[HN Gopher] Reading NFC Passport Chips in Linux
___________________________________________________________________
Reading NFC Passport Chips in Linux
Author : robin_reala
Score : 258 points
Date : 2025-06-25 07:33 UTC (15 hours ago)
(HTM) web link (shkspr.mobi)
(TXT) w3m dump (shkspr.mobi)
| stavros wrote:
| Hm, he doesn't say whether he managed to decrypt the passport
| with the missing checksum in the end, or whether the piercing
| doesn't matter because it's trivial to calculate the checksum
| from the rest of the info, or how long that would take. Did I
| miss it, or is that useful information omitted?
| edent wrote:
| OP here. It is trivial to create the missing checksum. It is
| detailed at https://shkspr.mobi/blog/2025/06/reading-nfc-
| passport-chips-...
| stavros wrote:
| Yep, I saw that section, but thought that the next section
| was a continuation of it. Maybe you could say a few more
| things about it, like "since it was trivial to recreate the
| checksum, I managed to read my passport fine, and then
| wondered what it would take to guess the entire MRZ" as a
| segue.
| dzhiurgis wrote:
| Hol up. So what stops you from uploading custom photo + metadata
| onto random chip and planting it in a fake passport?
| 23434dsf wrote:
| Conscience
| ragebol wrote:
| Expectation of punishment
| neoromantique wrote:
| Considering how often it is done, not much?
| agnishom wrote:
| What makes you think it is done often?
| crowbahr wrote:
| (It's not)
| victorbjorklund wrote:
| It is not? Pretty much all cases of digitally valid "fake"
| passports are corruption where they were made by the govt the
| same way normal passports are made.
| edent wrote:
| The data are signed with the passport issuing authority's
| private key.
|
| So you _could_ implement a chip which reacts like an official
| passport. When the border guards see that the signature is
| invalid, you can explain how it 's just a prank and you'll all
| have a jolly good laugh about it.
| 23434dsf wrote:
| So if I strolled through the airport with a high power NFC
| reader/writer, I could ruin a lot of peoples trips?
| daveoc64 wrote:
| What makes you think you could do this?
| lukan wrote:
| "The NFC chip in a passport is protected by a password. The
| password is printed on the inside of the physical passport.
| As well as needing to be physically close to the passport
| for NFC to work0, you also need to be able to see the
| password."
| wkat4242 wrote:
| Yes but. In Europe this tech is also in our id cards
| whether said passport is printed on the outside
| (considering it's just a credit card format). You still
| have to see it but it doesn't have to be opened to the
| right page like a passport.
|
| Both sides even have the info printed. One side in human
| format, the owner side in machine readable.
| lukan wrote:
| Yes, but this still means a attacker needs to have
| physical access to the passport?
| tialaramex wrote:
| They need to know the information which functions as key.
| Because many people don't trust government secrets, the
| information used for this purpose on a passport is
| actually just facts about you which were already printed
| in your passport, plus the passport number. The machine
| summarises these in a "Machine readable zone" but they're
| nothing you didn't know.
|
| For a random traveller you can probably guess roughly how
| old they are, which is a few bits for the date-of-birth,
| and maybe you could strike up conversation and discover
| their name (or maybe it's printed on baggage, called out
| by fellow travellers etc.) but yeah it'll be very hard
|
| For a very well known person you can likely discover
| everything except the passport number and you might get a
| decent guess at that from knowing roughly when it would
| be issued.
| lukan wrote:
| "For a very well known person you can likely discover
| everything except the passport number and you might get a
| decent guess at that from knowing roughly when it would
| be issued."
|
| From a very well known person you could probably also
| steal everything you need directly, if your purpose is to
| create damage.
| wkat4242 wrote:
| Kinda the same as with the NFC.
|
| You can read from a small distance, probably further than
| you can read an NFC tag with your phone. And you can
| automate both on a phone (OCR and NFC)
| lxgr wrote:
| Even that password only gives you read access.
|
| I don't think ICAO passports can ever be rewritten post-
| issuance. Some national IDs can, e.g. to change the
| holder's residential address, but for passports, I don't
| think any part of the on-chip data can be changed post-
| issuance, since it would also require re-printing data on
| the photo page usually under protective plastic.
