Stefan A

I started a standalone implementation. For the nonce table, I extracted a blob from the exe and put it as a raw resource (250 kb), and access/index it by ```...

The sniffer card does not require a tag vulnerability, it attacks the reader. I.e. when the reader tries to read a sector on the sniffer card, it records it's tag...

The sniffer card only has 2^16 different nonces (in the mapping table), which I guess are the vulnerable nonces (like hf mf sim x always chooses nonce 0x01 0x01 0x01...

Sorry, I'm a bit confused. You say hf mf sim x only works on tags with bad prng, but as far as I know this command does not involve tags...

Ok, I think I understand better - but this would logically mean that an old tag (without fixed LFSR) would not be possible to use in systems with new tags,...

@m17021963 transcieve() is the function you would use, see https://developer.android.com/reference/android/nfc/tech/NfcA.html#transceive(byte[]) but it handles checksumming itself. Your only option is to modify the Android sources and build a custom version of...

Concur with above, no temp for M2 Air.

I'm having the same problem on Debian Bookworm which should be supported:  It happens with some weeks inbetween. Tracing the source code, all points...

I had the same problem. Google led me here. Patch in #164 resolved the problem, thanks.