New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ARM64, Nougat and NXP compatibility #97

Open
wants to merge 34 commits into
base: dev
from

Conversation

Projects
None yet
7 participants
@roussosalex
Member

roussosalex commented Jan 19, 2018

This pull request adds the following features:

  • supports arm64 in addition to arm and thumb
  • supports android 7
  • supports newer NDK and build tools versions
  • supports NXP chips

Fixes #95
/cc @kleest

@malexmave

This comment has been minimized.

Member

malexmave commented Jan 22, 2018

Thanks! I can confirm that it compiles on my machine with the latest versions of Android Studio, Gradle, and the NDK. I don't have a device at hand to test if the functionality works as intended.

@DanielAW can you test if it still works with your Nexus 5? For convenience, here's a precompiled APK (zipped so that Github lets me attach it here, unzip first) for testing, based on commit be158de.

I will see if I can get my hands on an NXP-device to test with (my private phone has an NXP chip, but NFC seems to be dead on it, so its not a great device for testing).

@roussosalex Did you find a solution to the NFC stack crashes you described, or should we document them as a known issue somewhere?

@kleest

This comment has been minimized.

Member

kleest commented Jan 22, 2018

I'll answer on behalf of @roussosalex.
We are still investigating the NFC stack issue. Until we've found a solution it's a known issue on both Broadcom and NXP chips.

@malexmave

This comment has been minimized.

Member

malexmave commented Jan 22, 2018

We are still investigating the NFC stack issue. Until we've found a solution it's a known issue on both Broadcom and NXP chips.

Okay, then we'll leave this unmerged until the end of the project, and see if you can come up with a solution for this.

@malexmave

This comment has been minimized.

Member

malexmave commented Jan 25, 2018

I've been trying to get it to work on a Nexus 5X running a rooted stock android 6.0.1 with XPosed v89.

I installed XPosed, compiled and installed the NFCGate app, enabled the XPosed module, rebooted, entered clone mode, cloned an NFC card (it was detected), and held it to a lock that is known to be vulnerable to cloning. It seems like the lock is not detecting the presence of the phone at all (it also does not give a "wrong card" notice). The logs show nothing interesting (although they confirm that the patch is enabled).

Is there any way I can determine if the NFC daemon crashed on me, or some other way to figure out what is going on? I cannot find my NFC reader right now, and the other NFC reader I have access to is no longer recognized by my laptop for some reason, so I cannot check which UID is actually advertised (if any). Let me know how to help you debug this.

@roussosalex

This comment has been minimized.

Member

roussosalex commented Jan 25, 2018

Please confirm the following:

  • You have disabled Android Beam
  • You have disabled Reader Mode in the Settings
  • You used the "Pin UID" button in order to disable polling
  • The log does not show any crashes of the NfcService or the NFC stack

If you can confirm all of the above and the phone still does not get recognized, please send us a full, unfiltered log beginning with the device boot.

We have just confirmed working clone mode on the Nexus 5 using Android 6.0.1 and on the Nexus 5X using Android 7.1.2.

@malexmave

This comment has been minimized.

Member

malexmave commented Jan 26, 2018

Confirmed all of the above. Log will be sent via eMail.

This may also be related to the NFC reader device we are using, it has been a bit flaky before. Sadly, I cannot find my breakout board NFC reader right now, so I cannot really test it very well :(.

@roussosalex

This comment has been minimized.

Member

roussosalex commented Jan 26, 2018

Your issue seems to be related to the occasional crashes of the nfc stack according to the following excerpt from your log:

01-26 10:42:31.055 3744 6495 E BrcmNfcJni: nfcManager_doAbort: abort()
--------- beginning of crash
01-26 10:42:31.058 3744 6495 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 6495 (applyRouting)
01-26 10:42:31.123 578 578 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-26 10:42:31.125 578 578 E DEBUG : AM write failed: Broken pipe
01-26 10:42:31.126 578 578 F DEBUG : Build fingerprint: 'google/bullhead/bullhead:6.0.1/MTC20F/3031278:user/release-keys'
01-26 10:42:31.128 578 578 F DEBUG : Revision: 'rev_1.0'
01-26 10:42:31.130 578 578 F DEBUG : ABI: 'arm64'
01-26 10:42:31.132 578 578 F DEBUG : pid: 3744, tid: 6495, name: applyRouting >>> com.android.nfc <<<
01-26 10:42:31.133 578 578 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
[...]
01-26 10:42:31.596 390 390 I ServiceManager: service 'nfc' died

We are working on a fix for the crash problem, which should also fix your issue.