| edent wrote:
| No.
|
| NFC chips can be locked. That means the data can't be
| overwritten. No matter the writer, nor its strength, you
| can't overwrite a passport's chip.
|
| I suppose you could use an EMP - but that would ruin a lot
| more than just some trips.
| crowbahr wrote:
| In addition to the mechanisms people are describing here -
| passports have a metal mesh in them to disrupt NFC signals.
| It's not a full faraday cage but it works on similar
| principles. The passport has to be _open_ to be read from,
| and then only after you transmit the MRZ will you get
| anything.
| raron wrote:
| > passports have a metal mesh in them to disrupt NFC
| signals
|
| I don't think that is universally true. At least I can
| read my closed 2 years old passport with my phone.
| crowbahr wrote:
| Hmm the American passports have the mesh afaik - I
| _thought_ it was part of the ICAO docs (not that that
| means people do it but still...)
| crowbahr wrote:
| Just tested on my American passport - it will not read
| while closed, either from the front or the back. Opening
| it up - no issues reading. Seems like there is in fact a
| faraday mesh or something
| wkat4242 wrote:
| I doubt border guards know what a cryptographic signature is.
| But they'll probably have a big red marker that tells them to
| hold you and get someone who knows :)
| Nextgrid wrote:
| I remember reading an article or paper that checked the
| validity and spec compliance of various nations's passports,
| and found lots of variation, so a valid signature isn't
| actually a guarantee even in a legit passport.
| vbezhenar wrote:
| Invalid signature probably will result from chip degradation
| or other electronic failures and I'm pretty sure that you
| won't be the first they see. Passport is supposed to be valid
| without any digital things, so they'll proceed with ordinary
| procedures, with manual entry of data from passport.
| lxgr wrote:
| > Invalid signature probably will result from chip
| degradation or other electronic failures
|
| I'd consider that pretty unlikely. Degraded chips would
| most likely provide _no_ signature, not an invalid one.
| (Being able to randomly flip bits would be a big security
| problem for these kinds of ICs, so I 'd assume they'd have
| robust protections against that.)
| remcob wrote:
| Besides the data being signed as already mentioned, the
| protocol is interactive and custom to passport documents. So
| you can't just put it on any programmable NFC tag. I also doubt
| you can buy programmable ones implementing the passport
| protocols. But maybe you can find general purpose programmable
| ones you can implement the protocol on.
|
| There are also optional subprotocols that allow the chip to be
| authenticated (i.e. proof it knows a private key). These
| prevent copying valid signed data to a different chip.
| crowbahr wrote:
| Yeah but since the USA doesn't sign on to anything above
| basic auth (MRZ unlock) everyone also has to work on the more
| basic level. Kinda unfortunate.
| lxgr wrote:
| You can definitely run the protocol on a programmable
| smartcard (see for example https://jmrtd.org/), but without
| the required PKI certificates, nobody would accept your home-
| made passport.
| SXX wrote:
| Countries like UK actually have publicly database for e-visas
| (share code) that can easily be verified via online API. So
| probably at least some foreign governments can cross validate
| some of passport data with each other.
| crowbahr wrote:
| Countries all know each other's signing certs. There's a
| question of how much they _trust_ the other country but the
| certs are all public.
| frelp wrote:
| I wonder if you could create a chip that could break the passport
| reader system. That could really disrupt things, so hopefully
| that's not possible.
| hypeatei wrote:
| Burning a zero day like that in front of border / travel
| officers will probably land you in prison very quickly.
| dopp0 wrote:
| the world belongs to the braves
| edent wrote:
| The ICAO documents contain the complete specification. It is
| moderately complex and involves twiddling lots of bits. So I've
| no doubt that a passport reader somewhere isn't doing bounds
| checking properly.
|
| But you could achieve much the same effect with a hammer.
| giantg2 wrote:
| But could a hammer deliver a malicious payload that could
| spread in the system? I'm not sure if you could do that with
| data on the chip, but maybe.
| lxgr wrote:
| Yes, but so could a sticker with a QR code containing some
| exploit that the optical passport reader scans.
