Re: NFC Secure Element

by mtk » Fri, 28 Jan 2011 23:49:50 GMT

Sponsored Links
 I added the code to set wired mode in
com_android_nfc_NativeNfcManager.cpp. I also added some additional
methods on NFcService so I can conveniently call it from my test
activity. For sending APDU commands in SWP mode, I use another
activity with "TAG_DISCOVERED" action in android manifest, (just like
the tag reader same program) and then use RawTagConnection to send
APDU bytes. Btw I think the SE is GP compliant! When I send the select
command with zero AID (Select ISD per GP, 00 a4 04 00 00) - it
promptly responds back with FCI template! So it looks like we can use
install apps into the SE, once we have the keys? Sorry I'm new to GP
so learning stuff as I go...


Re: NFC Secure Element

by aleks » Sat, 29 Jan 2011 03:08:40 GMT

 hello, I've been looking for a way to turn on nfc card emulation on
the nexus s and I came across the following recent blog post: 

They found some nfc p2p code that got removed from Gingerbread and
they used it to develop some nfc applications. I didn't have time to
analyse their work but I assume that it might be helpful for the rest
of you.

best regards


Sponsored Links

Re: Re: NFC Secure Element

by Ajith Kamath » Mon, 31 Jan 2011 12:58:48 GMT

 reat mtk, my doubts are getting cleared...
So to work on WI mode , i need to set the SE to wired -interface mode like u

After this if i Use RawTagconenction to send GP commands to SE , Will this
work for WI mode?
I mean can u select the 0 AID with this? . Sorry i dont have device yet, so
still working on with code

If this is the case, then for Credit card emulation , Is my assumptions
correct :
* The cardlet in SE will be given by TSM
* the midlet in mobile application will access SE cardlet via the method you
described earlier(for gingerbread) , but only if its digitally signed by TSM

Are these 2 assuptions correct.? Also can you share doc/link on GP
complaince and commands?
Please advice


On Fri, Jan 28, 2011 at 9:19 PM, mtk <> wrote:


Re: NFC Secure Element

by Thomas de Lazzari » Fri, 01 Apr 2011 05:21:51 GMT


I was wondering if Google could eventually provide an Android
application that could "unlock" the Secure Element for developers?
It would allow developers to authenticate to the embedded SE and start
uploading their Java Card applications to see if it works.
For production, this will be installed by a TSM.
Also, do we know the specs of the JavaCard inside the PN544? Is it a
JavaCard 2.2.2 running JCOP?



Re: NFC Secure Element

by Markus » Fri, 13 May 2011 18:09:06 GMT

you wrote after call
(void *)nat);
your nexus s was in card emulation

I called it with mode default
(void *)nat);
and get following log
5-12 22:08:54.421: DEBUG/NFC JNI(303): NFC capabilities: HAL =
8150100, FW = a70414, HW = 620003, Model = 0, HCI = 1, Full_FW = 104,
FW Update Info = 0
05-12 22:08:54.769: DEBUG/NFC JNI(303):
05-12 22:08:54.769: DEBUG/NFC JNI(303): > Number of Secure
Element(s) : 1
05-12 22:08:54.769: DEBUG/NFC JNI(303):
phLibNfc_SE_GetSecureElementList(): SMX detected, handle=0xabcdef
05-12 22:08:54.769: DEBUG/NFC JNI(303): phLibNfc_SE_SetMode() returned
05-12 22:08:54.828: INFO/NFC JNI(303): NFC Initialized
05-12 22:08:54.828: DEBUG/NfcService(303): NFC-EE routing OFF
05-12 22:08:54.847: DEBUG/NfcService(303): NFC-C discovery ON

BUT reader is not detecting a Tag on my phone
Is there maybe a problem to setting the mode
returned 0x000d[NFCSTATUS_PENDING] sounds not so great

I am working with CyanogenMod 7 (Android 2.3.4)



Re: NFC Secure Element

by Goo_Goo » Tue, 17 May 2011 06:01:58 GMT

 Could someone please post the the image with card emulation enabled
for Nexus S?


Re: NFC Secure Element

by benza » Wed, 18 May 2011 20:20:30 GMT

 Thank you everyone to share this.

Currently I'm evaluating if it's the case to start to try to enable
the secure element.

I more or less understand how to do it but I don't understand if after
is possible to build application on card emulation.
Moreover some of you speak about authentication, and about a password
that is not possible to have? (What are you talking about when you
speak about this stuff).

Anyway some news about NFC card emulation 

it seems that Google dev will not give use api about that in the next
Moreover, what does it mean "And if you improperly authenticate
yourself a certain number of times, there are secure elements out
there that will physically destroy themselves and can never be
recovered"? Is related to the password of my previous questions?



