FORUMS
Remove All Ads from XDA

[MOD][Xposed] Patch SmartcardService for use with SIM-card-based banking apps

235 posts
Thanks Meter: 409
 
Post Reply Email Thread
Hi!

I've written another Xposed module for my LEX720 for a very specific purpose, so probably it won't be of much use for the most. But I'm still publishing it for reference reasons.

Background:
First the good news: The stock firmware of LeEco includes the "SmardcardService" (which also often is referred to as "Open Mobile API" or short "OMAPI") which is an extension API to plain Android (i.e. not existing in the Nexus devices or the Pixels) to allow apps accessing Secure Elements (i.e. secure applications embedded in a tamper-resistant hardware) within the SIM-card.

A real world example: in Austria some banks (in cooperation with the 3 largest network operators) support Tap'n'Pay with your phone by installing the NFC-capable banking card as an additional application into the SIM card (which is the same secure chipcard technology as a banking card). This means you get a new SIM card and then you can tap'n'pay with your phone (without Google, without VISA or MasterCard, just as with the Austrian NFC banking cards). AFAIK in some other countries the same concept is used for public transport and others.
The main difference to Android Pay is, that this system is backed by the chipcard (the SIM) and not by a cloud service. But this just as background information.

The problem:
The LEX720 is a dual-sim phone, and so the (banking) apps could read SIM-cards from either SIM1 or SIM2 slot (I tested, SmartcardService works with both). But if you also want to use NFC for payment it has to be inserted into SIM1 (as it seems that only the SIM1 slot ist connected over an SWP line to the NFC chipset). Unfortunately the Austrian banking apps don't seem to handle the dual-SIM situation correctly and only try to read SIM2 (which is empty for me) and therefore don't work.

Additionally, at the end of an transaction, when the application running within the SIM card signalizes that it just had finished a payment transaction to the Android system, the NFC service (/system/vendor/app/NQNfcNci/NQNfcNci.apk) broadcasts this message as an intent to the relevant (banking) app, so that the app can display a transaction result activity.
Unfortunately this mechanism is implemented often very different by different OEMs and so also by LeEco. There exists a standard (GSMA NFC Handset APIs Requirement Specification) but it seems there are a lot of different implementations in the wild.

(Note: this is probably the case because this type of functionality is not part of the official reference Android source code. Plain open source Android like it is running on all Nexus phones and the Pixels just doesn't support these type of applications - which is very unfortunate).

My workaround:
TL;DR I just made an Xposed module which fixes these 2 issues for me. Look into the README on Github for more details.

Source on Github: https://github.com/johnzweng/XposedOmapiBankcardFix
Download Xposed Module: Xposed-module-OMAPI-BankcardMobil-Fix-1.1.apk

Maybe it's also useful for other applications which use the SIM card as secure storage for keys of any type. Use at your own risk.

As a reference: these are the Austrian banking apps this module should work with:The module might also help to get other similiar apps working which have problems with Dual-SIM or don't show Transaction confirmation screens. I am talking here about apps which use a special SIM card for payment, ticketing or similiar use-cases via NFC. This has nothing to do with "normal" NFC apps or cloud-based HCE (host card emulation) NFC apps. This module is only for apps which use special SIM cards.


[edit]
Updated download link to version 1.1.
For details see the CHANGELOG in the Github repoistory.
[/edit]
The Following 5 Users Say Thank You to androcheck For This Useful Post: [ View ] Gift androcheck Ad-Free
 
 
18th November 2016, 01:08 PM |#2  
Btw, during debugging I noticed another small bug in the LeEco NFC service:

The package com.android.nfc (/system/vendor/app/NQNfcNci/NQNfcNci.apk) declares a permission which allows apps to receive Intents about EVT_TRANSACTION events. On the LeEco LePro 3 (LEX720, running 5.8.018S, WAXCNFN5801811012S) this permission looks like this
Code:
declared permissions:
    com.gsma.service.nfc.permission.TRANSACTION_EVENT: prot=dangerous, INSTALLED
You can check this easyily yourself with this adb command:
Code:
adb shell pm dump com.android.nfc > dump-nfc-service.txt
This will dump all infos into a file named dump-nfc-service.txt. Open the file with an editor and search for "declared permissions:".

The problem with this permission is, that its name is missing a letter!
Correctly it should be called: com.gsma.services.nfc.action.TRANSACTION_EVENT (note the missing "s").

This is specified in the GSMA NFC Handset APIs Requirement Specification (see at the top of page 13 in the PDF)
Funny enough the specification in the PDF also contains a typo in the very same permission name the Intent action name (the dot "." after the word "gsma" is a comma "," in the PDF). It must be really hard to type this correctly.

Nevertheless this typo leads to errors like:
Code:
W/PackageManager( 2357): Unknown permission com.gsma.services.nfc.permission.TRANSACTION_EVENT in package ......
and prevents applications of requesting the correct permission.

Does anybody know if and how it's the best way to report bugs to LeEco?


[edit1]
I contacted them on Twitter. I hope they will forward this issue to developers.

