difference between APDU command between contact and contactless Interface

4
votes

I have a question about APDU format in contact and contactless Interface. I have an ACR122U contactless card reader and i studied it's API (v2.1). According to the document, apdu format in contactless mode is different from contact mode. for example SelectApplet command in contact mode is: 

Command >> 00 A4 04 00 09 [A0,00,00,03,08,00,00,10,00] 00
Response <<61 19

Command APDU >> 00 C0 00 00 19
Response APDU <<61 17 4F 06 00 00 10 00 01 00 79 0D 4F 0B A0 00 00 03 08 00 00 10 00 01 03 90 00

but in contactless mode is:

Command APDU >> FF 00 00 00 12 d4 40 01 00 a4 04 00 09 a0 00 00 03 08 00 00 10 00 1a
Response APDU << 61 20   

Command APDU >> FF C0 00 00 20
Response APDU << d5 41 00 61 17 4f 06 00 00 10 00 01 00 79 0d 4f 0b a0 00 00 03 08 00 00 10 00 01 03 90 00 90 00

But when i search on web, they mentioned that there is no difference between APDU format. Am i wrong and there is another solution to send APDU to contactless interface?

Thanks a lot.

2
smartcardjavacardcontactless-smartcard

2 Answers

3
votes

FF is basically an escape, usually used to send specific commands to the card reader. This reader reads the proprietary header, which is simply followed by the normal APDU. The APDU itself is indeed just the part after the 5 byte header (and after the 3 byte response header). For shorter (specific) APDU's they seem to perform some workarounds.

This could be a good option if the same reader (on a driver level) handles both contact and contactless protocol.

2
votes

You are mixing concepts. I'll try to make it a little clear.

Disclaim: I'm not sure about some of the following lines!

A) Card Type

There are two kinds of Dual Interface cards:

  1. Dual Interface Dual Chip.
  2. Dual Interface Single Chipe.

enter image description here AS you see above, regarding the type of the card, you may receive equal, or different responses for a specific command that is sent to the card through different interfaces.

Available cards are usually Dual Interface Single Chip. It is also notable that a Dual Chip Dual Interface can configured in way that have equal responses for equal commands on different interfaces.

B) APDU Handler Entity

In Java Cards, the applet that is receiving the APDU commands, can decide to respond equal or different to a specific incoming command based on the interface that the command is received from.

For example, the applet that is shown in the below snippet, in respond of APDU Command = 00 10 00 00 00, returns "Contact" when the interface is contact, and returns Contactless when the interface is contactless:

package testPack;

import javacard.framework.*;

public class TestApp extends Applet
{
    private static final byte[] data = { (byte)'C', (byte)'o', (byte)'n', (byte)'t', (byte)'a', (byte)'c', (byte)'t',
                                    (byte)'l', (byte)'e', (byte)'s', (byte)'s'};

    public static void install(byte[] bArray, short bOffset, byte bLength) 
    {
        new TestApp().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
    }

    public void process(APDU apdu)
    {
        if (selectingApplet())
        {
            return;
        }

        byte transportMedia = (byte) (APDU.getProtocol() & APDU.PROTOCOL_MEDIA_MASK); 
        boolean isContactless = (transportMedia == APDU.PROTOCOL_MEDIA_CONTACTLESS_TYPE_A) || 
         (transportMedia == APDU.PROTOCOL_MEDIA_CONTACTLESS_TYPE_B);

        byte[] buf = apdu.getBuffer();
        switch (buf[ISO7816.OFFSET_INS])
        {
        case (byte)0x10:
            apdu.setOutgoing();
            if (isContactless){
                apdu.setOutgoingLength((short)0x0B);
                apdu.sendBytesLong(data, (short)0, (short)0x0B);
            }else{
                apdu.setOutgoingLength((short)0x07);
                apdu.sendBytesLong(data, (short)0, (short)0x07);
            }
            break;
        default:
            ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
        }
    }

}

Works as below:

Connect successful. # via the "Contact" Interface
Send: 00 A4 04 00 06 01 02 03 04 05 00 00
Recv: 90 00
Send: 00 10 00 00 00
Recv: 43 6F 6E 74 61 63 74 90 00
Disconnect successful.

Connect successful. # via the "Contactless" Interface
Send: 00 A4 04 00 06 01 02 03 04 05 00 00
Recv: 90 00
Send: 00 10 00 00 00
Recv: 43 6F 6E 74 61 63 74 6C 65 73 73 90 00

Note that, Security Domain and Card Manager (The entity responsible for answering to SELECT APDU Command), usually have equal responses for both interfaces.

C) APDU Commands vs Pseudo APDU

Card readers may supports reader features management/control commands. For example you can change the color of the LED, or delay of the beep sound. These commands that are supposed to be sent to the reader itself and not to the card are named Pseudo-APDU commands and usually are started with 0xFF (I think the reader manufacturers choose this value because it is already defined in ISO7816-3 for PPSS in T=0 and for NAD in T=1, and so indicated as INVALID for normal applet commands).

The Specifications that the USB smart card readers are build based on it, is PCSC. You can download them freely from here. There is defined some Pseudo-APDU commands that usually reader manufacturers implement them in their products. They also may add some proprietary Pseudo APDU commands to their readers to add the capability to work with Memory Cards (SLE4432/42 for example) or to work with Mifare card.

The readers have a Pseudo-APDU command named Direct Transmint Command and it used to send a Payload to the card. For your reader, as you mentioned in the question, the Direct Transmit Command is as below:

enter image description here

I'll add something here soon! ...