Re: NFC Secure Element

by benza » Wed, 18 May 2011 20:22:32 GMT



Re: Re: NFC Secure Element

by Nikolay Elenkov » Wed, 18 May 2011 21:10:21 GMT


It means that if you fail mutual authentication a certain number of
times, some cards will go into an unrecoverable state and return
error no matter what you send. Don't know about the on in the
Nexus S though.


Re: Re: NFC Secure Element

by Michael Roland » Thu, 19 May 2011 06:59:25 GMT


Regarding the internal secure element (SmartMX): No. Even if you
activate this chip as the secure element, you could only use its UID for
your application. To edit data on it/install applications into it you
would need to have the access keys for that secure element.

Regarding an external secure element on the UICC ("SIM" card): Partly
yes. You can activate an SWP-UICC as secure element. But access is
limited to external readers for the moment. Until now, there is no known
way to get access to application on the UICC from a phone application.

The SmartMX in the Nexus S contains a JavaCard operating system that is
compliant to GlobalPlatform. GlobalPlatform defines methods to manage
multiple applications on this JavaCard. A central component of this card
management is the Card Manager, which itself is one application on the
secure element. The card manager provides an interface to load, install,
... delete applications on the secure element. Additionally it controls
access to these methods. To establish a secure channel with the card
manager (i.e. a connection that provides authenticity, integrity and
possibly confidentiality) both, the entity that wants to manage the card
and the card manager need to know one or more shared secrets, the
authentication keys.

Still there is some developments towards card emulation going on (cf.

While the card manager is protected by access keys, there still exist
some methods to find such keys. One of these methods would be brute
forces (i.e. trying each possible key value). While such methods are
usually very inefficient (if the key has an appropriate length) there
might be some methods that could significantly speed up this process. As
a safety mechanism the card manager usually implements an additional
protection against such an attack: After ten consecutive authentication
failures, the card manager locks itself and refuses any further
commands. (Other applications that were previously installed on that
card will continue to function as usual.) Once this lockdown has
happened, there is *NO* way of reversing this. THerefore, once in
lockdown no applications can be installed on, removed from, ... the
secure element.



Re: NFC Secure Element

by Martin » Fri, 20 May 2011 01:51:54 GMT

 ello all,

Michael as you already mentioned, it is possible to activate the card
emulation mode and the Secure Element in the Nexus S.
I did that and also changed the permissions from
android.permission.WRITE_SECURE_SETTINGS to android.permission.NFC in to get access to the Secure Element.
Now I am able to create and open a connection to the Secure Element
and get its UID.
After enabling the card emulation mode on the Nexus S, I am able to
read and write data to the emulated MiFare Classic 4k card by an
external NFC reader. I would like to do that within an android app.
Why is that not possible through an android application? You have
spoken about the access keys, but aren't they the same for internal
and external access?
If I have understood you correctly, there is nothing more I can do so
far, right?

Thanks a lot!


On 19 Mai, 00:59, Michael Roland <> wrote:


Re: Re: NFC Secure Element

by Michael Roland » Fri, 20 May 2011 02:18:53 GMT

 allo Martin,

Have you verified that you actually wrote data to the MIFARE Classic? I
really doubt that you did. What MIFARE keys did you use? In my tests
authentication passed regardless of the keys I used. In fact every
command seemed to return successfully, but in fact no data was ever
written to the card.

Yes, they would be the same for internal and external access.



Re: NFC Secure Element

by Martin » Fri, 20 May 2011 03:26:19 GMT

 ello Michael,

yes I am very sure that I can read and also write persistent data to
the MiFare Classic.
Even if the Nexus S is turned off, we are still able to read and write
I will give you some information about the NFC reader, the software
and the keys we use tomorrow, because I have all these stuff at my
company and not in mind.
So what do you think about reading and writing data to the emulated
MiFare card via an android app? Are there any hidden methods in the
api, which I can use via reflection to handle that? As I have already
written I am able to access the Secure Element with the hidden methods
of the NfcAdapter class, but all I can do so far is to connect, then
open it and read the UID.

Best wishes,


On 19 Mai, 20:18, Michael Roland <> wrote:


Re: NFC Secure Element

by Martin » Fri, 20 May 2011 19:32:48 GMT

 ello Michael,

here are the information I promised you yesterday.

Reader: Omnikey 55x3
Software: HID Reader Utility Version

Key: FFFFFFFFFFFF it works for each sector.