@kleest

This comment has been minimized.

Member

kleest commented Jan 26, 2018

Have a look at this temporary workaround. It disables UID pinning but improves the reliability of clone mode.

@DanielAW

This comment has been minimized.

Member

DanielAW commented May 6, 2018

Hi,

so what I currently observe on BCM as well as on NXP is the following:

  1. go to clone mode
  2. Enabable clone mode
    => Scanning a card works
  3. Disable clone mode
  4. Enable clone mode
    => Scanning a card does not work anymore
  5. Disable clone mode
  6. Enable clone mode
    => Scanning works again!

I'm using the current dev branch from https://github.com/roussosalex/nfcgate, this already includes the aformentioned workaround AFAIK.

Here are the logs for the important steps (enabling clone mode alone does nothing)

  1. after scanning a card
05-06 18:38:25.180 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 5
05-06 18:38:25.180 32392 32508 I NATIVENFC: HOOKNFC data: 90 60 00 00 00 00 14 00 d0 07 32 00 00 00 00 00
05-06 18:38:25.201 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 1
05-06 18:38:25.224 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 13
05-06 18:38:25.224 32392 32508 I NATIVENFC: HOOKNFC data: 00 a4 04 00 07 d2 76 00 00 85 01 01 00 00 00 00
05-06 18:38:25.232 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 12
05-06 18:38:25.232 32392 32508 I NATIVENFC: HOOKNFC data: 00 a4 04 00 07 d2 76 00 00 85 01 00 01 00 1a 05
05-06 18:38:25.239 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 7
05-06 18:38:25.239 32392 32508 I NATIVENFC: HOOKNFC data: 00 a4 00 00 02 e1 03 06 03 01 00 01 00 00 00 00
05-06 18:38:25.245 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 1
05-06 18:38:25.266 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 1
05-06 18:38:25.298 32392 32511 D HOOKNFC : Command: UPLOAD
05-06 18:38:25.301 32392 32511 D HOOKNFC : Command: ENABLE
05-06 18:38:25.301 32392 32511 D ADBI    : HOOKNFC deactivate(), we got 0
05-06 18:38:25.301 32392 32511 D ADBI    : HOOKNFC: nci_NfcSetConfig() ENTER
05-06 18:38:25.301 32392 32511 D ADBI    : HOOKNFC: nci_NfcSetConfig() LEAVE
05-06 18:38:25.301 32392 32511 D ADBI    : HOOKNFC deactivate(), we got 3
05-06 18:38:25.303 32392 32511 D HOOKNFC : Command: DISABLE_POLLING
05-06 18:38:25.303 32392 32511 D ADBI    : HOOKNFC disable polling
05-06 18:38:25.303 32392 32511 D ADBI    : HOOKNFC hook_NfaStopRfDiscovery()
05-06 18:38:25.303 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 0
05-06 18:38:25.313 32392 32511 D ADBI    : HOOKNFC hook_nfa_disable_polling()
05-06 18:38:25.323 32392 32511 D ADBI    : HOOKNFC hook_NfaStartRfDiscovery()
05-06 18:38:55.493 32392 32511 D HOOKNFC : Command: ENABLE_POLLING
05-06 18:38:55.493 32392 32511 D ADBI    : HOOKNFC enablePolling()
05-06 18:38:55.493 32392 32511 D ADBI    : HOOKNFC hook_NfaStopRfDiscovery()
05-06 18:38:55.493 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 0
05-06 18:38:55.503 32392 32511 D ADBI    : HOOKNFC hook_NfaEnablePolling() 0xff
05-06 18:38:55.513 32392 32511 D ADBI    : HOOKNFC hook_NfaStartRfDiscovery()

