Host-based Card Emulation with Fixed Card ID

Question

Android 4.4 introduced Host-based Card Emulation (HCE). As you know, all NFC cards come with a fixed card ID (NfcAdapter.EXTRA_ID).

My office door access usually detects the NFC card ID for the authorization. After flashing my phone to KitKat, I tried to scan my phone with the access reader. But whenever the screen turns off and on again, I get a different card ID.

I did try keeping the phone screen on, and registering the emulated card ID to the door access system. It managed to grant the access to open the door. But this won't work after the screen turns off and on again.

Ever since KitKat introduced HCE mode, I have been trying to emulate my door access card using my phone.

Any ideas for making the phone emulated card ID fixed?

Answer 1

This is (at least with the official API) not possible:

In the first part of the exchange the HCE device will present its UID; HCE devices should be assumed to have a random UID. This means that on every tap, the UID that is presented to the reader will be a randomly generated UID. Because of this, NFC readers should not depend on the UID of HCE devices as a form of authentication or identification.

(http://developer.android.com/guide/topics/connectivity/nfc/hce.html#ProtocolParams)

Answer 2

It is possible. There are at least two ways of getting a static UID:

1. Not all phones show a random UID when running stock ROM. Some phones have a static UID 01:02:03:04, i.e. LG G3, Xiaomi Mi 3 and Mi Mix 2s. But then, everyone with one of these phones could enter your room.

2. Use Card Emulator Pro from Google play store and you can emulate any desired UID. You can also toggle such that the UID is maintained when the screen is off.

Systems that rely on UID only are not safe. It's better to use a system with encryption.