This is what we found in the api:

// The well-known default MIFARE read key. All keys are set to this at
the factory.
// Using this key will effectively make the payload in the sector

public static final byte[] KEY_DEFAULT =


I checked the UID of the SecureElement, which I can get by calling the
getSecureElementUid() of the NfcSecureElement class via reflection.
And I also checked the sector 00 block 00 of the emulated MiFare card
with our external NFC reader to get the UID. They match!

Do you think it is possible to read/write data with APDU commands?
There is a hidden method in the NfcSecureElement class called
public byte [] exchangeAPDU(int handle,byte [] data){...}

I have tried some commands, which I found on page eleven at the
following pdf document:

But I always get back 6E 00.

Best wishes!


On 19 Mai, 20:18, Michael Roland <> wrote:


Other Threads

1. Opening Mediaplayer = PVPlayer stacktrace !

Hi all,

I'm trying to display a remote video (mp4 format). When I launch
prepare (or prepareSync), Android is crashing (see log view after my
piece of code). I tried with emulator, ADP1 and Hero...
Thanks by advance for your help
mPlayer = new MediaPlayer();
mPlayer.setDataSource(this, mVideoUri); //mVideoUri is a remote http
I tried a lot of thing...but this my last code !
public void onBufferingUpdate(MediaPlayer mp, int percent) {
                // TODO Auto-generated method stub
                Log.e("ee", ">>" + percent);
                if (percent==20) mp.start();