=> no output

05-06 18:39:32.921 32392 32511 D HOOKNFC : Command: ENABLE_POLLING
05-06 18:39:32.921 32392 32511 D ADBI    : HOOKNFC enablePolling()
05-06 18:39:32.921 32392 32511 D ADBI    : HOOKNFC hook_NfaStopRfDiscovery()
05-06 18:39:32.931 32392 32511 D ADBI    : HOOKNFC hook_NfaEnablePolling() 0xff
05-06 18:39:32.942 32392 32511 D ADBI    : HOOKNFC hook_NfaStartRfDiscovery()
  1. after scanning:
05-06 18:40:17.319 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 5
05-06 18:40:17.319 32392 32508 I NATIVENFC: HOOKNFC data: 90 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-06 18:40:17.340 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 1
05-06 18:40:17.368 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 13
05-06 18:40:17.368 32392 32508 I NATIVENFC: HOOKNFC data: 00 a4 04 00 07 d2 76 00 00 85 01 01 00 00 00 00
05-06 18:40:17.376 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 12
05-06 18:40:17.376 32392 32508 I NATIVENFC: HOOKNFC data: 00 a4 04 00 07 d2 76 00 00 85 01 00 01 00 1a 05
05-06 18:40:17.383 32392 32508 D ADBI    : HOOKNFC senddata() offset: 4, len: 7
05-06 18:40:17.383 32392 32508 I NATIVENFC: HOOKNFC data: 00 a4 00 00 02 e1 03 06 03 01 00 01 00 ff 01 0c
05-06 18:40:17.389 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 1
05-06 18:40:17.409 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 1
05-06 18:40:17.437 32392 32511 D HOOKNFC : Command: UPLOAD
05-06 18:40:17.440 32392 32511 D HOOKNFC : Command: ENABLE
05-06 18:40:17.440 32392 32511 D ADBI    : HOOKNFC deactivate(), we got 0
05-06 18:40:17.440 32392 32511 D ADBI    : HOOKNFC: nci_NfcSetConfig() ENTER
05-06 18:40:17.440 32392 32511 D ADBI    : HOOKNFC: nci_NfcSetConfig() LEAVE
05-06 18:40:17.440 32392 32511 D ADBI    : HOOKNFC deactivate(), we got 3
05-06 18:40:17.441 32392 32511 D HOOKNFC : Command: DISABLE_POLLING
05-06 18:40:17.441 32392 32511 D ADBI    : HOOKNFC disable polling
05-06 18:40:17.441 32392 32511 D ADBI    : HOOKNFC hook_NfaStopRfDiscovery()
05-06 18:40:17.441 32392 32508 D ADBI    : HOOKNFC deactivate(), we got 0
05-06 18:40:17.452 32392 32511 D ADBI    : HOOKNFC hook_nfa_disable_polling()
05-06 18:40:17.462 32392 32511 D ADBI    : HOOKNFC hook_NfaStartRfDiscovery()

The only thing I noticed is that something (not our code) calls the deactivate() function every time I disable the clone mode and it does not work after reenabling it:

HOOKNFC deactivate(), we got 0

It would be really cool if we can solve this problem ;-)

roussosalex and others added some commits May 16, 2018

Fixed UI threading bug
Co-authored-by: Steffen Klee <sklee@seemoo.tu-darmstadt.de>
Fixed ENABLE_POLLING bug
Co-authored-by: Steffen Klee <sklee@seemoo.tu-darmstadt.de>
@roussosalex

This comment has been minimized.

Member

roussosalex commented May 16, 2018

We were able to reproduce and fix the issue on the Nexus 5 running Android 6.0.1, but could not reproduce it on any Nexus 5X, neither on Android 7.1.2 nor on Android 8.0.0.

It was caused by polling being enabled multiple times in a row without it ever being disabled. This was due to the "Clone Mode" slider incorrectly enabling polling every time clone mode was switched off.

Btw, deactivate was called by nfa_dm_act_stop_rf_discovery, only if the polling was already enabled (e.g. due to ENABLE_POLLING being sent multiple times).

@killshadow

This comment has been minimized.

killshadow commented May 29, 2018

After building this source code and install in those pn544 chip phone, they never crash any more. But appear another problem: those HCE-Phone can no longer be read by the reader, it means they cann't be detected NFC signal by reader. However, when I use https://github.com/roussosalex/nfcgate (last update) building apk as HCE-Phone and building https://github.com/roussosalex/nfcgate (Before the last update) as the other phone, HCE-Phone still going to flash back(crash) when I put the traffic card reader near the card. It means the bug maybe present to read card mode. I hope I can understand the whole project. But it was a little hard for me due to my major isn't Software Engineering rather than Electronic Information Engineering. But I'm really interested in this project, and I'll keep watching.

