NFC ring as part of the standard Android unlock system
-
I'm not entirely sure if this is something you're looking for, but this is what I've got working on my Galaxy S3.
I can use my NFC ring to bypass my standard Android lockscreen security AND scan through the NFC Unlock app prompt. However, if I don't use my ring, I can still unlock my phone using a standard lockscreen PIN and the PIN I set up in the NFC Unlock App.
I have the standard lockscreen PIN set to a 6 digit code. I have a 4 digit PIN set in the NFC Unlock App. Normally with just this in order to unlock my phone I would have to enter my 6 digit PIN on the lockscreen and then scan my NFC ring. With my new procedure I only have to scan my NFC ring once and it immediately unlocks my device.
Things you need:
- Rooted Android
- Standard lockscreen security (PIN, pattern, password)
- Tasker
- Secure Settiings
- NFC Unlock App
- A Tasker Project file to import, called NFC Key
The Tasker Project file you require is available on XDA, which is available here.
Here are the steps I took:
- Setup your standard lockscreen security. This can be pattern, PIN or password.
- Install and setup the NFC Unlock app. Make sure it's working normally. Make sure that the unlock procedure kicks in after your standard lockscreen security has cleared. For example, if you have a pattern set, then clearing the pattern should automatically bring up the NFC Unlock prompt.
- Install and setup Tasker
- Install and setup Secure Settings. You'll need to install the Helper/Compatibility module. Also make sure to make Secure Settings as a Device Administrator in the systems Settings app.
- Download and extract the NFC Key file (it's an XML) to somewhere on your internal storage, e.g. /sdcard0/Tasker/projects
- Open up Tasker and import the XML you just copied to your device. Make sure that you've disabled Beginner Mode in the Preferences. Tap on the "Home" icon at the bottom of the interface, select "Import". Navigate to the location you copied the XML to and select it. It'll warn you to check the settings before you commit them, go ahead if you like, otherwise just save the settings.
- Beside the "Home" icon in Tasker you should see a tab called "NFC Key". Selecting it will show 4 Tasks and 1 Profile.
- Exit Tasker, then turn your device off.
- Turn your device on, make sure the lockscreen is showing, then tap your ring.
If all worked out, your phone should automatically scan in past your lockscreen security AND the NFC Unlock prompt. If you watch carefully, you'll actually see the NFC Unlock prompt show up briefly before clearing out.
What this Tasker Project does is recognize a NFC tag (any NFC) and bypasses the standard lockscreen security bys disabling it and then re-enabling it. Once it's past the standard lockscreen security, the NFC Unlock app prompt will show up and since you're already scanning in your NFC ring it will immediately pick up your stored NFC tag key and unlock the final gate.
The reason why I consider this to be pretty secure is because even if someone manages to scan in any random NFC tag to bypass your standard Android lockscreen, you still need to get through the NFC Unlock app's own security prompt. So they'll still need your NFC ring or your registered PIN or Google Account in order to actually get into your phone. So ultimately this really only bypasses one of two security gates. Even if you lost your ring you can still get into your device the normal way.
Hopefully this helps anyone else with an Android device who wants a pseudo 2 factor authentication method!
-
Xposed worked well enough for me but I found it to be a battery drain and wanted to see if i could get this into the android framework itself as I build my own ROM for my Nexus 5.
So, the first thing i did was modify Nfc and Settings apps so you can choose when to enable Nfc Polling...
- Polling off
- Screen off
- Screen on and locked
- Screen on and unlocked
- Screen on and locked only - this is a new mode i've put in that turns Nfc on with the screen and then off again once unlocked. As I only use Nfc on my phone for unlocking, this is really useful as its nice on the battery and doesn't prompt with the empty tag viewer every time i unlock!
Then, using the Xposed module as a basis for the code (so big thanks to those guys!) I added Nfc unlocking into the framework and Nfc app as well as a section under Security settings where you can add/remove tags that are allowed to unlock.
In terms of security, the Nfc tag acts as an override to whatever other lock screen you're using, pattern, pin etc. The tag contents are only handled if the screen is unlocked. If polling is set to 'screen on and locked' then the tag will be picked up as soon as the device is unlocked but there's no way for an unauthorised tag to have its contents handled while the screen is off or on and locked. The unlock is triggered from the Nfc app as an intent, it's probably possible to trigger this intent from elsewhere but the tags uid is checked from within the keyguard while handling it so the uid needs to be known and passed as part of the intent for this to work.
It's all working nicely so far but given i'm not that familiar with the guts of the android lock screen security and creating new ui's, there's probably room for improvement.
Given this is framework changes there isn't really an easy way to release something people can use and test. The code is all here:
https://github.com/AospPlus/android_frameworks_base/commits/aosp-plus_4.4
https://github.com/AospPlus/android_packages_apps_Settings/commits/aosp-plus_4.4
https://github.com/AospPlus/android_packages_apps_Nfc/commits/aosp-plus_4.4and it's based on pure aosp (with a few other relatively minor changes) so should be straight forward enough to merge into other ROMs. If anyone wants to make changes/fixes and submit pull requests then please do. Once it's tested a bit and improved where needed I'll see about getting patches submitted to the major ROMs, (CyanogenMod etc.)
