KitKat will support Host Card Emulation - NFC Hacking

From http://developer.android.com/about/versions/kitkat.html#44-hce
New NFC capabilities through Host Card Emulation
Android 4.4 introduces new platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programs, card access, transit passes, and other custom services. With HCE, any app on an Android device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice — no provisioned secure element (SE) in the device is needed. Apps can also use a new Reader Mode to act as readers for HCE cards and other NFC-based transactions.
Android HCE emulates ISO/IEC 7816 based smart cards that use the contactless ISO/IEC 14443-4 (ISO-DEP) protocol for transmission. These cards are used by many systems today, including the existing EMVCO NFC payment infrastructure. Android uses Application Identifiers (AIDs) as defined in ISO/IEC 7816-4 as the basis for routing transactions to the correct Android applications.
Apps declare the AIDs they support in their manifest files, along with a category identifier that indicates the type of support available (for example, "payments"). In cases where multiple apps support the same AID in the same category, Android displays a dialog that lets the user choose which app to use.
When the user taps to pay at a point-of-sale terminal, the system extracts the preferred AID and routes the transaction to the correct application. The app reads the transaction data and can use any local or network-based services to verify and then complete the transaction.
Android HCE requires an NFC controller to be present in the device. Support for HCE is already widely available on most NFC controllers, which offer dynamic support for both HCE and SE transactions. Android 4.4 devices that support NFC will include Tap & Pay for easy payments using HCE.
Click to expand...
Click to collapse

Shouldn't this mean devices like the nexus 7 (2013) without a secure element should be able use Google wallet for NFC payments? I heard somewhere that the nexus 5 uses the same chip as the nexus 7 (2013)
Sent from my Nexus 7 using xda premium

Big_Red77 said:
Shouldn't this mean devices like the nexus 7 (2013) without a secure element should be able use Google wallet for NFC payments? I heard somewhere that the nexus 5 uses the same chip as the nexus 7 (2013)
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
It does indeed.

What about the AT&T HTC One?

From some general research I did earlier this year with NFC being used for contactless payments, there were three different means of implementation; a) the Secure Element on the NFC chipset itself (Google Wallet), b) The secure element on the SIM card with a SWP link (used by ISIS Mobile wallet) and c) Secure Element Emulation via the cloud (Simply Tapp)
for a) the problem dealt with the fact that for some reason(s) three of the four major United States Cellular Carriers (AT&T, T-Mobile and Verizon) would not provide Google with the required TSM (Trusted service management) credentials to access the protected memory of the secure element. It was suggested that because of the time invested prior to actual availability, the above carriers elected to adopt their own standard to implementing the secure element.
for b) The sim cards used by GSM carriers were developed with the secure element onboard. The problem that was experienced dealt with the limited availability of special sim cards (only two markets had them, Salt Lake City and Austin) as well as the poor support and backbone to the system, leaving most users calling foul on the carriers abuse of power (a personal attempt at contacting the FTC about a possible obligopy resulted in that is not).
the concept of c) was approached by Doug Yeager and Ted Fifelski, both of whom are more than knowledgeable with the POS and NFC markets. Instead of requiring the secure element hardware on the device, emulate it by using the cloud. As previously mentioned the libraries in the Android operating system did not include smart/host card emulation. Doug Yeager then created and had merged into the CyangenmodRom builds 9.1 + the open source IsoPCDA and IsoPCDB libraries.
Looking up on NFC World, Google collaborated with Simply Tapp to officially bring HCE into the 4.4 http://www.nfcworld.com/2013/10/31/326619/google-gets-around-carriers-host-card-emulation-nfc-payments/

Does this mean I can, with the proper app and so on, "emulate" NFC tags (or at least some types of NFC tags/cards)? Does anyone plan on making an app to do just this...'record' and 'emulate' nfc tags/cards of supported types (not just 'credit cards')?

TjPhysicist said:
Does this mean I can, with the proper app and so on, "emulate" NFC tags (or at least some types of NFC tags/cards)? Does anyone plan on making an app to do just this...'record' and 'emulate' nfc tags/cards of supported types (not just 'credit cards')?
Click to expand...
Click to collapse
This is what I was wondering as well... tried endlessly searching apps or even figuring out how to do it on my own.Everything was a dead-end, always returning to that damned secure element. Does anyone know if there's any hope?

