NFC Card Emulation on android

Discussion:

Eliseo Baruzzi

2013-01-21 16:56:41 UTC

Hello,

is it possible to use Card Emulation on Android?
Using a Samsung Galaxy S II smartphone, If I put it close to an RFID reader
I can read a random UID from the smartphone. What kind of UID is that? Is
it related to NFC controller? It seems that it can emulate a Mifare 4K tag
or a Smart MX card. Is it possible to get a fixed UID from this NFC phone,
and in general from any NFC phone that allows card emulation?

Thank you very much.
Eliseo

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-***@googlegroups.com
To unsubscribe from this group, send email to
android-developers+***@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Nikolay Elenkov

2013-01-21 17:13:13 UTC

Permalink

On Tue, Jan 22, 2013 at 2:12 AM, Nikolay Elenkov

On Tue, Jan 22, 2013 at 1:56 AM, Eliseo Baruzzi

Post by Eliseo Baruzzi
Hello,
is it possible to use Card Emulation on Android?

Also search the group, there is a lengthy thread about this,
with a lot of details.

Nikolay Elenkov

2013-01-21 17:12:30 UTC

Permalink

On Tue, Jan 22, 2013 at 1:56 AM, Eliseo Baruzzi

Post by Eliseo Baruzzi
Hello,
is it possible to use Card Emulation on Android?

Generally, yes. Depends on the NFC controller and software support.
That's how Google Wallet works.

Post by Eliseo Baruzzi
Using a Samsung Galaxy S II smartphone, If I put it close to an RFID reader
I can read a random UID from the smartphone. What kind of UID is that? Is it
related to NFC controller? It seems that it can emulate a Mifare 4K tag or a
Smart MX card. Is it possible to get a fixed UID from this NFC phone, and in
general from any NFC phone that allows card emulation?

As you have seen, it's a random UID. I don't remember the details off hand, but
a certain range is allocated for random UIDs, so each time you will
get some UID
in this range. You can't fix the UID, at least not with any of the standard NXP
controllers.

What are you trying to do?

Eliseo Baruzzi

2013-01-22 07:50:14 UTC

Permalink

On Tue, Jan 22, 2013 at 1:56 AM, Eliseo Baruzzi

Post by Eliseo Baruzzi
Hello,
is it possible to use Card Emulation on Android?

Generally, yes. Depends on the NFC controller and software support.
That's how Google Wallet works.

Post by Eliseo Baruzzi
Using a Samsung Galaxy S II smartphone, If I put it close to an RFID

reader

Post by Eliseo Baruzzi
I can read a random UID from the smartphone. What kind of UID is that?

Is it

Post by Eliseo Baruzzi
related to NFC controller? It seems that it can emulate a Mifare 4K tag

or a

Post by Eliseo Baruzzi
Smart MX card. Is it possible to get a fixed UID from this NFC phone,

and in

Post by Eliseo Baruzzi
general from any NFC phone that allows card emulation?

What I want to do is to use the UID received from the phone to read/write
the tag emulated on the phone. Another application possible is to use the
phone in access control applications, but a fixed UID is necessary. The UID
is random for security reasons? How Card Emulation can be used if the UID
is random?

Nikolay Elenkov

2013-01-22 08:03:27 UTC

Permalink

On Tue, Jan 22, 2013 at 4:50 PM, Eliseo Baruzzi

Post by Eliseo Baruzzi

Post by Nikolay Elenkov
What are you trying to do?

If you could change the UID at will that will enable you to clone key
cards, etc.
that rely on registered UID with any NFC-enabled Android device. Making it
that easy is obviously not a good idea, hence the random UID.

As for how to use CE without a fixed UID, well, just like you use a card:
read and write data to files/sectors, etc., possibly requiring authentication
with a key/password.

Eliseo Baruzzi

2013-01-22 09:03:27 UTC

Permalink

Il giorno martedì 22 gennaio 2013 09:03:27 UTC+1, Nikolay Elenkov ha

Post by Nikolay Elenkov
On Tue, Jan 22, 2013 at 4:50 PM, Eliseo Baruzzi

Il giorno lunedì 21 gennaio 2013 18:12:30 UTC+1, Nikolay Elenkov ha

Post by Nikolay Elenkov
What are you trying to do?

