Reading NFC Passport Chips in Linux
Comments
tauntz
chatmasta
It seems every country that moves to electronic travel authorization has an app that requires me to verify my passport with this method. I have a fairly new passport, issued in the last few years, and a recent phone… and this process is a huge pain. I need to massage my passport with my phone for a minute, maybe I get a bite, hold it still… oops, start over… try again… okay, use our partner’s face ID recognition service instead… ugh it’s horrible.
I don’t know if the issue is the very low power chip in the passport, or some damage or what… but I dread the process any time I need to do it.
doublerabbit
It's just a future fantasy that isn't fit for our dystopian world. I'm still waiting for the fantasy of fixed potholes.
chatmasta
Honestly, it’s better than “take a photo of your passport and upload it to our unsecured S3 bucket.”
FireBeyond
Or id.me, as used by the IRS. "Scan your license, front and back"...
Front, 200dpi, "Unable to find a face in the image". 300dpi, "Unable to find a face in the image". Let's try lower, 72dpi, "Thank you".
Back, let's start at 72dpi, since that worked for the front. "Unable to read a barcode in the image". Higher, 200dpi, "Unable to read a barcode in the image". 300dpi? "Thank you".
nemoniac
Here's a tidied up version of the Python code to generate the MRZ from the passport data. It also corrects a padding error.
https://pastebin.com/k0Tty22a
Farbklex
I haven't found the docs for the Dutch version but this article shows the content of the MRZ of a French drivers license. They seem to match the Dutch ones as well.
https://trustdochub.com/en/mrz-strip-french-driving-licence/...
nemoniac
Only partially. At least for my Dutch licence. It contains neither holder's last name nor end date.
It does start with D1NLD. Then a single digit which is not the checksum of the foregoing (using the passport checksum algorithm). Then the document number. Then some letters and numbers I can't make any sense of. It ends with a correct global checksum for all of the foregoing.
XiS
See the spec I mentioned. But here's an excerpt. https://upload.disroot.org/r/Y_vdT16A#cW4coNxPvTJN6b8InO5cHW...
XiS
Drivers licenses aren't ICAO 9303 compliant. For EU documents a separate spec is being used (NEN-ISO-IEC 18013-3). Small pointer: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
Context: Made an implementation for reading these when Dutch drivers license model with NFC first came available (model 2014 if I remember correctly)
alexrsagen
I've written some Rust code to do the same thing. Mainly to get a copy of the photo stored on my passport, and because I was curious about how eMRTDs worked. I enjoyed reading through the ICAO 9303 specs, they were very detailed.
Example: https://github.com/alexrsagen/rs-nfc1/blob/main/examples/rea...
Library with eMRTD specific code: https://github.com/alexrsagen/rs-mrtd1
wkat4242
Many passports also contain digitized fingerprint scans. But those are even harder to access. You need a private key that only governments have.
jwr
> that only governments have
:-)
muhehe
Do share :)
connicpu
A corrupt government official selling a copy of that key to the highest bidder just sounds like the free market to me /s
belter
"Dutch journalist buys fake Syrian passport with prime minister’s photo" - https://www.dutchnews.nl/2015/09/dutch-journalist-buys-fake-...
victorbjorklund
does not say anything about it passing digital checks
charcircuit
Why would they make such an important key be copyable?
lxgr
To be useful, that key needs to be present in countless border checkpoint or even police devices, so it's inherently very hard to keep secret.
That's a known trade-off, and I believe some countries accordingly restrict access to their own national authorities (which usually already have access to that data via other means, since they're issuing the document).
Nextgrid
You wouldn't need the key to be copyable though - it can be an online check - ie. passport sends challenge, terminal sends challenge to government-hosted HSM, HSM sends response.
lxgr
Good point, but that's in the end a typical availability/security tradeoff, and I could imagine that at least some verifying authorities would rather err on the side of the former.
chrisandchris
Imagine, there are a lot of borders and pösces where duch control happens where internet is not guaranteed.
hamburglar
The way computer security people and government officials understand keys and key handling practices is vastly different.
BuyMyBitcoins
It’s obviously not a free market. You have to bribe someone, which is by definition not free. /s
connicpu
Free as in freedom ;)
aneutron
Sounds fairly sensible to me
heavyset_go
If it's truly sensitive data, encrypting with a unique private key and locking that with a PIN a la FIDO via NFC would be a bit more secure.
