Android HCE: are there rules for AID?
Asked Answered
D

2

10

I'm trying to use an ACR122 NFC reader to select an application emulated in one Nexus 5 using Android Host Card Emulation. However, small AIDs are not recognized.

My goal is to use a three byte long AID, as I do in a DESfire card. My first goal is only to be able to do a SELECT command.

My test app uses the following configuration for AIDs:

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
android:description="@string/service_descr"
android:requireDeviceUnlock="false" >

    <aid-group
        android:category="other"
        android:description="@string/aid_descr" >
            <aid-filter android:name="A0A1A2" />
            <aid-filter android:name="B0B1B2B3" />
            <aid-filter android:name="C0C1C2C3C4" />
            <aid-filter android:name="D0D1D2D3D4D5" />
            <aid-filter android:name="E0E1E2E3E4E5E6" />
    </aid-group>

</host-apdu-service>

If I run the following APDUs:

00 a4 04 00 03 a0 a1 a2 00
00 a4 04 00 04 b0 b1 b2 b3 00
00 a4 04 00 05 c0 c1 c2 c3 c4 00
00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00
00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00

I always get the following responses:

=> 00 a4 04 00 03 a0 a1 a2 00 
<= 6f 00 
=> 00 a4 04 00 04 b0 b1 b2 b3 00 
<= 6a 82 
=> 00 a4 04 00 05 c0 c1 c2 c3 c4 00 
<= 90 00 
=> 00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00 
<= 90 00 
=> 00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00 
<= 90 00 

So, only AIDs with length greater than 5 bytes will work with Android? Or am I doing something really wrong?

Delaine answered 17/12, 2014 at 19:20 Comment(0)
I
22

The rules for smartcard application identifiers (AIDs) are defined in ISO/IEC 7816-4. An AID may consist of up to 16 bytes. Based on the first 4 bits, AIDs are divided into different groups. The most relevant groups defined in ISO/IEC 7816-4 are:

  • AIDs starting with 'A': internationally registered AIDs
  • AIDs starting with 'D': nationally registered AIDs
  • AIDs starting with 'F': proprietary AIDs (no registration)

For (inter)nationally registered AIDs, the AID is split into two parts, a 5-byte mandatory RID (registered application provider identifier), and an optional PIX (proprietary application identifier extension) of up to 11 bytes.

For proprietary AIDs (F...) ISO/IEC 7816-4 does not clearly mandate any minimum length requirements.

In addition to this, when it comes to HCE and routing of card emulation communication from the NFC controller to secure elements or the application processor, there is the NFC Forum NCI specification. This specification mandates an AID (used in AID-based routing entries) to be between 5 and 16 bytes. Btw. the same limitation applies to smartcards following the Java Card specifications.

When it comes to Android, there is a hard-coded requirement that AIDs received in a SELECT command consist of at least 5 bytes:

Isobaric answered 23/12, 2014 at 12:48 Comment(2)
Thank you! Excellent explanation! In the end I had to use the DESfire international AID, but after that I can use native or wrapped commands. This will work both to Android HCE or to DESfire cards.Delaine
Also, in my other question this is explained a bit more.Delaine
B
3

According to EMV standards, an AID is made up of a Registered Application Provider Identifier (RID) having a minimum of 5 bytes, and an optional Application Identifier Extension (PIX) or proprietary Application Identifier having a maximum length of 11 bytes, which together make up the Application ID (AID), thus, the application ID can never be less than 5 bytes in length. If there are several applications present in the card, the AIDs will have the optional app identifiers appended to the RID to differentiate between the applications present in the card. Please read up on EMV standards on their site: EMVCO, and especially their books, Book 1 to Book 4, to understand more in this.

Brion answered 22/12, 2014 at 8:2 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.