2024-11-14 01:04 AM
Hi,
I have successfully ported the ST25R95 library from STMicroelectronics to my own microcontroller, an nRF52832. I am now trying to read the payload of an NFC-A Passive ISO-DEP device with the UID: 5F471DC2783A8E.
In the polling_demo.c file, I see the function demoAPDU. I would like to use this function to read the payload, which contains Bluetooth Out of Band (OOB) data and a key. My goal is to use this for BLE NFC pairing. Can someone assist me with this?
Here is the payload:
Solved! Go to Solution.
2024-11-14 06:54 AM
Hi
on my side with your record, I have the following decoding where the LE Device address is displayed:
Record #1
Bluetooth:
Type: 0x11
Device Address: (length 0)
EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
[0000] 04 | . |
EIR ClassUUID16_partial: None
EIR ClassUUID16: None
EIR ClassUUID32_partial: None
EIR ClassUUID32: None
EIR ClassUUID128_partial: None
EIR ClassUUID128: None
EIR Short Local Name: None
EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
[0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
[0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
[0010] 6E 67 | n g |
EIR TxPowerLevel: None
EIR Device Class: None
EIR SimplePairingHash: None
EIR SimplePairingRandomizer: None
EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
[0000] F2 D2 C4 3C 54 16 D9 D7 | . . . < T . . . |
[0008] BB 1E 1E 1F 94 3F F0 E6 | . . . . . ? . . |
EIR Security Manager Flags: None
EIR SlaveConnIntervalRange: None
EIR ServiceSolicitation16: None
EIR ServiceSolicitation128: None
EIR ServiceData: None
EIR Appearance: (EIR length: 0x04, EIR type: 0x19) (length 2)
[0000] 00 00 | . . |
EIR LE Device Address: (EIR length: 0x09, EIR type: 0x1B) (length 7)
[0000] E1 33 AD 66 0D F3 01 | . 3 . f . . . |
EIR Role: (EIR length: 0x03, EIR type: 0x1C) (length 1)
[0000] 00 | . |
EIR Secure Connection Confirmation Value: (EIR length: 0x12, EIR type: 0x22) (length 16)
[0000] E5 A6 B2 7F FA 99 C4 1E | . . . . . . . . |
[0008] 96 B7 FD CA D1 F1 A6 29 | . . . . . . . ) |
EIR Secure Connection Random Value: (EIR length: 0x12, EIR type: 0x23) (length 16)
[0000] 9B 8C 90 7A 4B E3 F0 50 | . . . z K . . P |
[0008] CC C2 9D 43 0D 44 77 CF | . . . C . D w . |
EIR Manufacturer Data: None
nbUUID16: 0
nbUUID32: 0
nbUUID128:0
nbServiceSolicitation16: 0x00
nbServiceSolicitation128:0x00
Operation completed
I believe your decoding or ndef_dump functions are old. Which package and which version have you used? With a debugger, set a breakpoint in ndefBluetoothDump() and check the value of type->data.bluetooth.eir[0]. It should contain the first EIR (in your case, the LE Device Address element)
Rgds
BT
2024-11-14 01:10 AM
Hi,
I would look at ST25 embedded NFC lib which has examples for NDEF reading inside its ndef_rw_ demo (main logic triggered by file ndef_demo.c). The package for ST25R95 is STSW-ST25R017.
BR, Ulysses
2024-11-14 01:15 AM
Hi,
as explained inside your previous post, you should use ndef_demo.c rather than demo_polling.c to read the NDEF from a tag (this is available from X-CUBE-NFC3 or from STSW-ST25R017 package).
Rgds
BT
2024-11-14 01:31 AM - edited 2024-11-14 01:55 AM
Hi,
I am now able to read the NDEF message, but I don’t get a Bluetooth address. Does anyone know how to fix this? Here is the output I’m getting:
NFC-A Passive ISO-DEP device found. UID: 5F471DC2783A8E
READ/WRITE NDEF detected.
Decoding NDEF message:
Record #1
Flat payload (length 13):
[0000] 15 C1 02 00 00 00 04 61 | . . . . . . . a |
[0008] 63 01 01 30 00 | c . . 0 . |
Record #2
Bluetooth:
Any guidance would be appreciated. Thanks!
2024-11-14 06:54 AM
Hi
on my side with your record, I have the following decoding where the LE Device address is displayed:
Record #1
Bluetooth:
Type: 0x11
Device Address: (length 0)
EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
[0000] 04 | . |
EIR ClassUUID16_partial: None
EIR ClassUUID16: None
EIR ClassUUID32_partial: None
EIR ClassUUID32: None
EIR ClassUUID128_partial: None
EIR ClassUUID128: None
EIR Short Local Name: None
EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
[0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
[0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
[0010] 6E 67 | n g |
EIR TxPowerLevel: None
EIR Device Class: None
EIR SimplePairingHash: None
EIR SimplePairingRandomizer: None
EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
[0000] F2 D2 C4 3C 54 16 D9 D7 | . . . < T . . . |
[0008] BB 1E 1E 1F 94 3F F0 E6 | . . . . . ? . . |
EIR Security Manager Flags: None
EIR SlaveConnIntervalRange: None
EIR ServiceSolicitation16: None
EIR ServiceSolicitation128: None
EIR ServiceData: None
EIR Appearance: (EIR length: 0x04, EIR type: 0x19) (length 2)
[0000] 00 00 | . . |
EIR LE Device Address: (EIR length: 0x09, EIR type: 0x1B) (length 7)
[0000] E1 33 AD 66 0D F3 01 | . 3 . f . . . |
EIR Role: (EIR length: 0x03, EIR type: 0x1C) (length 1)
[0000] 00 | . |
EIR Secure Connection Confirmation Value: (EIR length: 0x12, EIR type: 0x22) (length 16)
[0000] E5 A6 B2 7F FA 99 C4 1E | . . . . . . . . |
[0008] 96 B7 FD CA D1 F1 A6 29 | . . . . . . . ) |
EIR Secure Connection Random Value: (EIR length: 0x12, EIR type: 0x23) (length 16)
[0000] 9B 8C 90 7A 4B E3 F0 50 | . . . z K . . P |
[0008] CC C2 9D 43 0D 44 77 CF | . . . C . D w . |
EIR Manufacturer Data: None
nbUUID16: 0
nbUUID32: 0
nbUUID128:0
nbServiceSolicitation16: 0x00
nbServiceSolicitation128:0x00
Operation completed
I believe your decoding or ndef_dump functions are old. Which package and which version have you used? With a debugger, set a breakpoint in ndefBluetoothDump() and check the value of type->data.bluetooth.eir[0]. It should contain the first EIR (in your case, the LE Device Address element)
Rgds
BT