cancel
Showing results for 
Search instead for 
Did you mean: 

St25R95 library

thompeters2004
Associate II

Hi,

I have successfully ported the ST25R95 library from STMicroelectronics to my own microcontroller, an nRF52832. I am now trying to read the payload of an NFC-A Passive ISO-DEP device with the UID: 5F471DC2783A8E.

In the polling_demo.c file, I see the function demoAPDU. I would like to use this function to read the payload, which contains Bluetooth Out of Band (OOB) data and a key. My goal is to use this for BLE NFC pairing. Can someone assist me with this?

Here is the payload:

a0202548-2a5f-45a5-9c62-5ce03576fe08.jpg

This discussion has been locked for participation. If you have a question, please start a new topic in order to ask your question
1 ACCEPTED SOLUTION

Accepted Solutions
Brian TIDAL
ST Employee

Hi

on my side with your record, I have the following decoding where the LE Device address is displayed:

Record #1
Bluetooth:
Type: 0x11
Device Address: (length 0)
EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
[0000] 04 | . |
EIR ClassUUID16_partial: None
EIR ClassUUID16: None
EIR ClassUUID32_partial: None
EIR ClassUUID32: None
EIR ClassUUID128_partial: None
EIR ClassUUID128: None
EIR Short Local Name: None
EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
[0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
[0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
[0010] 6E 67 | n g |
EIR TxPowerLevel: None
EIR Device Class: None
EIR SimplePairingHash: None
EIR SimplePairingRandomizer: None
EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
[0000] F2 D2 C4 3C 54 16 D9 D7 | . . . < T . . . |
[0008] BB 1E 1E 1F 94 3F F0 E6 | . . . . . ? . . |
EIR Security Manager Flags: None
EIR SlaveConnIntervalRange: None
EIR ServiceSolicitation16: None
EIR ServiceSolicitation128: None
EIR ServiceData: None
EIR Appearance: (EIR length: 0x04, EIR type: 0x19) (length 2)
[0000] 00 00 | . . |
EIR LE Device Address: (EIR length: 0x09, EIR type: 0x1B) (length 7)
[0000] E1 33 AD 66 0D F3 01 | . 3 . f . . . |
EIR Role: (EIR length: 0x03, EIR type: 0x1C) (length 1)
[0000] 00 | . |
EIR Secure Connection Confirmation Value: (EIR length: 0x12, EIR type: 0x22) (length 16)
[0000] E5 A6 B2 7F FA 99 C4 1E | . . . . . . . . |
[0008] 96 B7 FD CA D1 F1 A6 29 | . . . . . . . ) |
EIR Secure Connection Random Value: (EIR length: 0x12, EIR type: 0x23) (length 16)
[0000] 9B 8C 90 7A 4B E3 F0 50 | . . . z K . . P |
[0008] CC C2 9D 43 0D 44 77 CF | . . . C . D w . |
EIR Manufacturer Data: None
nbUUID16: 0
nbUUID32: 0
nbUUID128:0
nbServiceSolicitation16: 0x00
nbServiceSolicitation128:0x00
Operation completed

I believe your decoding or ndef_dump functions are old. Which package and which version have you used? With a debugger, set a breakpoint in ndefBluetoothDump() and check the value of type->data.bluetooth.eir[0]. It should contain the first EIR (in your case, the LE Device Address element)

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

4 REPLIES 4
Ulysses HERNIOSUS
ST Employee

Hi, 

 

I would look at ST25 embedded NFC lib which has examples for NDEF reading inside its ndef_rw_ demo (main logic triggered by file ndef_demo.c). The package for ST25R95 is STSW-ST25R017.

 

BR, Ulysses

Brian TIDAL
ST Employee

Hi,

as explained inside your previous post, you should use ndef_demo.c rather than demo_polling.c to read the NDEF from a tag (this is available from X-CUBE-NFC3 or from  STSW-ST25R017 package).

