Re: NFC Secure Element

by mtk » Fri, 28 Jan 2011 23:49:50 GMT

Sponsored Links
 I added the code to set wired mode in
com_android_nfc_NativeNfcManager.cpp. I also added some additional
methods on NFcService so I can conveniently call it from my test
activity. For sending APDU commands in SWP mode, I use another
activity with "TAG_DISCOVERED" action in android manifest, (just like
the tag reader same program) and then use RawTagConnection to send
APDU bytes. Btw I think the SE is GP compliant! When I send the select
command with zero AID (Select ISD per GP, 00 a4 04 00 00) - it
promptly responds back with FCI template! So it looks like we can use
install apps into the SE, once we have the keys? Sorry I'm new to GP
so learning stuff as I go...


Re: NFC Secure Element

by aleks » Sat, 29 Jan 2011 03:08:40 GMT

 hello, I've been looking for a way to turn on nfc card emulation on
the nexus s and I came across the following recent blog post: 

They found some nfc p2p code that got removed from Gingerbread and
they used it to develop some nfc applications. I didn't have time to
analyse their work but I assume that it might be helpful for the rest
of you.

best regards


Sponsored Links

Re: Re: NFC Secure Element

by Ajith Kamath » Mon, 31 Jan 2011 12:58:48 GMT

 reat mtk, my doubts are getting cleared...
So to work on WI mode , i need to set the SE to wired -interface mode like u

After this if i Use RawTagconenction to send GP commands to SE , Will this
work for WI mode?
I mean can u select the 0 AID with this? . Sorry i dont have device yet, so
still working on with code

If this is the case, then for Credit card emulation , Is my assumptions
correct :
* The cardlet in SE will be given by TSM
* the midlet in mobile application will access SE cardlet via the method you
described earlier(for gingerbread) , but only if its digitally signed by TSM

Are these 2 assuptions correct.? Also can you share doc/link on GP
complaince and commands?
Please advice


On Fri, Jan 28, 2011 at 9:19 PM, mtk <> wrote:


Re: NFC Secure Element

by Thomas de Lazzari » Fri, 01 Apr 2011 05:21:51 GMT


I was wondering if Google could eventually provide an Android
application that could "unlock" the Secure Element for developers?
It would allow developers to authenticate to the embedded SE and start
uploading their Java Card applications to see if it works.
For production, this will be installed by a TSM.
Also, do we know the specs of the JavaCard inside the PN544? Is it a
JavaCard 2.2.2 running JCOP?



Re: NFC Secure Element

by Markus » Fri, 13 May 2011 18:09:06 GMT

you wrote after call
(void *)nat);
your nexus s was in card emulation

I called it with mode default
(void *)nat);
and get following log
5-12 22:08:54.421: DEBUG/NFC JNI(303): NFC capabilities: HAL =
8150100, FW = a70414, HW = 620003, Model = 0, HCI = 1, Full_FW = 104,
FW Update Info = 0
05-12 22:08:54.769: DEBUG/NFC JNI(303):
05-12 22:08:54.769: DEBUG/NFC JNI(303): > Number of Secure
Element(s) : 1
05-12 22:08:54.769: DEBUG/NFC JNI(303):
phLibNfc_SE_GetSecureElementList(): SMX detected, handle=0xabcdef
05-12 22:08:54.769: DEBUG/NFC JNI(303): phLibNfc_SE_SetMode() returned
05-12 22:08:54.828: INFO/NFC JNI(303): NFC Initialized
05-12 22:08:54.828: DEBUG/NfcService(303): NFC-EE routing OFF
05-12 22:08:54.847: DEBUG/NfcService(303): NFC-C discovery ON

BUT reader is not detecting a Tag on my phone
Is there maybe a problem to setting the mode
returned 0x000d[NFCSTATUS_PENDING] sounds not so great

I am working with CyanogenMod 7 (Android 2.3.4)



Re: NFC Secure Element

by Goo_Goo » Tue, 17 May 2011 06:01:58 GMT

 Could someone please post the the image with card emulation enabled
for Nexus S?


Re: NFC Secure Element

by benza » Wed, 18 May 2011 20:20:30 GMT

 Thank you everyone to share this.

Currently I'm evaluating if it's the case to start to try to enable
the secure element.

I more or less understand how to do it but I don't understand if after
is possible to build application on card emulation.
Moreover some of you speak about authentication, and about a password
that is not possible to have? (What are you talking about when you
speak about this stuff).

Anyway some news about NFC card emulation 

it seems that Google dev will not give use api about that in the next
Moreover, what does it mean "And if you improperly authenticate
yourself a certain number of times, there are secure elements out
there that will physically destroy themselves and can never be
recovered"? Is related to the password of my previous questions?



Re: NFC Secure Element

by benza » Wed, 18 May 2011 20:22:32 GMT



Re: Re: NFC Secure Element

by Nikolay Elenkov » Wed, 18 May 2011 21:10:21 GMT


It means that if you fail mutual authentication a certain number of
times, some cards will go into an unrecoverable state and return
error no matter what you send. Don't know about the on in the
Nexus S though.


Re: Re: NFC Secure Element

by Michael Roland » Thu, 19 May 2011 06:59:25 GMT


Regarding the internal secure element (SmartMX): No. Even if you
activate this chip as the secure element, you could only use its UID for
your application. To edit data on it/install applications into it you
would need to have the access keys for that secure element.

