Geek Answers Handbook

Android HCE: are there rules for AID?

I am trying to use the NFC ACR122 reader to select an application emulated in a single Nexus 5 using Android guest card emulation. However, a small AID is not recognized.

My goal is to use a three-byte AID, as on the DESfire card. My first goal is just to execute a SELECT statement.

My test application uses the following configuration for AID:

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android" android:description="@string/service_descr" android:requireDeviceUnlock="false" > <aid-group android:category="other" android:description="@string/aid_descr" > <aid-filter android:name="A0A1A2" /> <aid-filter android:name="B0B1B2B3" /> <aid-filter android:name="C0C1C2C3C4" /> <aid-filter android:name="D0D1D2D3D4D5" /> <aid-filter android:name="E0E1E2E3E4E5E6" /> </aid-group> </host-apdu-service>

If I run the following APDUs:

 00 a4 04 00 03 a0 a1 a2 00 00 a4 04 00 04 b0 b1 b2 b3 00 00 a4 04 00 05 c0 c1 c2 c3 c4 00 00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00 00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00

I always get the following answers:

 => 00 a4 04 00 03 a0 a1 a2 00 <= 6f 00 => 00 a4 04 00 04 b0 b1 b2 b3 00 <= 6a 82 => 00 a4 04 00 05 c0 c1 c2 c3 c4 00 <= 90 00 => 00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00 <= 90 00 => 00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00 <= 90 00

So, with Android, only AIDs longer than 5 bytes will work? Or am I really something wrong?

+4
android nfc hce mifare apdu
source share
2 answers

Rules for smart card application identifiers (AIDs) are defined in ISO / IEC 7816-4. AID can consist of 16 bytes. Based on the first 4 bits, AIDs are divided into different groups. The most relevant groups defined in ISO / IEC 7816-4 are:

  • AID starting with 'A' : internationally registered AIDs
  • AID starting with 'D' : nationally registered AIDs
  • AID starting with 'F' : branded AID (no registration)

For (inter) nationally registered AIDs, the AID is divided into two parts, a 5-byte mandatory RID (registered application provider identifier) ​​and an optional PIX (extension of proprietary application identifier) ​​up to 11 bytes long.

For proprietary AID ( F... ) ISO / IEC 7816-4 clearly does not require any minimum length requirements.

In addition to this, when it comes to HCE and routing card emulation communications from an NFC controller to protect elements or an application processor, there is an NFC Forum NCI specification. This specification requires that the AID (used in AID-based routing entries) be 5 to 16 bytes. Btw. the same restriction applies to smart cards, following the specifications of a Java card.

When it comes to Android, there is a hard-coded requirement that the AIDs received in the SELECT command consist of at least 5 bytes:

+10
source share

According to EMV standards, the AID consists of a registered application provider identifier (RID) with a minimum of 5 bytes and an optional application identifier extension (PIX) or a patented application identifier with a maximum length of 11 bytes that together make up the application identifier (AID), therefore The application identifier can never be less than 5 bytes in length. If there are multiple applications on the card, additional application identifiers will be added to the AIDs added to the RID to distinguish between applications present on the card. Please read EMV standards on your website: EMVCO , and especially their books, book 1 to book 4, to understand more about this.

+3
source share

More articles:


All Articles