Thread: Faking a secure-element source (SE/SWP support for secure NFC transactions)
View Single Post
jalyst is offline jalyst
2012-11-15 , 07:41
Moderator | Posts: 5,320 | Thanked: 4,464 times | Joined on Oct 2009
#1
Figured I'd share a brief email exchange I had with someone quite some time ago...
I haven't looked into this much at all yet, and suspect I won't have time any-time soon.
Nevertheless I figured it may be of interest for others to research further....
I'm not saying this is a solution of any sort, I haven't researched deeply enough claim anything.

http://www.nxp.com/news/press-releas...om-google.html
The PN65N features an embedded Secure Element, which uses the same proven and tested NXP security solution found in bank cards; electronic passports; transportation and ticketing; physical access and other contactless applications. The PN65N is pin-to-pin compatible with the PN544 NFC radio controller giving manufacturers the choice to design with or without the secure element.
http://forum.xda-developers.com/show....php?t=1281946
http://stackoverflow.com/questions/6...595889#7595889
Lots of information but not much in the way of what I mentioned, yes you can do card-emulation, but the secure elements are non-trivial to modify.
Apparently if we had/cracked the Google keys then it would be another story ....

On 2012-07-04 09:26 , xxxx wrote:
Thanks mate, only if you happen to be doing some Android related research soon.

On 29/06/12 8:07 AM, zzzz wrote:
I'll have to search for it later.

On Jun 28, 2012 10:40 PM, xxxx wrote:
Kosh can you recall where you were reading about all this?

On 28/06/12 4:03 PM, xxxx wrote:
Interesting thanks......
I'd love to know how they've overcome lack of SE/SWP on the SGSII/III, & whether it can be re-adapted in some way for Maemo6x (MeeGo-Harmattan).

On 28/06/12 3:54 PM, zzzz wrote:
To "forge" a card you need to present a fake secure-element or modify the secure element on the device.
On the Nexus the secure element was originally usable, after a patch it was locked down to authenticated applications (or any app that could read it could copy your credit card to any evil-doer), on the SGS2(Korean) and SGS3 I believe there isn't one and they rely on one being available on the SIM card.
But there are some methods to dodgying one up, I just haven't read up enough on it, and it does require the phone to be rooted and I'm not sure I want to do that yet.

On 2012-06-28 15:26 , xxxx wrote:
But Nexus has the actual "physical" SE/SWP required doesn't it, or can you add that via dongle or similar and then support in the fw?

On 28/06/12 3:18 PM, zzzz wrote:
If you root the phone you can fake a secure-element source .
The Galaxy Nexus could do that, but they nerfed it in a firmware release, so people had to hack it back in.

On 2012-06-28 14:59 , xxxx wrote:
You also need to have a secure-element/SWP (single wire protocol) embedded...
My N9 has NFC but alas lacks a secure-element, so could never support secure transactions*, even if Nokia went to the effort of securing licensing etc.
And they wouldn't, as they only care about their WP's now, so only the 610NFC & other upcoming Nokia WP's will do what some Android phones do now.
Oh and I think some of the most recent S^3 ones can including the very recent 808PV, but pretty sure that will be it.

*there are mSIMs with SE/SWP embedded, & stickers, & dongles, but I don't think adding support would be trivial, not sure though.

On 28/06/12 2:46 PM, zzzz wrote:
Yeah, if I was in the US I could even use Google Wallet and pay for things at those "paypass" terminals in shops.
It's not a technology problem, the phone can do it, it's some crappy visa/mastercard licensing thing.