This is cool, but the most interesting part is the part that requires investigation, i.e., what do the compatibility tools write to the card to make it iOS-compatible? I've done some work with iOS NFC, but not enough to have experienced the undocumented quirks.
My read of the proxmark code (https://github.com/RfidResearchGroup/proxmark3/blob/master/c...) is that the `ndefformat` formatted the tag MAD (https://www.nxp.com/docs/en/application-note/AN10787.pdf), which you'd do for NDEF, then had a single TLV TERMINATOR at the block where the NDEF message starts. Then he used NFC Tools to write on an NDEF text record (which iOS background reading would ignore) and maybe something else? After that he then used `ndefwrite` to write on a URL record. I wonder if he could have skipped the NFC Tools and written the URL record and gotten the same result. Proxmark dumps before and after using NFC Tools would be insightful.
This is one of those cases where I know I really should investigate further, but I'm taking this one step at a time. Perhaps digging in to the "why" will become a follow-up post
I didn't intend for what I wrote to be a criticism; that's on me. I just found it funny the most interesting step was akin to "... and now you've drawn the animal", if you understand the reference.
My quick eye-skim didn't see much, but I'll do a byte-for-byte diff. I imagine its a difference in the NDEF headers? (but even that doesn't make sense, since I wrote the headers again from the pm3)
Something's clearly up there. You can see that even IOS and Android disagree with each other on what NDEF should look like by a few bytes. Very interesting.
Yep, 89 EC A9 7F 8C 2A 00 00 on iOS versus FF FF FF FF FF FF on Android. Interesting how the number of bytes is different, I should play with them a bit.
If a URL is written using NFCTools on iPhone, iOS will open it in the default browser without using NFCTools, or in the related app (eg Instagram) if there is one.
I find this only to be true when used on the same iPhone where NFCTools was used.
If you try to have another iPhone detect the badge, it appears not to work - unless you use NFCTools on that iPhone, too. I don't have conclusive proof but that's what the evidence seems to indicate.
Proxmark's "auto" command should get you most of the way to knowing.
Then check if any of the "hf mf c*" commands work on it (in which case, you have a gen1a magic card)
Nice, I didn't know about auto, thanks! It turns out I have some Gen 1a "magic" cards (as in, actually in a card form factor), and some tags that seem to be Gen 3, but not magic?
Gen 1, 1a, 3 and 4 all use special commands to unlock and edit block 0.
Gen 2 treats block 0 as always being r/w. This allows Android phones to directly write to it (but also makes it possible to lock the card).
In terms of pm3 commands, "auto" tries everything. You might also want to use "lf search" or "hf search" to only try one of your antennas and not the other.
The actual Magic part isn't really important here, since my phone doesn't even care about block 0. It just makes it easier to read and wipe the card when you have the extra command set at your disposal.
I suspect the comment (above, at the time I wrote this), where they mention that Apple only wants partners to be usable, is the Ockham's Razor answer.
Probably some "magic key" ID.
But this is not my area of expertise. It's a cool story, though, and why I like hanging here. Considering getting a Proxmark and the NFC Tools app, just to play around.
