I'm working on a project to emulate a transport card on an Android phone, I've read through the Android Kitkat documentation and found that in order to emulate a card with a secure element I need to inherit from OffHostApduService.
How ever after spending a lot of time on Google I couldn't find what to write on the onBind function to redirect APDU from the other NFC device to my mobile device SIM card.
The card is NFC A & B compatible does it means I can send commands to it using the NfcA or NfcB Class ?
I work on a Samsung Galaxy 3, Samsung Galaxy 4 Mini, which both have the openmobile api or at least the SmartCard API. I can't patch my system since the goal is to proove that it's possible to do so on market devices.
Thanks for your help !!
The following patches will turn on NFC card emulation routing to the UICC on 4.4 on Nexus 5 :
First in device/lge/hammerhead folder
diff --git a/nfc/libnfc-brcm-20791b05.conf b/nfc/libnfc-brcm-20791b05.conf
index 0ef61c3..9348673 100644
--- a/nfc/libnfc-brcm-20791b05.conf
+++ b/nfc/libnfc-brcm-20791b05.conf
@@ -26,10 +26,10 @@ LPTD_CFG={38:B9:36:01:00:FF:FF:08:00:00:00:A0:0F:40:00:00:12:02:10:00:00:00:2D:0
#
# This is applied at stack startup.
# Use for Host based CE
-NFA_DM_START_UP_CFG={45:CB:01:01:A5:01:01:CA:17:00:00:00:00:06:00:00:00:00:0F:00:00:00:00:E0:67:35:00:14:01:00:00:10:B5:03:01:02:FF:80:01:01:C9:03:03:0F:AB:5B:01:00:B2:04:E8:03:00:00:CF:02:02:08:B1:06:00:20:00:00:00:12:C2:02
+#NFA_DM_START_UP_CFG={45:CB:01:01:A5:01:01:CA:17:00:00:00:00:06:00:00:00:00:0F:00:00:00:00:E0:67:35:00:14:01:00:00:10:B5:03:01:02:FF:80:01:01:C9:03:03:0F:AB:5B:01:00:B2:04:E8:03:00:00:CF:02:02:08:B1:06:00:20:00:00:00:12:C2:0
# Support UICC
-#NFA_DM_START_UP_CFG={45:CB:01:01:A5:01:01:CA:17:00:00:00:00:06:00:00:00:00:0F:00:00:00:00:E0:67:35:00:14:01:00:00:10:B5:03:01:03:FF:80:01:01:C9:03:03:0F:AB:5B:01:02:B2:04:E8:03:00:00:CF:02:02:08:B1:06:00:20:00:00:00:12:C2:0
+NFA_DM_START_UP_CFG={45:CB:01:01:A5:01:01:CA:17:00:00:00:00:06:00:00:00:00:0F:00:00:00:00:E0:67:35:00:14:01:00:00:10:B5:03:01:03:FF:80:01:01:C9:03:03:0F:AB:5B:01:02:B2:04:E8:03:00:00:CF:02:02:08:B1:06:00:20:00:00:00:12:C2:02
###############################################################################
# Pre-Discovery Startup Configuration (256 bytes maximum)
@@ -39,7 +39,7 @@ NFA_DM_START_UP_CFG={45:CB:01:01:A5:01:01:CA:17:00:00:00:00:06:00:00:00:00:0F:00
# Do not set NFA_DM_PRE_DISCOVERY_CFG
# Support UICC
-#NFA_DM_PRE_DISCOVERY_CFG={0A:C2:08:01:88:00:04:40:4B:4C:00}
+NFA_DM_PRE_DISCOVERY_CFG={0A:C2:08:01:88:00:04:40:4B:4C:00}
###############################################################################
# Antenna Configuration - This data is used when setting 0xC8 config item
diff --git a/nfc/libnfc-brcm.conf b/nfc/libnfc-brcm.conf
index 4840a54..afe80cd 100644
--- a/nfc/libnfc-brcm.conf
+++ b/nfc/libnfc-brcm.conf
@@ -2,8 +2,10 @@
###############################################################################
# Application options
-APPL_TRACE_LEVEL=0x01
-PROTOCOL_TRACE_LEVEL=0x00000000
+#APPL_TRACE_LEVEL=0x01
+#PROTOCOL_TRACE_LEVEL=0x00000000
+APPL_TRACE_LEVEL=0xFF
+PROTOCOL_TRACE_LEVEL=0xFFFFFFFF
###############################################################################
# performance measurement
@@ -75,7 +77,7 @@ NFCC_ENABLE_TIMEOUT=1000
# so that the stack will not wait any longer than necessary.
#
# Use for Host based CE
-NFA_MAX_EE_SUPPORTED=0
+#NFA_MAX_EE_SUPPORTED=0
# Use for UICC support
# NFA_MAX_EE_SUPPORTED=3
@@ -88,10 +90,10 @@ NFA_MAX_EE_SUPPORTED=0
# system in order to skip SE initialization.
#
# Use for Host based CE
-ACTIVE_SE=0x0
+#ACTIVE_SE=0x0
# Use for UICC support
-#ACTIVE_SE=0xF3
+ACTIVE_SE=0xF3
###############################################################################
# Configure the NFC Extras to open and use a static pipe. If the value is
Then in folder packages/apps/Nfc :
diff --git a/src/com/android/nfc/cardemulation/AidRoutingManager.java b/src/com/android/nfc/cardemulation/AidRoutingManager.java
index 154bcf3..951fb2d 100644
--- a/src/com/android/nfc/cardemulation/AidRoutingManager.java
+++ b/src/com/android/nfc/cardemulation/AidRoutingManager.java
@@ -41,7 +41,8 @@ public class AidRoutingManager {
// For Nexus devices, just a static route to the eSE
// OEMs/Carriers could manually map off-host AIDs
// to the correct eSE/UICC based on state they keep.
- static final int DEFAULT_OFFHOST_ROUTE = 0xF4;
+// static final int DEFAULT_OFFHOST_ROUTE = 0xF4;
+ static final int DEFAULT_OFFHOST_ROUTE = 0xF3; // pkvk9345
final Object mLock = new Object();
diff --git a/nci/jni/RoutingManager.cpp b/nci/jni/RoutingManager.cpp
index 83e97d0..885e403 100644
--- a/nci/jni/RoutingManager.cpp
+++ b/nci/jni/RoutingManager.cpp
@@ -89,7 +89,8 @@ void RoutingManager::setDefaultRouting()
ALOGE ("Fail to set default proto routing");
// Tell the UICC to only listen on Nfc-A
- nfaStat = NFA_CeConfigureUiccListenTech (mDefaultEe, 0x01);
+ //nfaStat = NFA_CeConfigureUiccListenTech (mDefaultEe, 0x01);
+ nfaStat = NFA_CeConfigureUiccListenTech (0xF3, 0x03);
if (nfaStat != NFA_STATUS_OK)
ALOGE ("Failed to configure UICC listen technologies");
Routing to the UICC does not seem possible on the Nexus 4 since the SWP contact is not wired to the NFC chip on this device.
Exchanging APDUs to your cardlet for ticket loading can be done through seek-for-android smartcard API as you suggest, or over-the-air in a binary SMS. The former is the most simple (but maybe not the most secure, depending on the context).
来源:https://stackoverflow.com/questions/21704987/overwriting-offhostapduservice-to-route-apdu-to-sim-card