we enabled the read count of the NFC tags. This is a non-tearing read-only register which gets increased by 1 every time there is a successful ACTIVATE command (aka the chip is read correctly). This was used for statistical and anti-tampering purposes.