TjPhysicist said:
Does this mean I can, with the proper app and so on, "emulate" NFC tags (or at least some types of NFC tags/cards)? Does anyone plan on making an app to do just this...'record' and 'emulate' nfc tags/cards of supported types (not just 'credit cards')?
Click to expand...
Click to collapse
+1 for TJ's question, I'd love to ditch the corporate RFID tag and use my phone. I mean if it's really going to be a wallet replacement, that's one of the things in my wallet.

TjPhysicist said:
Does this mean I can, with the proper app and so on, "emulate" NFC tags (or at least some types of NFC tags/cards)? Does anyone plan on making an app to do just this...'record' and 'emulate' nfc tags/cards of supported types (not just 'credit cards')?
Click to expand...
Click to collapse
Ya I'm wondering that same. My senior project is due in 3 weeks and I build a "door unlocker" based off NFC tags. The NFC shield on an Arduino reads a tag and unlocks a door. I have a Nexus 5 and would love to be able to emulate a tag and use it to open a door.

Android 4.4 NFC HCE demo app
Please have a look at this article: blog.opendatalab.de/hack/2013/11/07/android-host-card-emulation-with-acr122/
An Android sample project that use NFC HCE is available here: github.com/grundid/host-card-emulation-sample

Any updates for this? Really looking forward to using my phone as a replacement for transit cards.

Bump? I would really like an emulation app.

TjPhysicist said:
Does this mean I can, with the proper app and so on, "emulate" NFC tags (or at least some types of NFC tags/cards)? Does anyone plan on making an app to do just this...'record' and 'emulate' nfc tags/cards of supported types (not just 'credit cards')?
Click to expand...
Click to collapse
Host card emulation is not to emulate NFC tags but make payment through NFC possible with Google Wallet even without a secure element chip. The devices technically could be a NFC tags (think about it, android beam can go both directions so the device beams to the other devices which acts KIND of like a tag).
NFC tags are cheap anyway so what's the need to try to emulate them? You can program them from the phone.

tiny4579 said:
Host card emulation is not to emulate NFC tags but make payment through NFC possible with Google Wallet even without a secure element chip. The devices technically could be a NFC tags (think about it, android beam can go both directions so the device beams to the other devices which acts KIND of like a tag).
NFC tags are cheap anyway so what's the need to try to emulate them? You can program them from the phone.
Click to expand...
Click to collapse
I thought hce allows for the phone to emulate a NFC card, for example, a transit card.
Sent from my Nexus 4 using Tapatalk

Sfkn2 said:
I thought hce allows for the phone to emulate a NFC card, for example, a transit card.
Sent from my Nexus 4 using Tapatalk
Click to expand...
Click to collapse
It's for payments strictly. It emulates a payment card and I think the android implementation is strictly for Google wallet. I'm not sure the transit systems would use Google wallet or not. Maybe they do.

tiny4579 said:
It's for payments strictly. It emulates a payment card and I think the android implementation is strictly for Google wallet. I'm not sure the transit systems would use Google wallet or not. Maybe they do.
Click to expand...
Click to collapse
Nope, KitKat "supports emulating cards that are based on the NFC-Forum ISO-DEP specification (based on ISO/IEC 14443-4)...". This is a standard for Identification cards used for payments but also could be used for other use cases. Android 4.4 also supports different HCE service groups "Category_PAYMENT" and "Category_OTHER" , so I wouldn´t say it´s strictly for payments! (Although, I think, your right, that´s the main purpose Google had in mind by implementing this emulation feature ...)
Doesn´t mean that you could "clone" your (or your neighbors) company badge or transit card and use your android device instead, but that´s a completely different story.

-Psycho- said:
This is what I was wondering as well... tried endlessly searching apps or even figuring out how to do it on my own.Everything was a dead-end, always returning to that damned secure element. Does anyone know if there's any hope?
Click to expand...
Click to collapse
No hope, secure elements are secure by design. You can't download them wihout hacking the card. In most cases, this is just as complicated as hacking into someone's bank account.
Sorry but that is the reason why we trust these cards in the first place.

ascsa said:
Doesn´t mean that you could "clone" your (or your neighbors) company badge or transit card and use your android device instead, but that´s a completely different story.
Click to expand...
Click to collapse
Although that would be awesome..
Sent from my Nexus 4 using Tapatalk

Stupid question, but if the secure element isn't necessary anmyore, is Google wallet now secure enough?
I mean, Google kind of used this for a reason I presume before, I know why they got rid of it, but is this risky or not? Because I haven't heard people discussing this side yet.
Also, what other payment services may work with this once they support it (if ever), ISIS? Paypass?