One master key leak and everyone is walking around with IDs that give away sensitive data over RFID.
Nextgrid
> sensitive data
"Sensitive" data that you already leave on everything you touch.
heavyset_go
You leave your DNA everywhere, too, but there are data security and privacy implications of digitizing that data and voluntarily/involuntarily sharing it with others.
timewizard
"Many passports also contain your computer password. But those are even harder to access. You need a private key that only governments have."
Still reasonable?
aneutron
If you think of your fingerprint as a "secret", you're wrong. It's more your name. That would be like saying your face is a secret. It's not.
stavros
Hm, he doesn't say whether he managed to decrypt the passport with the missing checksum in the end, or whether the piercing doesn't matter because it's trivial to calculate the checksum from the rest of the info, or how long that would take. Did I miss it, or is that useful information omitted?
edent
OP here. It is trivial to create the missing checksum. It is detailed at https://shkspr.mobi/blog/2025/06/reading-nfc-passport-chips-...
stavros
Yep, I saw that section, but thought that the next section was a continuation of it. Maybe you could say a few more things about it, like "since it was trivial to recreate the checksum, I managed to read my passport fine, and then wondered what it would take to guess the entire MRZ" as a segue.
extraduder_ire
There's an android application on fdroid which allows you to do the same thing in a pretty nice UI: https://f-droid.org/packages/com.tananaev.passportreader/ I found it useful as I don't have a USB NFC reader.
You need to enter the passport number and dates yourself though.
SXX
I always wondered isn't this kind of specification also have digital signature of the passport issuer or something? Otherwise how do other countries can verify it's not a fake one?
I read this article, but seems like any information about it is kind a omited.
landgenoot
Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key. Otherwise you could spoof a passport by just replaying the government signed data.
Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.
Fun fact. The cryptographic system even differs per country.
E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead. Some other countries are still using RSA iirc.
lxgr
> Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key.
That's true for older passports, but there's actually a newer scheme that uses Diffie-Hellman key agreement instead, since non-repudiation, which is hard to avoid with RSA signatures, is considered a non-goal for passports. (Some governments apparently don't want them to be used as a "backdoor e-signing scheme", hence the change to the new repudiable authentication scheme.)
landgenoot
That makes sense. It has been almost a decade ago when I worked on this subject. Do you have examples of countries that do this?
Some countries (like Belgium) this _is_ a goal. They implemented a full PKI in their identity cards.
lxgr
Some countries indeed also implement an e-signature scheme with their national identity cards (for example Germany), but this is a completely different scheme and accordingly protocol from the ICAO biometric travel document one.
Essentially, these countries run two applications on the document chip: One that lets anyone verify the authenticity of the document, using the ICAO PKI and active or chip authentication, and one that lets the document owner sign data, usually after entering a PIN or password (or anybody holding the document could do so on their behalf).
Other countries decouple e-signatures/remote authentication and electronically verifiable identity documents, e.g. Austria – which now has an ICAO-compatible identity card, but a completely separate e-signature schme based on, and it really pains me to say this... server-side private keys.
SXX
Thanks for details.
Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.
lxgr
Not on many new passports. Non-repudiable signatures were intentionally defined as a non-goal, and signature functionality is no longer present on newer passports.
SXX
To proof-of-human and some UUID you only need valid signature on passport data.
lxgr
That only proves that a given human exists and was issued a given passport, not that that passport is actually present. For that you do need active or chip authentication, but only the former yields a signature that third parties can validate.
Even then, authorization is completely missing from the ICAO model – it's for authentication of identity documents only. It's explicitly not intended for "proof of humanity", since that requires authorization too, or it'd be vulnerable to any attacker that can briefly tap your identity document with their phone.
That's one of the reasons why active authentication was deprecated, presumably: Signatures without document owner authorization can be misleading/interpreted as confirming intent, not just document existence.
SXX
To be honest I was thinking more about it more as just measure for anti-spam and limiting bots, but obviously it will only work for certain audiences since in countries like UK like 20-25% of people simply dont hold the passport at all. I can guess in US a lot of people only have driver licenses too.
lxgr
> I was thinking more about it more as just measure for anti-spam and limiting bots
It won't help with that at all, since without requiring active involvement of some credential or trusted party, all there is is a static signature saying "there's a person called $name born on $dob", but nothing saying "and that person wants to <send an email|register an account|...>".
