NFC ring as part of the standard Android unlock system



  • I commented on the kickstarter and Rob gave me the following advice, I am having a little trouble with the actual unlocking and hoped someone could point me in the right direction.

    [quote:38jt65mk]@Thomas, what do you mean by "extra verification?" a double verification -- enter password and swipe nfc; or an alternate verification -- enter password or swipe nfc?
    The second one is possible if you're willing to do a little hacking. There's a 3rd party add-on to Android called Xposed Framework (requires root access) which does nothing other than to create an access point for other programs to get at some of the system processes that Android doesn't otherwise make available. Then there's an extension called NFC Unlock that uses Xposed. With NFC Unlock, your lock screen behaves normally, asking for a password if you have one set, but it will bypass the the password prompt if you scan a registered NFC tag. I've been enjoying this solution because it looks "normal," and someone trying to access the phone would have no idea that there's a way to bypass the password with NFC.[/quote:38jt65mk]

    I am using a Nexus 7 running stock 4.4.2 rooted.

    I have successfully registered 2 tags with the unlocker plugin, 1 with a web url and 1 with a generated passcode (by the mclear nfc unlocker app).

    any further info needed please ask



  • I'm not clear from your description what you have and have not done. Are the "unlocker plugin" and the "nfc unlocker app" the same thing?

    What I am talking about specifically is kind of a hack and as such, it exposes you to some risk if you're not clear how to use it or what it does. One risk is ruining your phone, so don't take what I'm saying as "advice" but simply as an option that has worked for me.

    Here are the steps I followed as I remember them:

    Download, install, and activate the Xposed Framework using the instructions here: [url:1fsjutc9]http://forum.xda-developers.com/showthread.php?t=1574401[/url:1fsjutc9]

    [quote:1fsjutc9]1. Download the Xposed Installer APK and install it

    1. Launch the Xposed Installer, go to the "Framework" section and click on "Install/Update"
    2. Reboot
    3. Done![/quote:1fsjutc9]

    Make sure Xposed is installed and running.

    Then download and install the Xposed module, NFC Unlocking, using instructions here: [url:1fsjutc9]http://forum.xda-developers.com/showthread.php?t=2478163[/url:1fsjutc9]
    The module is based off of another module called NFC LockScreenOff Enabler, so, once NFC Unlocking is installed, it may be referred to by Xposed and Android as NFC LockScreenOff Enabler.

    You may need to reopen your Xposed settings to confirm that the NFC LockScreenOff Enabler is activated in your Modules list.

    You then need to open the app, NFC LockScreenOff Enabler, and add your tags to the Authorized NFC tags.

    Then you might want to reboot again, because why not?

    Now if it still doesn't work, you should see if any of those steps didn't stick:
    Xposed installed? Running?
    NFC LockScreenOff Enabler enabled in Xposed?
    Are you tags listed as authorized in NFC LockScreenOff Enabler?

    There are some troubleshooting tips in those threads that may help you solve your problem if you can identify whether you issue is with the Framework or the Module.



  • I'm not entirely sure if this is something you're looking for, but this is what I've got working on my Galaxy S3.

    I can use my NFC ring to bypass my standard Android lockscreen security AND scan through the NFC Unlock app prompt. However, if I don't use my ring, I can still unlock my phone using a standard lockscreen PIN and the PIN I set up in the NFC Unlock App.

    I have the standard lockscreen PIN set to a 6 digit code. I have a 4 digit PIN set in the NFC Unlock App. Normally with just this in order to unlock my phone I would have to enter my 6 digit PIN on the lockscreen and then scan my NFC ring. With my new procedure I only have to scan my NFC ring once and it immediately unlocks my device.

    Things you need:

    • Rooted Android
    • Standard lockscreen security (PIN, pattern, password)
    • Tasker
    • Secure Settiings
    • NFC Unlock App
    • A Tasker Project file to import, called NFC Key

    The Tasker Project file you require is available on XDA, which is available here.

