gm3197

Reverse Engineered VAS Protocol Specification

Research by Grayson Martin
Last Updated 7/8/23

Introduction

Value Added Services (VAS) is the protocol used by NFC capable passes in Apple Wallet. Access to this protocol is heavily restricted on both the device end (a special certificate issued by Apple is required to create these passes) and the reader end (NDA enforced confidentiality). As such, a desire arose to better understand the protocol in order to explore additional use cases and examine its cryptographic integrity. There are gaps in understanding in certain parts of this protocol, however this document contains the minimum necessary understanding to automatically select, read data from, and decrypt a pass.

Importantly, this specification does not enable a malicious actor to read the data from a pass for which they do not have both the reader's private key, and the pass type identifier. Imp

equipter

iOS NDEF Record Compatibility

Introduction

NDEF (NFC Data exchange format) is a method of transferring (relatively small amounts of) information from a passive or actively emulated tag by way of "records" which specify the type of information is being received and the function it is meant to have.

iPhones do not have a full suite of NDEF compatibility, the reason for this is unknown (to me at least), what this means is the background polling on iPhones will not interpret some specific record types, with compatible NDEF records, a notification will pop up directing the user to follow the received data into its respective app to complete whatever action was intended by the record.

Compatibility Table

Below are the options offered by NFC Tools on IOS for NDEF Encoding, some of the options below are other record types but with a specific function IE social links are just URLs.