Axe Homeless said:
Stupid question, but if the secure element isn't necessary anmyore, is Google wallet now secure enough?
I mean, Google kind of used this for a reason I presume before, I know why they got rid of it, but is this risky or not? Because I haven't heard people discussing this side yet.
Also, what other payment services may work with this once they support it (if ever), ISIS? Paypass?
Click to expand...
Click to collapse
A few months ago, a Google patent application surfaced that explains some details of how they did it.
1) Previously, PIN entry to GW did not require a network connection - it only unlocked the SE. Now, you cannot unlock Wallet without a network connection. Also, PINs used to be device-specific but are now common to all devices on your Wallet account
2) The patent application references creation of a virtual card that is geographically and time-restricted
So pretty much, I think what happens is that when you unlock Wallet now, it creates a "virtual" card that is restricted to the unlock timeout in time and to some sort of geographic limitations.

Related

[Q] NFC card emulation

Hi
I am creating an NFC based solution and i need to send some information from a Nexus S to a desktop (windows 7 with ACR122 NFC Reader) via NFC. I have tried to do it using the P2P mode but i didn't find a way to read those information using the NFC reader.
And since it'is possible for the NFC to reader to reader MiFare NFC card , I need some help to know how is possible to emulate MiFare Card?
Which ROM enable NFC Card Emulation ? And how To Do it ?
Thanks
zouppa said:
Hi
I am creating an NFC based solution and i need to send some information from a Nexus S to a desktop (windows 7 with ACR122 NFC Reader) via NFC. I have tried to do it using the P2P mode but i didn't find a way to read those information using the NFC reader.
And since it'is possible for the NFC to reader to reader MiFare NFC card , I need some help to know how is possible to emulate MiFare Card?
Which ROM enable NFC Card Emulation ? And how To Do it ?
Thanks
Click to expand...
Click to collapse
I wanted to do the same thing some time ago, but found out that without access to the NFC secure element in the nexus s, this is not possible. Apparently, the 2.3.5 updated for the nexus s 4G has access to the NFC secure element... cant confirm this because I dont have one..
Any updates on this?
Sent from my Nexus S 4G using XDA App
i use an access card to get into the office at my workplace. would be cool if i could clone my card, however i dont think that is possible (security reasons). However if i had admin write the data to my nexus s NFC im sure it would be possible
Access to the SE is VERY limited. There is no public access to the SE currently.
AFAIK full Card Emulation is not in the SDK either (and may not be from an API perspective). Google in the past has cited issues with replication of all card technologies as well as lack of existing standards for emulation. They prefer to fall back on NDEF push at the API level. There is a bit of card emu stuff in the code base, but that may be related solely to payments / loyalty cards and it's not in the public API.
Thanks krohnjw - I was waiting for you to chime in. Keep us informed, if you don't mind.
Would be nice to get my transit pass on my phone...
I answered to this question on this thread:
http://forum.xda-developers.com/showthread.php?t=1443624

Does the One X have NFC card emulation enabled?

Does the One X have NFC card emulation enabled?
Well, does it?
No. In the future it might be possible that a custom kernel and rom might be able to crack it. However at present card emulation does not work on any android phone. It has something to do with google restricting access to the secure element.
ozaghloul said:
No. In the future it might be possible that a custom kernel and rom might be able to crack it. However at present card emulation does not work on any android phone. It has something to do with google restricting access to the secure element.
Click to expand...
Click to collapse
Access to the SE and card emulation are two different things entirely. The SE in only used for payment info. Given proper API support the SE is not needed to emulate a standard NFC card (like access cards).
What that being said, card emulation is not exposed in the API itself. Based on some comments made by Google I wouldn't expect it to be exposed any time soon either. They have moved forward leveraging NDEF push for transmitting data from a device to another device via NFC.

