NFC0541 read Mifare Classic 1K

Addendum

With

    rfalNfcaTxRetry( ret, rfalTransceiveBlockingTxRx(&bufferTx[0], lenTx, &bufferRx[0], lenRxMax, &lenRx, RFAL_TXRX_FLAGS_CRC_TX_AUTO | RFAL_TXRX_FLAGS_CRC_RX_REMV | RFAL_TXRX_FLAGS_NFCIP1_OFF | RFAL_TXRX_FLAGS_AGC_ON | RFAL_TXRX_FLAGS_PAR_RX_REMV | RFAL_TXRX_FLAGS_PAR_TX_AUTO | RFAL_TXRX_FLAGS_NFCV_FLAG_AUTO, RFAL_NFCA_T_RETRANS), ((devLimit==0)?RFAL_NFCA_N_RETRANS:0), RFAL_NFCA_T_RETRANS );

instead of directly rfalTransceiveBlockingTxRx

the result is now

4 ERR_TIMEOUT

Olivier

Hi,

0x30 00 is a READ block number 0 command. It is a memory read operation on this tag.

Such tags require proprietary authentication before any memory operation except for some personalization (see datasheet from the manufacturer of these tags) . If you want to use such tags with the ST25R3911B reader, you will have to implement this proprietary authentication and the ciphering. See other posts on this topic in this forum. READ of the block 0 without authentication after selection is only possible with a specific personalization of such tag.

I would rather recommend to use fully compliant tags from the ST25 family such as ST25TA (Type 4A Tags) or fully compliant Type 2 Tags (i.e. tags not requiring proprietary stuff).

Rgds

BT

Dear Brian,

Thank you so much for your answer.

I wish I could use fully compliant cards but I can’t!

Thanks to correct me about the ‘30’ command.

It seems 60 instead of 30 would be more appropriate :

The error now is 21 which is a crc error.

I’ll switch to manual CRC and try to append the CRC to the txBuffer.

I hope I’ll get the expected answer in return : I expect a nonce which would mean the authentication process has begun.

Thanks again,

Best regards,

Olivier Bontron

Hi,

I would suggest to post questions regarding tag commands to the tag manufacturer community. Anyway, as far as I know 0x60 is not a read command but a Authentication command.

For your information, ERR_CRC means that the CRC of the rx frame is erroneous. It is not related to the tx frame.

Rgds

BT

Hi,

Ok, I'll handle the tag commands separately, thanks anyway for having provided guidance about the '30' issue.

TxBuf starts now with 60, 00 and then  I append manually the crc to the buffer. The flag is set to manual.

The tag command looks now very similar to what I found from the manufacturer when it comes to authentication.

At least, there is no CRC error any longer.

Now the error is '4 timeout'.

Before ending with a 4 timeout error, the logs tell :

The gRFAL.TxRx.state is 83 RFAL_TXRX_STATE_RX_WAIT_RXS

During rfalTransceiveRx, logs show that the case  RFAL_TXRX_STATE_RX_WAIT_RXS is processed,

during which it turns out that this condition is met :

 if( (irqs & ST25R3911_IRQ_MASK_NRE) && !(irqs & ST25R3911_IRQ_MASK_RXS)){

gRFAL.TxRx.status = ERR_TIMEOUT;

gRFAL.TxRx.state = RFAL_TXRX_STATE_RX_FAIL;

break;

}

It seems that's where the ERR_TIMEOUT comes from.

Would you know how to interpret this condition (irqs & ST25R3911_IRQ_MASK_NRE) && !(irqs & ST25R3911_IRQ_MASK_RXS)

and which corrective action to take ?

Is there a manual I should read first

Many thanks in advance.

Olivier Bontron

Hi Olivier,

timeout just means no response from the card. Absolutely normal if the card did not understand the reader request. For the previous content the card was replying = recognizing the command.

If you read about the weaknesses of these cards you will learn why the responses will not be recognized as a valid frame by the reader when using default transceive flags.

Regards, Ulysses

Addendum

The logs tell irqs = 16384 or 0x00004000

I have the ST25R3911B datasheet where terms like ST25R3911_IRQ_MASK_RXS can't be found, that's why I ask whether there is something else to read.

Best regards

Olivier

Hi,

ST25R3911_IRQ_MASK_RXS is the C macro to mask the I_rxs (start of receive) interrupt. Therefore ST25R3911_IRQ_MASK_RXS is not described in the Datasheet.

It is likely that your frame waiting time (FWT) is too short. I guess you are using RFAL_NFCA_FDTMIN whereas the tag you are using may send its reply after tAck delay. Make sure to use rfalTransceiveBlockingTxRx with the appropriate FWT parameter in line with the maximun tAck value for each command (see the tag datasheet for the different max tAck value for different commands).

Rgds

BT

Dear Brian,

That's right, I am using RFAL_NFCA_FDTMIN.

I'll have a look at the tag datasheet.

Thanks for your answer

Best regards,

Olivier

Hi Brian,

Fwt : modified to rfalConvMsTo1fc(100) (N°1 below) and back to RFAL_NFCA_FDTMIN set to 16200 instead of 1620 (N°2 below).

Flags : used these flags that are not default flags :

    status = rfalTransceiveBlockingTxRx(&bufferTx[0], lenTx, &bufferRx[0], lenRxMax, &lenRx, RFAL_TXRX_FLAGS_PAR_TX_AUTO | RFAL_TXRX_FLAGS_CRC_TX_AUTO | RFAL_TXRX_FLAGS_CRC_RX_REMV | RFAL_TXRX_FLAGS_PAR_RX_KEEP, rfalConvMsTo1fc(100));

    status = rfalTransceiveBlockingTxRx(&bufferTx[0], lenTx, &bufferRx[0], lenRxMax, &lenRx, RFAL_TXRX_FLAGS_PAR_TX_AUTO | RFAL_TXRX_FLAGS_CRC_TX_AUTO | RFAL_TXRX_FLAGS_CRC_RX_REMV | RFAL_TXRX_FLAGS_PAR_RX_KEEP, RFAL_NFCA_FDTMIN);

In both cases, the log tells :

ERR_INCOMPLETE_BYTE                  = 40, /*!< Incomplete byte rcvd        */

The reason why I set the flag to RFAL_TXRX_FLAGS_CRC_RX_REMV is that the former Log was   ERR_CRC                              = 21, /*!< crc error */

I already mentioned this log and you said in your former post that this error refered to Rx, not Tx, so I tried to sort this out this way.

The situation now seems to be :

If the RX CRC is being kept : error since it is a wrong CRC

If the RX CRC is being removed (REMV) : error since byte is incomplete.

It's not the only possible explanation, maybe another expected content like PAR is missing.

Any thought?

Best regards,

Olivier