@kleest

This comment has been minimized.

Member

kleest commented May 29, 2018

I just realized, we forgot to push server and protocol updates to GitHub. Without these, relay mode cannot work.
The referenced pull requests contain the missing updates.

@killshadow

This comment has been minimized.

killshadow commented May 30, 2018

Now I have collected interactive data on traffic card recharge. I want make HCE-Phone as a reader, and relay this data through HCE-Phone and Server. It means I only need a cell phone and a computer instead of two Phone. I want redesign server.py in order to realize my idea. Do you have any wonderful or interesting advice and idea for me? I look forward to hearing any idea!

@UweM

This comment has been minimized.

Member

UweM commented May 30, 2018

It would be easier to emulate your second phone with a simple script on your computer instead of modifying the server. This could be a starting point, but it may be incompatible with the updated server: https://github.com/nfcgate/mitm

@killshadow

This comment has been minimized.

killshadow commented May 30, 2018

Actually, I don't know much about it. It looks like another server.py. I'm so sorry didn't follow your meaning,

@roussosalex

This comment has been minimized.

Member

roussosalex commented Jun 4, 2018

The MitM script proposed by @UweM will not work with the new server.py unfortunately.

@killshadow

This comment has been minimized.

killshadow commented Jun 5, 2018

As my practice, new server.py still appear bug went transfer message between two nfcgate phone. This week, I hope I can find the error code and fix it.

@killshadow

This comment has been minimized.

killshadow commented Jun 5, 2018

It cann't open the phone NFC module when I activate NFCgate in XposedInstaller. This bug appear in HTC One M8, CM14.1, Android7.1.2.

06-04 19:38:43.539 8147-8147/tud.seemuh.nfcgate I/MainActivity: onNewIntent(): started
06-04 19:38:43.549 8147-8147/tud.seemuh.nfcgate E/NFC: NFC service dead - attempting to recover
    android.os.DeadObjectException
        at android.os.BinderProxy.transactNative(Native Method)
        at android.os.BinderProxy.transact(Binder.java:615)
        at android.nfc.INfcAdapter$Stub$Proxy.setAppCallback(INfcAdapter.java:568)
        at android.nfc.NfcActivityManager.requestNfcServiceCallback(NfcActivityManager.java:339)
        at android.nfc.NfcActivityManager.onActivityResumed(NfcActivityManager.java:475)
        at android.app.Application.dispatchActivityResumed(Application.java:216)
        at android.app.Activity.onResume(Activity.java:1252)
        at android.support.v4.app.FragmentActivity.onResume(FragmentActivity.java:485)
        at tud.seemuh.nfcgate.gui.MainActivity.onResume(MainActivity.java:126)
        at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1270)
        at android.app.Activity.performResume(Activity.java:6788)
        at android.app.ActivityThread.performResumeActivity(ActivityThread.java:3431)
        at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3494)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1546)
        at android.os.Handler.dispatchMessage(Handler.java:102)
        at android.os.Looper.loop(Looper.java:154)
        at android.app.ActivityThread.main(ActivityThread.java:6186)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:889)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:779)
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
06-04 19:38:43.553 8147-8147/tud.seemuh.nfcgate I/RelayFragment: onResume(): intent: android.intent.action.MAIN
@killshadow

This comment has been minimized.

killshadow commented Jun 5, 2018

This is logcat about com.android.nfc after restarting system to activate nfcgate when successfully install nfcgate:

