I would like to know how to make the android phone act as contactless card to transfer certain data to POS. Is there any specific Intent we should try to catch and how to communicate with that eternal POS via NFC.
I am afraid it is not directly possible. You need to enable NFC Card emulation which involves recompiling a custom firmware image. I am not aware if beyond Android 2.3.6 emulation is already enabled by default (so Google Wallet can be used). If you want to enable card emulation by recompiling the system by yourself here you have more information. At any rate secure element of the emulated card can not be accessed (see information following the links) directly from an application by any means.
In order to contact with a contactless smart card you need to use the pending intents and foreground dispatch. Now regarding the contactless terminal i'm not sure.
Related
After reading a lot of questions, i decided to post this one. I read that stock version of android does not support API's for card emulation. Also, we cannot write custom applications to secure element embedded in nfc controllers due to keys managed by google/samsung.
I need to emulate a card (mifare or desfire etc). The option i can see is doing it via software. I have a ACR122U reader and i've tested that NFC P2P mode works fine with the Nexus-S that i have.
1) I came across a site that said that nexus s's NFC controller (pn532) can emulate a mifare 4k card. If this is true, can i write/read apdu commands to this emulated card? (Probably if i use a modded rom like cyanogenmod)
2) Can i write a android application that reads apdu commands sent from the reader and generate appropriate responses (if not fully, then upto some extent only). To do so, i searched that we need to patch nexus s with cynagenmod. Has someone tried emulating card via this method?
I see that this is possible since we have products from access control companies offering mobile applications via which one can open doors e.g. http://www.assaabloy.com/en/com/Products/seos-mobile-access/
Some facts that may be of help in your quest:
The NFC controller in the Nexus S (and Galaxy Nexus, Nexus 7 and quite a few other Android devices) is the PN544
Card emulation can be done either by the secure element connected to the NFC controller or by the host device (=Android device in this case). The Nexus S has a secure element that could be used for that (used in Google Wallet). Card emulation from the host device is not a feature of the PN544 NFC controller, although some claim that they have managed to get it working.
You can turn on card emulation by the secure element by rooting your device and following the instructions at https://stackoverflow.com/a/10506299/1202968 (haven't tried this with 4.x JB, but I assume that it still works).
Emulating a MIFARE Classic card can be done by the secure element in the Nexus S, but not by the host device. Emulating a DESFire card is not supported by the secure element in the Nexus S.
I have investigated a similar doorlock product that used card emulation itself to communicate to an NFC mobile device, while using card reader/writer mode to communicate to access control cards.
IMO, the 2 simplest options are: use P2P communication (Android Beam) or use card emulation in a reader device (if it supports it). All the other options require things like rooted devices and custom ROMs, which are not future-proof and have no possibility to be translated to a real product.
Card emulation via software is now available with Android 4.4. http://developer.android.com/guide/topics/connectivity/nfc/hce.html
2) Card emulation by software should definitely be possible, but not exposed in current Android APIs. You will have to dig deeper into the libnfc-nxp (and possibly below). This might be a difficult one though. This feature is offered on Inside Secure's chips, as shown in their OpenNFC reference implementation. The only question is whether it requires a CLF firmware change. If not, then you can hack it into a software image.
The caveats are, however, that you will lack the following features :
- security (an Android app is not as secure as a smartcard)
- fast and predictable response times (well, depends how you code it probably)
- card emulation running when phone is off
I believe SEOS is based on ISO14443-4 and not Mifare. This means you would need a secure element to run it.
1) Not too sure about this one, my guess is that this will still be hardware-based (e.g. depend on an embedded secure element such as NXP's SmartMX.
The other alternative is to start developing on a secure element. The most straightforward way would be to get some sample test SIMs with SWP/HCI support. There is a free dev kit called IzyNFC which you can use for the javacard, and GSMA and AFSCM technical documents for the Android application side.
