Android HCE: are there rules for AID?

Question

I'm trying to use an ACR122 NFC reader to select an application emulated in one Nexus 5 using Android Host Card Emulation. However, small AIDs are not recognized.

My goal is to use a three byte long AID, as I do in a DESfire card. My first goal is only to be able to do a SELECT command.

My test app uses the following configuration for AIDs:

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
android:description="@string/service_descr"
android:requireDeviceUnlock="false" >

    <aid-group
        android:category="other"
        android:description="@string/aid_descr" >
            <aid-filter android:name="A0A1A2" />
            <aid-filter android:name="B0B1B2B3" />
            <aid-filter android:name="C0C1C2C3C4" />
            <aid-filter android:name="D0D1D2D3D4D5" />
            <aid-filter android:name="E0E1E2E3E4E5E6" />
    </aid-group>

</host-apdu-service>

If I run the following APDUs:

00 a4 04 00 03 a0 a1 a2 00
00 a4 04 00 04 b0 b1 b2 b3 00
00 a4 04 00 05 c0 c1 c2 c3 c4 00
00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00
00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00

I always get the following responses:

=> 00 a4 04 00 03 a0 a1 a2 00 
<= 6f 00 
=> 00 a4 04 00 04 b0 b1 b2 b3 00 
<= 6a 82 
=> 00 a4 04 00 05 c0 c1 c2 c3 c4 00 
<= 90 00 
=> 00 a4 04 00 06 d0 d1 d2 d3 d4 d5 00 
<= 90 00 
=> 00 a4 04 00 07 e0 e1 e2 e3 e4 e5 e6 00 
<= 90 00 

So, only AIDs with length greater than 5 bytes will work with Android? Or am I doing something really wrong?

Answer 1

The rules for smartcard application identifiers (AIDs) are defined in ISO/IEC 7816-4. An AID may consist of up to 16 bytes. Based on the first 4 bits, AIDs are divided into different groups. The most relevant groups defined in ISO/IEC 7816-4 are:

• AIDs starting with 'A': internationally registered AIDs
• AIDs starting with 'D': nationally registered AIDs
• AIDs starting with 'F': proprietary AIDs (no registration)

For (inter)nationally registered AIDs, the AID is split into two parts, a 5-byte mandatory RID (registered application provider identifier), and an optional PIX (proprietary application identifier extension) of up to 11 bytes.

For proprietary AIDs (F...) ISO/IEC 7816-4 does not clearly mandate any minimum length requirements.

In addition to this, when it comes to HCE and routing of card emulation communication from the NFC controller to secure elements or the application processor, there is the NFC Forum NCI specification. This specification mandates an AID (used in AID-based routing entries) to be between 5 and 16 bytes. Btw. the same limitation applies to smartcards following the Java Card specifications.

When it comes to Android, there is a hard-coded requirement that AIDs received in a SELECT command consist of at least 5 bytes:

• In method resolveAid() in RegisteredAidCache.java on line 142
• In method findSelectAid() in HostEmulationManager.java on line 390 (which actually causes the odd behavior that the 4 byte AID is rejected with a "File or application not found" (6A82) status word as the check does not properly account for the Le byte)

Answer 2

According to EMV standards, an AID is made up of a Registered Application Provider Identifier (RID) having a minimum of 5 bytes, and an optional Application Identifier Extension (PIX) or proprietary Application Identifier having a maximum length of 11 bytes, which together make up the Application ID (AID), thus, the application ID can never be less than 5 bytes in length. If there are several applications present in the card, the AIDs will have the optional app identifiers appended to the RID to differentiate between the applications present in the card. Please read up on EMV standards on their site: EMVCO, and especially their books, Book 1 to Book 4, to understand more in this.