STSW-ST25RFAL002 - card emulation mode stalled state

pagano.paganino · ‎2020-09-02

Hello,

using STSW-ST25RFAL002 to version 0x020200U (RFAL Current Version: v2.2.0) I encountered a problem in card emulation mode, practically the state machine remaine blocked on the RFAL_NFC_STATE_LISTEN_ACTIVATION state indefinitely rfal_nfc.c: 518 the rfalNfcListentivation() function always return ERR_BUSY.

This happened to me with several Android smartphones (with iPhone 2020 se no problem).

I solved it by adding this patch:

--- a/STSW-ST25RFAL002/source/rfal_nfc.c
+++ b/STSW-ST25RFAL002/source/rfal_nfc.c
@@ -516,6 +516,13 @@ void rfalNfcWorker( void )
 
         /*******************************************************************************/
         case RFAL_NFC_STATE_LISTEN_ACTIVATION:
+        if( platformTimerIsExpired( gNfcDev.discTmr ) )                           /* Check if the total duration has been reached */
+        {
+            rfalListenStop();
+            gNfcDev.state = RFAL_NFC_STATE_START_DISCOVERY;                       /* Restart the discovery loop */
+            rfalNfcNfcNotify( gNfcDev.state );                                    /* Notify caller             */
+            break;
+        }
         case RFAL_NFC_STATE_LISTEN_SLEEP:
 
             err = rfalNfcListenActivation();

If you have a better way of solving the problem I will be happy to apply it, I am not happy to have to bring patch to the third party library.

Thanks so much,

D.

Ulysses HERNIOSUS · ‎2021-04-21

Hi pagano.paganino,

in my exeriments the iPhone SE 2020 always opened the URI. However using Samsung Galaxy S21 I see an immediate hang.

SPI trace shows the interrupt is stopped to be handled at some point, afterwards IRQ is constant high and no more SPI traffic:

Zoomed in a bit more to see the last frames:

I would suspect damaged locking of SPI (platform(Un)Protect...(). I would assume that it depends on timing - if interrupt comes while an SPI transfer is ongoing. That's maybe why it is happening with the iPhone at your side but not at mine.

Regards, Ulysses

View solution in original post

Brian TIDAL · ‎2020-09-02

Hi,

we have also noticed this issue internally. The issue is inside the demoCE() state machine. Here is the proper fix for it (see lines 32, 33 and 34)

static void demoCE( rfalNfcDevice *nfcDev )
{
#if (defined(ST25R3916) || defined(ST25R95)) && RFAL_FEATURE_LISTEN_MODE
    
    ReturnCode err;
    uint8_t *rxData;
    uint16_t *rcvLen;
    uint8_t  txBuf[100];
    uint16_t txLen;
 
#if defined(ST25R3916)    
    demoCeInit( ceNFCF_nfcid2 );
#endif /* ST25R3916 */
    
    do
    {
        rfalNfcWorker();
        
        switch( rfalNfcGetState() )
        {
            case RFAL_NFC_STATE_ACTIVATED:
                err = demoTransceiveBlocking( NULL, 0, &rxData, &rcvLen, 0);
                break;
            
            case RFAL_NFC_STATE_DATAEXCHANGE:
            case RFAL_NFC_STATE_DATAEXCHANGE_DONE:
                
                txLen = ( (nfcDev->type == RFAL_NFC_POLL_TYPE_NFCA) ? demoCeT4T( rxData, *rcvLen, txBuf, sizeof(txBuf) ): demoCeT3T( rxData, *rcvLen, txBuf, sizeof(txBuf) ) );
                err   = demoTransceiveBlocking( txBuf, txLen, &rxData, &rcvLen, RFAL_FWT_NONE );
                break;
            
            case RFAL_NFC_STATE_START_DISCOVERY:
                return;
            
            case RFAL_NFC_STATE_LISTEN_SLEEP:
            default:
                break;
        }
    }
    while( (err == ERR_NONE) || (err == ERR_SLEEP_REQ) );
 
 
#else
    NO_WARNING(nfcDev);
#endif /* RFAL_FEATURE_LISTEN_MODE */
}

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

pagano.paganino · ‎2020-09-02

Hi,

I have tried your suggest with revert my patch but doasn't work for me.

Ulysses HERNIOSUS · ‎2020-09-16

Hi,

inside rfalNfcListenActivation() there is a call to rfalListenGetState(). Can you detail the current listen state, please?!

Also when being in that state, is the phone polling or in constant field-on? Can you cure the situation by removing the phone?

Regards, Ulysses

pagano.paganino · ‎2020-09-17

Hi,

the phone is constant field-on, removing the phone the situation remain stalled.

For rfalListenGetState details i answer you as soon as possible.

Regards,

D.

pagano.paganino · ‎2021-04-19

Hi Brian,

I have tried your suggest with revert my patch but doasn't work for me.