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Hi,

I am now able to read the NDEF message, but I don’t get a Bluetooth address. Does anyone know how to fix this? Here is the output I’m getting:

NFC-A Passive ISO-DEP device found. UID: 5F471DC2783A8E
READ/WRITE NDEF detected.
Decoding NDEF message:

Record #1
Flat payload (length 13):
[0000] 15 C1 02 00 00 00 04 61 | . . . . . . . a |
[0008] 63 01 01 30 00 | c . . 0 . |

Record #2
Bluetooth:

  • Type: 0x11
  • Device Address: (length 0)
  • EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
    [0000] 04 | . |
  • EIR ClassUUID16_partial: None
  • EIR ClassUUID16: None
  • EIR ClassUUID32_partial: None
  • EIR ClassUUID32: None
  • EIR ClassUUID128_partial: None
  • EIR ClassUUID128: None
  • EIR Short Local Name: None
  • EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
    [0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
    [0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
    [0010] 6E 67 | n g |
  • EIR TxPowerLevel: None
  • EIR Device Class: None
  • EIR SimplePairingHash: None
  • EIR SimplePairingRandomizer: None
  • EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
    [0000] 3A 32 40 F7 9B CF 65 84 | : 2 @ . . . e . |
    [0008] E8 AB C3 5B B4 15 DD D7 | . . . [ . . . . |
  • EIR Security Manager Flags: None
  • EIR SlaveConnIntervalRange: None
  • EIR Service Solicitation: None

Any guidance would be appreciated. Thanks!

Brian TIDAL
ST Employee

Hi

on my side with your record, I have the following decoding where the LE Device address is displayed:

Record #1
Bluetooth:
Type: 0x11
Device Address: (length 0)
EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
[0000] 04 | . |
EIR ClassUUID16_partial: None
EIR ClassUUID16: None
EIR ClassUUID32_partial: None
EIR ClassUUID32: None
EIR ClassUUID128_partial: None
EIR ClassUUID128: None
EIR Short Local Name: None
EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
[0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
[0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
[0010] 6E 67 | n g |
EIR TxPowerLevel: None
EIR Device Class: None
EIR SimplePairingHash: None
EIR SimplePairingRandomizer: None
EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
[0000] F2 D2 C4 3C 54 16 D9 D7 | . . . < T . . . |
[0008] BB 1E 1E 1F 94 3F F0 E6 | . . . . . ? . . |
EIR Security Manager Flags: None
EIR SlaveConnIntervalRange: None
EIR ServiceSolicitation16: None
EIR ServiceSolicitation128: None
EIR ServiceData: None
EIR Appearance: (EIR length: 0x04, EIR type: 0x19) (length 2)
[0000] 00 00 | . . |
EIR LE Device Address: (EIR length: 0x09, EIR type: 0x1B) (length 7)
[0000] E1 33 AD 66 0D F3 01 | . 3 . f . . . |
EIR Role: (EIR length: 0x03, EIR type: 0x1C) (length 1)
[0000] 00 | . |
EIR Secure Connection Confirmation Value: (EIR length: 0x12, EIR type: 0x22) (length 16)
[0000] E5 A6 B2 7F FA 99 C4 1E | . . . . . . . . |
[0008] 96 B7 FD CA D1 F1 A6 29 | . . . . . . . ) |
EIR Secure Connection Random Value: (EIR length: 0x12, EIR type: 0x23) (length 16)
[0000] 9B 8C 90 7A 4B E3 F0 50 | . . . z K . . P |
[0008] CC C2 9D 43 0D 44 77 CF | . . . C . D w . |
EIR Manufacturer Data: None
nbUUID16: 0
nbUUID32: 0
nbUUID128:0
nbServiceSolicitation16: 0x00
nbServiceSolicitation128:0x00
Operation completed

I believe your decoding or ndef_dump functions are old. Which package and which version have you used? With a debugger, set a breakpoint in ndefBluetoothDump() and check the value of type->data.bluetooth.eir[0]. It should contain the first EIR (in your case, the LE Device Address element)

Rgds

BT

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.