Search code examples
nfcmifarehcenfc-p2psecure-element

Sending data, using HCE, or using secure element? (Android, Kotlin, Mifare 1k)


I'm trying to implement the functionality for emulating a Mifare One (1K/S50, ISO14443A) chip to be able to use a phone with NFC capability instead of a physical Mifare card or, if possible sending only the data to the reader.

I have this type of reader/writer: https://www.evelta.com/er302-high-frequency-nfc-writer-usb/

After looking around on forums, stackoverflow questions I found this article to be the best example:

https://medium.com/the-almanac/how-to-build-a-simple-smart-card-emulator-reader-for-android-7975fae4040f

I implemented the HCE part, run the program, and the reader beleives my phone is a Mifare chip, so far so good.

My problems:

  • No matter what "standard" Authentication key I tried to use...it gives me Auth error. I read this question about Auth: Authentication failure for Mifare 1K NFC tag using ACR122U NFC reader, it works on a physical Mifare card...but I don't know how to set or get to know the keys for the emulated one.

  • I don't get why this example emulates that exact Mifare chip type...even breakpoints don't work in the APDUService, but the reader detecting a Mifare cheap somehow.

After reading about it, I get I can't 100% emulate a physical card, so I have to send all the data I want in my APDU response with the service somehow (I beleive it's the transreceive part).

However I can't even authenticate.

I tried to look for other possible solutions:

  • AndroidBeam: Android - Android p2p...sounds simple, relatively high-level API, but it's being deprecated, moreover it's not guaranted that the reader will even use Android...it might be a 'simple' USB reader hardware like the one I use.

  • SecureElement: Ironically...it seems to be the most recommended, I read that 'yes, it's possible for mifare' and things like that, yet I couldn't find a good example of it and the official Google docs don't have any good example. I read that it's for "ISO/IEC 7816-4", but Mifare 1K is ISO14443A, so I'm a bit sceptic about this API.

  • "Simply" sending the data to the reader: If I could just simply "push" the data out to the reader when it's reading the phone without complicating the matter or emulating anything...it would be great but I don't know if it's even possible. This whole NFC topic seems to be more and more complex.

So alltogether I only need to do one thing: taking the data and send it to the reader.

I realized it's a fairy tale like illusion to beleive it's as simple as it sounds, still, I hope there is a way to do it.

If I could send the data in it's own, without emulating Mifare or anything...after all what matters is that the data on the card, not the type of the chip, the more simple the solution will be, the better.

Sorry for possible English grammar mistakes.


Solution

  • The problem is you cannot use HCE on Android to emulate a Mifare Classic 1K (https://www.nxp.com/docs/en/data-sheet/MF1S50YYX_V1.pdf) as this is a custom Type NFC card. As HCE is about emulating Type 4 cards. See https://developer.android.com/guide/topics/connectivity/nfc/hce#SupportedProtocols

    And the below image helps understand the type.

    enter image description here

    You can see this from it's datasheet, nowhere does it talk about AID's and standard Type 4 NFC commands

    Though Type 2 and Type 4 can share the Anti Collision mechanism and Reading the UID (which is part of the process) any other access methods are not shared.

    Type 4 Spec for reference is at http://apps4android.org/nfc-specifications/NFCForum-TS-Type-4-Tag_2.0.pdf

    I have seen some USB readers that offer on reader emulation of other card types but not HCE where the host does the emulation not the NFC hardware.

    The Authentication on Type 4 Cards or emulated ones is handled differently.

    You can emulate a MIFARE DESFire Card as that is a Type 4 card.

    The specs of your card reader are not documented well and it looks very "lite" and that it does not support any of the higher level protocols needed to talk to non Mifare Classic cards. It could support them but as Mifare protocol was the original spec, it could be possible for it to be and old design and only support the Mifare protocol.