[Q] Current state of NFC emulation

I've been looking into NFC card emulation on Android and have done some pretty thorough Googling.
As far as I understand, some modifications were made way back in Android 2.3 by another XDA member. Later on, a more complete framework for emulation was made by adding PCD tag types to Cyanogen 9.1+, enabling emulation in a semi-supported way for those running Cyanogen. With the latest versions of Android, it seems like Google has semi-official support for card emulation through the com.android.nfc_extras class.
My main questions: are there any useful apps out there that take advantage of this? Does this semiofficial API work with the Nexus 4 / GS4, which use a different NFC chip (non-NXP) from all other Android phones? Does this, perhaps, enable easy card emulation for assorted cards like Blackberry has had for a while?
Your not the only one trying to figure the problem of NFC emulation on Android devices,
From what I've been been able to conclude so far:
1) Stock versions of Android don't support smart card emulation
2) The NFC libraries that the Stock versions of Android do not contain smart card emulation libraries (as you mentioned the ISOPcdA and ISOPcdB classes)
3) Of the NFC chipsets out on the market right now, not all NFC chipsets have a Secure Element
4) There are only three (as far as I know) Android application that utilize the NFC Chipsets for contactless money transactions (Google Wallet, ISIS Mobile Wallet and Simply Tapp)
Some technical background stuff on the Secure Element
1) The Secure Element is not directly accessed from the Android Operating system, but an applications ability to access the secure element is dependent upon the proper keys (public/private keys), where the manufacturer holds the master key for access
2) When the proper key(s) is/are entered the application writes some code into the memory of the Secure Element. To prevent a brute force attack, after several incorrect password attempts, access to the Secure Element is permanently disabled
3) When the Application needs the Secure Element, what could be assumed as a vector is preformed within the Android operating system that requests the code stored on the Secure Element to execute
4) Early adopters of Google Wallet faced the possibility of borking the Secure Element if they did not deattach Wallet before preforming an Android System update (from what I've read AFAIK, Google has since moved to a cloud storage of the needed keys)
From the business perspective:
1) Only one Major US Cell Carrier, Sprint, officially supports Google Wallet
2) The other three carriers, AT&T, T-Mobile and Verizon refuses to allow Google Wallet to be installed on their devices, instead forcing users to use ISIS Mobile Wallet
3) Speculation is that these three carriers may have wanted a monetary kickback for transactions
Looking at the reviews for ISIS Mobile Wallet, majority of them are poor reviews with a handful easily citing the actions of these three as anti-competitive. There where also reports of a poor supporting backbone, inability of specialized SIM cards that contain a secure element (access to the NFC is done via a decitated wire or wire pair link), and non-compatibility even with the official hardware needed. Back in May Verizon was quoted as blocking Google Wallet due to needed access to the Secure Element, yet has no problem with ISIS accessing it (http://techcrunch.com/2013/05/16/google-wallet-rolls-out-to-more-devices-nope-still-no-love-for-verizon-att-or-t-mobile-owners/) From a good faith perspective of these action, I recently submitted a concern of anti-trust to the US Department of Justice.
You mentioned the NFC emulation in CM 9.1 + . To extend upon the post mentioned, other developers continued down that path to improve the code. As a good reference, this blog link does provide some technical info about the emulation (http://nelenkov.blogspot.com/2012/10/emulating-pki-smart-card-with-cm91.html). Doug Yeager, one who holds several patents in NFC technology ended up writing the ISOPcdA and ISOPcdB classes with official incorporation into CM 9.1 + (git link, https://github.com/CyanogenMod/android_frameworks_base/tree/ics/core/java/android/nfc/tech). Yeager and his business partner Ted Fifelski (coming from the Point of Sale sector), both wanting to create a more open NFC environment created Simply Tapp (http://www.simplytapp.com/about.html). Simply Tapp also stores the keys remotely. As of right now, there has been no reported cases of the cell carriers blocking Simply Tapps' data connection.
Because the frameworks of the manufacturers variants of the Android Operating system are closed source, difficulty has been encountered trying to add these classes. To try and remove this barrier, I ended up submitted an enhancement ticket to try and get Google to add this code (http://code.google.com/p/android/issues/detail?id=56509) with what appears to be a positive response.
Hopefully this information helps you out seeing the current situation with NFC emulation,
Joe
Thanks
This information is very useful it's a shame there is not a simple way or at least a better way to emulate any NFC Forum defined tag hopefully google will make aviable in it's Android SDK a way to emulate a NFC tag
luisrojito said:
This information is very useful it's a shame there is not a simple way or at least a better way to emulate any NFC Forum defined tag hopefully google will make aviable in it's Android SDK a way to emulate a NFC tag
Click to expand...
Click to collapse
The only viable way (I'm concluded) to get NFC to move beyond a novelty to a truly respectable standard is to adapt the technology to devices that are not subject to the polices of the cellular carriers ( I have a concept, but I don't want to disclose too much at this point in the brainstorming)
Sending an email to NXP semiconductor about the access to the secure element resulted in a reply directed me to their product page http://www.nxp.com/products/identification_and_security/reader_ics/nfc_contactless_reader_ics/ (link working as of 2013-08-07).
EDIT: In addition to the above the following links may also help us out:
http://www.nxp.com/products/identification_and_security/authentication/
Smart Card ICs (Integrated circuits not ice cream sandwich)
-Landing Page
http://www.nxp.com/products/identification_and_security/smart_card_ics/
-Fast Pay secure Contactless Payment
http://www.nxp.com/products/identification_and_security/smart_card_ics/fastpay_secure_contactless_payment/
-MIFARE Smart Card ICs
--Landing Page
http://www.nxp.com/products/identification_and_security/smart_card_ics/mifare_smart_card_ics/
--SmarteID
http://www.nxp.com/products/identification_and_security/smart_card_ics/smarteid/
--SmartMX contact interface controllers
http://www.nxp.com/products/identification_and_security/smart_card_ics/smartmx_contact_interface_controllers/
--SmartMX dual interface controllers
http://www.nxp.com/products/identification_and_security/smart_card_ics/smartmx_dual_interface_controllers/
--SmartMX2
http://www.nxp.com/products/identification_and_security/smart_card_ics/smartmx2/

