Utilisation de la bibliothèque libnfc

Bonjour,
Mon client désire pouvoir se connecter à son compte via une carte NFC (qu’il possède déjà pour ouvrir les portes de son lieu de travail et pour la cantine) au lieu de sélectionner son nom dans le popup et taper son mot de passe.
J’ai trouvé un lecteur qui lit sa carte NFC et qui fonctionne avec la librairie LIBNFC (DLL sous Windows et bibliothèque MAC).
Sauf que je ne vois pas comment interagir avec cette DLL/bibliothèque.
Quelqu’un aurait-il déjà fait cela ?

Merci de vos lumières

libnfc is “cross platform” but I think it is primarily a Linux solution. For Windows and Mac, it is normally better to not use libusb because the platform SDK already provides native API for reading smart cards.

e.g.

“pure” libusb is a good solution for Linux, but for Windows and Mac, it is would be better if the library could switch to a native backend.

It looks quite complicated to use the library on Windows, you need a special flavour of libusb (libusb-win32), you need to use MinGW (UNIX emulation), you need to put config files in the system directory…

For Mac, it is little bit better, but the latest version of libusb is 1.0.23 (identified by the header file “libusb.h”) yet libnfc is compatible with libusb-compat like 0.1.5_1 ((identified by the header file “usb.h”), so don’t install from GitHub, don’t brew install libusb.

Also you might want to read about the differences between Apple pcsc-lite and the “official” pcsc-lite, basically, don’t brew install pcsc-lite, just brew install libnfc.

This is exactly what I was looking for.
I opened the 4DB file to see the example. The test recognizes my ACR122U reader but not my ARDURIO.
I have a Windows application which controls the ACR122U with the SCardEstablishContext, SCardListReaders, SCardGetStatusChange, SCardConnect, SCardTransmit, SCardDisconnect, SCardReleaseContext functions but I can’t see how to use them with the SCARD bundle

Regards,

You seem to be over-thinking it!

A 4D plugin does not require any Win32 applications or Arduino.

True, I use LIBNFC or LIBUSB on Mac, but that is because the reader is made by SONY and there are no drivers for Mac (typical…). I suppose you would need to do similar for RFID reader made with Arduino but that is outside the scope of this plugin (you are welcome to fork and complete the C code).

Back to the plugin, you just call the commands like so:

  //use native API on both platforms. device driver from vendor must be installed 
$readers:=SCARD Get readers 

If ($readers.length#0)
	
	$reader:=$readers[0]

	$reader.timeout:=9	

	$status:=SCARD Read tag ($reader)
	
	If ($status.success)
		
		Case of 
			: ($status.typeName=Null)  //D.C. Metro SmarTrip 
				ALERT($status.IDm+":"+$status.PMm+":"+$status.type+":"+$status.cid)
				
			: ($status.typeName="Type A(T=CL)")  //S. Korea CITYPASS+, City of London Oyster Card
				ALERT(Substring($status.IDm;1;8)+":"+Substring($status.PMm;1;8)+":"+$status.type+":"+$status.cid)
				
			: ($status.typeName="FeliCa")  //PASMO, nanaco
				ALERT($status.IDm+":"+$status.PMm+":"+$status.type+":"+$status.cid)
				
			: ($status.typeName="Type A")  //SECOM Wireless IC Card
				ALERT(Substring($status.IDm;1;8)+":"+$status.cid)
				
		End case 
		
	End if 
	
End if 

I assume you understand the potential security risk of using the card ID for identification.

Hi Miyako

Thanks for this plugin !

I have been thinking about this subject recently.

I assume you understand the potential security risk of using the card ID for identification.

Are you implying it is not safe / unsecure ? I am interested in security in general so could you elaborate or send us some links to some articles ? Thanks :pray:
It is good to have this information to provide to clients and let them take the decision (and the risk).

I am not an expert on this subject, but here is how I understand the issue:

Each FeliCa has a “unique” ID known as IDm for traceability purposes. Since the ID is unique to each card, you might think of using it for identification.

But, just like you can make a microphone work as a speaker, a card reader can also be used to mimic a card. This is called “Host Card Emulation”, or HCE.

You can skim a card ID from an unsuspecting holder, and use HCE to make a card reader pretend to be that card.

FeliCa has a secure data region but you need a license to use it. Commercial applications use that region.

Anyone can read the IDm, but if you want to use it as a secure key (like a door lock), SONY recommends a dynamic protocol based on a randomly generated session key such as “Felica Lite-S”, instead of relying on the static identifier which can be faked.

FeliCa may not be so popular as MIFARE in Europe…perhaps this might shed some light:

Cool.

I have already seen physical pen testers conference showing hacking access to buildings by copying cards :grinning:

I love watching these hackers conferences I find it entertaining and enlightening.

Thanks for pointing me to this one.

Hi,

Thank you for all this information, very interesting.

What I am looking for is to have access to the SCardEstablishContext, SCardListReaders, SCardGetStatusChange, SCardConnect, SCardTransmit, SCardDisconnect, SCardReleaseContext functions so that I can read the content of the TAG and be able to write it if necessary.
For my current client, reading the IDm is enough for me since it is unique.

On the other hand, I would like to transpose another of my Windows applications (not developed in 4D) which allows you to copy / modify building access badges (for real estate agents for example)