[DEV] Xposed module: NFC Card-Emulation catch-all AID Routing
Hi!
This may be mainly interesting for developers.
Overview:
I created a Xposed module which allows a "catch-all" routing for KitKat's new Host-Card-Emulation feature. Which means you can create an Host-Card-Emulation app which will receive ALL incoming APDUs (not only the ones for the AID your app has registered for).
This may not be useful at all but maybe it makes sense for debugging or checking which AID a specific card terminal is asking for.
Here's the code:
https://github.com/johnzweng/XposedModifyAidRouting
Details:
With Android 4.4 (KitKat) Google introduced NFC Host-Card-Emulation, which allows your phone to act as a NFC-SmartCard. App developers now can create special apps which handle all the incoming NFC data packets and response like a ISO 7816-4 SmartCard would do it.
However, the app developer has to declare explicitly which SmartCard application it wants to simulate in the app's Manifest file.
In more detail: each SmartCard application on a SmartCard is identified by a unique AID (application identifier). Usually a card terminal first sends a SELECT xxxxxxxxx message to the SmartCard where the xxxxxxx stands for the AID, and the SmartCard responds accordingly if it can handle this AID or not.
On a KitKat phone Android takes care of checking the AID value. So if the card terminal sends a SELECT xxxxxxxxx message, Android checks if there is any Card-Emulation app installed which has registered for this AID and if so it forwards this and all folowing APDU (ISO 7816-4 application protocol data unit) packets to this app.
Otherwise (if no app has registered this AID) it simply responds to the card terminal with a Application not found message and no app will ever be informed about the incoming APDU message.
What this Xposed module does:
If this module is enabled, it completly OVERRIDES the AID routing mechanism of Android. So ALL incoming APDUs for ALL application identifier will be routed to the app which has registered the "special magic" AID "F04E66E75C02D8" (I just randomly chose this one.) Even if there are other Card-Emulation apps installed which explicitly register for a specific AID they never will get any APDU message.
So as an app developer, you simply can create a Host Card Emulation app as described here (https://developer.android.com/guide/topics/connectivity/nfc/hce.html) and register it for the special AID F04E66E75C02D8 and your app will receive all APDUs packets for ANY AID value the card terminal ever may ask for.
All your APDUs are belong to us!
Edit:
I just added the module to the Xposed repository. Should now also be available in the Xposed installer app.
Hi!
This may be mainly interesting for developers.
Overview:
I created a Xposed module which allows a "catch-all" routing for KitKat's new Host-Card-Emulation feature. Which means you can create an Host-Card-Emulation app which will receive ALL incoming APDUs (not only the ones for the AID your app has registered for).
This may not be useful at all but maybe it makes sense for debugging or checking which AID a specific card terminal is asking for.
Here's the code:
https://github.com/johnzweng/XposedModifyAidRouting
Details:
With Android 4.4 (KitKat) Google introduced NFC Host-Card-Emulation, which allows your phone to act as a NFC-SmartCard. App developers now can create special apps which handle all the incoming NFC data packets and response like a ISO 7816-4 SmartCard would do it.
However, the app developer has to declare explicitly which SmartCard application it wants to simulate in the app's Manifest file.
In more detail: each SmartCard application on a SmartCard is identified by a unique AID (application identifier). Usually a card terminal first sends a SELECT xxxxxxxxx message to the SmartCard where the xxxxxxx stands for the AID, and the SmartCard responds accordingly if it can handle this AID or not.
On a KitKat phone Android takes care of checking the AID value. So if the card terminal sends a SELECT xxxxxxxxx message, Android checks if there is any Card-Emulation app installed which has registered for this AID and if so it forwards this and all folowing APDU (ISO 7816-4 application protocol data unit) packets to this app.
Otherwise (if no app has registered this AID) it simply responds to the card terminal with a Application not found message and no app will ever be informed about the incoming APDU message.
What this Xposed module does:
If this module is enabled, it completly OVERRIDES the AID routing mechanism of Android. So ALL incoming APDUs for ALL application identifier will be routed to the app which has registered the "special magic" AID "F04E66E75C02D8" (I just randomly chose this one.) Even if there are other Card-Emulation apps installed which explicitly register for a specific AID they never will get any APDU message.
So as an app developer, you simply can create a Host Card Emulation app as described here (https://developer.android.com/guide/topics/connectivity/nfc/hce.html) and register it for the special AID F04E66E75C02D8 and your app will receive all APDUs packets for ANY AID value the card terminal ever may ask for.
All your APDUs are belong to us!
Edit:
I just added the module to the Xposed repository. Should now also be available in the Xposed installer app.
Last edited: