Editing Functionality of Host Card Emulation in Android

Jay Allen picture Jay Allen · Feb 9, 2015 · Viewed 17.1k times · Source

I'm currently in the process of developing a project for my University course wherein I will be hopefully editing the functionality of the HCE Feature of Android to allow me to set my own UID when emulating a card.

Now, i've downloaded the AOSP source, and built a custom image with no edited code and installed that to my Nexus 7 (This includes downloading and including the Vendor specific hardware drivers), and i'm stuck on the next part.

I physically cannot find the device code that governs the NFC features of Android, and i'm unsure how to go about a) Looking for it, and b) How I should be editing this code.

Is the code for NFC in Android in the base Kernel? and if so how would I edit that before I run "make" again and hope it builds? or is it elsewhere? I've noticed that the files in the Vendor folder i've downloaded and extracted are in a .ncd format, which I don't think is editable.

Any help I can get on this would be greatly appreciated.

Answer

Jay Allen picture Jay Allen · Feb 25, 2015

Ok ! So i've found a solution to the problem I was having!

On the Nexus 7, when the NFC is turned on, it gets its information from a config file in "/etc/" called "libnfc-brcm-20791b05.conf"

Inside of this file there is a parameter called "NFA_DM_START_UP_CFG"

By default, it looks like this:

NFA_DM_START_UP_CFG={42:CB:01:01:A5:01:01:CA:14:00:00:00:00:0E:C0:D4:01:00:0F:00:00:00:00:C0:C6:2D:00:14:0A:B5:03:01:02:FF:80:01:01:C9:03:03:0F:AB:5B:01:00:B2:04:E8:03:00:00:CF:02:02:08:B1:06:00:20:00:00:00:12:C2:02:01:C8}

To edit the UID that is generated at Emulation, you need to add some bytes to the end of this parameter.

The first byte you add is 0x33 (This means that you are going to manually set the UID)

The second byte that is added is the length of the UID you wish to set (This can be either 4,7 or 10 bytes, so this second byte can be 0x04, 0x07 or 0x0A)

The next bytes are then the ID you wish to set! (NOTE: Depending on how many Bytes you add, you should change the first byte of the array to reflect the new size of the array - it starts at 42, so if you were to add 6 bytes it should change to 48)

For example, if you wished to set a 7 byte ID of 01 02 03 04 05 06 07, the new config line would look like this:

NFA_DM_START_UP_CFG={4B:CB:01:01:A5:01:01:CA:14:00:00:00:00:0E:C0:D4:01:00:0F:00:00:00:00:C0:C6:2D:00:14:0A:B5:03:01:02:FF:80:01:01:C9:03:03:0F:AB:5B:01:00:B2:04:E8:03:00:00:CF:02:02:08:B1:06:00:20:00:00:00:12:C2:02:01:C8:33:07:01:02:03:04:05:06:07}

You can then push this config file to your nexus device using adb:

-> adb root
-> adb remount
-> adb push libnfc-brcm-20791b05.conf /etc/
-> adb reboot

This will reset the Nexus with the new config file in, and upon emulation the UID will now be set to 01 02 03 04 05 06 07

Hope this helps anyone reading my question!