I know NFC functionality is implemented in libnfc-nxp library in Android. So, does it mean that card emulation functionality is defined and implemented there, too? To be more specific, I have a phone in card emulation mode, my CPR 40.30 reader, however, cannot read nor write to the card emulated in it, as it doesn't even recognize the type of transponder.Although it can read the UID when touching the phone to it. When I asked someone for help, he asked me if I wanted to work with libnfc-nxp library.This is why I'm curious about this library and to know if I can modify it so that I can access card emulated in secure element. Any help will be very grateful
The actual card emulation is done by the embedded Secure Element in the NFC chip in Android NFC devices that use libnfc-nxp as the driver library. The library itself is only used to turn card emulation on or off.
Can you post the UID your reader is receiving from the phone? I do have the doubt that your reader is detecting an NFC target (and not the emulated card). If the ID starts with 0x80 (or ends -- depending on the byte order), it is the anticollision ID of an NFC Target.
I am currently trying to implement a basic NFC app on the Nexus 7.
I have been able to transmit an NDEF record (Web Url) using the Beam SDK but i'm stuck with the "Tap to beam" UI, like many others on here.
I am aware that there is no way to disable this screen or automatically press it, but, are the re any other possible workarounds?
For example, a colleague has just suggested something like putting the Nexus 7 in tag writer mode and then getting the other app into tag read mode.
Or am I correct in saying that NFC in Android can only be used to read/write NFC tags and also share items using beam?
The NFC chip continuously switches between Reader/Writer mode and peer-to-peer mode (and card emulation, if you have Google Wallet installed). In Reader/Writer mode, it can communicate with an NFC tag. Two devices in Reader/Writer mode cannot communicate with each other; that is what peer-to-peer mode was invented for. Peer-to-peer mode is what is used for Android Beam.
It is also not possible to use the card emulation mode on one device. First of all, an Android device will not detect the card emulation on another Android device (it prefers to do peer-to-peer). Secondly, your app would need special permission to access the Secure Element (that does the card emulation) from the OS. And, thirdly, even if you would manage to tackle these hurdles, there is still no way to write data to the Secure Element, as you don't have the necessary access control keys to do it.
So to answer your original question: there is no way to circumvent the Android Beam UI by switching to other NFC modes. Sorry.
UPDATE:
As of Android 4.4 Kitkat, apps have the possibility to emulate a card using so-called Host Card Emulation (HCE). For an app on another Android NFC device to communicate with such an emulated tag, it needs to use a new NFC Reader Mode (which disables Android Beam entirely to prevent it from getting in the way).
I'm likely to be working on a project where existing Desfire cards (used to access paid services) will be replaced with an NFC-capable mobile device. Can anyone point me to any resources to help me understand what's involved in a) replicating a Desfire card's data onto a mobile device so it can take the place of a card, and b) for the app to deliver NFC data in order to present to the reader as if it were a card. All relevant keys and access will be provided by the card issuer (if the project goes ahead) but I'm keen to understand the process in advance.
I also need to understand how well the Android NFC API supports Desfire, because as far as I can see it only properly support Classic. http://developer.android.com/reference/android/nfc/tech/package-summary.html
MIFARE DESFire is ISO 14443-4 compliant. Support in Android for ISO 14443-4 (and therefore MIFARE DESFire) is done by the IsoDep class. You can send any DESFire command using the transceive() method of that class.
Besides that, DESFire can be configured to be NFC Forum type 4 Tag compliant. In which case Android will read out automatically any NDEF messages from the tag and dispatch it in an intent. So you can make your app start automatically when a specific tag is scanned. (Android can also format a DESFire chip to contain NDEF and write NDEF data to it.)
Replacing a DESFire card by a mobile NFC device is another matter. Card emulation on currently available Android devices is done by an embedded Secure Element connected to the NFC chip. An Android app cannot emulate a card (there is also no API for this) and the Secure Element cannot emulate a DESFire chip. Furthermore, there is no open API to access the Secure Element from an app.
The only way an Android NFC app can communicate via NFC to another device (that is not a card) is using Android Beam. This is, however, a different protocol than that used between card and reader.
NFC guy answer is excellent, but a bit outdated, so I decided to add an update.
