我是否必须知道用于Android HCE卡模拟的卡的AID? [英] Do I have to know what the AID of a card is for card emulation with Android HCE?
问题描述
我只想使用HCE在Android应用程序中模拟公交卡.我对卡的AID感到困惑.我必须知道卡的AID是什么吗?
根据基于主机的卡仿真文档:
如果您要为现有的NFC读取器基础结构模拟卡, 这些读者正在寻找的AID通常是众所周知的 并公开注册(例如,支付网络的AID 例如Visa和MasterCard.
那么,有什么意义呢?
P.S.我认为我的卡的AID不是众所周知的.即使是,我怎么知道它是什么?
我是否必须知道用于Android HCE卡模拟的卡的AID?
是的,绝对可以! AID是您的应用程序的名称.读卡器会询问卡(是否仿真),其中是否包含具有特定名称的应用程序,并且只会与包含读卡器支持的应用程序的卡进行通信.
如何在特定卡上找到应用程序的AID?
最明显的方式:询问系统所有者或制造商.如果他们没有告诉您,您很可能不应该反正模仿卡片.
当然,还有其他方法可以找出卡的工作方式.许多卡遵循某些标准.例如,支付卡通常会实施EMV协议.对于运输卡,还有一些标准,例如VDV-KA,ITSO等.您可以通过进行一些指纹识别(例如,分析卡以找出卡类型,芯片类型,芯片制造商等)来尝试确定卡是否使用某些标准/知名应用程序.),并进行强力扫描(例如,尝试选择知名的应用程序AID,尝试枚举卡上的文件等).您应该能够找到几个免费的工具,可以帮助您解决此问题. /p>
是否知道AID足以模拟(例如使用HCE)某张卡
不,当然不是.
首先,您还需要了解并实现读者与应用程序交谈的协议.尽管许多智能卡应用程序使用通用的命令/响应结构(请参阅ISO/IEC 7816-4行业间命令),但每个应用程序通常以略微不同的方式使用它们.如果应用程序遵循某些标准,则可以简单地实现该标准.如果该应用程序使用某些专有协议,则您会再次询问系统所有者/制造商或反复试验.
第二,即使AID和协议通常也不足以复制和模拟特定的卡.智能卡通常旨在存储一些秘密信息,以巧妙地识别和验证卡.这些机密通常无法从卡中提取.因此,您不能简单地将这些秘密数据传输到您的HCE应用程序中.
I merely want to emulate a transit card with an Android application using HCE. I'm confused about the AID of the card. Do I have to know what the AID of the card is?
According to Host-based Card Emulation document:
If you are emulating cards for an existing NFC reader infrastructure, the AIDs that those readers are looking for are typically well-known and publicly registered (for example, the AIDs of payment networks such as Visa and MasterCard).
So, what is the point?
P.S. I don't think the AID of my card is well-known. Even if it is, how do I know what it is?
Do I have to know what the AID of a card is for card emulation with Android HCE?
Yes, definitely! The AID is the name of your application. The reader will ask cards (emulated or not) if they contain an application with a certain name and will only communicate with those cards that contain the application that the reader supports.
How do I find the AID (or AIDs) of the applications on a certain card?
The most obvious way: Ask the system owner or manufacturer. If they don't tell you, you most probably should not be fiddling around with emulating the card anyways.
There are, of course, other ways to find out how the card works. Many cards follow some standards. Payment cards, for instance, usually implement EMV protocols. For transport cards there are also several standards, e.g. VDV-KA, ITSO, etc. You could try to find out if the card uses some standard/well-known application by doing some finger-printing (e.g. analyze the card to find out the card type, chip type, chip manufacturer, etc.) and by doing brute-foruce scans (e.g. try to select well-known application AIDs, try to enumerate files on the card, etc.) You should be able to find a couple of free tools that could help you with this.
Is knowing the AID enough to emulate (e.g. using HCE) a certain card
No, certainly not.
First of all, you also need to know and implement the protocol that the reader speaks with the application. While many smartcard applications use common command/response constructs (cf. ISO/IEC 7816-4 inter-industry commands), each application typically uses them in its slightly own way. If the application follows some standard, you can simply implement that standard. If the application uses some proprietary protocol, you are back at asking the system owner/manufacturer or at heavy trial-and-error.
Second, even the AID and the protocol are typically not enough to duplicate and emulate a specific card. Smartcards are usually designed to store some secret to usiquely identify and authenticate a card. These secrets typically cannot be extracted from a card. Hence, you cannot simply transfer that secret data into your HCE application.
这篇关于我是否必须知道用于Android HCE卡模拟的卡的AID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
