How Can I Read NFC Card with IsoDep?

android nfc rfid apdu contactless-smartcard
Roger picture Roger · Apr 15, 2014 · Viewed 13k times · Source

I want to read a RFID card through NFC, the card is from the local transportation system in Bogotá, Colombia. I know this is possible because I've downloaded an android app that does just this!

My progress so far... When I put the phone over the card, my app is launched, with the ACTION_TECH_DISCOVERED intent, and I can read things like card UID but I don't know how to read the info I want, especifically the money on the card.

I've reading here in stackoverflow that what I need to do is find the application I want to access and send ADPU commands, but it looks like my card doesn't have any application because exploring the card with any android app, it always says Found 0 Applications. So, I don't know where I must get this info.

The tech info for my card is:

  • TAG ID: 08 8B E2 D1 RF
  • Technology: TYPE A (ISO/IEC 14443 Type A)
  • TAG TYPE: ISO/IEC 14443-4 Smart Card
  • ATQA: 0004
  • SAK: 20
  • HISTORICAL BYTES: 01112003
  • TECHNOLOGY CLASSES: android.nfc.tech.IsoDep, android.nfc.tech.NfcA

Thanks!

Answer

Michael Roland picture Michael Roland · Apr 15, 2014

I've [read] here in stackoverflow that what I need to do is find the application I want to access and send ADPU commands.

Correct, that is exactly what you need to do. Once you got this information (i.e. a specification of the card's communication protocol), you would do something like the following:

Tag tag = ... // TODO: get tag handle from intent
IsoDep isoDep = IsoDep.get(tag);
if (isoDep != null) {
    isoDep.connect();

    byte[] response = isoDep.transceive(SELECT_APDU); // SELECT_APDU = 00 A4 0400 <Lc> <APPLICATION ID>

    // TODO: send further APDU commands according to the protocol specification
    //response = isoDep.transceive(APDU);

    isoDep.close();
}

[...] but it looks like my card doesn't have any application because exploring the card with any android app, it always says Found 0 Applications.

This usually only means that there is no application on the card **that is known to the scanner app*. Many ISO-DEP cards to not have a publicly readable directory of applications that are available on the card. (Though some cards may have an EF.DIR or something similar.)

So, I don't know where I must get this info.

Right, that's usually the tricky part. There are several approaches to this:

  1. Ask the transport system operator for the specification.
  2. Check if the card has an EF.DIR (or similar) and lists something in there (though this will only give you a starting point as it still does not reveal the card's protocol).
  3. Check if the card has a GlobalPlatform security domain/card manager and if that card manager is accessible with default keys (Google will help you find further reading). If it does, GP provides commands to list installed applications. Regarding the protocol, the same as in 2. applies.
  4. Reverse engineer the app that you know can access the card. (Note that this may be illegal in your country and/or prohibited by the app's license agreement.)

Related questions

Android application to mimic a physical RFID card

Is it possible for an Android application to send a previously stored RFID card ID to a NFC reader? The aim would be to use an Android device to enable access to a room instead of a physical RFID card. …

Read More
How to get AID for reader Host based card emulation

I'm trying to do Host card emulation on an Android device using this example using ACR1281U NFC tag reader. This is the kind of application I want to make. As per the Android documentation and the example, it is …

Read More
Reading RFID with Android phones

I did enough research on reading RFID tags using Android phones(smart phones). My understanding of this is that for NFC-enabled smart phones (Nexus S) it is possible to read RFID tags, but there are restrictions. For non-NFC-enabled Androids we …

Read More