Most active commenters
  • crowbahr(6)
  • lukan(3)
  • wkat4242(3)
  • lxgr(3)

←back to thread

Reading NFC Passport Chips in Linux

(shkspr.mobi)
287 points robin_reala | 31 comments | 25 Jun 25 07:33 UTC | HN request time: 1.809s | source | bottom
1. dzhiurgis ◴[25 Jun 25 09:35 UTC] No.44375315[source]
Hol up. So what stops you from uploading custom photo + metadata onto random chip and planting it in a fake passport?
replies(5): >>44375334 #>>44375336 #>>44375342 #>>44375469 #>>44376015 #
2. 23434dsf ◴[25 Jun 25 09:38 UTC] No.44375334[source]
Conscience
replies(1): >>44375490 #
3. neoromantique ◴[25 Jun 25 09:38 UTC] No.44375336[source]
Considering how often it is done, not much?
replies(2): >>44375705 #>>44379387 #
4. edent ◴[25 Jun 25 09:39 UTC] No.44375342[source]
The data are signed with the passport issuing authority's private key.

So you could implement a chip which reacts like an official passport. When the border guards see that the signature is invalid, you can explain how it's just a prank and you'll all have a jolly good laugh about it.

replies(4): >>44375530 #>>44375612 #>>44375693 #>>44375852 #
5. remcob ◴[25 Jun 25 10:01 UTC] No.44375469[source]
Besides the data being signed as already mentioned, the protocol is interactive and custom to passport documents. So you can’t just put it on any programmable NFC tag. I also doubt you can buy programmable ones implementing the passport protocols. But maybe you can find general purpose programmable ones you can implement the protocol on.

There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.

replies(2): >>44376431 #>>44379741 #
6. ragebol ◴[25 Jun 25 10:04 UTC] No.44375490[source]
Expectation of punishment
7. 23434dsf ◴[25 Jun 25 10:12 UTC] No.44375530[source]
So if I strolled through the airport with a high power NFC reader/writer, I could ruin a lot of peoples trips?
replies(4): >>44375586 #>>44375593 #>>44375610 #>>44376406 #
8. daveoc64 ◴[25 Jun 25 10:20 UTC] No.44375586{3}[source]
What makes you think you could do this?
9. lukan ◴[25 Jun 25 10:21 UTC] No.44375593{3}[source]
"The NFC chip in a passport is protected by a password. The password is printed on the inside of the physical passport. As well as needing to be physically close to the passport for NFC to work0, you also need to be able to see the password."
replies(2): >>44375631 #>>44379675 #
10. edent ◴[25 Jun 25 10:23 UTC] No.44375610{3}[source]
No.

NFC chips can be locked. That means the data can't be overwritten. No matter the writer, nor its strength, you can't overwrite a passport's chip.

I suppose you could use an EMP - but that would ruin a lot more than just some trips.

11. wkat4242 ◴[25 Jun 25 10:23 UTC] No.44375612[source]
I doubt border guards know what a cryptographic signature is. But they'll probably have a big red marker that tells them to hold you and get someone who knows :)
12. wkat4242 ◴[25 Jun 25 10:25 UTC] No.44375631{4}[source]
Yes but. In Europe this tech is also in our id cards whether said passport is printed on the outside (considering it's just a credit card format). You still have to see it but it doesn't have to be opened to the right page like a passport.

Both sides even have the info printed. One side in human format, the owner side in machine readable.

replies(1): >>44375664 #
13. lukan ◴[25 Jun 25 10:30 UTC] No.44375664{5}[source]
Yes, but this still means a attacker needs to have physical access to the passport?
replies(2): >>44375871 #>>44376215 #
14. Nextgrid ◴[25 Jun 25 10:35 UTC] No.44375693[source]
I remember reading an article or paper that checked the validity and spec compliance of various nations's passports, and found lots of variation, so a valid signature isn't actually a guarantee even in a legit passport.
15. agnishom ◴[25 Jun 25 10:37 UTC] No.44375705[source]
What makes you think it is done often?
replies(1): >>44376434 #
16. vbezhenar ◴[25 Jun 25 11:03 UTC] No.44375852[source]
Invalid signature probably will result from chip degradation or other electronic failures and I'm pretty sure that you won't be the first they see. Passport is supposed to be valid without any digital things, so they'll proceed with ordinary procedures, with manual entry of data from passport.
replies(1): >>44379664 #
17. tialaramex ◴[25 Jun 25 11:04 UTC] No.44375871{6}[source]
They need to know the information which functions as key. Because many people don't trust government secrets, the information used for this purpose on a passport is actually just facts about you which were already printed in your passport, plus the passport number. The machine summarises these in a "Machine readable zone" but they're nothing you didn't know.

