Near Field Communication (NFC) is a promising short distance radio communication technology for many useful applications. Although its communication range is short, NFC alone does not guarantee secure communication and is subject to security attacks, such as eavesdropping attack. Generating a shared key and using symmetric key cryptography to secure the communication between NFC devices is a feasible solution to prevent various attacks. However, conventional Diffie-Hellman key agreement protocol is not preferable for resource constrained NFC devices due to its extensive computational overhead and energy consumption. In this paper, we propose a practical, fast and energy-efficient key agreement scheme, which uses random bits transmission with waveform shaking, for NFC devices by exploiting its off-the-shelf full-duplex capability. In the proposed method, two devices send random bits to each other simultaneously without strict synchronization or perfect match of amplitude and phase. On the contrary, the method randomly introduces synchronization offset and mismatch of amplitude and phase for each bit transmission in order to prevent a passive attacker from determining the generated key. A shared bit can be established when two devices send different bits. We conduct theoretical analysis on the correctness and security strength of the method, and extensive simulations to evaluate its effectiveness. We build a testbed based on USRP software defined radio and conduct proof-of-concept experiments to evaluate the method in a real-world environment. It shows that the proposed method achieves a high key generation rate of about 26kbps and is immune to eavesdropping attack even when the attacker is within several centimeters from the legitimate devices. The proposed method is a practical, fast, energy-efficient, and secure key agreement scheme for resource-constrained NFC devices.