Category Archives: Uncategorized

Nokia 6212: Unlocking the Secure Element

In order to install your own Java Card Applets on to the Nokia 6212 Secure Element (SE) you will need to either talk to the TSM (Trusted Service Manager)(Venyon is the TSM for Nokia phones), OR, you can permanently unlock the SE by using Nokia’s UnlockMidlet (You will need to register to download. Registration is free).

First some warnings:

  • The unlock operation is PERMANENT, and cannot be undone.
  • After unlocking, no TSM will ever trust your secure element anymore, EVER (because you and other people now have access to the default keys).
  • If authentication fails more than 1o times in a row, the card manager will be locked, and you will not be able to install or delete any Applet to/from the SE.
  • Unlocking should only be performed if you want to use your phone for development or testing purposes.

You have been warned!

The UnlockMidlet establishes a secure (encrypted) connection between your SE and a Nokia server. The server will then communicate with your SE and set keyset 42 to the default keys (MAC/ENC/DEK = 404142434445464748494a4b4c4d4e4f), and the Mifare card emulation authentication keys (both key A and B) to FFFFFFFFFFFF.

Step by step:

  1. Download UnlockMidlet
  2. Upload to phone, using either bluetooth or micro-USB cable (in PC Suite mode)
  3. Make sure your phone is configured to use (GPRS) packet data (Settings -> Configuration -> Preferred access pt.)
  4. Start the UnlockMidlet.

At this point the unlock operation might fail due to “No Server Connection” (at least that happend to me). No matter how I configured the packet data settings, the UnlockMidlet always failed with “No Server Connection”.

However, there is another solution to unlock the SE, by using the SDK Emulator and a OmniKey Cardman 5321 reader:

  1. Download UnlockMidlet
  2. Download Nokia 6212 SDK (Requires registration. Registration is free).
  3. Get yourself a OmniKey Cardman 5321 Reader
  4. Download OnmiKey PCSC Driver, Synchronous API and Diagnostics Tool
  5. After installing the OmniKey software, run the Diagnostics Tool, and confirm that there is an ‘API’ tab listing “scardsyn.dll” (this dll is required when using this reader in the Nokia SDK).
  6. Run SDK ‘Emulator’, and in the Phone window, open the file menu and load the unlock midlet.
  7. In the Emulator window, drag and drop the cardman reader from “External Readers” to both 1: “Embedded Tag” and 2: “Embedded Smart Card”.
  8. On the Nokia 6212 phone, go to NFC settings and make sure “cards availability” is set to “always”.
  9. Place the 6212 on the OnmiKey reader, (lay it down on the reader and let it stay there until the unlock operation is completed).
  10. Proceed with the unlock operation in the midlet emulator.

Assuming the unlock operation was successful, you will now be able to install your own Java Card Applets using for example GPShell or GPJ (a pure java version).


Nokia 6212 with NFC

NFC (Near Field Communication) is predicted to be big business in mobile devices in the coming years. Actually, it was supposed to start this year, but there are still only a few select phones out there with NFC.

Nokia 6212 is one such device.

Nokia 6212 Classic

What is NFC?

In short, NFC is a specification which lets you read and emulate tags and smartcards conforming to certain contactless standards.

What can you do with NFC?

  • Use your phone as a contactless credit card (VISA/MasterCard etc)
  • Transfer data between NFC devices
  • Quickly configure other highspeed connections like bluetooth for faster transfer (bluetooth set-up is slow)
  • Payment on public transportation
  • One-time transfer token (on airports between check-in counter and gate)
  • “geo-tagging” (more on this later)
  • Read epassports (biometric passports)
  • Advertising (get additional info about a product, like url etc)
  • Log on to Dell laptops with embedded contactless reader using card emulation mode. (Reads CSN/UID only).
  • Generic reader device for ISO14443-4 smartcards
  • Generic ISO14443-4 A card emulation device
  • Read NFC Forum specified tags (Mifare Classic/DESFire/Ultralight, Sony Felica, and more)
    …and more…

(*Availability of any particular service might require support by the relevant service provider. Also, the service provider might need to have some kind of application available that you can download on your mobile phone, and use as a payment token.)

Can you use NFC features in own applications?

Yes, the 6212 can run Java MIDlets, and supports the JSR257 Contactless Communication API.
Applications can register to handle tag data by type. Phone reads tag and determines if/what app to launch (Applications registers in the “PushRegistry” what tags it wants to handle)

What tags can 6212 read out of the box?

If no Java application is running, the phone tries to handle content using it’s built in native NFC app.
The native NFC application can detect NDEF “Smart Poster” formatted tags. Here is what happends when the native NFC support detect an unsupported tag:
Other tags can be read by using custom Java Applications that are started manually or registered in the PushRegistry to start when a specific tag is detected.

Can the 6212 read ISO15693 tags?

No, the NFC controller inside 6212 (NXP PN512) does not support the ISO15693 standard. The NFCIP-2 recognizes that ISO15693 tags exists, but there is nothing in the NFC specs that says NFC devices must support reading 15693 tags. However the new NXP PN544 controller will add support for ISO15693. It remains to be seen if Nokia will make it possible to use this feature through their JSR257 extensions.

How do you install applications on the 6212’s smartcard emulator?

The smartcard emulator is called a “Secure Element”. The SE in 6212 is a NXP chip with JavaCard OS and GlobalPlatform support. The OS is provided by Giesecke & Devrient. In addition to the JavaCard, the chip also supports Mifare 4k emulation. In order to install applications on to the JavaCard you need to use the Global Platform application (also called the Card Manager). This application is pre-installed in the JavaCard, and is responsible for installing and deleting other applications on the card. The Card Manager is protected by encryption keys, and these encryption keys are only known to a Trusted Party. If your bank wants to install a VISA card on your NFC phone, that bank has to sign agreements with a Trusted Service Manager (TSM). The VISA application will then be transferred in encrypted form from the Trusted Party to the Secure Element. This is called a trusted provisioning path. So, in the phones default state, you cannot install your own applications on the SE. However there is an Unlock Midlet available from Nokia that resets the keys on the SE to default keys. However, this unlock operation is permanent, and you will not be able to install official credit card applications etc on to the SE after it has been unlocked.


Here are a few clips demonstating some usecases for NFC enabled phones:


The 6212 has some problems reading cards like MiFare DESFire and generic ISO14443-4 cards when the card is held agains the back side of the phone. However, this works quite well when holding the card against the front side of the phone.

What’s in inside a NFC phone?

See this excellent diagram by Enrique Ortiz:

What’s next?

The Nokia 6212 Classic might be the last phone from Nokia with a dedicated Secure Element. In the new model 6216, the SIM card will act as the Secure Element, and content providers must sign agreements with the mobile carrier (since they own the SIM cards), in order to install applets on to the SIM.