Marcos Ramos Marcos Ramos -4 years ago 52
Android Question

Android HCE: are there rules for AID?

I'm trying to use an ACR122 NFC reader to select an application emulated in
one Nexus 5 using Android Host Card Emulation. However, small AIDs are not
recognized.

My goal is to use a three byte long AID, as I do in a DESfire card. My first goal
is only to be able to do a SELECT command.

My test app uses the following configuration for AIDs:

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
android:description="@string/service_descr"
android:requireDeviceUnlock="false" >

<aid-group
android:category="other"
android:description="@string/aid_descr" >
<aid-filter android:name="A0A1A2" />
<aid-filter android:name="B0B1B2B3" />
<aid-filter android:name="C0C1C2C3C4" />
<aid-filter android:name="D0D1D2D3D4D5" />
<aid-filter android:name="E0E1E2E3E4E5E6" />
</aid-group>

</host-apdu-service>


If I run the following APDUs:

00 a4 04 00 03 a0 a1 a2 00
00 a4 04 00 04 b0 b1 b2 b3 00
00 a4 04 00 05 c0 c1 c2 c3 c4 00
00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00
00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00


I always get the following responses:

=> 00 a4 04 00 03 a0 a1 a2 00
<= 6f 00
=> 00 a4 04 00 04 b0 b1 b2 b3 00
<= 6a 82
=> 00 a4 04 00 05 c0 c1 c2 c3 c4 00
<= 90 00
=> 00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00
<= 90 00
=> 00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00
<= 90 00


So, only AIDs with length greater than 5 bytes will work with Android? Or am I
doing something really wrong?

Answer Source

The rules for smartcard application identifiers (AIDs) are defined in ISO/IEC 7816-4. An AID may consist of up to 16 bytes. Based on the first 4 bits, AIDs are divided into different groups. The most relevant groups defined in ISO/IEC 7816-4 are:

  • AIDs starting with 'A': internationally registered AIDs
  • AIDs starting with 'D': nationally registered AIDs
  • AIDs starting with 'F': proprietary AIDs (no registration)

For (inter)nationally registered AIDs, the AID is split into two parts, a 5-byte mandatory RID (registered application provider identifier), and an optional PIX (proprietary application identifier extension) of up to 11 bytes.

For proprietary AIDs (F...) ISO/IEC 7816-4 does not clearly mandate any minimum length requirements.

In addition to this, when it comes to HCE and routing of card emulation communication from the NFC controller to secure elements or the application processor, there is the NFC Forum NCI specification. This specification mandates an AID (used in AID-based routing entries) to be between 5 and 16 bytes. Btw. the same limitation applies to smartcards following the Java Card specifications.

When it comes to Android, there is a hard-coded requirement that AIDs received in a SELECT command consist of at least 5 bytes:

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download