RE: [Project] An extensible (plugin based) windows service that performs actions for NFC events

I found a memory leak in the service (in the sense that I noticed it was consuming 18gb of ram after 8 days. Hopefully that is now fixed but I'll have to keep an eye on it for a while to make sure.
Maz

I was just tinkering and found a neat feature. Because my credential provider talks to the service, I can have it suspend the services normal functions when a credential window is active. Which means I can use my ring to log into remote servers etc. its just a matter of getting the name of the server from the context of the credential provider (im sure its there somewhere. otherwise it sends my usual username and password).
Anyway. just thought that was cool.
Maz

Argh! 2:40am

It's working. Also, don't hate me but I've used the registry for storing auth data (more to see if I could read the registry from C++ than anything else).

But now that my actual data isn't stored in the code I'll be able to push to github or something like that in the morning.

This is how apps work on mobile phones. It has nothing to do with the NFC ring. It is the same if they click a link to your profile on a webpage. Worse yet, the different mobile platforms handle deep-linking a little differently.

The nfc tag is just saying "open url: your.url.facebook.com" or whatever. After that, it's the software on your phone that does the rest and that is where the problem lies. Send a message to google, apple, microsoft, facebook, linkedin, twitter etc and see if you can convince them to make the system more streamlined.

I wonder if they could actually make the facebook website detect that it is being opened on a phone that has the app installed and then from the browser, launch the app. I suspect not but you can always ask.

That's interesting. The limit in Australia seems to be $100 (AUD.. currently about US$75) and there aren't any fees to recover your money if you report the problem promptly.

BAM!
Hard-coded proof of concept working...

So,
I can potentially store the CredProtectW protected credentials on the NFC ring itself so that way I dont have to store the users details on the filesystem of the machine they're logging into. Or do we want both options?

I'm learning all about NFC as I go so forgive me if I don't know what I'm doing on that side of things.

New ring with new chips.

Just in case anyone wanted to see I made a terrible video.
This is just a proof of concept!

I think I'm the only person in the world who can easily log on to my home desktop PC with an nfc ring right now.

So... It is all refactored and makes a lot more sense now which is nice.

I did a new video and you see me testing it with an invalid NFC tag (the top of my ring) and it doesn't login, then when I scan the bottom it instantly lets me in (the ACR122U reader has a great range). You don't need to click anything at all just like the ASUS one.

I had an idea for how to store the credentials on the machine so I'll do that first and then I can look into password protecting credentials that are stored on the ring.
Maz

Apparently I am not as recovered from surgery as I might have hoped.
Here is my initial check-in and hopefully I can get back to it again soon.

https://github.com/maz-net-au/NCFRingCredentialProvider

So resting is dull and I wrote a C++ wrapper around CredProtect which means i can store an encrypted password which (in theory) only windows itself can decrypt again. Then I wrote a C# forms app that can call my C++ wrapper and write the data to the registry (this is the precursor to having a registration app). I'm not sure how long I can store the CredProtect result because I'm wary of what Microsoft might mean by "current security context" in their documentation... "The CredProtect function encrypts the specified credentials so that only the current security context can decrypt them." so further testing is needed.

I'm learning a lot, even if I'm not getting all that much done. As of Monday, I have to go back to my real job so won't be able to spend as much time on this. Ideally by then I'll have some kind of binary package that other people can play around with (without needing to compile it yourselves).

So I've just made a C# .Net project using MEF that runs as a windows service, checks a USB nfc reader and triggers events "NFCTagDown" and "NFCTagUp" respectively, passing the ID of the ring across to the set of plugins. It is possible to run multiple plugins / actions for each event (you'd probably want to have some way to register an NFC tag to a plugin).

The first attempt I made was to lock the PC with a swipe of the NFC ring (to go with my credentialprovider unlock project) but it seems that the new Session 0 isolation security measure blocks the service from performing this action. Even when I have marked the service as "Allow service to interact with desktop".

Call to action:

1. Does anyone have any ideas for how to lock a windows 8 / 10 pc from a service in C#? I've tried
   [DllImport("user32.dll")]
   public static extern bool LockWorkStation();
   and
   Process.Start(@"C:\WINDOWS\system32\rundll32.exe", "user32.dll,LockWorkStation");

2. What other plugins / actions would people want to perform?

3. What events are developers interested in for their own plugins?

Apparently I can't upload files here so I've shared it off my website in case people wanted the code. When I have a plugin that works I'll push it to github. The code is under an MIT license. Go nuts with it.
http://maz.net.au/Files/Public/NFCRingServiceCore.zip

Note: this is for developers only at the moment. You need to use installutil.exe to install the service.

I don't know how much time I'm going to have in the short term. I am getting ready to move countries. I was hoping that the kickstarter would be run and that could be used for polishing / making installers / making it user friendly.
I'll still try and work on this in my evenings and I'm definitely available to help other people get up to speed on what I've done.
Maz

Just after I wrote that I went back through the code and found what might be causing the 6321 and multiple reader failure. So... expect an update tomorrow (about 12 hours from now).
Maz

@jasok2
I dont think the kickstarter is going to delay it at all. You can already get the latest version now. The kickstarter is just going to add polish (RE: installers and crap) because it seems unlikely that I'll get around to that any time soon. I like the idea of using a kickstarter to add some professionalism to open source projects. So many of them could be really useful if an installer was made and a nice UI designed and used.

Okay. Update 7 is the last for the night. Could other users with windows 10 please test and see if the credential provider / unlock part fails if the machine is left locked for 5 minutes. I need to find out if it is specific hardware that is causing it or windows 10 in general.
Thanks.
Maz

Just imagine for a moment that you made a fake contactless reader case with one of these in it, that fit over a normal contactless reader.
Fun times..

@Tails
Mine worked better after I got rid of the android lock screen. If you're on Marshmallow then you might also no longer have the "No Lock" option anymore and I had to set mine to "Swipe" and then use https://play.google.com/store/apps/details?id=com.jusckeux.nolockscreen&hl=en to remove that.

According to Google support, "No lock" is no longer going to be an option. No idea if that is true but it is definitely missing from my phone now on 6.0.1. If you already had it set to that you seem to get to keep it, but I enabled the smartlock, which didnt work, and was not able to go back to "No Lock".

In the "NFC Ring Unlock Pro" app, in "unlock settings" at the very top right (in the title bar" does it say "enabled"? if it says "disabled", hit that (it's a button). Otherwise i'm not sure what else to suggest right now.

@Lokki
Done and done. Hopefully they actually ship it when they say they'll ship it. heh.

There are a heap of good tutorials online. Have a go at making the things you want?

The reason that you have to use the system lock screen is because google decided to not let you use the user credential store unless you have a google lock screen enabled. You could try use the Smart Lock feature. I.e. set a google lock screen then enable the google "Trust Agent" and enrol your NFC tag (i think it was added in lollipop or marshmallow). That'll let you use your nfc ring with the google lock screen but there are a group of users that have found this to be unreliable (myself included). There are open software bugs with google but until someone explains the exact cause to google, they're not likely to fix it.

What "multiple things" do you want? the ring basically has an ID and a section to store data (888 bytes or something).