[Q] Google Wallet NFC Tap and Pay?

I installed GW app, but in its settings it says "Tap and Pay Not available" ... Why is this? How can I pay with NFC using this phone through GW?
raddatt said:
I installed GW app, but in its settings it says "Tap and Pay Not available" ... Why is this? How can I pay with NFC using this phone through GW?
Click to expand...
Click to collapse
After researching a lot, I've found some pertinent info:
Our N1 uses the PN544 NFC chip made by NXP. PN544 doesn't have Host Card Emulation (HCE) support right now (at least not for AOSP Roms). HCE is the technology used by Google Wallet to Tap and Pay.
Some hardcore devs are attempting to bring HCE to AOSP Roms. Also, there's been some unsubstantiated rumors of HCE being worked on by the Google Wallet team, possibly may be seen with 4.4.3. Fingers crossed!

[Read Before Posting] NFC, Mifare, Android and FAQs

Please take a moment to read through this before posting, not only is a brief description of NFC and some of its uses included but also you will find a few of the more commonly asked questions. Over time these will be added to accommodate new or recurring queries that are being seen in this thread. If you have come to the thread to ask about emulating, copying or bypassing your Mifare card head down to the FAQs below .
What Is NFC
Near Field Communication (NFC) is a technology that was built upon Radio Frequency Identification (RFID). It allows for the storage of data without the need for a direct power supply. When a reader such as a NFC enabled phone comes within range (usually an inch or less) data can be read/written from/to the tag.
Objects containing NFC can be found in two varieties, active or passive. Passive devices are ones that contains data but do not read and generally will not have their own power supply. These are found in NFC tags such as those in Credit/Debit cards, Student or ID cards, Library books and passports among many. For a much larger of scannable objects see here. Their are also active devices, these can read information stored on other NFC devices and for the majority of us here these will be our phones. These active devices can also usually alter the data found on tags or transmit/exchange data with other active devices.
Uses for NFC
NFC has many uses both commercial and on a development/hobby level, here are just a few:
Contactless payment
Transfer of data from phone to phone
Share and log on to WI-FI
Sharing contact information
Automating tasks
Storing bitcoin wallets
Disabling alarms
Send Wake-On-Lan commands
FAQs
How can I emulate, copy, edit or bypass my Mifare card (student ID, work ID, Bus pass etc)?
The short answer: you can't
The long answer: There are numerous reasons why you may have had issues finding this information on XDA. Primarily because it is not possible from the vast majority of phones and for good reason. Mifare as mentioned above is a security layer for NFC cards and therefore the process isn't as simple as just downloading an app, scanning a security card and then forgetting about it. Secondly depending on the type of tag you are trying to use this is either A) illegal or B) against your companies, service provider, school's security policy and as such you will not find this information on XDA.
Your options from here are: look elsewhere for this information, just use your card as instructed or speak to your IT department about adding another form of NFC tag to the system, I for instance have an NFC tag implanted in my hand which my IT department was more than happy to add to my user profile at university. More information on this can be found here.
Click to expand...
Click to collapse
How can I hack my Bus pass, Oyster card etc to add more credit or extend its expiration date?
See the answer above ^
Click to expand...
Click to collapse
How can I unlock my Android phone using NFC
See "NFC LockscreenOffEnabler" for Xposed
Click to expand...
Click to collapse
How can I make Android trigger an event when I scan an NFC tag?
For simple commands you can use apps such as NFC Tools or Trigger.
For more complicated tasks a combination of Tasker and Locale can be used to launch just about any chain of events upon finding a specific tag. Of course alternatives do exist, so be sure to check out a few of the other projects around the site
Click to expand...
Click to collapse

Categories

Resources