nfc - Android HCE: are there rules for AID?

Question

I'm trying to use an ACR122 NFC reader to select an application emulated in one Nexus 5 using Android Host Card Emulation. However, small AIDs are not recognized.

My goal is to use a three byte long AID, as I do in a DESfire card. My first goal is only to be able to do a SELECT command.

My test app uses the following configuration for AIDs:

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
android:description="@string/service_descr"
android:requireDeviceUnlock="false" >

    <aid-group
        android:category="other"
        android:description="@string/aid_descr" >
            <aid-filter android:name="A0A1A2" />
            <aid-filter android:name="B0B1B2B3" />
            <aid-filter android:name="C0C1C2C3C4" />
            <aid-filter android:name="D0D1D2D3D4D5" />
            <aid-filter android:name="E0E1E2E3E4E5E6" />
    </aid-group>

</host-apdu-service>

If I run the following APDUs:

00 a4 04 00 03 a0 a1 a2 00
00 a4 04 00 04 b0 b1 b2 b3 00
00 a4 04 00 05 c0 c1 c2 c3 c4 00
00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00
00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00

I always get the following responses:

=> 00 a4 04 00 03 a0 a1 a2 00 
<= 6f 00 
=> 00 a4 04 00 04 b0 b1 b2 b3 00 
<= 6a 82 
=> 00 a4 04 00 05 c0 c1 c2 c3 c4 00 
<= 90 00 
=> 00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00 
<= 90 00 
=> 00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00 
<= 90 00 

So, only AIDs with length greater than 5 bytes will work with Android? Or am I doing something really wrong?

Answer 1

The rules for smartcard application identifiers (AIDs) are defined in ISO/IEC 7816-4. An AID may consist of up to 16 bytes. Based on the first 4 bits, AIDs are divided into different groups. The most relevant groups defined in ISO/IEC 7816-4 are:

• AIDs starting with 'A': internationally registered AIDs
• AIDs starting with 'D': nationally registered AIDs
• AIDs starting with 'F': proprietary AIDs (no registration)

For (inter)nationally registered AIDs, the AID is split into two parts, a 5-byte mandatory RID (registered application provider identifier), and an optional PIX (proprietary application identifier extension) of up to 11 bytes.

For proprietary AIDs (F...) ISO/IEC 7816-4 does not clearly mandate any minimum length requirements.

In addition to this, when it comes to HCE and routing of card emulation communication from the NFC controller to secure elements or the application processor, there is the NFC Forum NCI specification. This specification mandates an AID (used in AID-based routing entries) to be between 5 and 16 bytes. Btw. the same limitation applies to smartcards following the Java Card specifications.

When it comes to Android, there is a hard-coded requirement that AIDs received in a SELECT command consist of at least 5 bytes:

• In method resolveAid() in RegisteredAidCache.java on line 142
• In method findSelectAid() in HostEmulationManager.java on line 390 (which actually causes the odd behavior that the 4 byte AID is rejected with a "File or application not found" (6A82) status word as the check does not properly account for the Le byte)