Starting with KitKat (4.4), you can now emulate cards without a secure element.
It is called Host-based Card Emulation (Hce) and with that you can emulate a ISO 14443 type A card.. Like a desfire card.
There are two small caveats:
your reader must issues, just after polling the "card", a ISO SELECT (aid), with a fixed application id (aid) of your choice. This AID must be registered in your app manifest. Android will intercept this ISO SELECT, read the aid, and call you only if it matches with the one in your manifest.
Then you can exchange anything, it does not even have to be ISO APDUs (ISO 14443 encapsulation is done by android). So, for example, if you want to, you can even emulate the challenge response authentication of desfire (0xA0 key_num, 0xAF challenge, 0xAF response, 0x00 session_key)
you cannot rely on the UID (but you don't, right? This is a bad practice anyway, so no-one does it... right? :) ) because it is random, and it changes constantly (not inside a single session, of course, but...)
We are emulating our desfire cards, and the only change we had to do was to switch from our initial desfire select application (0x5A) to a ISO SELECT (0x00 0xA4 0x04).
Emulating authentication (the challenge-response thing) can be tricky, but we had already done it "the other way around" (using NFC to read desfire cards), so it was easy for us.
And if you rely on the card UID for authentication.. it's a good time to change it :)
Given your situation, i would say Android SDK is more than sufficient to solve your problem.
There are two parts to your case:
Reading the information from the existing cards.
Making an app with the information you have read from the cards.
Part 1:
Your only worry has to be in reading the DESFire card. If the information in the DESFire card is stored in NDEF format, it makes things even more easy.
Ndef is a class in the SDK which can be used to retrieve the information in NdefMessage type which you can then use to save the retrieved information into your storage facility, be it a local database, or a remote database, or just in the application memory.
The above is under the assumption the card is not protected. If it is, then you have to use transceive function to interact using raw byte communication. This would unlock for the rest of the information to be read. From here you can read the NDEF records.
Part 2:
My suggestion is skip the card emulation aspect of it. You are going to hit a wall at some point in time.
If the device that has been reading the card in the existing solution is attached to an android device, then Android Beam is the way to go. Which is nothing but Android App to Android App communication! Android already does the heavy lifting, so most of your work is going to be easy.
The information on the card can be stored as ndef messages and sent through beam, or you can simply create a custom object and send it through.
You may want to look at Mifare4Mobile, the initiative set up to transition from Mifare cards to NFC devices:
http://mifare4mobile.org/
I'm searching for a way to send specific commands from my phone to a reader.
I have already read that card emulation is not supported on android due to securtiy reasons, but it is possible via a firmware patch for android 2.3.4 on the Nexus S.
My main question is, do I really need card emulation to send defined APDUs to the reader and to recieve the answer APDUs or is there any other posibility maybe by misusing android Beam?
If I need to use card emulation are there any new insights?
The last posts, few posts I found are nearly one year old...
As adiditional information in the end I will not have any control over the reader.
Thanks for answering and on any new insights on card emulation.
It's possible in Android KitKat 4.4.
Check out this link, more information will be added soon I belive.
http://developer.android.com/guide/topics/connectivity/nfc/hce.html
What you are trying to achieve is somewhat candid. The reason smart cards are being used in NFC is because the NFC protocol is built in such a way that it is not possible to know the correct response in advance. There is always a secret involved, and you can't just guess it. Otherwise there would be a major security flaw in all the systems using contactless smartcards (building access control,
You can't just spy on the protocol, save the exchanges, and replicate them in some software, on most applications this will fail. There will be some random value at some stage, and some crypto computation to perform.
In order to emulate a card with the phone, you need a secure element (smartcard chip on the phone or the SIM card in your phone), and you need the NFC chip in your phone to route card emulation APDUs to this secure element (this is probably what the patch you are referring to is doing).
There are ways to do card emulation in an Android application, but I suspect this will require substantial patching, and you will not have predictible response time, so your reader might not like it. Also this will prevent card emulation from working when your phone is off (battery delpleted for instance).