NFC SWP applet selection returns 6999

4
votes

I have a simple JavaCard applet installed on my SIM card. I try to communicate with my applet using Omnikey 5121 CL reader and NFC-enabled Sony Xperia L through NFC/SWP (single wire protocol).

The problem is I cannot select the applet - as a status word I get 6999. The LED light is turned on, so I suppose there is some communication between reader and the SIM card. Moreover, I cannot select my security domain either.

However, when I put the SIM card into a standard contact smartcard reader, everything works fine.

Is there any extra configuration of Android OS, SIM card, NFC modem etc. I have to setup before communicating with SIM card over NFC? Any ideas?

More information:

ATR of SIM accessed in the contact way:

3B9F96C00A3FC6A08031E073FE211F65D001900F3B810FE6

ATR (generated by PCSC from ATS) of SIM accessed over NFC in the contactless way:

3B8880010000000000817000F8

My INSTALL for INSTALL APDU: (worked, finally!)

80E6040C32 //CLA INS P1 P2 Lc
0CF0AAAAAAAAAAAAAAAABBBBBB // AIDs
09F0AAAAAAAAAAAAAAAA
09F0AAAAAAAAAAAAAAAA
01
 00 //privileges
0B //length of parameters
 EF07 //system parameters
  A005A5038201FF
 C900 //applet parameters
00
1
androidnfcsmartcardjavacardsim-card
Isn't related with PIN verification?Ebrahim Ghasemi
Isn't it a dual chip dual interface smart card? (I think the name is Combo or Hybrid card) In this kind of cards when you install applet through the contact interface, the applet install on the chip1 and when you install it through the contact-less interface, the applet install on chip2. So if you install it through contact interface, you can't select it through contact-less interface.Ebrahim Ghasemi
Did you make the applet selectable through the contactless (SWP) interface? (In the Contactless Protocol Parameters of the ISTALL FOR INSTALL MAKE SELECTABLE command)Michael Roland
The security domain not being selectable over the contactless interface is not unusual for a SIM card.Michael Roland
As I wrote before, you have to set the proper Contactless Protocol Parameters in the INSTALL FOR INSTALL MAKE SELECTABLE command (or by doing a registry update). Sure you would do that over whatever interface you use for card/applet management (hence, the contact interface in your case). See Global Platform Card specification Amendment C for further details.Michael Roland

1 Answers

4
votes

Receiving status code 6999 in response to the SELECT (by AID) command is a clear indication that the applet was not found/not selectable. If the applet has been installed and is selectable (using the same AID) over the contact interface of the UICC/SIM card, then it is likely not made selectable over the SWP (contactless) interface. Typically secure elements allow to selectively enable/disable applets for specific interfaces (in addition to this, applets can detect over which interface they are selected and can react accordingly).

Applets typically need to be explicitly made selectable over the contactless interface by setting the Contactless Protocol Parameters in the INSTALL (for MAKE SELECTABLE) command (or later on by doing a registry update). See Amendment C to the Global Platform Card specification for further details.

Btw. the security domain not being selectable over the contactless interface is not unusual for a SIM card. Card management is typically restricted to the contact interface for security reasons. (Card management over the contactless interface is typically not used in production environments anyways.)