    Here are the steps I took:

    1. Setup your standard lockscreen security. This can be pattern, PIN or password.
    2. Install and setup the NFC Unlock app. Make sure it's working normally. Make sure that the unlock procedure kicks in after your standard lockscreen security has cleared. For example, if you have a pattern set, then clearing the pattern should automatically bring up the NFC Unlock prompt.
    3. Install and setup Tasker
    4. Install and setup Secure Settings. You'll need to install the Helper/Compatibility module. Also make sure to make Secure Settings as a Device Administrator in the systems Settings app.
    5. Download and extract the NFC Key file (it's an XML) to somewhere on your internal storage, e.g. /sdcard0/Tasker/projects
    6. Open up Tasker and import the XML you just copied to your device. Make sure that you've disabled Beginner Mode in the Preferences. Tap on the "Home" icon at the bottom of the interface, select "Import". Navigate to the location you copied the XML to and select it. It'll warn you to check the settings before you commit them, go ahead if you like, otherwise just save the settings.
    7. Beside the "Home" icon in Tasker you should see a tab called "NFC Key". Selecting it will show 4 Tasks and 1 Profile.
    8. Exit Tasker, then turn your device off.
    9. Turn your device on, make sure the lockscreen is showing, then tap your ring.

    If all worked out, your phone should automatically scan in past your lockscreen security AND the NFC Unlock prompt. If you watch carefully, you'll actually see the NFC Unlock prompt show up briefly before clearing out.

    What this Tasker Project does is recognize a NFC tag (any NFC) and bypasses the standard lockscreen security bys disabling it and then re-enabling it. Once it's past the standard lockscreen security, the NFC Unlock app prompt will show up and since you're already scanning in your NFC ring it will immediately pick up your stored NFC tag key and unlock the final gate.

    The reason why I consider this to be pretty secure is because even if someone manages to scan in any random NFC tag to bypass your standard Android lockscreen, you still need to get through the NFC Unlock app's own security prompt. So they'll still need your NFC ring or your registered PIN or Google Account in order to actually get into your phone. So ultimately this really only bypasses one of two security gates. Even if you lost your ring you can still get into your device the normal way.

    Hopefully this helps anyone else with an Android device who wants a pseudo 2 factor authentication method!



  • Xposed worked well enough for me but I found it to be a battery drain and wanted to see if i could get this into the android framework itself as I build my own ROM for my Nexus 5.

    So, the first thing i did was modify Nfc and Settings apps so you can choose when to enable Nfc Polling...

    • Polling off
    • Screen off
    • Screen on and locked
    • Screen on and unlocked
    • Screen on and locked only - this is a new mode i've put in that turns Nfc on with the screen and then off again once unlocked. As I only use Nfc on my phone for unlocking, this is really useful as its nice on the battery and doesn't prompt with the empty tag viewer every time i unlock!

    Then, using the Xposed module as a basis for the code (so big thanks to those guys!) I added Nfc unlocking into the framework and Nfc app as well as a section under Security settings where you can add/remove tags that are allowed to unlock.

    In terms of security, the Nfc tag acts as an override to whatever other lock screen you're using, pattern, pin etc. The tag contents are only handled if the screen is unlocked. If polling is set to 'screen on and locked' then the tag will be picked up as soon as the device is unlocked but there's no way for an unauthorised tag to have its contents handled while the screen is off or on and locked. The unlock is triggered from the Nfc app as an intent, it's probably possible to trigger this intent from elsewhere but the tags uid is checked from within the keyguard while handling it so the uid needs to be known and passed as part of the intent for this to work.

    It's all working nicely so far but given i'm not that familiar with the guts of the android lock screen security and creating new ui's, there's probably room for improvement.

