[ewpratten]

Ya, looks like the iPhone is tinkering with the NDEF message itself.

If my Android phone wasn't dead, I'd love to compare an iPhone's write against the Android NFC Tools app's write.

If anyone else has an iPhone, an Android phone, and a Proxmark, I'd be interested in seeing a three-way diff between them all.

EDIT: I'm going to try to cross-post to the DT forum to see if anyone has ideas.

[stavros]

I've got both phones next to me, what do you want me to do exactly?

[ewpratten]

Wipe the card.

Make a dump after doing "hf mf ndefformat".

Then make a dump after writing a payload from an iPhone. (since iPhone seems to want ndefformat anyways)

Then wipe again and make a dump after writing from Android.

[stavros]

Here you go: https://www.pastery.net/xajezk+gbkqqz+aqwygg+ukrdad/

[ewpratten]

Thank you very much!

Something's clearly up there. You can see that even IOS and Android disagree with each other on what NDEF should look like by a few bytes. Very interesting.

[stavros]

Yep, 89 EC A9 7F 8C 2A 00 00 on iOS versus FF FF FF FF FF FF on Android. Interesting how the number of bytes is different, I should play with them a bit.

[ewpratten]

There's lots of info about the NDEF "packet" format online.

I used this page as reference when I was putting together the "magic bytes" in the final section of the blog post: https://www.oreilly.com/library/view/beginning-nfc/978144932...