What I want to do is to use the UID received from the phone to

read/write

the tag emulated on the phone. Another application possible is to use

the

phone in access control applications, but a fixed UID is necessary. The

UID

is random for security reasons? How Card Emulation can be used if the

UID is

random?

If you could change the UID at will that will enable you to clone key
cards, etc.
that rely on registered UID with any NFC-enabled Android device. Making it
that easy is obviously not a good idea, hence the random UID.
read and write data to files/sectors, etc., possibly requiring
authentication
with a key/password.

Thank you Nikolay.
What's the relation between NFCID used for peer to peer communication, and
the random UID I get from the phone? Are they the same thing?

Michael Roland

2013-01-24 17:48:20 UTC

Permalink

Hi Eliseo,

Post by Eliseo Baruzzi
What I want to do is to use the UID received from the phone to read/write
the tag emulated on the phone. Another application possible is to use the
phone in access control applications, but a fixed UID is necessary. The UID
is random for security reasons? How Card Emulation can be used if the UID is
random?

Typically, if you receive a random UID from the NFC phone you detected the
phone's peer-to-peer mode (i.e. the phone listening in passive mode at
106kbps) or -- if the phone supports it -- software card emulation mode. If
it's peer-to-peer mode, the random UID (btw. the first byte of a random UID
is 0x08, except for some weird cards from NXP ;-) ) is actually an NFCID1.
Most secure elements on the other hand provide a static UID. (At least the
one that is embedded into the Nexus S/Galaxy Nexus/Galaxy SIII).

You can determine if the detected target supports peer-to-peer mode or if
it is in card emulation mode by the value of the SAK byte (in ISO 14443
language or SEL_RES in ISO 18092 language).
If the bits of SAK are numbered from 7 downto 0 and bit 2 = 0:
- Bit 6 = 1 denotes that the target supports NFC-DEP (i.e. peer-to-peer
mode as defined in ISO 18092).
- Bit 5 = 1 denotes that the target supports ISO-DEP (i.e. the smartcard
transport protocol from ISO 14443-4).
If none of those two bits is set then the target supports only some
proprietary protocol.

So if you detected that it's peer-to-peer mode, then there is NO tag to
read/write from. However, you could use some library like ismb-snep-java to
exchange data through Android Beam.

Regarding fixed UIDs with Android NFC phones: At least phones based on the
NXP chipset (i.e. PN544) can only have a fixed UID in combination with a
secure element that has a fixed UID. For software card emulation mode, the
NFC controller will always use a random UID.

br,
Michael

--
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-***@googlegroups.com
To unsubscribe from this group, send email to
android-developers+***@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Eliseo Baruzzi

2013-02-05 09:15:36 UTC

Permalink

Post by Michael Roland
Hi Eliseo,

Post by Eliseo Baruzzi
What I want to do is to use the UID received from the phone to

read/write

Post by Eliseo Baruzzi
the tag emulated on the phone. Another application possible is to use

the

Post by Eliseo Baruzzi
phone in access control applications, but a fixed UID is necessary. The

UID

Post by Eliseo Baruzzi
is random for security reasons? How Card Emulation can be used if the

UID is

Post by Eliseo Baruzzi
random?

