Wednesday, August 3, 2011

Card Emulation on the Nexus S

While the Nexus S is capable of emulating both NFC-A and NFC-B cards, but there are significant barriers in place to prevent user applications from gaining access to this feature.

The phone uses the PN65N chip from NXP, which is combination of the PN544 chip and a SmartMX secure element. There are two ways to make this chip behave like a smart card (PICC):
  • Through the secure element.
  • With a UICC (aka SIM card) that supports the Single Wire Protocol (SWP).
The SmartMX secure element runs the ever-popular Java Card OS, which is essentially a very small JRE. On top of this sits the GlobalPlatform Card Specification, which allows for the management of multiple software card applets. New applets can't be installed into the secure element without knowing the secret keys that Google or Samsung configured the GlobalPlatform card manager with.

If these keys were known, it would be possible to install a simple relay-style applet that forwarded APDUs to and from the Android OS as they were received.

Enabling card emulation through SWP is probably easier, but the UICC used in this set-up won't be able to talk with Android.

Aside from discovering the secure element's secret keys, I see two solutions:
  • Replace the PN65N with another that you know the secret keys to.
  • Attach the SWP pin on the PN65N to a pin accessible by the Android OS rather than than to a UICC.
  • Attach an external USB NFC modem capable of card emulation.
The second solution requires some explanation. The SWP protocol is well defined in TS 102 613. The NFC chip sends information along the single wire by modulating current, and the UICC does the same by modulating the voltage. If a full-duplex I/O pin exists somewhere on the Nexus S that is accessible by the OS, it may be possible to re-purpose it to interface with the PN65N. Of course, such a change would require modification of Android's source code.

The third solution is probably the least messy. Android 2.3.4, which can be run on the Nexus S, has optional support for the Android Open Accessory platform. This allows the phone to behave as a host to a USB device. Such a device might be an NFC modem capable of card emulation.

If I had more time, I'd pursue one of those methods to enable the Nexus S to emulate an NFC card. With only three-ish weeks left, I have to settle with a simulated terminal.
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)