For a random traveller you can probably guess roughly how old they are, which is a few bits for the date-of-birth, and maybe you could strike up conversation and discover their name (or maybe it's printed on baggage, called out by fellow travellers etc.) but yeah it'll be very hard

For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued.

replies(1): >>44376030 #
18. SXX ◴[25 Jun 25 11:26 UTC] No.44376015[source]
Countries like UK actually have publicly database for e-visas (share code) that can easily be verified via online API. So probably at least some foreign governments can cross validate some of passport data with each other.
replies(1): >>44376413 #
19. lukan ◴[25 Jun 25 11:29 UTC] No.44376030{7}[source]
"For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued."

From a very well known person you could probably also steal everything you need directly, if your purpose is to create damage.

20. wkat4242 ◴[25 Jun 25 11:52 UTC] No.44376215{6}[source]
Kinda the same as with the NFC.

You can read from a small distance, probably further than you can read an NFC tag with your phone. And you can automate both on a phone (OCR and NFC)

21. crowbahr ◴[25 Jun 25 12:16 UTC] No.44376406{3}[source]
In addition to the mechanisms people are describing here - passports have a metal mesh in them to disrupt NFC signals. It's not a full faraday cage but it works on similar principles. The passport has to be _open_ to be read from, and then only after you transmit the MRZ will you get anything.
replies(1): >>44376888 #
22. crowbahr ◴[25 Jun 25 12:17 UTC] No.44376413[source]
Countries all know each other's signing certs. There's a question of how much they _trust_ the other country but the certs are all public.
23. crowbahr ◴[25 Jun 25 12:19 UTC] No.44376431[source]
Yeah but since the USA doesn't sign on to anything above basic auth (MRZ unlock) everyone also has to work on the more basic level. Kinda unfortunate.
24. crowbahr ◴[25 Jun 25 12:19 UTC] No.44376434{3}[source]
(It's not)
25. raron ◴[25 Jun 25 13:08 UTC] No.44376888{4}[source]
> passports have a metal mesh in them to disrupt NFC signals

I don't think that is universally true. At least I can read my closed 2 years old passport with my phone.

replies(1): >>44377403 #
26. crowbahr ◴[25 Jun 25 13:56 UTC] No.44377403{5}[source]
Hmm the American passports have the mesh afaik - I _thought_ it was part of the ICAO docs (not that that means people do it but still...)
replies(1): >>44379389 #
27. victorbjorklund ◴[25 Jun 25 16:50 UTC] No.44379387[source]
It is not? Pretty much all cases of digitally valid "fake" passports are corruption where they were made by the govt the same way normal passports are made.
28. crowbahr ◴[25 Jun 25 16:51 UTC] No.44379389{6}[source]
Just tested on my American passport - it will not read while closed, either from the front or the back. Opening it up - no issues reading. Seems like there is in fact a faraday mesh or something
29. lxgr ◴[25 Jun 25 17:13 UTC] No.44379664{3}[source]
> Invalid signature probably will result from chip degradation or other electronic failures

I'd consider that pretty unlikely. Degraded chips would most likely provide no signature, not an invalid one. (Being able to randomly flip bits would be a big security problem for these kinds of ICs, so I'd assume they'd have robust protections against that.)

30. lxgr ◴[25 Jun 25 17:14 UTC] No.44379675{4}[source]
Even that password only gives you read access.

I don't think ICAO passports can ever be rewritten post-issuance. Some national IDs can, e.g. to change the holder's residential address, but for passports, I don't think any part of the on-chip data can be changed post-issuance, since it would also require re-printing data on the photo page usually under protective plastic.

31. lxgr ◴[25 Jun 25 17:22 UTC] No.44379741[source]
You can definitely run the protocol on a programmable smartcard (see for example https://jmrtd.org/), but without the required PKI certificates, nobody would accept your home-made passport.