|
| I don't think it's a particularly different attack vector
| just because the chip is "active". Competent systems would
| treat all data received from it as potentially harmful
| until proven otherwise.
| cAtte_ wrote:
| this reminds me of the plot to Black Mirror's Plaything
| :-)
| lxgr wrote:
| I'm glad the subtle reference landed :)
| monai wrote:
| You can transmit arbitrary data in certain steps of the
| passport reading process. The possibility of disruption depends
| on whether the reading system has bugs exploitable by the
| incoming data.
|
| I've seen crashes in PKCS#11 drivers when reading cards with
| malformed data. So, the possibility, in theory, is always
| there.
| wkat4242 wrote:
| Many passports also contain digitized fingerprint scans. But
| those are even harder to access. You need a private key that only
| governments have.
| aneutron wrote:
| Sounds fairly sensible to me
| heavyset_go wrote:
| If it's truly sensitive data, encrypting with a unique
| private key and locking that with a PIN a la FIDO via NFC
| would be a bit more secure.
|
| One master key leak and everyone is walking around with IDs
| that give away sensitive data over RFID.
| Nextgrid wrote:
| > sensitive data
|
| "Sensitive" data that you already leave on everything you
| touch.
| heavyset_go wrote:
| You leave your DNA everywhere, too, but there are data
| security and privacy implications of digitizing that data
| and voluntarily/involuntarily sharing it with others.
| timewizard wrote:
| "Many passports also contain your computer password. But
| those are even harder to access. You need a private key that
| only governments have."
|
| Still reasonable?
| jwr wrote:
| > that only governments have
|
| :-)
| muhehe wrote:
| Do share :)
| connicpu wrote:
| A corrupt government official selling a copy of that key to
| the highest bidder just sounds like the free market to me /s
| belter wrote:
| "Dutch journalist buys fake Syrian passport with prime
| minister's photo" - https://www.dutchnews.nl/2015/09/dutch-
| journalist-buys-fake-...
| victorbjorklund wrote:
| does not say anything about it passing digital checks
| charcircuit wrote:
| Why would they make such an important key be copyable?
| lxgr wrote:
| To be useful, that key needs to be present in countless
| border checkpoint or even police devices, so it's
| inherently very hard to keep secret.
|
| That's a known trade-off, and I believe some countries
| accordingly restrict access to their own national
| authorities (which usually already have access to that
| data via other means, since they're issuing the
| document).
| Nextgrid wrote:
| You wouldn't need the key to be copyable though - it can
| be an online check - ie. passport sends challenge,
| terminal sends challenge to government-hosted HSM, HSM
| sends response.
| lxgr wrote:
| Good point, but that's in the end a typical
| availability/security tradeoff, and I could imagine that
| at least some verifying authorities would rather err on
| the side of the former.
| chrisandchris wrote:
| Imagine, there are a lot of borders and posces where duch
| control happens where internet is not guaranteed.
| hamburglar wrote:
| The way computer security people and government officials
| understand keys and key handling practices is vastly
| different.
| BuyMyBitcoins wrote:
| It's obviously not a free market. You have to bribe
| someone, which is by definition not _free_. /s
| connicpu wrote:
| Free as in freedom ;)
| SXX wrote:
| I always wondered isn't this kind of specification also have
| digital signature of the passport issuer or something? Otherwise
| how do other countries can verify it's not a fake one?
|
| I read this article, but seems like any information about it is
| kind a omited.
| janmo wrote:
| The passports contain a digital signature and a DSC (Document
| Signing Certificate). This DSC is signed by a CSCA certificate
| which you can download from the ICAO Public Key Directory. Link
| here: https://pkddownloadsg.icao.int/
| landgenoot wrote:
| Yes. There is even an active function that allows you sign
| arbitrary bits to check if the passport actually contains the
| private key. Otherwise you could spoof a passport by just
| replaying the government signed data.
|
| Source: I have been working on a blockchain implementation in
| the past that was compatible with the cryptographic functions
| in an NFC passport. Basically using a standard NFC passport as
| a cold wallet.
|
| Fun fact. The cryptographic system even differs per country.
