在Android设备中读取和写入mifare卡

Question

Is it possible to access the nfc functions on android devices from native code?

I was thinking that I could use native code to read and write mifare cards, this would add more security because it is not easy to decompile. but I am not sure if the native android apis support mifare cards.

I have an application written in Java to read and write mifare cards in android devices. The keys and the binary information stored in the cards were already designed and I have no control over it.

It was easy for me to decompile and deobfuscate the generated apk. So it is easy to get the card's keys, even when they are encrypted. This is a problem because security is important.

Is there any other way to improve the security of the application? I want to make it hard to extract the keys.

Answer 1

What you're talking about is called "security through obscurity". While its slightly better than nothing, its generally considered close to useless- no matter how much you hide the code, it will be cracked fairly easily. For example, using an emulator I could put a breakpoint in the framework function that reads data from the card, then place a memory breakpoint and see where the returned data is used to find your code.

Native code won't be much harder than Java, anyone who does reverse engineering is well versed in reading assembly. In the end you're adding a few days to the time it takes to crack the device at best. You really need to fix the cards.