search

nfc-developer / sdm-backend

Backend server for Secure Dynamic Messaging (SDM). Supports decryption of PICCData, SDMENCFileData, and validation of SDMMAC. Compatible with NTAG 424 DNA (both variants). Written in Python 3 Flask. Pull requests welcome.
MIT License
75 stars 39 forks source link
nfc nfc-tag ntag ntag424

readme

Backend server for decoding Secure Unique NFC Message (SUN)

An example of Flask application which can decrypt data contained in NDEF "mirrors" and validate their AES-CMAC cryptographic signature. Implemented according to AN12196 "NTAG 424 DNA and NTAG 424 DNA TagTamper features and hints".

Pull requests welcome.

Note: NTAG — is a trademark of NXP B.V.

Note: This GitHub project is not affiliated with NXP B.V. in any way. Product names are mentioned here in order to inform about compatibility.

Demo

Check out the demo at sdm.nfcdeveloper.com. This server is using blank authentication keys (all-zeros, factory default). You can use this server for testing and should work fine until you change the default factory keys on your tags.

How to configure the tags?

We suggest using NFC Developer App for Android/iOS in order to configure the tags. This application will do most things "under the hood" and your tags will work out-of-the-box with this project.

Contact

Feel free to reach me at hello@nfcdeveloper.com if you have any questions concerning this topic.

How to test?

Manual installation

  1. Clone the repository 
    apt install -y git
git clone https://github.com/nfc-developer/sdm-backend.git
cd sdm-backend
  2. Setup the virtualenv 
    apt install -y python3 python3-pip python3-venv
python3 -m venv venv
source venv/bin/activate
  3. Install the required dependencies and copy example config: 
    pip3 install -r requirements.txt
cp config.dist.py config.py
  4. Run Flask development server: 
    python3 app.py --host 0.0.0.0 --port 5000
  5. Visit localhost:5000 and check out the examples.

Using Docker

  1. Launch sdm-backend on port 5000:

    # ensure to delete old version, if it exists
docker rmi icedevml/sdm-backend:latest || true

# run sdm-backend
docker run \
   -p 5000:80 \
   -e MASTER_KEY=00000000000000000000000000000000 \
   icedevml/sdm-backend:latest
  2. Visit localhost:5000 and check out the examples.

Note: If you are running production instance, the MASTER_KEY should be an unique 16 byte value (hex encoded). However, all-zeros key is perfectly fine for testing.

Authors

Feel free to contact if you have any questions.