|
| E.g. the Dutch don't trust the NIST elliptic curves so use the
| brainpool curves instead. Some other countries are still using
| RSA iirc.
| SXX wrote:
| Thanks for details.
|
| Actual validation methods would be actually cool to read
| about. Since if we ignore legal diffuculties of storing the
| data then we can actually use passport cryptography as
| something like actual proof-of-human without pesky 3rd-
| parties.
| c22 wrote:
| Is it just because the third parties that issue passports
| aren't _pesky_?
| lxgr wrote:
| Not on many new passports. Non-repudiable signatures were
| intentionally defined as a non-goal, and signature
| functionality is no longer present on newer passports.
| SXX wrote:
| To proof-of-human and some UUID you only need valid
| signature on passport data.
| lxgr wrote:
| That only proves that a given human exists and was issued
| a given passport, not that that passport is actually
| present. For that you do need active or chip
| authentication, but only the former yields a signature
| that third parties can validate.
|
| Even then, authorization is completely missing from the
| ICAO model - it's for authentication of identity
| documents only. It's explicitly not intended for "proof
| of humanity", since that requires authorization too, or
| it'd be vulnerable to any attacker that can briefly tap
| your identity document with their phone.
|
| That's one of the reasons why active authentication was
| deprecated, presumably: Signatures without document owner
| authorization can be misleading/interpreted as confirming
| intent, not just document existence.
| SXX wrote:
| To be honest I was thinking more about it more as just
| measure for anti-spam and limiting bots, but obviously it
| will only work for certain audiences since in countries
| like UK like 20-25% of people simply dont hold the
| passport at all. I can guess in US a lot of people only
| have driver licenses too.
| lxgr wrote:
| > I was thinking more about it more as just measure for
| anti-spam and limiting bots
|
| It won't help with that at all, since without requiring
| active involvement of some credential or trusted party,
| all there is is a static signature saying "there's a
| person called $name born on $dob", but nothing saying
| "and that person wants to <send an email|register an
| account|...>".
|
| There is a way to use ICAO documents supporting "Active
| Authentication" in such a way, and I've seen proofs of
| concept leveraging it, but it was an unintentional
| consequence of using RSA signatures for authentication
| and fixed/removed in newer cards.
| bluesign wrote:
| but why would passport contain a private key ?
| landgenoot wrote:
| The public key information is signed by the government and
| readable.
|
| This enables the passport to prove it's integrity by
| signing responses with its private key.
| lxgr wrote:
| > Yes. There is even an active function that allows you sign
| arbitrary bits to check if the passport actually contains the
| private key.
|
| That's true for older passports, but there's actually a newer
| scheme that uses Diffie-Hellman key agreement instead, since
| non-repudiation, which is hard to avoid with RSA signatures,
| is considered a non-goal for passports. (Some governments
| apparently don't want them to be used as a "backdoor
| e-signing scheme", hence the change to the new repudiable
| authentication scheme.)
| landgenoot wrote:
| That makes sense. It has been almost a decade ago when I
| worked on this subject. Do you have examples of countries
| that do this?
|
| Some countries (like Belgium) this _is_ a goal. They
| implemented a full PKI in their identity cards.
| lxgr wrote:
| Some countries indeed also implement an e-signature
| scheme with their national identity cards (for example
| Germany), but this is a completely different scheme and
| accordingly protocol from the ICAO biometric travel
| document one.
|
| Essentially, these countries run two applications on the
| document chip: One that lets anyone verify the
| authenticity of the document, using the ICAO PKI and
| active or chip authentication, and one that lets the
| document owner sign data, usually after entering a PIN or
| password (or anybody holding the document could do so on
| their behalf).
|
| Other countries decouple e-signatures/remote
| authentication and electronically verifiable identity
| documents, e.g. Austria - which now has an ICAO-
| compatible identity card, but a completely separate
| e-signature schme based on, and it really pains me to say
| this... server-side private keys.
| tauntz wrote:
| The spec for machine readable travel documents is sadly not the
| most concise but if you're interested in the nitty-gritty details
| of how to validate documents, how to read data from them, etc
| then jump into ICAO 9303:
|
| https://www.icao.int/publications/documents/9303_p10_cons_en...