Anyone with a Nexus 5 who knows how to compile ROMs can do so with
repo init https://github.com/AospPlus/android_manifest -b aosp-plus_4.4 repo sync brunch hammerhead -
Another Xposed module you have the option to look into is the NFC LockScreenOffEnabler. The main purpose of this module to just to give the user the option of having NFC poll when the screen is off and/or locked (Similar to Tom's solution).
Also its settings also has an "Authorize NFC tags" section where you can have the module remember certain NFC tag IDs that can unlock your device. Very simple to use. For most, it won't turn on the screen automatically if you try to unlock while the screen is off, but you can use Tasker and Trigger (or a similar combination) to accomplish that.
Reminder that you have to be rooted to use Xposed. Battery life may vary, but I haven't noticed too much difference. If you're just looking for a convenient way to unlock your device, this worked for me.
-
Yeah I tried using the Xposed module NFCLockScreenOffEnabler, and it works really well. Problem is that it works too well. Sometimes I'd just be resting my hand on my leg and accidentally unlocking my phone without my knowledge of it. Using the NFC Unlock Control helps mitigate that risk some, but still your screen will be on for longer than you'd like, thus draining your battery.
A great module/app, but just be warned that you might be triggering your screen more often than you'd like
-
Yeah, that can be problematic. I ended up setting it up to poll when the screen is on and locked, so I put the NFC tag (soon to be ring) in the sweet spot as I press the hardware home button to turn on the screen. Then it just unlocks almost immediately after turning on the screen. It's an extra step, but not a major inconvenience for me (I have a Galaxy Note 3, but it's not as convenient for phones with only softkeys or capacitive buttons). Depending on your phone and where you put it, like your case of accidentally unlocking in your pocket, it's not for everyone.
-
You guys seem to have done the Xposed Framework/NFC LockScreenOff Enabler method successfully. So I tagged you both to, maybe, provide me with an answer to a question I have.
I got my ring, rooted my phone, installed the Xposed Framework (first time installing this, though, I've had ample experiencing rooting and flashing roms), and downloaded the NFC Lockscreen off enabler module. I set up a pin for my phone and set up the module to unlock my phone with my ring. My phone unlocks perfectly with my NFC Ring. However, whenever I unlock my phone with the NFC ring, the application "Tags" opens and it says "New tag collected" and under that it says "Unknown tag type". This link shows you guys a picture fo what that screen looks like. It is not my phone but I found this online and this is exactly what it looks like, except i don't get the options for "done" or "delete": http://img191.imageshack.us/img191/5827/newtagcollected.png
So, in other words, it doesn't just unlock my phone with the ring as if I input a pin, but it also opens this "tags" app and tries to tell me the contents of the tag--I know this because before it would tell me what the NFC Ring Control app set up on the tag which was the website for nfcring. I thought clearing the tags on the ring of its content would stop that from showing but now it just says "unknown tag type". Perhaps you know a way around it. I'm currently scavenging the internet for an answer to this but no one even mentions this issue in the official XDA developers forum for NFC Lockscreenoff enabler, at least from what I can tell. I've seen people say to disable this app and I've seen people say the NFC reader is malfunctioning, but it is never in the context of what I'm trying to do. I disbaled the app temporarily but I notice on here you guys don't mention this at all as if it didnt happen to you guys. So I'm wondering if anyone here knows anything about this.
Thanks,
Mauricio
-
@MauricioU Yes, it will try to read the contents of the NFC tag, and clearing it will only give you the "unknown tag" issue. That is an Android thing it does.
There are 3 ways to go about it:
-
There is also another Xposed module called "Disable NFC Tag Empty Message". It just prevents Android from showing the "unknown tag" display. This is only supported for devices up to Ice Cream Sandwich. There is no 4.2+ support yet.
-
Make the tag do nothing. Just write to the ring an empty action list. So the tag is technically not empty... just not told to do anything.
-
Make the ring do something you can use at unlock. For me, I pattern lock my private apps as well, and use the ring to disable protection. You can be creative here.
I hope this helps!
-
-
This post is deleted! -
@MikeInSeattle said:
- Make the tag do nothing. Just write to the ring an empty action list. So the tag is technically not empty... just not told to do anything.
How do you write an empty action list?
-
@darren1
Okay, in this case, I'm wrong the way it's said. You can't necessarily write an empty action list, but you can write an action that doesn't change the state of your device in any way via Tasker and NFC Tools apps (or similar).Are you familiar with these kind of apps?
-
@MikeInSeattle I see what you mean now. What I have done is freeze "Tags" via Titanium Backup, seems to have done the job.
-
@darren1 good to hear!