{"id":16411911,"url":"https://github.com/jekkos/android-hce-desfire","last_synced_at":"2025-09-17T23:48:14.596Z","repository":{"id":142968426,"uuid":"47358707","full_name":"jekkos/android-hce-desfire","owner":"jekkos","description":"A HCE software implementation of the NXP Desfire NFC protocol in an Android app (to be used with Cyanogenmod HCE patch)","archived":false,"fork":false,"pushed_at":"2016-11-05T13:46:59.000Z","size":2661,"stargazers_count":38,"open_issues_count":3,"forks_count":13,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-18T18:21:33.752Z","etag":null,"topics":["desfire","emulation","hacking","hce","java","nfc"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jekkos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-12-03T20:34:26.000Z","updated_at":"2024-11-06T18:02:10.000Z","dependencies_parsed_at":"2023-04-21T15:08:14.266Z","dependency_job_id":null,"html_url":"https://github.com/jekkos/android-hce-desfire","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekkos%2Fandroid-hce-desfire","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekkos%2Fandroid-hce-desfire/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekkos%2Fandroid-hce-desfire/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jekkos%2Fandroid-hce-desfire/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jekkos","download_url":"https://codeload.github.com/jekkos/android-hce-desfire/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245066496,"owners_count":20555402,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["desfire","emulation","hacking","hce","java","nfc"],"created_at":"2024-10-11T06:47:00.764Z","updated_at":"2025-09-17T23:48:09.549Z","avatar_url":"https://github.com/jekkos.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\nProject Inception\n-----------------\n\nThis project is an incomplete software implementation of the Mifare Desfire protocol for HCE on Android.\nThe app has to be used with the original HCE patch of Doug Yeager introduced in CyanogenMod 9. Most of the\ninitial code has now been removed from CyanogenMod and thus a system level patch is needed to make the whole work.\n\n* App will only work on phones with PN544 NXP chip (which are HTC One M7, Nexus S, ..)\n* A patched NFC.apk will need to be built from the [packages_Nfc_apps repository](https://github.com/jekkos/android_packages_apps_Nfc) I cloned here on github\n* A patched Android framework.jar should be built the [android base framework](https://github.com/jekkos/android_frameworks_base)\n* libnfc-nxp should contain the needed fixes in CM12 (no changes required)\n\nStandard HCE emulation in Android 4.4 does not give [complete control](http://stackoverflow.com/questions/20055497/emulate-mifare-card-with-android-4-4) over APDUs sent. Desfire has 3 communication modes which are `native`, `wrapped` and `iso14443-4`.\n\nA standard android HCE app would be able to cope with a wrapped protocol implementation after removing the AID routing functionality using an xposed framework library hook. However for my POC I found the hardware to communicate using native commands and thus needed to have full control over APDUs which at that time was only feasible with the original CM HCE patch.\n\nProject state\n-------------\n\nThe code contains some testcases that verify a couple of different basic communication scenario's with a DesFire card. \nDoug Yeager's patch was ported to Android 5 which enabled a pn544 to communicate with off the shelve NFC physical security system at Capgemini Belgium's premises.\n[A talk was given at Capgemini Belgium](https://github.com/jekkos/android-hce-desfire/blob/master/talk/Android%20internals%20-%20Nfc%20stack%20explorations.pptx?raw=true) in 2015 to present the POC.\n\nYou can detect a phone as a Mifare Tag by using an libnfc compqatible reader with [patched](https://github.com/nfc-tools/libfreefare/pull/42/files) [libfreefare](https://github.com/jekkos/libfreefare). One working example here includes the mifare get info command, which can request some general info fields from the Android application and show them in a linux terminal. To reproduce this case it's best to use the `pn532-tamashell` binary that comes by default with libfreefare. \n\nIn that case the raw command bytes for DesFire get info can be issued which should normally yield a valid response from the Android app.\n\n```\nLIBNFC_LOG_LEVEL=3 cat \u003c\u003c EOF | pn53x-tamashell \\\n4a 01 00 \\\n40 01 00 a4 04 00 07 d2 76 00 00 85 01 00 00  \\\n40 01 00 00 60 00 00 00 \\\n40 01 00 00 AF 00 00 00 \\\n40 01 00 00 AF 00 00 00 \\\nEOF\n```\n\nReferences\n----------\n\nThis project is based on the following work\n\n* [Kevin Valk's thesis](https://github.com/kevinvalk/android-hce-framework) on HCE in Android and his work on porting JavaCard applets to the Android platform\n* Original code from an [academic paper](https://securewww.esat.kuleuven.be/cosic/publications/article-2206.pdf) on [porting DesFire to JavaCard](https://github.com/Dansf/java-card-desfire-emulation). This code contains an implementation for the legacy protocols only (non AES)\n* Libfreefare code which contains all the newer DesFire protocol implementation details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjekkos%2Fandroid-hce-desfire","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjekkos%2Fandroid-hce-desfire","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjekkos%2Fandroid-hce-desfire/lists"}