Btw, it seems that also LG had included the same typo in some of its devices:
Devices without the "s": https://census.tsyrklevich.net/permi...NSACTION_EVENT
vs.:
Devices with the "s": https://census.tsyrklevich.net/permi...NSACTION_EVENT
[/edit1]
The Following User Says Thank You to androcheck For This Useful Post: [ View ] Gift androcheck Ad-Free
20th April 2017, 11:32 AM |#3  
Member
Flag Near to Vienna (better near to Bratislava)
Thanks Meter: 5
 
More
Hi androcheck,

first i am really impressed that somebody found a solution for that problem (i already have several posts with no answer at all)

But now i have a problem as when i install the fix i stuck in a boot loop. Is this maybe cause i am on custom ROM (Turbo MIUI) ?
Hope you have an idea

thanks
Robert
23rd April 2017, 06:08 PM |#4  
Member
Flag Near to Vienna (better near to Bratislava)
Thanks Meter: 5
 
More
Quote:
Originally Posted by viercp

Hi androcheck,

first i am really impressed that somebody found a solution for that problem (i already have several posts with no answer at all)

But now i have a problem as when i install the fix i stuck in a boot loop. Is this maybe cause i am on custom ROM (Turbo MIUI) ?
Hope you have an idea

thanks
Robert

So far seems a "one time bug" - all ok with patch but i still get the very same error mssg

Any poss to tell me where i can check if entries provided by fix are really done ?
27th April 2017, 08:07 AM |#5  
Quote:
Originally Posted by viercp

So far seems a "one time bug" - all ok with patch but i still get the very same error mssg

Any poss to tell me where i can check if entries provided by fix are really done ?

Hi!

Sorry for the delayed answer.

First of all the ROM you are using must have the SmartcardService (=implementation of OpenMobile API), the corresponding library (org.simalliance.openmobileapi.jar) and permission manifest (org.simalliance.openmobileapi.xml) installed. I downloaded miau_destroyer_v12.zip from this thread here, extracted it and it seems that it contains all three of them.

My Xposed module "XposedOmapiBankcardFix" doesn't do very much besides forcing the apps which are using the OpenMobile API to always use "SIM1" as SmartcardReader. This was necessary because at the time of writing the Bankcard apps in Austria from PSA (Payment Services Austria) didn't correctly check for multiple SIM slots. So in fact this was a bug in the PSA apps, not in the phone.

Back then I reported this back to the developers (of the banking app) and today it seems to be fixed (I didn't check in detail but the Bank Austria app now is working for me on Android 7 without Xposed installed - with the SIM inserted in slot 1).

Another point I realized: By looking into the build.props of the miau_destroyer_v12 ROM it seemed to me that this ROM is configured for single SIM use. This means that the SmartcardService also only sees one cardreader (SIM slot). Maybe this also interferes with the Xposed module?

For clarification:
Before I wrote my Xposed module, the Bank Austria banking app worked already perfectly (no errors displayed, recognized the NFC SIM card, personalization of the bankcard worked ok) when I inserted the SIM card into slot 2. It just didn't work when the SIM card was inserted in slot 1. The problem is that it must be inserted in slot 1 if you want to use it over NFC. This is why I decided to work around this limitation with my Xposed module.
The second feature ("Fix EVT_TRANSACTION Intent") of my module was just a gimmick "on the way". I realized that the confirmation dialog after paying is not displayed, but this was just a "cosmetic" problem. Payments did still work, even if the confirmation dialog on the phone is not displayed.

Another sidenote:
As I have mentioned before I have switched already to an Android 7.1 based ROM on my personal phone (as a developer I want to use some of the new APIs) so I don't have Xposed anymore (as Xposed is not available for Android 7). So at the moment I cannot really test anything.

Which error exactly do you get? What do you see in logcat?

Kind regards,
john
1st May 2017, 10:08 AM |#6  
Member
Flag Near to Vienna (better near to Bratislava)
Thanks Meter: 5
 
More
Quote:
Originally Posted by androcheck

Hi!

Another point I realized: By looking into the build.props of the miau_destroyer_v12 ROM it seemed to me that this ROM is configured for single SIM use. This means that the SmartcardService also only sees one cardreader (SIM slot). Maybe this also interferes with the Xposed module?

Changed in build.prob to enable Dual SIM

Quote:


Which error exactly do you get? What do you see in logcat?

Havent worked with before - which entry you are looking for ?
19th April 2018, 03:22 AM |#7  
Senior Member
Flag Hebei Province
Thanks Meter: 150
 
More
Lot Of Thanks for your great work!
Btw,Do you use AOSP 8.1(such as AICP8.1)
On these roms,after add SmartCardService.apk ,it still cann't work with these bank apps. Actually,it can read other nfc tags,but it's HCE (Host-based Card Emulation) can not work
Could you have a try to fix it?

My post:
https://forum.xda-developers.com/le-...6#post76274677
Post Reply Subscribe to Thread

Tags
omapi, smartcardservice, xposed

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes