Search code examples
androidgoogle-apismartcardjavacardglobalplatform

Android phone can not find a custom SIM card using "android.se.omapi.Reader.isSecureElementPresent()"

I'm posting this question because I couldn't find an appropriate place to ask it.

I'm developing a custom secure element using a smartcard.

I successfully got SEService connected and got a Reader instance using seservice.getReaders().

However, when I called reader.isSecureElementPresent(), it returns false.

When I tried with a normal SIM card, I could find the secure element and it returns true when I called reader.isSecureElementPresent().

So I deduced that the phone can not recognize my custom SIM card which is a native smartcard. Actually my native smartcard works properly with a normal card reader and the card supports ISO/IEC 7816-4 interface with T=0 protocol.

And when I tried with a Java Card, the phone was able to find the card, and get the ATR successfully.

Therefore, the phone can not recognize the native smartcard but the javacard.

Is there a specific requirement for a secure element to be found by isSecureElementPresent() method on Android?

I looked through Open Mobile API 3.3, but there is not enough explanation about the isSecureElementPresent() method.

And I assume that the phone can not find my native smartcard maybe because it does not implement GlobalPlatform Card Specification since the Open Mobile API 3.3 is created by GlobalPlatform organization. And actually the Java Card supports the GlobalPlatform Card Specification. That is why I suppoed so.

Solution

  • This is an interesting questions, although I have no answer I can point out an approach to get hold of some information which I have already used.

    2 guesses:

    • Your SE has no SIM card file system and is not recognized as an UICC
    • The carrier privileges applet (GP secure element access rules) is missing and maybe it is required

    If this does not help here are the links to the sources for further study:

    http://aosp.opersys.com/xref/android-10.0.0_r39/xref/frameworks/base/core/java/android/se/omapi/Reader.java

    http://aosp.opersys.com/xref/android-10.0.0_r39/xref/frameworks/base/core/java/android/se/omapi/ISecureElementReader.aidl

    Unfortunately the AIDL is internal. What I did was in this case to use Magisk and then the edXposed framework. The latter allows to intercept system calls, e.g. for logging purposes. I have written a sample project to unmask response APDUs of the radio log. This can be used for this advise and the next one.

    At a lower level level it should also be helpful to see the exchanged APDUs. This should be possible by looking into the radio log with logcat -b radio *:V

    Finally also very useful is a SIM card tracer to see how the phone interacts with your SE, e.g. see the APDUs. If some commands are returning errors you have hit a candidate. This should give you the complete control to compare an accepted UICC and your solution.

    I have use the previous version of SIMTrace with success, but on older phones. If this is not available search for alternatives or maybe you have an engineer who can solder something together.