How to get AID for reader Host based card emulation

Question

I'm trying to do Host card emulation on an Android device using this example using ACR1281U NFC tag reader.

This is the kind of application I want to make.

As per the Android documentation and the example, it is required to register an AID in the Android project:

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
           android:description="@string/servicedesc"
           android:requireDeviceUnlock="false">
    <aid-group android:description="@string/aiddescription"
               android:category="other">
        <aid-filter android:name="F0010203040506"/>
        <aid-filter android:name="F0394148148100"/>
    </aid-group>
</host-apdu-service>

How do I know which AID I need to register in my Android application so that the reader can read the HCE Android app?

Here is another question I posted regarding the same: No supported card terminal found ARC1281U nfc card reader

I have referred to the following links, but there were not of much help:

• Setting up host card emulation
• To get Application ID for NFC based Identification System
• How does Host-based Card Emulation deal with AID (Application ID)?
• Android HCE: are there rules for AID?

Please help as there is very little resources available on HCE!

EDIT

The example uses the AID F0010203040506 in the SELECT (by AID) command but my ACR128 reader was unable to read the HCE device.

private static final byte[] CLA_INS_P1_P2 = { 0x00, (byte)0xA4, 0x04, 0x00 };
private static final byte[] AID_ANDROID = { (byte)0xF0, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };

private byte[] createSelectAidApdu(byte[] aid) {
    byte[] result = new byte[6 + aid.length];
    System.arraycopy(CLA_INS_P1_P2, 0, result, 0, CLA_INS_P1_P2.length);
    result[4] = (byte)aid.length;
    System.arraycopy(aid, 0, result, 5, aid.length);
    result[result.length - 1] = 0;
    return result;
}

Then I changed the AID to F00000000A0101 (which was used by some other example app) and used this in AID filter as well. After changing to this AID, the ACR reader was able to detect the HCE device.

• Both of the AIDs (the one used in example that did not work and another that was used in the app which worked) conform to the specification, how to I know which AID to use?
• The example adds multiple AIDs in the AID filter but sends only one of them in the SELECT (by AID) APDU. Should I also add multiple AIDs in the AID filter? What is its use?

Answer 1

The AID is a "name" that you assign to your smartcard application (in the case of HCE: the Android app that emulates the card application). A reader application uses this "name" to address your card (HCE) application with a SELECT (by DF name/AID) APDU command (see ISO/IEC 7816-4). You can use any value you want as long as it conforms to ISO/IEC 7816-4.

In your specific case, the reader example application uses the AID F0010203040506

private static final byte[] AID_ANDROID = { (byte)0xF0, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };

Therefore, to be interoperable with that example, you need to register your HCE service for the AID F0010203040506.

How do you assign and use an AID?

Typically, you first define a "name" for your HCE app:

<host-apdu-service ...>
    <aid-group ...>
        <aid-filter android:name="F0010203040506"/>
    </aid-group>
</host-apdu-service>

Later, reader applications can use that name to select your HCE app and to then communicate with it (in Java e.g. using Java Smart Card IO):

Card card = ...;
CardChannel c = card.getBasicChannel();

// SELECT by AID (F0010203040506)
ResponseAPDU  resp = c.transmit(new CommandAPDU(
        0x00, 0xA4, 0x04, 0x00, new byte[] { (byte)0xF0, (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06 }));
assert resp.getSW() == 0x9000;

// Send application-specific command (what such a command could look like depends on your application)
resp = c.transmit(new CommandAPDU(
        0x80, 0x10, 0x00, 0x00, new byte[] { (byte)0x12, (byte)0x34 }));

How do you come up with a value for an AID?

This depends on your application scenario.

• In your closed-loop scenario, where you are under full control of both the HCE side and the reader side, you can choose an arbitrary (note that there are some rules for AIDs) AID and assign it to your HCE app. You can later use that AID in your reader application to address the HCE app.

• In real-world HCE scenarios, you often design your HCE app to interact with an existing reader infrastructure. Consequently, your HCE app will implement some given specification. In that case, such a specification will dictate the AID (or AIDs) that your HCE app needs to use in order to be discoverable by the existing reader infrastructure. An example for such a specification is the EMV specification for contactless payment systems.

Why are some HCE applications registered for multiple AIDs?

Sometimes there is the need that an application is addressable through multiple "names" (AIDs). Reasons could be:

• An application provides multiple different interfaces (i.e. that have a different command set or provide different data).
• There are existing readers that use (for some reason) different AIDs to address the same application.

How do you choose an AID?

The rules for smartcard application identifiers (AIDs) are defined in ISO/IEC 7816-4. An AID has at least 5 bytes and may consist of up to 16 bytes (see this answer on AID size restrictions). Based on the first 4 bits, AIDs are divided into different groups. The most relevant groups defined in ISO/IEC 7816-4 are:

• AIDs starting with 'A': internationally registered AIDs
• AIDs starting with 'D': nationally registered AIDs
• AIDs starting with 'F': proprietary AIDs (no registration)

For (inter)nationally registered AIDs, the AID is split into two parts, a 5-byte mandatory RID (registered application provider identifier), and an optional PIX (proprietary application identifier extension) of up to 11 bytes.

For proprietary AIDs (F...), you can use any arbitrary value.

Why did the AID F00000000A0101 work while F0010203040506 did not work?

I don't know and you did not provide sufficient information to diagnose this. E.g. where there any messages in adb log when you tried to select F0010203040506?

Anyways, both AIDs are valid and should work. One possibility could be that you already had another HCE application installed on your device that registered for that AID. In that case, two applications would have listened for the same name which is not possible.