There is a way to use ICAO documents supporting "Active Authentication" in such a way, and I've seen proofs of concept leveraging it, but it was an unintentional consequence of using RSA signatures for authentication and fixed/removed in newer cards.
c22
Is it just because the third parties that issue passports aren't pesky?
bluesign
but why would passport contain a private key ?
landgenoot
The public key information is signed by the government and readable.
This enables the passport to prove it's integrity by signing responses with its private key.
janmo
The passports contain a digital signature and a DSC (Document Signing Certificate). This DSC is signed by a CSCA certificate which you can download from the ICAO Public Key Directory. Link here: https://pkddownloadsg.icao.int/
frelp
I wonder if you could create a chip that could break the passport reader system. That could really disrupt things, so hopefully that’s not possible.
edent
The ICAO documents contain the complete specification. It is moderately complex and involves twiddling lots of bits. So I've no doubt that a passport reader somewhere isn't doing bounds checking properly.
But you could achieve much the same effect with a hammer.
giantg2
But could a hammer deliver a malicious payload that could spread in the system? I'm not sure if you could do that with data on the chip, but maybe.
lxgr
Yes, but so could a sticker with a QR code containing some exploit that the optical passport reader scans.
I don't think it's a particularly different attack vector just because the chip is "active". Competent systems would treat all data received from it as potentially harmful until proven otherwise.
cAtte_
this reminds me of the plot to Black Mirror's Plaything :-)
lxgr
I'm glad the subtle reference landed :)
hypeatei
Burning a zero day like that in front of border / travel officers will probably land you in prison very quickly.
dopp0
the world belongs to the braves
monai
You can transmit arbitrary data in certain steps of the passport reading process. The possibility of disruption depends on whether the reading system has bugs exploitable by the incoming data.
I've seen crashes in PKCS#11 drivers when reading cards with malformed data. So, the possibility, in theory, is always there.
ape4
Its odd that the dates aren't Y2K safe (hard to believe I am typing this in '25).
the_svd_doctor
Yes. In fact I just filled a UK ETA for my 1 year old daughter, and after taking a photo of the MRZ the application asked me to confirm if she was born in 1924 or 2024 :-)
dzhiurgis
Hol up. So what stops you from uploading custom photo + metadata onto random chip and planting it in a fake passport?
edent
The data are signed with the passport issuing authority's private key.
So you could implement a chip which reacts like an official passport. When the border guards see that the signature is invalid, you can explain how it's just a prank and you'll all have a jolly good laugh about it.
wkat4242
I doubt border guards know what a cryptographic signature is. But they'll probably have a big red marker that tells them to hold you and get someone who knows :)
vbezhenar
Invalid signature probably will result from chip degradation or other electronic failures and I'm pretty sure that you won't be the first they see. Passport is supposed to be valid without any digital things, so they'll proceed with ordinary procedures, with manual entry of data from passport.
lxgr
> Invalid signature probably will result from chip degradation or other electronic failures
I'd consider that pretty unlikely. Degraded chips would most likely provide no signature, not an invalid one. (Being able to randomly flip bits would be a big security problem for these kinds of ICs, so I'd assume they'd have robust protections against that.)
23434dsf
So if I strolled through the airport with a high power NFC reader/writer, I could ruin a lot of peoples trips?
crowbahr
In addition to the mechanisms people are describing here - passports have a metal mesh in them to disrupt NFC signals. It's not a full faraday cage but it works on similar principles. The passport has to be _open_ to be read from, and then only after you transmit the MRZ will you get anything.
raron
> passports have a metal mesh in them to disrupt NFC signals
I don't think that is universally true. At least I can read my closed 2 years old passport with my phone.
crowbahr
Hmm the American passports have the mesh afaik - I _thought_ it was part of the ICAO docs (not that that means people do it but still...)
crowbahr
Just tested on my American passport - it will not read while closed, either from the front or the back. Opening it up - no issues reading. Seems like there is in fact a faraday mesh or something
edent
No.
