KSEC Tagbase

Our RFID & NFC Knowledge Base

Version 1.3.1

NFCProxy (EMV Relay attack) - Android

NFCProxy is a an Android app that lets you proxy transactions between an RFID credit card and a reader. The saved transactions can be replayed to skim credit cards or the RFID credit card can be replayed at a POS terminal.

NFCProxy can also be useful for protocol analysis to learn about the underlying communication protocol.

To facilitate protocol analysis, NFCProxy should be installed on two NFC enabled Android devices. One end will relay requests directly to a credit card. The other end will proxy a reader’s requests over WiFi to the relay end.

How to use NFCProxy:

  1. Make sure both phones are on WiFi (or figure out how to connect to each other directly over IP)
  2. Decide which phones will act as the Relay and which will act as the Proxy.
  3. On the Proxy side, go to settings and set the IP address of the Relay node. (The relay’s IP address should be shown in the Relay’s settings section)
  4. Decide if you want to encrypt the transmission between the Proxy and Relay. (This makes transactions slower. You may not need this if using WPA. Encryption settings need to be set on BOTH Relay and Proxy sides)
  5. Place the Relay phone on a credit card. (The Relay phone will indicate if the card has been detected. If you don’t see anything, move the card and phone around until they detect)
  6. Place the Proxy phone near a POS terminal (You may need to leave the phone near the reader for a couple of seconds)

Check the Status tab on the Proxy end of error messages. Occasionally, you’ll get error messages on the Relay end too.

You can long press the transactions in the Data tab to: Replay the Tag/Credit card (for a reader) Replay the PCD/Reader (to read credit card) Delete the transaction from the screen Save the transaction to the local database (Unencrypted) Export the transaction to a file (Unencrypted)

All transactions in the Data tab are transitory unless you explicitly save them (e.g. if you hit the back button, they’re gone).

The Save tab contains saved transactions. Clicking on these entries puts the phone in replay mode (either PCD or Tag). NFCProxy comes with some pre-saved transactions. You can use these transactions to test your cards. Different types of credit cards will elicit different requests from a PCD, so the built-in transactions are not guaranteed to work with your card.