RE: [Project] An extensible (plugin based) windows service that performs actions for NFC events

I found a memory leak in the service (in the sense that I noticed it was consuming 18gb of ram after 8 days. Hopefully that is now fixed but I'll have to keep an eye on it for a while to make sure.
Maz

I was just tinkering and found a neat feature. Because my credential provider talks to the service, I can have it suspend the services normal functions when a credential window is active. Which means I can use my ring to log into remote servers etc. its just a matter of getting the name of the server from the context of the credential provider (im sure its there somewhere. otherwise it sends my usual username and password).
Anyway. just thought that was cool.
Maz

Argh! 2:40am

It's working. Also, don't hate me but I've used the registry for storing auth data (more to see if I could read the registry from C++ than anything else).

But now that my actual data isn't stored in the code I'll be able to push to github or something like that in the morning.

This is how apps work on mobile phones. It has nothing to do with the NFC ring. It is the same if they click a link to your profile on a webpage. Worse yet, the different mobile platforms handle deep-linking a little differently.

The nfc tag is just saying "open url: your.url.facebook.com" or whatever. After that, it's the software on your phone that does the rest and that is where the problem lies. Send a message to google, apple, microsoft, facebook, linkedin, twitter etc and see if you can convince them to make the system more streamlined.

I wonder if they could actually make the facebook website detect that it is being opened on a phone that has the app installed and then from the browser, launch the app. I suspect not but you can always ask.

That's interesting. The limit in Australia seems to be $100 (AUD.. currently about US$75) and there aren't any fees to recover your money if you report the problem promptly.

BAM!
Hard-coded proof of concept working...

So,
I can potentially store the CredProtectW protected credentials on the NFC ring itself so that way I dont have to store the users details on the filesystem of the machine they're logging into. Or do we want both options?

I'm learning all about NFC as I go so forgive me if I don't know what I'm doing on that side of things.

New ring with new chips.

Just in case anyone wanted to see I made a terrible video.
This is just a proof of concept!

I think I'm the only person in the world who can easily log on to my home desktop PC with an nfc ring right now.

So... It is all refactored and makes a lot more sense now which is nice.

I did a new video and you see me testing it with an invalid NFC tag (the top of my ring) and it doesn't login, then when I scan the bottom it instantly lets me in (the ACR122U reader has a great range). You don't need to click anything at all just like the ASUS one.

I had an idea for how to store the credentials on the machine so I'll do that first and then I can look into password protecting credentials that are stored on the ring.
Maz

Apparently I am not as recovered from surgery as I might have hoped.
Here is my initial check-in and hopefully I can get back to it again soon.

https://github.com/maz-net-au/NCFRingCredentialProvider

New ring with new chips.

I did contact Microsoft about their companion devices framework and got a response from Anoosh asking for more information, but havent heard any more since then. I assume I'll get a response that either says that its not suitable for what we're doing here, or that we can get access to this framework. That'll presumably be win10 or higher so I'll keep working on the old solution anyway.
My new NFC ring arrived today so I'll finish off the code and use that to register the new device to test the process and then upload it all to github.

Made a heap of progress today but the new features aren't finished or tested. Of course there is heaps more work to do but I might be able to get around storing an unencrypted password finally. I've tested my new setup a few times and it works but I'm definitely in unchartered territory with this so I think I'll keep testing it myself for a while (a week or 2) in case it all goes horribly wrong.
the good news is significantly improved registration process (i.e. you swipe a ring and the machine locks, when you log back in thats the account that it uses for unlocking). I'll have to ponder the implications of having that setup that way but for now it seems to work as well as the old solution.
I have some more scenarios to test to see if i can find out what is requesting auth using the standard credential prompt. If i can get some kind of consistant ID I'll be able to make a plugin that handles a CredUI popup (i.e. when using remote desktop or file shares etc) and gives an appropriate response based on the ring swipe.

Progress!

All in all, a busy day. It made me laugh, it made me cry, but none of that matters so long as it works.

My relocation is still being postponed for reasons beyond my control.
It looks like I should probably apply for access to the companion device framework although it looks like it is essentially going to work the same way as the current Sesame software does, but fixes the issues I have with needing to hold onto the password.

It's a long weekend this weekend so I'll see what I can do.

Hi
It has been a while. I lost the inlay out of my ring that I was using for unlocking my pc so i hadn't been using the software for a while. I just found it again tonight and once I glue it back in I should be able to do some more work on it. I have found one bug with the new network based architecture that I've fixed and I still need to finish writing the config file part of it.
Does anyone have more specific focus for my net round of updates? Keeping in mind that I'm (obviously) the last person you'd ask to design UI and UX.
Maz

@chadg
There absolutely is progress happening with this. I'm putting updates in another thread https://forum.nfcring.com/topic/724/project-an-extensible-plugin-based-windows-service-that-performs-actions-for-nfc-events/38
and the code is all on John's github https://github.com/mclear/Sesame

I'm in Japan again for a while. Hopefully today I can go and source some tiny NFC reader from Akihabara and then continue working on it this weekend (its a long weekend in Japan). I'll definitely post a video when i've made some more progress. I'll also update the github. But now that I've got this idea, I'm going to move the credential provider part of the service as a main part, rather than as a plugin so that it makes more sense to use this so suspend plugin processing (so that swiping a ring with an RDP credential prompt up doesnt lock your local machine instead of passing the login). Otherwise i'd have to make a more complex rules engine for processing plugins

i.e. you'd "activate" a plugin to run "only when the machine is logged in" and set the order that they ran and also make one be able to stop processing all of the others. and this might have to be registered on a "per ring" basis.
so
check ring
-> get list of plugins
-> get machine state (locked, unlocked, awaiting credential)
-> run plugins in order
-> check plugin result, and stop processing plugins if required

Its all doable. I'll work on it and post an update when i've made a decision for how I want to do things.

I was just tinkering and found a neat feature. Because my credential provider talks to the service, I can have it suspend the services normal functions when a credential window is active. Which means I can use my ring to log into remote servers etc. its just a matter of getting the name of the server from the context of the credential provider (im sure its there somewhere. otherwise it sends my usual username and password).
Anyway. just thought that was cool.
Maz

I am alive. I made it to the USA and i have my nfc reader with me. Unfortunately, I don't have a PC yet but I can continue development using my laptop (and windows 7).
If people could use the issue tracker on https://github.com/mclear/Sesame that'd give my work a bit more direction.
Thanks
Maz

That's interesting. The limit in Australia seems to be $100 (AUD.. currently about US$75) and there aren't any fees to recover your money if you report the problem promptly.