|
| https://www.icao.int/publications/documents/9303_p11_cons_en...
|
| But please keep in mind that this is just the spec for how it's
| supposed to be implemented. Real world implementations of it have
| lots of creative interpretations of the spec in addition to
| straight bugs in their implementations, so if you're going to
| write software that has to work with various different documents
| issued by various governments, you'll have many fun debugging
| sessions :)
| chatmasta wrote:
| It seems every country that moves to electronic travel
| authorization has an app that requires me to verify my passport
| with this method. I have a fairly new passport, issued in the
| last few years, and a recent phone... and this process is a
| huge pain. I need to massage my passport with my phone for a
| minute, maybe I get a bite, hold it still... oops, start
| over... try again... okay, use our partner's face ID
| recognition service instead... ugh it's horrible.
|
| I don't know if the issue is the very low power chip in the
| passport, or some damage or what... but I dread the process any
| time I need to do it.
| doublerabbit wrote:
| It's just a future fantasy that isn't fit for our dystopian
| world. I'm still waiting for the fantasy of fixed potholes.
| chatmasta wrote:
| Honestly, it's better than "take a photo of your passport
| and upload it to our unsecured S3 bucket."
| FireBeyond wrote:
| Or id.me, as used by the IRS. "Scan your license, front
| and back"...
|
| Front, 200dpi, "Unable to find a face in the image".
| 300dpi, "Unable to find a face in the image". Let's try
| lower, 72dpi, "Thank you".
|
| Back, let's start at 72dpi, since that worked for the
| front. "Unable to read a barcode in the image". Higher,
| 200dpi, "Unable to read a barcode in the image". 300dpi?
| "Thank you".
| nemoniac wrote:
| Here's a tidied up version of the Python code to generate the MRZ
| from the passport data. It also corrects a padding error.
| https://pastebin.com/k0Tty22a
|
| My Dutch driver's licence has a single MRZ-like line across the
| bottom. It seems to encode the country and licence number but I
| can't make any sense of the rest of the line. Anyone have any
| leads?
| Farbklex wrote:
| I haven't found the docs for the Dutch version but this article
| shows the content of the MRZ of a French drivers license. They
| seem to match the Dutch ones as well.
|
| https://trustdochub.com/en/mrz-strip-french-driving-licence/...
| ape4 wrote:
| Its odd that the dates aren't Y2K safe (hard to believe I am
| typing this in '25).
| the_svd_doctor wrote:
| Yes. In fact I just filled a UK ETA for my 1 year old daughter,
| and after taking a photo of the MRZ the application asked me to
| confirm if she was born in 1924 or 2024 :-)
| criddell wrote:
| Is any of this specific to Linux? It looks like it should work in
| Windows an macOS as well.
| edent wrote:
| I only have Linux (and Android) to test on. Please report back
| if it works on other OSes.
| ndr_ wrote:
| He confirms he could do an iOS port:
| https://mastodon.social/@andyq/114738867580032204
| lxgr wrote:
| I've had several banking apps (and I believe one airline or
| hotel booking app as well) scan my ICAO passport as part of
| KYC, so this is definitely a thing.
|
| Much preferred over the usual "send us a photo of your
| password as a means of authentication".
| extraduder_ire wrote:
| There's an android application on fdroid which allows you to do
| the same thing in a pretty nice UI:
| https://f-droid.org/packages/com.tananaev.passportreader/ I found
| it useful as I don't have a USB NFC reader.
|
| You need to enter the passport number and dates yourself though.
| alexrsagen wrote:
| I've written some Rust code to do the same thing. Mainly to get a
| copy of the photo stored on my passport, and because I was
| curious about how eMRTDs worked. I enjoyed reading through the
| ICAO 9303 specs, they were very detailed.
|
| Example: https://github.com/alexrsagen/rs-
| nfc1/blob/main/examples/rea...
|
| Library with eMRTD specific code:
| https://github.com/alexrsagen/rs-mrtd1
___________________________________________________________________
(page generated 2025-06-25 23:01 UTC)