NFC chips can be locked. That means the data can't be overwritten. No matter the writer, nor its strength, you can't overwrite a passport's chip.
I suppose you could use an EMP - but that would ruin a lot more than just some trips.
lukan
"The NFC chip in a passport is protected by a password. The password is printed on the inside of the physical passport. As well as needing to be physically close to the passport for NFC to work0, you also need to be able to see the password."
lxgr
Even that password only gives you read access.
I don't think ICAO passports can ever be rewritten post-issuance. Some national IDs can, e.g. to change the holder's residential address, but for passports, I don't think any part of the on-chip data can be changed post-issuance, since it would also require re-printing data on the photo page usually under protective plastic.
wkat4242
Yes but. In Europe this tech is also in our id cards whether said passport is printed on the outside (considering it's just a credit card format). You still have to see it but it doesn't have to be opened to the right page like a passport.
Both sides even have the info printed. One side in human format, the owner side in machine readable.
lukan
Yes, but this still means a attacker needs to have physical access to the passport?
tialaramex
They need to know the information which functions as key. Because many people don't trust government secrets, the information used for this purpose on a passport is actually just facts about you which were already printed in your passport, plus the passport number. The machine summarises these in a "Machine readable zone" but they're nothing you didn't know.
For a random traveller you can probably guess roughly how old they are, which is a few bits for the date-of-birth, and maybe you could strike up conversation and discover their name (or maybe it's printed on baggage, called out by fellow travellers etc.) but yeah it'll be very hard
For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued.
lukan
"For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued."
From a very well known person you could probably also steal everything you need directly, if your purpose is to create damage.
wkat4242
Kinda the same as with the NFC.
You can read from a small distance, probably further than you can read an NFC tag with your phone. And you can automate both on a phone (OCR and NFC)
daveoc64
What makes you think you could do this?
Nextgrid
I remember reading an article or paper that checked the validity and spec compliance of various nations's passports, and found lots of variation, so a valid signature isn't actually a guarantee even in a legit passport.
remcob
Besides the data being signed as already mentioned, the protocol is interactive and custom to passport documents. So you can’t just put it on any programmable NFC tag. I also doubt you can buy programmable ones implementing the passport protocols. But maybe you can find general purpose programmable ones you can implement the protocol on.
There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.
lxgr
You can definitely run the protocol on a programmable smartcard (see for example https://jmrtd.org/), but without the required PKI certificates, nobody would accept your home-made passport.
crowbahr
Yeah but since the USA doesn't sign on to anything above basic auth (MRZ unlock) everyone also has to work on the more basic level. Kinda unfortunate.
SXX
Countries like UK actually have publicly database for e-visas (share code) that can easily be verified via online API. So probably at least some foreign governments can cross validate some of passport data with each other.
crowbahr
Countries all know each other's signing certs. There's a question of how much they _trust_ the other country but the certs are all public.
neoromantique
Considering how often it is done, not much?
victorbjorklund
It is not? Pretty much all cases of digitally valid "fake" passports are corruption where they were made by the govt the same way normal passports are made.
agnishom
What makes you think it is done often?
crowbahr
(It's not)
23434dsf
Conscience
ragebol
Expectation of punishment
privacyking
You can do this easily with a proxmark 3 rdv4 or clone
criddell
Is any of this specific to Linux? It looks like it should work in Windows an macOS as well.
ndr_
He confirms he could do an iOS port: https://mastodon.social/@andyq/114738867580032204
lxgr
I've had several banking apps (and I believe one airline or hotel booking app as well) scan my ICAO passport as part of KYC, so this is definitely a thing.
Much preferred over the usual "send us a photo of your password as a means of authentication".
edent
I only have Linux (and Android) to test on. Please report back if it works on other OSes.
The spec for machine readable travel documents is sadly not the most concise but if you're interested in the nitty-gritty details of how to validate documents, how to read data from them, etc then jump into ICAO 9303:
https://www.icao.int/publications/documents/9303_p10_cons_en...
https://www.icao.int/publications/documents/9303_p11_cons_en...
But please keep in mind that this is just the spec for how it's supposed to be implemented. Real world implementations of it have lots of creative interpretations of the spec in addition to straight bugs in their implementations, so if you're going to write software that has to work with various different documents issued by various governments, you'll have many fun debugging sessions :)