maemo.org - Talk - Faking a secure-element source (SE/SWP support for secure NFC transactions)

maemo.org - Talk (https://talk.maemo.org/index.php)

- MeeGo / Harmattan (https://talk.maemo.org/forumdisplay.php?f=45)

- - Faking a secure-element source (SE/SWP support for secure NFC transactions) (https://talk.maemo.org/showthread.php?t=87872)

Faking a secure-element source (SE/SWP support for secure NFC transactions)

Figured I'd share a brief email exchange I had with someone quite some time ago...
I haven't looked into this much at all yet, and suspect I won't have time any-time soon.
Nevertheless I figured it may be of interest for others to research further....
I'm not saying this is a solution of any sort, I haven't researched deeply enough claim anything.

Quote:

http://www.nxp.com/news/press-releas...om-google.html
The PN65N features an embedded Secure Element, which uses the same proven and tested NXP security solution found in bank cards; electronic passports; transportation and ticketing; physical access and other contactless applications. The PN65N is pin-to-pin compatible with the PN544 NFC radio controller giving manufacturers the choice to design with or without the secure element.
http://forum.xda-developers.com/show....php?t=1281946
http://stackoverflow.com/questions/6...595889#7595889
Lots of information but not much in the way of what I mentioned, yes you can do card-emulation, but the secure elements are non-trivial to modify.
Apparently if we had/cracked the Google keys then it would be another story ....

On 2012-07-04 09:26 , xxxx wrote:
Thanks mate, only if you happen to be doing some Android related research soon.

On 29/06/12 8:07 AM, zzzz wrote:
I'll have to search for it later.

On Jun 28, 2012 10:40 PM, xxxx wrote:
Kosh can you recall where you were reading about all this?

On 28/06/12 4:03 PM, xxxx wrote:
Interesting thanks......
I'd love to know how they've overcome lack of SE/SWP on the SGSII/III, & whether it can be re-adapted in some way for Maemo6x (MeeGo-Harmattan).

On 28/06/12 3:54 PM, zzzz wrote:
To "forge" a card you need to present a fake secure-element or modify the secure element on the device.
On the Nexus the secure element was originally usable, after a patch it was locked down to authenticated applications (or any app that could read it could copy your credit card to any evil-doer), on the SGS2(Korean) and SGS3 I believe there isn't one and they rely on one being available on the SIM card.
But there are some methods to dodgying one up, I just haven't read up enough on it, and it does require the phone to be rooted and I'm not sure I want to do that yet.

On 2012-06-28 15:26 , xxxx wrote:
But Nexus has the actual "physical" SE/SWP required doesn't it, or can you add that via dongle or similar and then support in the fw?

On 28/06/12 3:18 PM, zzzz wrote:
If you root the phone you can fake a secure-element source :).
The Galaxy Nexus could do that, but they nerfed it in a firmware release, so people had to hack it back in.

On 2012-06-28 14:59 , xxxx wrote:
You also need to have a secure-element/SWP (single wire protocol) embedded...
My N9 has NFC but alas lacks a secure-element, so could never support secure transactions*, even if Nokia went to the effort of securing licensing etc.
And they wouldn't, as they only care about their WP's now, so only the 610NFC & other upcoming Nokia WP's will do what some Android phones do now.
Oh and I think some of the most recent S^3 ones can including the very recent 808PV, but pretty sure that will be it.

*there are mSIMs with SE/SWP embedded, & stickers, & dongles, but I don't think adding support would be trivial, not sure though.

On 28/06/12 2:46 PM, zzzz wrote:
Yeah, if I was in the US I could even use Google Wallet and pay for things at those "paypass" terminals in shops.
It's not a technology problem, the phone can do it, it's some crappy visa/mastercard licensing thing.

Re: Faking a secure-element source (SE/SWP support for secure NFC transactions)

So, anyone have the balls to replace the PN544 with a PN65N?

From what I've read, Secure Element support is on the SmartMX, an additional module inside the PN65N.

If you were to pursue a pure-software approach to this, I think it would be best to check out how a real Galaxy Nexus does the authentication, card emulation and transaction at the NFC stack.

Once that's done, you can start stubbing SE functions and add them to a modified pn544 driver.

Re: Faking a secure-element source (SE/SWP support for secure NFC transactions)

I wouldn't hurry so much with the soldering iron :rolleyes:
Is it even as a separate chip on N9 or part of a SoC?

Re: Faking a secure-element source (SE/SWP support for secure NFC transactions)

Quote:

Originally Posted by juiceme (Post 1294550)

I wouldn't hurry so much with the soldering iron :rolleyes:
Is it even as a separate chip on N9 or part of a SoC?

ya, i m pretty sure its separate. I checked a while ago on the board pictures and posted somewhere in this forum. I wonder if its a BGA, otherwise it could be done.

Re: Faking a secure-element source (SE/SWP support for secure NFC transactions)

Quote:

Originally Posted by Hurrian (Post 1294462)

So, anyone have the balls to replace the PN544 with a PN65N?
From what I've read, Secure Element support is on the SmartMX, an additional module inside the PN65N.

That's hard-*** stuff, I never was much of a solderer... :D

Quote:

If you were to pursue a pure-software approach to this, I think it would be best to check out how a real Galaxy Nexus does the authentication, card emulation and transaction at the NFC stack.
Once that's done, you can start stubbing SE functions and add them to a modified pn544 driver.

Something like this is the ideal approach....
I'm hoping some wise folks out there have the time & inclination to investigate it all far more carefully.

Re: Faking a secure-element source (SE/SWP support for secure NFC transactions)

May I ask what is the point of trying to fake a SE? Apart from a proof of concept or a hobbyist project, that is.