I need to read multiple blocks of the ST25DV64K-I. What is the command sequence?

Saltr.1 · ‎2022-05-09

I am using a PN7150 with ISO 15693, and the resulting sequence is :

0x00,0x00,0x07, 0x21, 0x30, 0xB6, 0x1D, 0x00, 0xB2, 0x00

first 3 bytes written on the nxpNci level, then my message.

I want to read some blocks, in particular I would like to read all the memory.

JL. Lebon · ‎2022-05-17

Hello,

"could you confirm that there is no password or anything to access the memory in raw mode after address 255?"

-> by default, there is not, but you may have set-up on. If it is read protected you would receive and error (0x01, 0x0F). So I think this is not your case.

"If I send this sequence 0x02, 0x30, 0x07, 0xFF, the result is reading block 255, it doesn't read addresses more than 255."

-> Please read carefully my first post (you can also read the datasheet, it is explained there): the block address is transmitted LSB Byte first. So to read block 0x07FF, your command must be 0x02, 0x30, 0xFF, 0x07. With command 0x02, 0x30, 0x07, 0xFF your are trying to read block 0xFF07, which does not exist.

"in my case {0x22, 0x33,0x7C, 0x4A, 0x52, 0x04, 0x00, 0x27, 0x02, 0xE0, 0xFF, 0x07} (keep in mind that as NCI specification PN7120 appends the appropriate CRC, SOF and EOF)"

-> You miss 2 bytes in this command: you must have

1 byte Request flags: 0x22 -> OK
1 byte Command code: 0x33 -> OK
8 byte UID: 0x7C, 0x4A, 0x52, 0x04, 0x00, 0x27, 0x02, 0xE0 -> OK
2 byte block number: 0xFF, 0x07 -> OK (this will read the whole memory, I'm pretty sure your reader will not support the length of the answer)
2 bytes block address: missing -> KO

Best regards.

View solution in original post

JL. Lebon · ‎2022-05-10

Hello,

If you want to read all the ST25DV64K in one command, it is possible by using the Extended Read Multiple Block command.

The ISO15693 command to be sent to the ST25DV64K would be 0x02 0x33 0x00 0x00 0xFF 0x07. To this, you have to add the 2 bytes of CRC. The first Byte (0x02) is the request_flags byte and may be adapted to your need. 0x33 is the command code. 0x00 0x00 are the 2 bytes of first block address (LSB Byte first). And 0xFF 0x07 are coding the number of blocks (LSB Byte first).

I don't know the NCI command for the PN7150 to encapsulate this ISO command, and the PN7150 is probably not capable of receiving a response of 8192 Bytes long (the full memory of the ST25DV64K).

Someone on this forum could have help you if you had used an ST25R reader, for sure 🙂

Best regards.

Saltr.1 · ‎2022-05-10

Hello,

Do I have to set any particular configuration to have access to the extended commands?

The thing is that I can use the read and write for 1 byte using 0x20 and 0x21 as commands, but when I try to use the extension the ST25DV64K-I does not recognize it.

JL. Lebon · ‎2022-05-10

Hello,

There is nothing special to do in the ST25DV64K to support the extended commands. It is natively supported. When the ST25DV64K receive a command with code 0x30, 0x31, 0x32, 0x33 or 0x34, it is automatically identified by the tag as the corresponding extended command. Of course, the reader must send the correct payload of the corresponding command (commands code and payload are all described in the St25DV64K datasheet in chapter "7.6 RF commands")

With the read single block command (0x20) and write single block command (0x21) you will have access only to the first 256 blocks of the tag's memory. Extended commands are required to access beyond block 255.

Best regards.

Saltr.1 · ‎2022-05-16

Hello,

could you confirm that there is no password or anything to access the memory in raw mode after address 255?

If I send this sequence 0x02, 0x30, 0x07, 0xFF, the result is reading block 255, it doesn't read addresses more than 255.

Best regards.

Saltr.1 · ‎2022-05-16

if I try to read with the Extended read Multiple Blocks, which is :

request flags: 8 bits
30h
UID( when address_flag = 1): 64 bits
first block number: 16 bits
Number of blocks: 16 bits
in my case {0x22, 0x33,0x7C, 0x4A, 0x52, 0x04, 0x00, 0x27, 0x02, 0xE0, 0xFF, 0x07} (keep in mind that as NCI specification PN7120 appends the appropriate CRC, SOF and EOF)
The result is that the NFC reads block 124, which is the 0x7C of the UID.

JL. Lebon · ‎2022-05-17

Hello,

"could you confirm that there is no password or anything to access the memory in raw mode after address 255?"

-> by default, there is not, but you may have set-up on. If it is read protected you would receive and error (0x01, 0x0F). So I think this is not your case.

"If I send this sequence 0x02, 0x30, 0x07, 0xFF, the result is reading block 255, it doesn't read addresses more than 255."

-> Please read carefully my first post (you can also read the datasheet, it is explained there): the block address is transmitted LSB Byte first. So to read block 0x07FF, your command must be 0x02, 0x30, 0xFF, 0x07. With command 0x02, 0x30, 0x07, 0xFF your are trying to read block 0xFF07, which does not exist.

"in my case {0x22, 0x33,0x7C, 0x4A, 0x52, 0x04, 0x00, 0x27, 0x02, 0xE0, 0xFF, 0x07} (keep in mind that as NCI specification PN7120 appends the appropriate CRC, SOF and EOF)"

-> You miss 2 bytes in this command: you must have

1 byte Request flags: 0x22 -> OK
1 byte Command code: 0x33 -> OK
8 byte UID: 0x7C, 0x4A, 0x52, 0x04, 0x00, 0x27, 0x02, 0xE0 -> OK
2 byte block number: 0xFF, 0x07 -> OK (this will read the whole memory, I'm pretty sure your reader will not support the length of the answer)
2 bytes block address: missing -> KO

Best regards.

Saltr.1 · ‎2022-05-17

Hello,

I found the solution. I was missing some bytes. Thank you.