NFCGate : A Comprehensive NFC Traffic Analysis Tool

NFCGate is an innovative Android application designed for capturing, analyzing, and modifying NFC traffic.

Developed by students at the Secure Mobile Networking Lab at TU Darmstadt, it serves as a valuable tool for security researchers aiming to reverse-engineer protocols or assess their security against traffic modifications.

This article delves into the features, usage, and requirements of NFCGate.

Features

• On-device Capture: NFCGate can capture NFC traffic sent and received by other applications on the device.
• Relay: It allows relaying NFC traffic between two devices using a server. One device acts as a “reader,” while the other emulates an NFC tag using Host Card Emulation (HCE).
• Replay: Previously captured NFC traffic can be replayed in either “reader” or “tag” mode.
• Clone: The application can clone the initial tag information, such as the ID.
• pcapng Export: Captured traffic can be exported in pcapng format, which is readable by Wireshark for further analysis.

To use NFCGate effectively, the following requirements must be met:

• NFC Support: The device must have NFC capabilities.
• Android Version: The device should run Android 5 or later (API level 21+).
• Xposed-compatible Hooking Framework: Required for on-device capture, relay tag mode, replay tag mode, and clone mode.
• Processor Architecture: ARMv8-A or ARMv7 for relay tag mode, replay tag mode, and clone mode.
• HCE Support: Necessary for relay tag mode, replay tag mode, and clone mode.

NFCGate provides detailed documentation for each operating mode in the doc/mode/ directory.

The application includes an in-app status check for compatibility and supports exporting captured traffic to pcapng files for analysis with tools like Wireshark.

When using modes that utilize HCE, the phone must implement the NFC Controller Interface (NCI) specification.

For confidentiality and integrity in relay mode, Transport Layer Security (TLS) can be enabled with a CA-issued or self-signed certificate.

However, compatibility issues may arise with certain tags or readers, especially those implementing additional security measures like distance bounding.

NFCGate has been presented at several conferences, including the 14th USENIX Workshop on Offensive Technologies (WOOT ’20) and the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks in 2015. It is licensed under the Apache License, Version 2.0.

In summary, NFCGate is a powerful tool for NFC traffic analysis and modification, offering a range of features that make it invaluable for security research and protocol testing.