Regarding an external secure element on the UICC ("SIM" card): Partly
yes. You can activate an SWP-UICC as secure element. But access is
limited to external readers for the moment. Until now, there is no known
way to get access to application on the UICC from a phone application.

The SmartMX in the Nexus S contains a JavaCard operating system that is
compliant to GlobalPlatform. GlobalPlatform defines methods to manage
multiple applications on this JavaCard. A central component of this card
management is the Card Manager, which itself is one application on the
secure element. The card manager provides an interface to load, install,
... delete applications on the secure element. Additionally it controls
access to these methods. To establish a secure channel with the card
manager (i.e. a connection that provides authenticity, integrity and
possibly confidentiality) both, the entity that wants to manage the card
and the card manager need to know one or more shared secrets, the
authentication keys.

Still there is some developments towards card emulation going on (cf.

While the card manager is protected by access keys, there still exist
some methods to find such keys. One of these methods would be brute
forces (i.e. trying each possible key value). While such methods are
usually very inefficient (if the key has an appropriate length) there
might be some methods that could significantly speed up this process. As
a safety mechanism the card manager usually implements an additional
protection against such an attack: After ten consecutive authentication
failures, the card manager locks itself and refuses any further
commands. (Other applications that were previously installed on that
card will continue to function as usual.) Once this lockdown has
happened, there is *NO* way of reversing this. THerefore, once in
lockdown no applications can be installed on, removed from, ... the
secure element.



Re: NFC Secure Element

by Martin » Fri, 20 May 2011 01:51:54 GMT

 ello all,

Michael as you already mentioned, it is possible to activate the card
emulation mode and the Secure Element in the Nexus S.
I did that and also changed the permissions from
android.permission.WRITE_SECURE_SETTINGS to android.permission.NFC in to get access to the Secure Element.
Now I am able to create and open a connection to the Secure Element
and get its UID.
After enabling the card emulation mode on the Nexus S, I am able to
read and write data to the emulated MiFare Classic 4k card by an
external NFC reader. I would like to do that within an android app.
Why is that not possible through an android application? You have
spoken about the access keys, but aren't they the same for internal
and external access?
If I have understood you correctly, there is nothing more I can do so
far, right?

Thanks a lot!


On 19 Mai, 00:59, Michael Roland <> wrote:


Re: Re: NFC Secure Element

by Michael Roland » Fri, 20 May 2011 02:18:53 GMT

 allo Martin,

Have you verified that you actually wrote data to the MIFARE Classic? I
really doubt that you did. What MIFARE keys did you use? In my tests
authentication passed regardless of the keys I used. In fact every
command seemed to return successfully, but in fact no data was ever
written to the card.

Yes, they would be the same for internal and external access.



Re: NFC Secure Element

by Martin » Fri, 20 May 2011 03:26:19 GMT

 ello Michael,

yes I am very sure that I can read and also write persistent data to
the MiFare Classic.
Even if the Nexus S is turned off, we are still able to read and write
I will give you some information about the NFC reader, the software
and the keys we use tomorrow, because I have all these stuff at my
company and not in mind.
So what do you think about reading and writing data to the emulated
MiFare card via an android app? Are there any hidden methods in the
api, which I can use via reflection to handle that? As I have already
written I am able to access the Secure Element with the hidden methods
of the NfcAdapter class, but all I can do so far is to connect, then
open it and read the UID.

Best wishes,


On 19 Mai, 20:18, Michael Roland <> wrote:


Re: NFC Secure Element

by Martin » Fri, 20 May 2011 19:32:48 GMT

 ello Michael,

here are the information I promised you yesterday.

Reader: Omnikey 55x3
Software: HID Reader Utility Version

Key: FFFFFFFFFFFF it works for each sector.

This is what we found in the api:

// The well-known default MIFARE read key. All keys are set to this at
the factory.
// Using this key will effectively make the payload in the sector

public static final byte[] KEY_DEFAULT =


I checked the UID of the SecureElement, which I can get by calling the
getSecureElementUid() of the NfcSecureElement class via reflection.
And I also checked the sector 00 block 00 of the emulated MiFare card
with our external NFC reader to get the UID. They match!

Do you think it is possible to read/write data with APDU commands?
There is a hidden method in the NfcSecureElement class called
public byte [] exchangeAPDU(int handle,byte [] data){...}

I have tried some commands, which I found on page eleven at the
following pdf document:

But I always get back 6E 00.

Best wishes!


On 19 Mai, 20:18, Michael Roland <> wrote:


Other Threads

1. Virtual keypad is hiding data elements of the screen.

Hello folks,

I have an issue with a virtual keyboard.

This Soft Keyboard Covers Data Fields - and can't See what's going

I want to use this soft keypad and at the same time it should not
become a problem to use data fields.

So how can I manage  the data fields in such cases?

Thanks & Regards
Sudhakar Chavali


2. Push Notification in Android

Hi All,

Im facing a problem in android app for push notification, i used to
register the app in Urban Airship. But when i run the app, im getting
a response as Application registration invalid!

I referenced the sample application from github, i have used the same
coding in my application.

I have entered the details in file is,


is this right? or to do something else.

Please take a look at this and reply as soon as possible.



3. Could anyone tell me how to share data in different processes?

4. New MiKandi Launch with Support For Paid Apps

5. TelephonyManager.getLine1Number() bypass

6. Calculate text width

7. Bluetooth SPP control signals (DTR, DSR, RTS, CTS)