12-05 17:50:11.571: DEBUG/MediaPlayerService(37): player type = 1
12-05 17:50:11.681: INFO/PVPlayer(37):  [34m   ++++++++++++++++++
PVPlayer constructor num 0[0m
12-05 17:50:13.171: INFO/DEBUG(6245): *** *** *** *** *** *** *** ***
*** *** *** *** *** *** *** ***
12-05 17:50:13.181: INFO/DEBUG(6245): Build fingerprint: 'htc_wwe/
12-05 17:50:13.181: INFO/DEBUG(6245): pid: 6824, tid: 6824  >>>
com.mypackage.myapp <<<
12-05 17:50:13.181: INFO/DEBUG(6245): signal 11 (SIGSEGV), fault addr
12-05 17:50:13.181: INFO/DEBUG(6245):  r0 bed0d464  r1 00000001  r2
0000a770  r3 00000000
12-05 17:50:13.181: INFO/DEBUG(6245):  r4 0000000c  r5 bed0d460  r6
bed0d430  r7 bed0d400
12-05 17:50:13.181: INFO/DEBUG(6245):  r8 bed0d4b8  r9 41049d2c  10
41049d18  fp 00000000
12-05 17:50:13.181: INFO/DEBUG(6245):  ip a9d46ce8  sp bed0d3f0  lr
a9d26367  pc ab222b9a  cpsr 80000030
12-05 17:50:13.231: INFO/CheckinService(63): From server: Intent
{ action=android.server.checkin.FOTA_CANCEL }
12-05 17:50:13.361: INFO/DEBUG(6245):          #00  pc 00022b9a  /
12-05 17:50:13.371: INFO/DEBUG(6245):          #01  pc 0001ffc4  /
12-05 17:50:13.371: INFO/DEBUG(6245):          #02  pc 000044cc  /
12-05 17:50:13.381: INFO/DEBUG(6245):          #03  pc 0000e434  /
12-05 17:50:13.381: INFO/DEBUG(6245):          #04  pc 00040b0a  /
12-05 17:50:13.391: INFO/DEBUG(6245):          #05  pc 00013198  /
12-05 17:50:13.391: INFO/DEBUG(6245):          #06  pc 00017b9c  /
12-05 17:50:13.391: INFO/DEBUG(6245):          #07  pc 000175e0  /
12-05 17:50:13.391: INFO/DEBUG(6245):          #08  pc 00052558  /
12-05 17:50:13.401: INFO/DEBUG(6245):          #09  pc 00059a7a  /
12-05 17:50:13.411: INFO/DEBUG(6245):          #10  pc 00013198  /
12-05 17:50:13.411: INFO/DEBUG(6245):          #11  pc 00017b9c  /
12-05 17:50:13.411: INFO/DEBUG(6245):          #12  pc 000175e0  /
12-05 17:50:13.421: INFO/DEBUG(6245):          #13  pc 000523dc  /
12-05 17:50:13.421: INFO/DEBUG(6245):          #14  pc 0003f178  /
12-05 17:50:13.431: INFO/DEBUG(6245):          #15  pc 0002aeb0  /
12-05 17:50:13.441: INFO/DEBUG(6245):          #16  pc 0002b9ae  /
12-05 17:50:13.441: INFO/DEBUG(6245):          #17  pc 00008bf2  /
12-05 17:50:13.451: INFO/DEBUG(6245):          #18  pc 0001fd22  /
12-05 17:50:13.451: INFO/DEBUG(6245):          #19  pc 0000bcb2  /
12-05 17:50:13.461: INFO/DEBUG(6245):          #20  pc b000157e  /
12-05 17:50:13.461: INFO/DEBUG(6245): stack:
12-05 17:50:13.461: INFO/DEBUG(6245):     bed0d3b0  00000000
12-05 17:50:13.461: INFO/DEBUG(6245):     bed0d3b4  001dd05c  [heap]
12-05 17:50:13.461: INFO/DEBUG(6245):     bed0d3b8  001dd05c  [heap]
12-05 17:50:13.461: INFO/DEBUG(6245):     bed0d3bc  a9d32a73  /system/
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3c0  00001aa8
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3c4  0000a780  [heap]
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3c8  00000000
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3cc  0000000c
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3d0  0000a770  [heap]
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3d4  a9d26367  /system/
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3d8  bed0d400  [stack]
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3dc  bed0d464  [stack]
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3e0  bed0d460  [stack]
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3e4  a9d274bb  /system/
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3e8  df002777
12-05 17:50:13.471: INFO/DEBUG(6245):     bed0d3ec  e3a070ad
12-05 17:50:13.481: INFO/DEBUG(6245): #00 bed0d3f0  00190001  [heap]
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d3f4  a9d2e3bd  /system/
12-05 17:50:13.481: VERBOSE/CheckinService(63): Disabling timed
checkins (interval: 0 secs)
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d3f8  002e0588  [heap]
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d3fc  000aa790  [heap]
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d400  00000000
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d404  00000000
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d408  00000000
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d40c  00000000
12-05 17:50:13.481: INFO/DEBUG(6245):     bed0d410  00000000
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d414  00000000
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d418  00000000
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d41c  00000000
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d420  00000000
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d424  afe00001  /system/
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d428  00000000
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d42c  88befd87
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d430  00000000
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d434  001dd058  [heap]
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d438  00000040
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d43c  00000060
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d440  00000040
12-05 17:50:13.491: INFO/DEBUG(6245):     bed0d444  00000000
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d448  00000000
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d44c  00000000
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d450  00000000
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d454  ad040001  /system/
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d458  00000000
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d45c  a9d35ca7  /system/
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d460  435fced8
12-05 17:50:13.501: INFO/DEBUG(6245):     bed0d464  0000a780  [heap]
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d468  ab30985c
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d46c  001e8308  [heap]
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d470  bed0d498  [stack]
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d474  001e8320  [heap]
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d478  435fda30
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d47c  ab21ffc7  /system/
12-05 17:50:13.511: INFO/DEBUG(6245): #01 bed0d480  bed0d498  [stack]
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d484  0000a9c8  [heap]
12-05 17:50:13.511: INFO/DEBUG(6245):     bed0d488  ab309358
12-05 17:50:13.531: INFO/DEBUG(6245):     bed0d48c  ab3044cf  /system/
12-05 17:50:14.021: INFO/CheckinService(63): From server: Intent
{ action=android.server.checkin.FOTA_CANCEL }
12-05 17:50:14.251: INFO/DEBUG(6245): de{*filter*}d committing suicide to
free the zombie!
12-05 17:50:14.271: INFO/DEBUG(6851): de{*filter*}d: Aug 27 2009 10:39:41
12-05 17:50:14.271: INFO/ActivityManager(63): Process
com.mypackage.myapp (pid 6824) has died.
12-05 17:50:14.271: INFO/WindowManager(63): WIN DEATH: Window{43721b10
com.mypackage.myapp/com.mypackage.myapp.AppActivity paused=false}
12-05 17:50:14.281: INFO/PVPlayer(37):  [34m -------------------
PVPlayer destructor num 1 [0m
12-05 17:50:14.311: DEBUG/Zygote(36): Process 6824 terminated by
signal (11)


2. Set LayoutParams to button


I am creating buttons dynamically by:


Button newVL = new Button(this);

How can I add marginTop and marginLeft to this button?
I've tried:


LayoutParams lp = new LayoutParams(null);
lp.topMargin = 10;
lp.leftMargin = 20;


but it doesnt work.
Any ideas?



3. Opening Mediaplayer = PVPlayer stacktrace !

4. ActivityGroup: How do I disable the shadow at the top of the window?

5. ProgressDialog from within ContentProvider class!

6. ProgressDialog from within ContentProvider class!

7. Testing an Asynchronous Activity