06-04 20:56:16.421 7687-7687/? A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x30 in tid 7687 (com.android.nfc)
06-04 20:56:16.485 7707-7707/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
    LineageOS Version: '14.1-20180513-NIGHTLY-m8'
    Build fingerprint: 'htc/m8_google/htc_m8:6.0/MRA58K.H6/648564:user/release-keys'
    Revision: '0'
    ABI: 'arm'
    pid: 7687, tid: 7687, name: com.android.nfc  >>> com.android.nfc <<<
06-04 20:56:16.486 7707-7707/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x30
        r0 bec44540  r1 00000000  r2 00000000  r3 9dd54c1a
        r4 bec44540  r5 9b568848  r6 00000002  r7 b6564008
        r8 00000000  r9 00000000  sl bec44540  fp bec44628
        ip 9b58fcac  sp bec44530  lr b6526ba3  pc b652652a  cpsr 400f0030
06-04 20:56:16.498 7707-7707/? A/DEBUG: backtrace:
        #00 pc 0004952a  /system/lib/libc.so (_ZN14ScopedFileLockC2EP7__sFILE+5)
        #01 pc 00049b9f  /system/lib/libc.so (_Z10__fseeko64P7__sFILExii+30)
        #02 pc 00049c71  /system/lib/libc.so (fseeko+12)
        #03 pc 0000adb8  /data/app/tud.seemuh.nfcgate-1/lib/arm/libnfcgate.so (_ZN11SymbolTableC2EPKc+364)
        #04 pc 0000a904  /data/app/tud.seemuh.nfcgate-1/lib/arm/libnfcgate.so (_ZN11SymbolTable6createEPKc+48)
        #05 pc 0000a8ac  /data/app/tud.seemuh.nfcgate-1/lib/arm/libnfcgate.so
        #06 pc 00006c81  /system/bin/linker (__dl__ZN6soinfo13call_functionEPKcPFvvE+84)
        #07 pc 00006ba1  /system/bin/linker (__dl__ZN6soinfo10call_arrayEPKcPPFvvEjb+184)
        #08 pc 0000588b  /system/bin/linker (__dl__ZN6soinfo17call_constructorsEv+218)
        #09 pc 000055d7  /system/bin/linker (__dl__Z9do_dlopenPKciPK17android_dlextinfoPv+1326)
        #10 pc 000033c9  /system/bin/linker (__dl__ZL10dlopen_extPKciPK17android_dlextinfoPv+28)
        #11 pc 0000328f  /system/lib/libnativeloader.so (_ZN7android17OpenNativeLibraryEP7_JNIEnviPKcP8_jobjectP8_jstring+94)
        #12 pc 0023bd1b  /system/lib/libart.so (_ZN3art9JavaVMExt17LoadNativeLibraryEP7_JNIEnvRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEP8_jobjectP8_jstringPS9_+818)
        #13 pc 0000315f  /system/lib/libopenjdkjvm.so (JVM_NativeLoad+178)
        #14 pc 73440c45  /data/dalvik-cache/arm/system@framework@boot.oat (offset 0x2801000)
@killshadow

This comment has been minimized.

killshadow commented Jun 5, 2018

Now, I have third bug. Nfcgate will crash when I open LOGGING in nfcgate.

6-05 01:48:56.363 2916-2916/tud.seemuh.nfcgate E/AndroidRuntime: FATAL EXCEPTION: main
    Process: tud.seemuh.nfcgate, PID: 2916
    java.lang.NullPointerException: Attempt to get length of null array
        at tud.seemuh.nfcgate.nfc.config.ConfigBuilder.parse(ConfigBuilder.java:35)
        at tud.seemuh.nfcgate.nfc.config.ConfigBuilder.<init>(ConfigBuilder.java:12)
        at tud.seemuh.nfcgate.gui.fragments.LoggingDetailFragment$AsyncDetailLoader.onPostExecute(LoggingDetailFragment.java:312)
        at tud.seemuh.nfcgate.gui.fragments.LoggingDetailFragment$AsyncDetailLoader.onPostExecute(LoggingDetailFragment.java:241)
        at android.os.AsyncTask.finish(AsyncTask.java:636)
        at android.os.AsyncTask.access$500(AsyncTask.java:177)
        at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:653)
        at android.os.Handler.dispatchMessage(Handler.java:102)
        at android.os.Looper.loop(Looper.java:135)
        at android.app.ActivityThread.main(ActivityThread.java:5291)
        at java.lang.reflect.Method.invoke(Native Method)
        at java.lang.reflect.Method.invoke(Method.java:372)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:904)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:699)
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)

:) It's funny.

@roussosalex

This comment has been minimized.

Member

roussosalex commented Jun 5, 2018

Your first bug seems to be a lifetime issue and should be resolved by a soft reboot of the device.

The second bug is due to missing /system/lib/libnfc-nci.so. Is the path to libnfc-nci maybe different?

