Primitive use of NFC for blockchain applications

cc32d9
cc32d9
Oct 26 · 2 min read

Every NFC chip has a 4- or 7-byte UID, and usually manufactures guarantee that the 7-byte UID is unique. Also authentic chips manufactured by NXP Semiconductors have a 32-byte ECC signature that is also easy to read.

A simple NFC reader in a phone or in a vending machine can read this data, do SHA256 hash on it, and that would be a private key for blockchain operation. For example, a shopkeeper would see the public key, and send some deposit tokens or fidelity points to an associated EOSIO account. A vending machine can automatically deduct some amount from such an account.

One issue is that most NFC cards in your wallet have a 4-byte UID. It gives only 4 billion possible combinations, so a private key would be cracked within a day. Most chips that are used are Mifare Classic chips which have a very poor security schema. The data on such a chip can be cracked and modified within minutes, or at maximum an hour.

The newest generation NTAG213/215/216 chips by NXP Semiconductors have 7-byte UID, and are accompanied with vendor ECC signature. This would produce a much more reliable private key. Also an application can write and lock some random seed in the memory sectors of the chip.

Here’s a simple demo of reading the UID and vendor signature and producing a private key. The program prints out a corresponding public key:

EDIT: I applied two Motorola Android phones of different generations to the reader, and it showed the UID differing in one byte only. Not really good for any practical use.

cc32d9

Written by

cc32d9

Telegram: cc32d9, EOS account: "cc32dninexxx"

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade