1

Mifare DESFire communication is routed to HCE instead off-host (UICC) on several Android devices.

From OMAPI based communication with off-host secure elements, I already learned how to add AIDs to Android off-host routing table, so that I can select them on UICC. (Thanks to @MichaelRoland)

My current problem: I do have a virtual Mifare DESfire card on my UICC. Now some devices do not route my native wrapped Mifare commands to the UICC and I still do not have a switch to change the default routing. So I wanted to have another entry in my off-host routing table, but I do not know which AID to use.

There is a PICC application AID of our MIFARE DESFire test application F01010. This is the AID that is used for selecting the application on CLT interface, but this cannot be entered to Android off-host routing table. In addition, we have two additional AIDs related to the MIFARE DESFire application. This is the Virtual Card Manager AID (A0000003964D344D1400000000000000) and the Service Manager AID (A0000003964D344D2400000000000000).

But which AID do I have to insert into the routing table?

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Andy Nullcouch
  • 105
  • 1
  • 11

2 Answers2

3

Android (and probably the NFC controllers themselves) currently only supports routing configuration based on ISO/IEC 7816-4 AIDs/DF names. You can't add routing for native DESFire AIDs (i.e. those 3 byte AIDs) nor for all native wrapped communication.

What you can do:

  • Assign your DESFire applications an ISO/IEC 716-4 DF name during application creation. This DF name is an AID that can be specified in the Android off-host routing configuration. However, you need to use the DESFire ISO command set (and specifically issue a SELECT FILE (by DF name) command to select your DESFire application) to trigger the AID based routing.

  • DESFire EV1 itself has the AID/DF name D2 76 00 00 85 01 00. If your reader selects this AID (using a SELECT FILE (by DF name) command), the DESFire card will switch to ISO framing (ISO commands and wrapped native commands allowed) and select its master file. You can register this AID with Android to route all DESFire communication to the UICC. However, each reader needs to start the DESFire communication by sending that SELECT FILE command.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
-1

you have to follow the ISO7816-5 link, if you want to deploy your app in a broad way to get no conflicts between apps which use the same AID. Second way is just to use a Proprietary non-registered AID which always starts with 0x0F.

example: 0x0F, 0x11, 0x22, 0x33, 0x44

ph10
  • 57
  • 6
  • Sorry, I do have an AID, but I do not know what needs to be added to routing table. My app is basically only making sure that all commands for this Mifare Desfire VC (or for Mifare Desfire) are routed to UICC. And for that I need to know which and how a Mifare Desfire VC (AID) can be added to off-host routing. – Andy Nullcouch Jul 08 '16 at 12:50
  • Hi Andy, from application level you have no access to the real routing table. What you are doing in the manifest is basically only the registration to the android system which services use which AID. The real routing table which decides what is going to host and what is going to UICC is not accessible from Application level as far as I know. If you want to change the default routing you have to access the config file for the NFC stack itself. for example /etc/libnfc-brcm.conf if the phone has a broadcom chip inside. On this location you have to add your route basically. – ph10 Jul 12 '16 at 23:05