Trigger system-trusted NFC events without a physical tag by Xposed.
onHit is an Xposed module that triggers system-trusted NFC dispatch events without requiring any physical NFC tag.
This project is not an NFC card reader, writer, or hardware emulator.
Instead, onHit works at the Android framework layer, hooking into the system
NFC service to inject fabricated Tag objects and invoke real NFC dispatch logic,
making the system and applications believe that a genuine NFC tag has been detected.
- NOT an NFC reader
- NOT an NFC writer
- NOT Host Card Emulation (HCE)
- NOT hardware-level NFC emulation
onHit does not communicate with NFC hardware at all.
onHit hooks key classes and methods inside the Android NFC framework
(e.g. NfcService, NfcDispatcher, DeviceHost, etc.) using Xposed.
By intercepting and invoking internal NFC dispatch flows, it:
- Constructs or modifies
Tag/TagEndpointrelated objects - Injects controlled UID, technology lists, and extras
- Triggers genuine system NFC callbacks
- Allows apps to receive NFC intents as if a real tag was presented
All NFC events generated by onHit are trusted by the Android system, because they originate from inside the framework itself.
- NFC-related security research
- Reverse engineering NFC-based apps
- Testing NFC logic without physical cards
- Bypassing hardware dependency in controlled environments
- Framework-level NFC behavior analysis
- Rooted Android device
- Xposed / LSPosed environment
- Android system with AOSP-like NFC framework (vendor ROMs may vary)
- Strongly dependent on Android version and vendor NFC implementation
- Some OEM frameworks may modify or restrict NFC internals
- Not intended for production use
- No guarantee of compatibility across devices or ROMs
This project is intended for research, learning, and testing purposes only.
Do NOT use this project to:
- Bypass security mechanisms without authorization
- Attack or impersonate real-world NFC systems
- Violate laws, terms of service, or privacy policies
You are solely responsible for how you use this software.
This project is licensed under the GNU General Public License v2.0 (GPLv2).
You may use, modify, and redistribute this software under the terms of GPLv2. Any derivative work must also be distributed under the same license.
See the LICENSE file for full license text.
![@github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=64&v=4){kind=small}