Typically, if you receive a random UID from the NFC phone you detected the
phone's peer-to-peer mode (i.e. the phone listening in passive mode at
106kbps) or -- if the phone supports it -- software card emulation mode. If
it's peer-to-peer mode, the random UID (btw. the first byte of a random UID
is 0x08, except for some weird cards from NXP ;-) ) is actually an NFCID1.
Most secure elements on the other hand provide a static UID. (At least the
one that is embedded into the Nexus S/Galaxy Nexus/Galaxy SIII).
You can determine if the detected target supports peer-to-peer mode or if
it is in card emulation mode by the value of the SAK byte (in ISO 14443
language or SEL_RES in ISO 18092 language).
- Bit 6 = 1 denotes that the target supports NFC-DEP (i.e. peer-to-peer
mode as defined in ISO 18092).
- Bit 5 = 1 denotes that the target supports ISO-DEP (i.e. the smartcard
transport protocol from ISO 14443-4).
If none of those two bits is set then the target supports only some
proprietary protocol.
So if you detected that it's peer-to-peer mode, then there is NO tag to
read/write from. However, you could use some library like ismb-snep-java to
exchange data through Android Beam.
Regarding fixed UIDs with Android NFC phones: At least phones based on the
NXP chipset (i.e. PN544) can only have a fixed UID in combination with a
secure element that has a fixed UID. For software card emulation mode, the
NFC controller will always use a random UID.
br,
Michael

Thank you Michael !

so Nexus S, Galaxy Nexus and Galaxy S III have a fixed UID? it is due to
the NFC NXP controller or to the secure element? Which secure element they
have?
In a previous post, Nikolay say that "You can't fix the UID, at least not
with any of the standard NXP
controllers.". Is it correct? the fixed UID depends of the SE present on
the phone? In case of random UID, what kind of SE is present?
Which android phones can do software card emulation? is it made by the OS
or by one custom application?

br,
Eliseo
--
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-***@googlegroups.com
To unsubscribe from this group, send email to
android-developers+***@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+***@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Michael Roland

2013-02-12 10:16:54 UTC

Permalink

Hi Eliseo,

Post by Eliseo Baruzzi
so Nexus S, Galaxy Nexus and Galaxy S III have a fixed UID?

These phones have an embedded secure element that has a fixed UID.

Post by Eliseo Baruzzi
it is due to the NFC NXP controller or to the secure element?

Secure Element. The NFC controller uses random UIDs for all other cases.

Post by Eliseo Baruzzi
Which secure element they have?

The embedded secure element on the Nexus S/Galaxy Nexus is a SmartMX
from NXP.

Post by Eliseo Baruzzi
In a previous post, Nikolay say that "You can't fix the UID, at least
not with any of the standard NXP controllers.". Is it correct?

For NXP's PN544 that's correct. For peer-to-peer mode and software card
emulation, that NFC controller will use a random UID/NFCID1. Only in
secure element based card emulation mode, the UID provided by the secure
element is used.

Post by Eliseo Baruzzi
the fixed UID depends of the SE present on
the phone? In case of random UID, what kind of SE is present?

It not only depends on the SE being present. For the SE's UID to be
used, the phone must also be in card emulation mode using that secure
element.

Post by Eliseo Baruzzi
Which android phones can do software card emulation? is it made by the
OS or by one custom application?

The CyanogenMod 9.1 firmware contains patches to enable card emulation
on phone's with NXP's NFC chipset (PN544). So any phone that you can put
CyanogenMod on and that contains a PN544 should work. The standard
Android OS on the phones is currently not capable of software card
emulation.

Best regards,
Michael
--
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-***@googlegroups.com
To unsubscribe from this group, send email to
android-developers+***@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+***@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Behdad Behdada

2016-09-19 15:48:41 UTC

Permalink

Hi
I have the same concern , but more general :
How could we found out /detect Embedded Secure Element on Mobile chip
hardware ?
i need to refuse my app functionality on phone that don't have embedded SE
....

BR - Behdad

Post by Eliseo Baruzzi
Hello,
is it possible to use Card Emulation on Android?
Using a Samsung Galaxy S II smartphone, If I put it close to an RFID
reader I can read a random UID from the smartphone. What kind of UID is
that? Is it related to NFC controller? It seems that it can emulate a
Mifare 4K tag or a Smart MX card. Is it possible to get a fixed UID from
this NFC phone, and in general from any NFC phone that allows card
emulation?
Thank you very much.
Eliseo

--
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+***@googlegroups.com.
To post to this group, send email to android-***@googlegroups.com.
Visit this group at https://groups.google.com/group/android-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-developers/86d9f4e3-e095-4192-ae3f-cc2d210f49c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.