Just reading this post was a lot of work. I can't imagine how these people find the time and patience to work this out from scratch.<p>Its also a show of how incredibly complex phones are where just the nfc chip has its own bootloader and firmware and update protocol.
Which Android phones can safely be rooted these days, if any?<p>Everytime one of my friends says they rooted their phone, I ask them how. And the answer is always "I was on some website, downloaded some binary and executed it". So as I understand it, they make themselfes completely vurnurable to somebody from the internet who made that root binary.
To my recollection, those three phones (Well, there are multiple SKU's) have the ability to emulate magnetic stripe cards as well, in order to use Samsung Pay on older terminals without contact-less payments.
This is an incredible deep dive. I’ve had the fortune of seeing some of the people from pentest partners at a talk at my university, and it was one of the most interesting talks of my degree. I wish more people outside the security community played with all levels of the stack a bit more. It’s incredible to see what people can come up with.
This is masterful work. I love the move from the now well understood s6 to the s9 in blind fashion.<p>I just can't believe how dumb it was to put a memory read command into the older NFC chip! Maybe nobody thought about security back then?
Well beyond my level and like the hacking of network protocol of video cam here, learn a lot. One minor thing to note is how c code is still ruled here as expected in embedded space.<p>And one annoying thing is how some of the constant like 4 and size of (which some is 4) is used Interchangably. Also some init of the Array has data but actually is a read into Array. Just to confuse reader ?