The third bug could be due to old logging data from previous NFCGate version. Could you try to clear the app data and see if it helps?

@killshadow

This comment has been minimized.

killshadow commented Jun 5, 2018

0x01 First Bug

It still appear when I activate NFCgate in XposedInstaller, even thogh I have soft reboot my phone. I think it maybe come from Second Bug.

06-05 04:28:11.831 5141-5141/tud.seemuh.nfcgate E/NFC: NFC service dead - attempting to recover
    android.os.DeadObjectException
        at android.os.BinderProxy.transactNative(Native Method)
        at android.os.BinderProxy.transact(Binder.java:496)
        at android.nfc.INfcAdapter$Stub$Proxy.getState(INfcAdapter.java:340)
        at android.nfc.NfcAdapter.isEnabled(NfcAdapter.java:627)
        at tud.seemuh.nfcgate.gui.MainActivity.onCreate(MainActivity.java:82)
        at android.app.Activity.performCreate(Activity.java:5990)
        at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1106)
        at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2310)
        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2419)
        at android.app.ActivityThread.access$900(ActivityThread.java:154)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1321)
        at android.os.Handler.dispatchMessage(Handler.java:102)
        at android.os.Looper.loop(Looper.java:135)
        at android.app.ActivityThread.main(ActivityThread.java:5291)
        at java.lang.reflect.Method.invoke(Native Method)
        at java.lang.reflect.Method.invoke(Method.java:372)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:904)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:699)
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
06-05 04:28:12.010 5141-5141/tud.seemuh.nfcgate E/NFC: could not retrieve NFC tag service during service recovery
06-05 04:28:12.108 5141-5141/tud.seemuh.nfcgate E/NFC: NFC service dead - attempting to recover
    android.os.DeadObjectException
        at android.os.BinderProxy.transactNative(Native Method)
        at android.os.BinderProxy.transact(Binder.java:496)
        at android.nfc.INfcAdapter$Stub$Proxy.getState(INfcAdapter.java:340)
        at android.nfc.NfcAdapter.isEnabled(NfcAdapter.java:627)
        at tud.seemuh.nfcgate.gui.MainActivity.onResume(MainActivity.java:131)
        at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1257)
        at android.app.Activity.performResume(Activity.java:6076)
        at android.app.ActivityThread.performResumeActivity(ActivityThread.java:3007)
        at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3049)
        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2424)
        at android.app.ActivityThread.access$900(ActivityThread.java:154)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1321)
        at android.os.Handler.dispatchMessage(Handler.java:102)
        at android.os.Looper.loop(Looper.java:135)
        at android.app.ActivityThread.main(ActivityThread.java:5291)
        at java.lang.reflect.Method.invoke(Native Method)
        at java.lang.reflect.Method.invoke(Method.java:372)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:904)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:699)
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
    could not retrieve NFC service during service recovery
06-05 04:28:12.109 5141-5141/tud.seemuh.nfcgate E/NFC: NFC service dead - attempting to recover
    android.os.DeadObjectException
        at android.os.BinderProxy.transactNative(Native Method)
        at android.os.BinderProxy.transact(Binder.java:496)
        at android.nfc.INfcAdapter$Stub$Proxy.setReaderMode(INfcAdapter.java:575)
        at android.nfc.NfcActivityManager.setReaderMode(NfcActivityManager.java:243)
        at android.nfc.NfcActivityManager.disableReaderMode(NfcActivityManager.java:235)
        at android.nfc.NfcAdapter.disableReaderMode(NfcAdapter.java:1298)
        at tud.seemuh.nfcgate.gui.MainActivity.onResume(MainActivity.java:147)
        at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1257)
        at android.app.Activity.performResume(Activity.java:6076)
        at android.app.ActivityThread.performResumeActivity(ActivityThread.java:3007)
        at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3049)
        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2424)
        at android.app.ActivityThread.access$900(ActivityThread.java:154)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1321)
        at android.os.Handler.dispatchMessage(Handler.java:102)
        at android.os.Looper.loop(Looper.java:135)
        at android.app.ActivityThread.main(ActivityThread.java:5291)
        at java.lang.reflect.Method.invoke(Native Method)
        at java.lang.reflect.Method.invoke(Method.java:372)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:904)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:699)
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
06-05 04:28:12.110 5141-5141/tud.seemuh.nfcgate E/NFC: could not retrieve NFC service during service recovery

