Search code examples
androidnfcmifareapducontactless-smartcard

Native DESFire APDU Framing not worked

I'm using Galaxy A5, Android 5.0.2, SDK 21 with Android Studio 1.1.0

Android as PCD, and Mifare DESFire as PICC. Native DESFire APDU Framing didn't work, but ISO 7816-4 worked.

Example:

MIFARE DESFire SelectApplication with AID equal to 000000h (PICC level)
Command: 90 5a 00 00 03 00 00 00 00.
Expected response: 91 00.
Currently the response is 68 00.

Document reference: AN11004.pdf (page 33)

void SelectApp() {
    _isoDep.connect();
    byte[] reqSelectApp = new byte[]{(byte) 0x90, (byte) 0x5A, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00};
    byte[] resSelectApp = _isoDep.transceive(reqSelectApp);
    _responseTextView.append(String.format("reqSelectApp: %s length:%d\n", BytesToHexStr(reqSelectApp), reqSelectApp.length));
    _responseTextView.append(String.format("resSelectApp: %s length:%d\n", BytesToHexStr(resSelectApp), resSelectApp.length));
}

String BytesToHexStr(byte[] items) {
    StringBuilder builder = new StringBuilder();
    for (byte item : items) {
        builder.append(String.format("%02X", item));
    }
    return builder.toString();
}

TagInfo scan (version 4.11.59 [β4011059])

INFO

  • IC manufacturer: NXP Semiconductors
  • IC type: Unknown IC

NDEF

  • No NFC data set storage:

EXTRA

TECH

  • Technologies supported:
  • ISO/IEC 14443-4 (Type A) compatible
  • ISO/IEC 14443-3 (Type A) compatible

  • ISO/IEC 14443-2 (Type A) compatible

  • Android technology information: Tag description:

  • TAG: Tech [android.nfc.tech.IsoDep, android.nfc.tech.NfcA]
    • android.nfc.tech.IsoDep
  • Maximum transceive length: 261 bytes
  • Default maximum transceive time-out: 309 ms
  • Extended length APDUs not supported
    • android.nfc.tech.NfcA
  • Maximum transceive length: 253 bytes
  • Default maximum transceive time-out: 618 ms

No MIFARE Classic support present in Android

Detailed protocol information:

  • ID: 04:62:26:82:8A:29:80
  • ATQA: 0x4403
  • SAK: 0x20
  • ATS: 0x1078B3C402654B5450304432654B545000
  • Max. accepted frame size: 256 bytes (FSCI: 8)
  • Supported receive rates: 106, 212, 424 kbit/s (DR: 1, 2, 4)
  • Supported send rates: 106, 212, 424 kbit/s (DS: 1, 2, 4)
  • Different send and receive rates not supported
  • SFGT: 4.833 ms (SFGI: 4)
  • FWT: 1.237 s (FWI: 12)
  • NAD not supported
  • CID supported
  • Historical bytes: 0x654B5450304432654B5450 |eKTP0D2eKTP|
Solution

  • While the ATQA/SAK looks as if the card was DESFire (that's why my NFC TagInfo app detects it as such, but should give you either a read error or does indicate availability of a DESFire master application), the remaining parameters (particularly the historical bytes) clearly indicate that this is something other than a DESFire card.

    Hence, don't expect the card to respond to DESFire commands (native or wrapped native). This also matches the behavior of the card as it responds with 68 00 (which indicates that the coding of the CLA byte (0x90 in your case) is not supported).