    Given this is framework changes there isn't really an easy way to release something people can use and test. The code is all here:

    https://github.com/AospPlus/android_frameworks_base/commits/aosp-plus_4.4
    https://github.com/AospPlus/android_packages_apps_Settings/commits/aosp-plus_4.4
    https://github.com/AospPlus/android_packages_apps_Nfc/commits/aosp-plus_4.4

    and it's based on pure aosp (with a few other relatively minor changes) so should be straight forward enough to merge into other ROMs. If anyone wants to make changes/fixes and submit pull requests then please do. Once it's tested a bit and improved where needed I'll see about getting patches submitted to the major ROMs, (CyanogenMod etc.)

    Anyone with a Nexus 5 who knows how to compile ROMs can do so with

        repo init https://github.com/AospPlus/android_manifest -b aosp-plus_4.4
        repo sync
        brunch hammerhead


  • Another Xposed module you have the option to look into is the NFC LockScreenOffEnabler. The main purpose of this module to just to give the user the option of having NFC poll when the screen is off and/or locked (Similar to Tom's solution).

    Also its settings also has an "Authorize NFC tags" section where you can have the module remember certain NFC tag IDs that can unlock your device. Very simple to use. For most, it won't turn on the screen automatically if you try to unlock while the screen is off, but you can use Tasker and Trigger (or a similar combination) to accomplish that.

    Reminder that you have to be rooted to use Xposed. Battery life may vary, but I haven't noticed too much difference. If you're just looking for a convenient way to unlock your device, this worked for me.



  • Yeah I tried using the Xposed module NFCLockScreenOffEnabler, and it works really well. Problem is that it works too well. Sometimes I'd just be resting my hand on my leg and accidentally unlocking my phone without my knowledge of it. Using the NFC Unlock Control helps mitigate that risk some, but still your screen will be on for longer than you'd like, thus draining your battery.

    A great module/app, but just be warned that you might be triggering your screen more often than you'd like



  • Yeah, that can be problematic. I ended up setting it up to poll when the screen is on and locked, so I put the NFC tag (soon to be ring) in the sweet spot as I press the hardware home button to turn on the screen. Then it just unlocks almost immediately after turning on the screen. It's an extra step, but not a major inconvenience for me (I have a Galaxy Note 3, but it's not as convenient for phones with only softkeys or capacitive buttons). Depending on your phone and where you put it, like your case of accidentally unlocking in your pocket, it's not for everyone.



  • @Rob3E or @MikeInSeattle

    You guys seem to have done the Xposed Framework/NFC LockScreenOff Enabler method successfully. So I tagged you both to, maybe, provide me with an answer to a question I have.

    I got my ring, rooted my phone, installed the Xposed Framework (first time installing this, though, I've had ample experiencing rooting and flashing roms), and downloaded the NFC Lockscreen off enabler module. I set up a pin for my phone and set up the module to unlock my phone with my ring. My phone unlocks perfectly with my NFC Ring. However, whenever I unlock my phone with the NFC ring, the application "Tags" opens and it says "New tag collected" and under that it says "Unknown tag type". This link shows you guys a picture fo what that screen looks like. It is not my phone but I found this online and this is exactly what it looks like, except i don't get the options for "done" or "delete": http://img191.imageshack.us/img191/5827/newtagcollected.png

    So, in other words, it doesn't just unlock my phone with the ring as if I input a pin, but it also opens this "tags" app and tries to tell me the contents of the tag--I know this because before it would tell me what the NFC Ring Control app set up on the tag which was the website for nfcring. I thought clearing the tags on the ring of its content would stop that from showing but now it just says "unknown tag type". Perhaps you know a way around it. I'm currently scavenging the internet for an answer to this but no one even mentions this issue in the official XDA developers forum for NFC Lockscreenoff enabler, at least from what I can tell. I've seen people say to disable this app and I've seen people say the NFC reader is malfunctioning, but it is never in the context of what I'm trying to do. I disbaled the app temporarily but I notice on here you guys don't mention this at all as if it didnt happen to you guys. So I'm wondering if anyone here knows anything about this.

