[ST25R95] How can I READ/WRITE ISO14443 type A

Jkim.7 · ‎2022-08-29

Hello, I want to ask how to read, write to tag using st25r95 as nfc reader.

The mcu used in my system is dsPIC33EP128GS805 and the target tag is NT3H2111 of NXP

https://community.st.com/s/question/0D53W000014zGpESAU/st25r95-data-read-and-write-problem-iso1443a

I refer to the above link as the content of the post is similar to my situation.

Below is what I have done.

protocol select [00 04 02 02 02 00], receive[00 00]
send REQA [00 04 02 26 07], receive[87 00 80 05 44 00 28 00 00]
send ANTICOLISION CL1 [00 04 03 93 20 08], receive[80 08 88 04 48 B1 75 28 00 00]
send SELECT cascade level 1 [00 04 08 93 70 88 04 48 B1 75 28]
send ANTICOLISION CL2 [00 04 03 95 20 08], receive[80 08 CA DF 56 80 C3 28 00 00]
send SELECT cascade level 2 [00 04 08 95 70 CA DF 56 80 C3 28]

Through the above process, I received the UID normally. It seems that the uprotected user memory can be accessed without authentication, but I couldn't find in the spec what the communication protocol with st25r95 is.

In the specification of the tag, the read command consists of cmd 0x30(1byte) and memory addr(1byte) and CRC(2byte). Can I put the configuration contents in the data area of the sendRecv protocol of st25r95?

there is any example of command related to type2 communication?

Thank you.

Brian TIDAL · ‎2022-08-29

Hi,

before sending the READ command after the anti collision and Select commands, make sure to configure the proper Frame Waiting Time. The default timeout value when not set in the protocolSelect is suited for anti collision but an higher value is needed for READ (5ms) command and WRITE command (usually 10ms in NFC Forum T2T specs). See Table 28 in the tag datasheet. You just need to send a new protocolSelect command before the READ command with the appropriate PP:MM:DD parameters (e.g. PP=0x00, MM=0x21, DD=0x00, FDT = 10ms).

See https://community.st.com/s/question/0D50X0000AFqKjkSQF/why-does-my-cr95hf-respond-with-0x87-timeout-or-no-tag-after-successfully-writing-to-a-ntag216-nfc-forum-type-2-compliant-tag for a similar issue and more details.

If this solves your issue, would you please mark this answer as best?

Thanks

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

Brian TIDAL · ‎2022-08-29

Hi,

before sending the READ command after the anti collision and Select commands, make sure to configure the proper Frame Waiting Time. The default timeout value when not set in the protocolSelect is suited for anti collision but an higher value is needed for READ (5ms) command and WRITE command (usually 10ms in NFC Forum T2T specs). See Table 28 in the tag datasheet. You just need to send a new protocolSelect command before the READ command with the appropriate PP:MM:DD parameters (e.g. PP=0x00, MM=0x21, DD=0x00, FDT = 10ms).

See https://community.st.com/s/question/0D50X0000AFqKjkSQF/why-does-my-cr95hf-respond-with-0x87-timeout-or-no-tag-after-successfully-writing-to-a-ntag216-nfc-forum-type-2-compliant-tag for a similar issue and more details.

If this solves your issue, would you please mark this answer as best?

Thanks

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Jkim.7 · ‎2022-08-29

Thank you for quick response. I will check it out as you said!

Jkim.7 · ‎2022-08-30

I tried the method you recommended by modifying the protocol select value before reading. But I couldn't read. :crying_face: (If I change the protocol setting before reading, the read bit is not set in the polling check after the tag read message, so no information can be read.)

Below is the sequence I tried and the values.

send protocol mode select [00 02 02 02 00]
receive protocol mode select response[00 00]
send REQA [00 04 02 26 07]
receive REQA response[80 05 44 00 28 00 00]
send anti collision cl1 [00 04 03 93 20 08]
receive anti collision cl1 response [80 08 88 04 48 B1 75 28 00 00]
send select cl1 [ 00 04 08 93 70 88 04 48 B1 75 28]
receive select c1 response [80 06 04 DA 17 08 00 00]
send anti collision cl2 [00 04 03 95 20 08]
receive anti collision cl2 response [80 08 CA DF 56 80 C3 28 00 00]
send select cl2 [00 04 08 95 70 CA DF 56 80 C3 28]
receive select cl2 response [80 06 00 FE 51 08 00 00]
send protocol mode select [00 02 04 02 00 21 00] -> I also tried the value(00 02 05 02 00 00 21 00) of the link you attached.
receive protocol mote select response [00 00]
send read commad -> I tested several values. 1. [00 03 30 01 28] // 2. [00 03 30 01 26 EE 28]
no answer...

Is there something wrong with the value sent to st25r95? or is there something I'm doing wrong?

Brian TIDAL · ‎2022-08-30

Hi,

make sure to use a sendRecv command: for example 00 04 03 30 01 28 for READ block 1

 00 04 03 30 01 28
 
                28
                ^^____  Transmission flags
                       (Append CRC, 8 bits in last bytes)
          30 01
          ^^ ^^________ T2T READ BLOCK 1
       03
       ^^______________ Length
    04
    ^^_________________ SendRecv command
 00
 ^^____________________ SPI	control byte (SPI send)

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Jkim.7 · ‎2022-08-30

Oh, I made a mistake!

Problem solved!