Do I have to know what the AID of a card is for ca

2019-01-27 06:49发布

I merely want to emulate a transit card with an Android application using HCE. I'm confused about the AID of the card. Do I have to know what the AID of the card is?

According to Host-based Card Emulation document:

If you are emulating cards for an existing NFC reader infrastructure, the AIDs that those readers are looking for are typically well-known and publicly registered (for example, the AIDs of payment networks such as Visa and MasterCard).

So, what is the point?

P.S. I don't think the AID of my card is well-known. Even if it is, how do I know what it is?

2条回答
Explosion°爆炸
2楼-- · 2019-01-27 07:04

Before implementing HCE is good to learn your native card application. At least read ATR/ATS of card to understand the chip manufacture and as second step sniff the communication flow between card and terminal for next analyzing. Google/Search your card solution.

The reason to register your application AID on Android device - to map Card AID to your HCE application.

"NFC TagInfo by NXP" - Android application, is good for quick NFC analyzing.

Card type description from ATR/ATS you can try resolve from ludovic rousseau smartcard list.

Some AIDs (payment cards mostly) listed in EFTlab AIDs collection.

Most important for your implementation is your transit card EMV/NFC communication flow and algorithms behind.

查看更多
可以哭但决不认输i
3楼-- · 2019-01-27 07:25

Do I have to know what the AID of a card is for card emulation with Android HCE?

Yes, definitely! The AID is the name of your application. The reader will ask cards (emulated or not) if they contain an application with a certain name and will only communicate with those cards that contain the application that the reader supports.

How do I find the AID (or AIDs) of the applications on a certain card?

The most obvious way: Ask the system owner or manufacturer. If they don't tell you, you most probably should not be fiddling around with emulating the card anyways.

There are, of course, other ways to find out how the card works. Many cards follow some standards. Payment cards, for instance, usually implement EMV protocols. For transport cards there are also several standards, e.g. VDV-KA, ITSO, etc. You could try to find out if the card uses some standard/well-known application by doing some finger-printing (e.g. analyze the card to find out the card type, chip type, chip manufacturer, etc.) and by doing brute-foruce scans (e.g. try to select well-known application AIDs, try to enumerate files on the card, etc.) You should be able to find a couple of free tools that could help you with this.

Is knowing the AID enough to emulate (e.g. using HCE) a certain card

No, certainly not.

First of all, you also need to know and implement the protocol that the reader speaks with the application. While many smartcard applications use common command/response constructs (cf. ISO/IEC 7816-4 inter-industry commands), each application typically uses them in its slightly own way. If the application follows some standard, you can simply implement that standard. If the application uses some proprietary protocol, you are back at asking the system owner/manufacturer or at heavy trial-and-error.

Second, even the AID and the protocol are typically not enough to duplicate and emulate a specific card. Smartcards are usually designed to store some secret to usiquely identify and authenticate a card. These secrets typically cannot be extracted from a card. Hence, you cannot simply transfer that secret data into your HCE application.

查看更多
登录 后发表回答