    Thanks,

    Mauricio



  • @MauricioU Yes, it will try to read the contents of the NFC tag, and clearing it will only give you the "unknown tag" issue. That is an Android thing it does.

    There are 3 ways to go about it:

    1. There is also another Xposed module called "Disable NFC Tag Empty Message". It just prevents Android from showing the "unknown tag" display. This is only supported for devices up to Ice Cream Sandwich. There is no 4.2+ support yet.

    2. Make the tag do nothing. Just write to the ring an empty action list. So the tag is technically not empty... just not told to do anything.

    3. Make the ring do something you can use at unlock. For me, I pattern lock my private apps as well, and use the ring to disable protection. You can be creative here.

    I hope this helps!



  • Tom,

    Just wanted to say thanks for taking the time to do this.... I merged your code into a build of Slim (4.4.4) and all is working great. Really appreciate your hard work!

    -Chris

    @Tom said:

    Xposed worked well enough for me but I found it to be a battery drain and wanted to see if i could get this into the android framework itself as I build my own ROM for my Nexus 5.

    So, the first thing i did was modify Nfc and Settings apps so you can choose when to enable Nfc Polling...

    • Polling off
    • Screen off
    • Screen on and locked
    • Screen on and unlocked
    • Screen on and locked only - this is a new mode i've put in that turns Nfc on with the screen and then off again once unlocked. As I only use Nfc on my phone for unlocking, this is really useful as its nice on the battery and doesn't prompt with the empty tag viewer every time i unlock!

    Then, using the Xposed module as a basis for the code (so big thanks to those guys!) I added Nfc unlocking into the framework and Nfc app as well as a section under Security settings where you can add/remove tags that are allowed to unlock.

    In terms of security, the Nfc tag acts as an override to whatever other lock screen you're using, pattern, pin etc. The tag contents are only handled if the screen is unlocked. If polling is set to 'screen on and locked' then the tag will be picked up as soon as the device is unlocked but there's no way for an unauthorised tag to have its contents handled while the screen is off or on and locked. The unlock is triggered from the Nfc app as an intent, it's probably possible to trigger this intent from elsewhere but the tags uid is checked from within the keyguard while handling it so the uid needs to be known and passed as part of the intent for this to work.

    It's all working nicely so far but given i'm not that familiar with the guts of the android lock screen security and creating new ui's, there's probably room for improvement.

    Given this is framework changes there isn't really an easy way to release something people can use and test. The code is all here:

    https://github.com/AospPlus/android_frameworks_base/commits/aosp-plus_4.4
    https://github.com/AospPlus/android_packages_apps_Settings/commits/aosp-plus_4.4
    https://github.com/AospPlus/android_packages_apps_Nfc/commits/aosp-plus_4.4

    and it's based on pure aosp (with a few other relatively minor changes) so should be straight forward enough to merge into other ROMs. If anyone wants to make changes/fixes and submit pull requests then please do. Once it's tested a bit and improved where needed I'll see about getting patches submitted to the major ROMs, (CyanogenMod etc.)

    Anyone with a Nexus 5 who knows how to compile ROMs can do so with

        repo init https://github.com/AospPlus/android_manifest -b aosp-plus_4.4
        repo sync
        brunch hammerhead


  • @MikeInSeattle said:

    1. Make the tag do nothing. Just write to the ring an empty action list. So the tag is technically not empty... just not told to do anything.

    How do you write an empty action list?



  • @darren1
    Okay, in this case, I'm wrong the way it's said. You can't necessarily write an empty action list, but you can write an action that doesn't change the state of your device in any way via Tasker and NFC Tools apps (or similar).

    Are you familiar with these kind of apps?



  • @MikeInSeattle I see what you mean now. What I have done is freeze "Tags" via Titanium Backup, seems to have done the job.



  • @darren1 good to hear!


Log in to reply
 

Looks like your connection to NFC Ring Forum was lost, please wait while we try to reconnect.