0x02 Second Bug

I try ls /system/lib. As you say, there haven't libnfc-nci.so. There have three files about nfc -- libnfc_jni.so, libnfc_ndef.so, libnfc.so. I think libnfc.so maybe replace libnfc-nci.so. Therefore, I push libnfc-nci.so into /system/lib/ and reboot system. However, the error logcat the same as First bug. I couldn't open NFC. NFC button in setting is dead.
default

0x03 Third Bug

I'm sure I have clear the app data. It still appear this bug when I open LOGGING tag in nfcgate.

@kleest

This comment has been minimized.

Member

kleest commented Jun 5, 2018

Regarding 0x01 and 0x02:
According to a reddit post, LineageOS 14.1 on the HTC One M8 does not support HCE. Only stock firmware supports HCE on that phone.
I have pushed a commit addressing this issue. Good news: It does not crash anymore. Bad news: It does not work either.
BUT NFCGate should work if you use the stock vendor firmware from HTC on the HTC One M8.

Fixed session logging
NFC config stream is now logged and can be viewed in logging tab.
@kleest

This comment has been minimized.

Member

kleest commented Jun 5, 2018

Regarding 0x03:
This issue should be fixed now. You will need to clear the application data.

@roussosalex roussosalex changed the title from Arm64, nougat and NXP compatibility to ARM64, Nougat and NXP compatibility Jun 5, 2018

@killshadow

This comment has been minimized.

killshadow commented Jun 6, 2018

After fixing LOGGING bug, the software work well. Good job! Thanks for you uncomment the code in SessionLoggingSink.java~ For 0x01&0x02 System NFC Bug, it can use after activating nfcgate in Xposed installer and soft reboot. However, HCE Phone(HTC One M8, as you say, I use stock vendor firmware.) cann't detect reader anymore. :(
screenshot_2018-06-06-20-07-13

@r0dw

This comment has been minimized.

r0dw commented Oct 9, 2018

Your issue seems to be related to the occasional crashes of the nfc stack according to the following excerpt from your log:

01-26 10:42:31.055 3744 6495 E BrcmNfcJni: nfcManager_doAbort: abort()
--------- beginning of crash
01-26 10:42:31.058 3744 6495 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 6495 (applyRouting)
01-26 10:42:31.123 578 578 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-26 10:42:31.125 578 578 E DEBUG : AM write failed: Broken pipe
01-26 10:42:31.126 578 578 F DEBUG : Build fingerprint: 'google/bullhead/bullhead:6.0.1/MTC20F/3031278:user/release-keys'
01-26 10:42:31.128 578 578 F DEBUG : Revision: 'rev_1.0'
01-26 10:42:31.130 578 578 F DEBUG : ABI: 'arm64'
01-26 10:42:31.132 578 578 F DEBUG : pid: 3744, tid: 6495, name: applyRouting >>> com.android.nfc <<<
01-26 10:42:31.133 578 578 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
[...]
01-26 10:42:31.596 390 390 I ServiceManager: service 'nfc' died

We are working on a fix for the crash problem, which should also fix your issue.

Have you guys fix it?
I'm working on Nexus 5x Android 6.0.1 with xposed89 and every time that i approach to the reader it's open Google Pay or with android 7 doesn't recognize the phone.
Also i built from your repository and get crashed every time

@roussosalex

This comment has been minimized.

Member

roussosalex commented Oct 12, 2018

If Google Pay is set as the primary payment provider, Android will always prefer it over NFCGate for payment related AIDs. You could try to either disable Google Pay or set NFCGate as the payment provider (if that is even possible).

Android 7 will only work with the NFCGate version in this pull request.

Which version did you build?

@kleest

This comment has been minimized.

Member

kleest commented Oct 16, 2018

You should be able to select NFCGate as a payment provider now in Settings -> Tap & Pay. This should prevent Android from using Google Pay.

@killshadow

This comment has been minimized.

killshadow commented Oct 16, 2018

Or you can search my blog: https://www.killshadow.xyz/2018/09/09/NFC%E5%BC%80%E5%8F%91%E7%AC%94%E8%AE%B0/ . However, you should use google translate. I have add many function for nfcgate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment