Doorbot card adder with android NFC devices

[Jasper Wallace]

Hi,

If you've got an NFC enabled android phone you can now use it to add
rfid cards to your membership account thing so doorbot will let you in.

apk here:

http://pointless.net/~jasper/LHSSelfEnrole.apk

code here:

http://pointless.net/hg/lhsselfenrole/

to use it:

* install the apk.
* run the app.
* wave card at back of phone, observe serial number appear in 'serial'
field.
* enter lhs membership username and password in the supplied fields.
hit 'Go!'
* relax and lets technology do the rest for you...

I was hopeing to be able to generate a random serial number and get the
phone to pretend to be a card and use that to activate doorbot, but i
havn't worked out how to yet :) (The android sdk really focuses on NFC
stuff, not the lower level RFID things, so it might be a bit like trying
to spoof a mac address from http).

P.S. I'm slightly tempted to make a london hackspace android
accountManager adapter thing, but we don't really have an api so it's a
bit pointless atm.

It might be useful in the future, if, for example, the 'hacker radar'
thing ever happened.

--
[http://pointless.net/] [0x2ECA0975]

[Jonty Wareing]

Jasper, you are awesome.

On Tue, Jan 03, 2012 at 04:00:33AM +0000, Jasper Wallace wrote:
> P.S. I'm slightly tempted to make a london hackspace android
> accountManager adapter thing, but we don't really have an api so it's a
> bit pointless atm.

Given I've been putting off writing the API for months, this is a decent
kick up the arse. Grab me this evening and we'll sketch something out.

--jonty

[Dave Ingram]

On 03/01/12 04:00, Jasper Wallace wrote:
> Hi,
>
> If you've got an NFC enabled android phone you can now use it to add
> rfid cards to your membership account thing so doorbot will let you in.
>
> apk here:
>
> http://pointless.net/~jasper/LHSSelfEnrole.apk

Very cool. Are you updating the APK as you update the code? I notice the
source is at v1.2 now.

> I was hopeing to be able to generate a random serial number and get the
> phone to pretend to be a card and use that to activate doorbot, but i
> havn't worked out how to yet :) (The android sdk really focuses on NFC
> stuff, not the lower level RFID things, so it might be a bit like trying
> to spoof a mac address from http).

I don't think it's possible (yet?) to fake the ID; I've tried before
using a couple of fairly low-level NFC apps. We can experiment if you
like, however. I don't think I've managed to get DoorBot to recognise my
phone as a card yet, however.

> P.S. I'm slightly tempted to make a london hackspace android
> accountManager adapter thing, but we don't really have an api so it's a
> bit pointless atm.
>
> It might be useful in the future, if, for example, the 'hacker radar'
> thing ever happened.

I'm currently building an app that uses the AccountManager/sync
interfaces, if you're interested?

D

[Jasper Wallace]

On Fri, 6 Jan 2012, Dave Ingram wrote:

> On 03/01/12 04:00, Jasper Wallace wrote:
> > Hi,
> >
> > If you've got an NFC enabled android phone you can now use it to add
> > rfid cards to your membership account thing so doorbot will let you in.
> >
> > apk here:
> >
> > http://pointless.net/~jasper/LHSSelfEnrole.apk
> Very cool. Are you updating the APK as you update the code? I notice the
> source is at v1.2 now.

Yes, well, sort of.

> > I was hopeing to be able to generate a random serial number and get the
> > phone to pretend to be a card and use that to activate doorbot, but i
> > havn't worked out how to yet :) (The android sdk really focuses on NFC
> > stuff, not the lower level RFID things, so it might be a bit like trying
> > to spoof a mac address from http).
> I don't think it's possible (yet?) to fake the ID; I've tried before using a
> couple of fairly low-level NFC apps. We can experiment if you like, however. I
> don't think I've managed to get DoorBot to recognise my phone as a card yet,
> however.

I've noticed stuff in logcat when i wave my phone at the doorbot card
reader so they are doing something, but i think i'm going to have to
understand a load more about the nfc stack before trying anything.

We may have to change the software/drivers on the doorbot end.

> > P.S. I'm slightly tempted to make a london hackspace android
> > accountManager adapter thing, but we don't really have an api so it's a
> > bit pointless atm.
> >
> > It might be useful in the future, if, for example, the 'hacker radar'
> > thing ever happened.
> I'm currently building an app that uses the AccountManager/sync interfaces, if
> you're interested?

sure, is the code public anywhere?

The other things that need AccountManager stuff is openstreetmap accounts
(they have oauth) and xmpp (useful if you want to make apps that use
pubsub, people can then use them with existing xmpp accounts).

--
[http://pointless.net/] [0x2ECA0975]

[Dave Ingram]

>> Very cool. Are you updating the APK as you update the code? I notice the
>> source is at v1.2 now.
> Yes, well, sort of.

Good enough for me :-) I might have a poke at the code a little later,
if you don't mind?

>>> I was hopeing to be able to generate a random serial number and get the
>>> phone to pretend to be a card and use that to activate doorbot, but i
>>> havn't worked out how to yet :) (The android sdk really focuses on NFC
>>> stuff, not the lower level RFID things, so it might be a bit like trying
>>> to spoof a mac address from http).
>> I don't think it's possible (yet?) to fake the ID; I've tried before using a
>> couple of fairly low-level NFC apps. We can experiment if you like, however. I
>> don't think I've managed to get DoorBot to recognise my phone as a card yet,
>> however.
> I've noticed stuff in logcat when i wave my phone at the doorbot card
> reader so they are doing something, but i think i'm going to have to
> understand a load more about the nfc stack before trying anything.
>
> We may have to change the software/drivers on the doorbot end.

Perhaps, although that would theoretically allow spoofing of another ID.
It would be interesting to investigate further though, to see if it can
be done!

>>> P.S. I'm slightly tempted to make a london hackspace android
>>> accountManager adapter thing, but we don't really have an api so it's a
>>> bit pointless atm.
>>>
>>> It might be useful in the future, if, for example, the 'hacker radar'
>>> thing ever happened.
>> I'm currently building an app that uses the AccountManager/sync interfaces, if
>> you're interested?
> sure, is the code public anywhere?

Not at the moment... it's using a private API, but I have no problems
sharing the appropriate bits if you want.

> The other things that need AccountManager stuff is openstreetmap accounts
> (they have oauth) and xmpp (useful if you want to make apps that use
> pubsub, people can then use them with existing xmpp accounts).

I'm not quite sure I understand what you mean here. :-/

D