How it works · ARX Burner / HaLo
A card that is
a wallet.
The Burner is a physical NFC card with an Ethereum key living on its secure element. Hold it to your phone and read its address. The private key never leaves the card.
Tap the card — or use the button
01 · For you
How it works, without the crypto words.
No app setup, no seed phrase to write down, no battery in the card. It's a piece of plastic with a key inside. Here's the whole thing.
02 · Under the hood
The chip is the wallet.
The Burner runs on Arx's HaLo secure element. The card and the wallet aren't two things — the chip holds the key, the wallet is that key. Here's the actual read.
The card is the wallet
A key is generated on the card. It stays on the card.
At personalization, the HaLo secure element runs secp256k1 key generation in place — the same curve Ethereum uses. The private key is written into the chip and is not exportable over NFC. What can ever leave the radio is the matching public key.
So the "wallet" isn't an app, a file, or a phrase — it's a physical keypair you can hold. Lose the card and the key is gone with it.
Address derivation — phone-side
From a public key to 0x…, in four moves.
The card hands over its raw public key. The address is computed on the phone by libhalo/ethers — the private key is never involved.
Same path every Ethereum EOA uses — the only difference is where the private key lives.
Transport — ISO-DEP, not NDEF
A smart-card session, not a URL tag.
Most NFC tags are read as NDEF — a chunk of text or a link. The Burner is read as an ISO 14443-4 (ISO-DEP) card: the phone opens a session, SELECTs an applet by AID, and exchanges raw APDUs. iOS filters which cards even wake the reader by these identifiers:
APDU anatomy — the bytes on the radio
One SELECT, then one command.
Every exchange is an APDU — a short request/response packet. First the phone SELECTs the HaLo applet so the card routes the session to it; then the single get_pkeys rides the same channel.
No NDEF, no URL — a live smart-card conversation over ISO 14443-4.
The one command — get_pkeys
The entire read is a single byte.
After SELECT, the app issues one command — get_pkeys (opcode 0x02). Its payload is literally the opcode byte. The card answers with its public keys, parsed into per-slot maps. Slot 1 is the primary wallet key and is mandatory — a card without it is rejected as unsupported-card.
Hover a code line or a diagram node to trace the step. The phone computes the address (keccak256 of the public key, EIP-55 checksummed) — only the private key is truly on-card.
Capability matrix — what the chip can do
This app reads. The chip can sign.
The HaLo command set is far wider than what AgentCard uses today. The read-only surface is a deliberate first step — not the ceiling.
| Opcode | Command | Purpose | In this app |
|---|---|---|---|
| 0x02 | get_pkeys | Read public keys | Used |
| 0x01 | sign | EIP-191 / EIP-712 signing | Not yet |
| 0x11 | sign_challenge | Challenge-response auth | Not yet |
| 0x04 | get_attest | Attestation / provenance | Not yet |
| 0xB5–B7 | generate_key_* | On-card key generation | Personalization |
Session lifecycle — one reader, one card
The NFC sheet is the one source of truth.
A module-level sessionInProgress guard guarantees only one session runs at a time. Core NFC's SessionClosed event — registered before the sheet appears — is the authoritative dismissal signal, with a 2000 ms logged safety fallback. The success reveal never plays behind an open system sheet.
Data retention — what stays on your phone
One address. Nothing else.
After a read, the app keeps only { address, keySlot } of the primary slot. Other slots' addresses, the compressed pubkeys, and the tag id are discarded. Logs carry stage names, attempt ids, and elapsed milliseconds — never keys, addresses, APDU payloads, or signatures.
Going deeper
Why ISO-DEP and an applet, instead of an NDEF URL?+
NDEF is a passive "here's some data" read — fine for a link, useless for a command/response with a secure element. ISO-DEP gives the phone a live channel: SELECT an applet, send APDUs, get signed answers back. That's what lets the same card later sign challenges and attest to its own provenance.
Is the address really "derived on-card"?+
The private key is generated and held on-card — that part is true. But the public-key → address step (keccak256 of the pubkey, last 20 bytes, EIP-55 checksum) is computed client-side by libhalo/ethers after the pubkey is read off. Only the secret material is truly on the chip.
What does "Burner" mean vs "HaLo" vs "AgentCard"?+
HaLo is Arx Research's programmable NFC secure-element platform. Burner is the product card built on it. AgentCard is the name of this iPhone app that reads the card. Three names, one physical object in your hand.
EIP-55 checksum, exactly.+
Take the 40 hex chars of the address (no 0x), lowercase them, and keccak256 that string. Walk the hash nibble-by-nibble against the address: if a character is a letter and its hash nibble is ≥ 8, uppercase it; otherwise leave it lowercase. The mixed-case result is the EIP-55 address — a typo detector, not encryption.
What would a future sign-in flow require?+
The chip can already sign (0x01), answer challenges (0x11), and attest (0x04). Wiring that up responsibly means an explicit challenge/signature protocol with replay protection, domain separation, user consent, and a real threat model — which is exactly why this app ships read-only first.
03 · Honest scope
What seeing the address doesn't prove.
We'd rather tell you exactly what this is than sell you more. Reading the address is a real, useful thing — and a narrow one.
What this app does
- Reads the card's public key over NFC and shows its Ethereum address.
- Copies that address anywhere you want to send funds.
- Keeps the private key on the card — it is never read, stored, or transmitted.
- Retains only the primary address — no other slots, no tag id, no signatures.
What it does not do
- It does not prove card authenticity, ownership of the key, or your identity.
- It does not sign, spend, or authorize anything.
- It does not check balances or show transaction history.
- It is not a wallet app — it's a reader. The signing surface is the chip's future, deliberately unbuilt here.