ARX · BURNER

How it works · ARX Burner / HaLo

A card that is
a wallet.

The Burner is a physical NFC card with an Ethereum key living on its secure element. Hold it to your phone and read its address. The private key never leaves the card.

secp256k1 · on-cardISO 14443-4 · ISO-DEPEIP-55 · checksum

Tap the card — or use the button

Burner connected
0x0000·0000
Variants — re-tint the card

01 · For you

How it works, without the crypto words.

No app setup, no seed phrase to write down, no battery in the card. It's a piece of plastic with a key inside. Here's the whole thing.

02 · Under the hood

The chip is the wallet.

The Burner runs on Arx's HaLo secure element. The card and the wallet aren't two things — the chip holds the key, the wallet is that key. Here's the actual read.

The card is the wallet

A key is generated on the card. It stays on the card.

At personalization, the HaLo secure element runs secp256k1 key generation in place — the same curve Ethereum uses. The private key is written into the chip and is not exportable over NFC. What can ever leave the radio is the matching public key.

So the "wallet" isn't an app, a file, or a phrase — it's a physical keypair you can hold. Lose the card and the key is gone with it.

Address derivation — phone-side

From a public key to 0x…, in four moves.

The card hands over its raw public key. The address is computed on the phone by libhalo/ethers — the private key is never involved.

// card returns the uncompressed secp256k1 public key — 65 bytes 04 ‖ X (32B) ‖ Y (32B) // 0x04 = uncompressed point // drop the prefix → hash the raw X ‖ Y (64 bytes) addr = keccak256(X ‖ Y).slice(-20) // last 20 bytes // EIP-55 checksum → mixed-case 0x + eip55(lowercase) // cap a letter where the hash nibble ≥ 8

Same path every Ethereum EOA uses — the only difference is where the private key lives.

Transport — ISO-DEP, not NDEF

A smart-card session, not a URL tag.

Most NFC tags are read as NDEF — a chunk of text or a link. The Burner is read as an ISO 14443-4 (ISO-DEP) card: the phone opens a session, SELECTs an applet by AID, and exchanges raw APDUs. iOS filters which cards even wake the reader by these identifiers:

A000000949 0148614C6FHaLo applet
481199130E9F01Arx Burner applet
D2760000850101NFC Forum NDEF App
D2760000850100NDEF Type-4 DF

APDU anatomy — the bytes on the radio

One SELECT, then one command.

Every exchange is an APDU — a short request/response packet. First the phone SELECTs the HaLo applet so the card routes the session to it; then the single get_pkeys rides the same channel.

// SELECT the HaLo applet — ISO 7816-4 SELECT by name CLA=00 INS=A4 P1=04 P2=00 Lc=0A A0 00 00 09 49 01 48 61 4C 6F // → the 10-byte HaLo AID // then the whole read — payload is one byte, the opcode data: 02 // CMD_GET_PKEYS // response: SW1 SW2 = 90 00 (OK) + the public keys

No NDEF, no URL — a live smart-card conversation over ISO 14443-4.

Capability matrix — what the chip can do

This app reads. The chip can sign.

The HaLo command set is far wider than what AgentCard uses today. The read-only surface is a deliberate first step — not the ceiling.

OpcodeCommandPurposeIn this app
0x02get_pkeysRead public keysUsed
0x01signEIP-191 / EIP-712 signingNot yet
0x11sign_challengeChallenge-response authNot yet
0x04get_attestAttestation / provenanceNot yet
0xB5–B7generate_key_*On-card key generationPersonalization

Session lifecycle — one reader, one card

The NFC sheet is the one source of truth.

A module-level sessionInProgress guard guarantees only one session runs at a time. Core NFC's SessionClosed event — registered before the sheet appears — is the authoritative dismissal signal, with a 2000 ms logged safety fallback. The success reveal never plays behind an open system sheet.

Data retention — what stays on your phone

One address. Nothing else.

After a read, the app keeps only { address, keySlot } of the primary slot. Other slots' addresses, the compressed pubkeys, and the tag id are discarded. Logs carry stage names, attempt ids, and elapsed milliseconds — never keys, addresses, APDU payloads, or signatures.

Going deeper

Why ISO-DEP and an applet, instead of an NDEF URL?+

NDEF is a passive "here's some data" read — fine for a link, useless for a command/response with a secure element. ISO-DEP gives the phone a live channel: SELECT an applet, send APDUs, get signed answers back. That's what lets the same card later sign challenges and attest to its own provenance.

Is the address really "derived on-card"?+

The private key is generated and held on-card — that part is true. But the public-key → address step (keccak256 of the pubkey, last 20 bytes, EIP-55 checksum) is computed client-side by libhalo/ethers after the pubkey is read off. Only the secret material is truly on the chip.

What does "Burner" mean vs "HaLo" vs "AgentCard"?+

HaLo is Arx Research's programmable NFC secure-element platform. Burner is the product card built on it. AgentCard is the name of this iPhone app that reads the card. Three names, one physical object in your hand.

EIP-55 checksum, exactly.+

Take the 40 hex chars of the address (no 0x), lowercase them, and keccak256 that string. Walk the hash nibble-by-nibble against the address: if a character is a letter and its hash nibble is ≥ 8, uppercase it; otherwise leave it lowercase. The mixed-case result is the EIP-55 address — a typo detector, not encryption.

What would a future sign-in flow require?+

The chip can already sign (0x01), answer challenges (0x11), and attest (0x04). Wiring that up responsibly means an explicit challenge/signature protocol with replay protection, domain separation, user consent, and a real threat model — which is exactly why this app ships read-only first.

03 · Honest scope

What seeing the address doesn't prove.

We'd rather tell you exactly what this is than sell you more. Reading the address is a real, useful thing — and a narrow one.

What this app does

  • Reads the card's public key over NFC and shows its Ethereum address.
  • Copies that address anywhere you want to send funds.
  • Keeps the private key on the card — it is never read, stored, or transmitted.
  • Retains only the primary address — no other slots, no tag id, no signatures.

What it does not do

  • It does not prove card authenticity, ownership of the key, or your identity.
  • It does not sign, spend, or authorize anything.
  • It does not check balances or show transaction history.
  • It is not a wallet app — it's a reader. The signing surface is the chip's future, deliberately unbuilt here.