With iphone 2020 se your patch doasn't work.

Brian TIDAL · ‎2021-04-19

Hi,

So, it seems your issue is different from the one fixed by the patch provided. Can you provide some info about the current listen state (rfalListenGetState) and the return code of rfalNfcListenActivation?

Thanks

rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

pagano.paganino · ‎2021-04-19

Type [C-a] [C-h] to see available commands
Terminal ready
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
...
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
la: 2 lgs: 3 isDataRcvd: 0 bitRate: 0
...
la: 2 lgs: 3 isDataRcvd: 0 bitRate: 0
la: 37 lgs: 1 isDataRcvd: 0 bitRate: 255
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
...
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
la: 2 lgs: 3 isDataRcvd: 0 bitRate: 0
...
la: 2 lgs: 3 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 6 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 6 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 6 isDataRcvd: 1 bitRate: 0
la: 2 lgs: 7 isDataRcvd: 0 bitRate: 0
...
la: 2 lgs: 7 isDataRcvd: 0 bitRate: 0
la: 0 lgs: 7 isDataRcvd: 0 bitRate: 0
ERROR 23171 root APDU len: 1 packet: b'`'
la: 2 lgs: 12 isDataRcvd: 0 bitRate: 0
...
la: 2 lgs: 12 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 14 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 14 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 14 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 14 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 15 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 15 isDataRcvd: 0 bitRate: 0
la: 2 lgs: 15 isDataRcvd: 1 bitRate: 0
la: 2 lgs: 7 isDataRcvd: 0 bitRate: 0
...
la: 2 lgs: 7 isDataRcvd: 0 bitRate: 0
la: 0 lgs: 7 isDataRcvd: 0 bitRate: 0
DEBUG 23223 root applet switched to: b'\xa0\x00\x00\x06G'
<NFC> 23403 WTX
<NFC> 23453 WTX
<NFC> 23503 WTX
<NFC> 23553 WTX
la: 2 lgs: 12 isDataRcvd: 0 bitRate: 0
...
la: 2 lgs: 12 isDataRcvd: 0 bitRate: 0
la: 37 lgs: 1 isDataRcvd: 0 bitRate: 255
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
...
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
la: 37 lgs: 1 isDataRcvd: 0 bitRate: 255
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
...
la: 2 lgs: 2 isDataRcvd: 0 bitRate: 255
la: 2 lgs: 3 isDataRcvd: 0 bitRate: 0
...
la: 2 lgs: 3 isDataRcvd: 0 bitRate: 0

"..." is for hide line repetitions.

after

la: 2 lgs: 3 isDataRcvd: 0 bitRate: 0

there are only repetitions of this line and doasn't work for me.

Details:

STSW-ST25RFAL002/source/rfal_nfc.c:519

rfalBitRate bitRate;
bool isDataRcvd;
rfalLmState lmSt = rfalListenGetState( &isDataRcvd, &bitRate );
err = rfalNfcListenActivation();
printf("la: %d lgs: %d isDataRcvd: %d bitRate: %d\n", err, lmSt, isDataRcvd, bitRate);

Hi Brian,

this is the info about the current listen state (rfalListenGetState) and the return code of rfalNfcListenActivation.

Regards,

D.

Brian TIDAL · ‎2021-04-19

Hi,

Can you confirm that the Card Emulation properly run once (from Line 22 to line 46) and then after a field off (line 46) there is a second attempt but with no success?

Which phone has been used for this test?

Was the phone able to receive the data sent during Lin22-Line 46 phase?

On phone side, do you use standard NDEF reader application or proprietary application managing the NFC module? On Card Emulation side, do you use the demo_ce.c file provided within the X-CUBE-NFC06 package or your own application on top of rfal_nfc.c layer?

After line 56, if you remove the phone, do you see the rfalListenGetState returning 01 (=RFAL_LM_STATE_POWER_OFF)?

Thanks

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

pagano.paganino · ‎2021-04-19

Hi Brian,

Can you confirm that the Card Emulation properly run once (from Line 22 to line 46) and then after a field off (line 46) there is a second attempt but with no success?

yes

Which phone has been used for this test?

iPhone 2020 SE

Was the phone able to receive the data sent during Lin22-Line 46 phase?

Yes work correctly

On phone side, do you use standard NDEF reader application or proprietary application managing the NFC module?

I use safari browser at site: https://webauthn.io

On Card Emulation side, do you use the demo_ce.c file provided within the X-CUBE-NFC06 package or your own application on top of rfal_nfc.c layer?

I have started using X-CUBE-NFC06 package but modified for my use case (FIDO registration/authentication)

After line 56, if you remove the phone, do you see the rfalListenGetState returning 01 (=RFAL_LM_STATE_POWER_OFF)?

no, the execution continues indefinitely with line 56 repeated and nothing changes if I bring the phone closer.

Thanks,

D.