Mifare Classic - Unknown Command - nfc

I'm simulating a Mifare Classic (1K) tag, and following the o ISO/IEC 14443 Type A protocol.
I could not found any information about what should be a proper response in case of receiving an unknown command from the reader (the reader supports other protocols).
Should I respond with an invalid operation NAK? Should I just ignore the command?

Mifare Classic EV1 datasheet ยง9.3 suggests Invalid operations should return 4h as response. It's quite unclear to me wether undefined commmands should be considered Invalid operations. I don't have a MFC EV1 at hand to test on. In my experience older MFCs simply do not answer to erroneous commands, though.

Related

Relation between APDU and higher level NFC protocols (such as ISO 14443-3A)?

I started reading into the topic of NFC/Smartcard-Communication and I found many different standards and commands depending on the Tag type (for example see here)
I also came across the APDU-commands which seem universal to the communication of nfc/smartcards?
Does this mean, that these higher level protocols are all based on apdu and can be translated?
As an example, I found NFC 14443-A commands implemented with the android.nfc.tech.NfcA library, such as:
Action
Byte
Read
0x30
Write
0xA2
And APDU commands like these:
Action
CLA
INS
P1
P2
LC
READ BINARY
0xFF
0xB0
...
...
...
UPDATE BINARY
0xFF
0xD6
...
...
...
GET DATA
0xFF
0xCA
...
...
...
MIFARE CLASSIC READ
0xFF
0xF3
...
...
...
MIFARE CLASSIC WRITE
0xFF
0xF4
...
...
...
The commands seem to be completely different.
It would also help alot, if someone could point to good documentation on the topic
Documentation I have found so far:
The Android documentation on nfca (Link)
APDU description on wikipedia Link
(The german version contains some return codes)
APDU commands (by a card-reader manufacturer) Link
You have it a bit wrong, 14443-3A is lower level that APDU's which come from the higher level ISO 7816 protocol.
But the Byte's ( 0x30 and 0xA2) you reference as NFC 14443-A are not from NFC 14443-A but look like vendor specific Mifare Ultralight protocol commands which are again above NFC 14443-A
There is also a complication and probably the reason you are confused with APDU's you listed according to the ISO 7816 spec, all the APDU's you specified have a CLA of 0xFF are "invalid".
The reason for this is that a USB readers also use ISO 7816 for the host CPU to talk the NFC chip to work mainly with NFC Type 4 Tags, because 0xFF are invalid for ISO 7816 the reader uses them for other non ISO 7816 things the NFC chip can do, e.g. communicate to non standard Mifare classic commands, turn on/off the LED's on the USB reader, etc
So really CLA's of 0xFF are just a way to wrap other commands.
Or in a rough pictorial form
I would read as much of the Standard specification documents shown in the Stackoverflow you linked to and I wrote. There are a lot of specifications used/part used
I know that they are really pay for items but they are out there on the Internet.
e.g.
http://www.emutag.com/iso/14443-3.pdf
http://www.emutag.com/iso/14443-4.pdf
For the higher level NDEF stuff https://github.com/haldean/ndef/tree/master/docs
For the Various NFC Forum Standards
Google Index of the 4 Types

Im not understand how read JSON file from NFC tag using MFRC522

Im trying read data from NFC tag using MFRC522. I can read ID, SAK, ATQA ,ATS, but im not understand how read blocks data from tag and file JSON.interested in a simple sequence of commands performing a given task.
I have NFC type 4A Mifare plus.Reading ID is performed using functions Anticollision and Select.
According to the Mifare Plus datasheet just Transceive as you would do a a Mifare Classic 1/4K whose datasheet Section 12 says Transceive 30h00h to read block 0
As you don't specify how you are connecting to the MFRC522 and with what language, but you can read the ID, etc you must be familiar in sending commands like Transceive to it and getting data back.
How a JSON file is stored in the blocks is specific to your implementation (though it could be a propriety encoding of NDef only you will know by looking at it)

Difference between 'Direct Transmit Command' (ACR122U) and 'PC_to_RDR_Escape' (ACR1251U)

With an ACR122U I know you can transmit direct messages to the NFC controller (PN532) by using the direct transmit command: 0xff 0x00 0x00 0x00....
When I read the manual of the ACR1251U it say: The reader's peripherals control commands are implemented by using the PC_to_RDR_Escape.
What does this exacly mean? Does this mean it isn't possible to send direct messages to the NFC controller? If it is possible, where can you find which NFC controller it use?
Any information is welcome!
Thanks in advance.
The "direct transmit command" is an APDU format that permits you to send native commands to the PN532 NFC controller embedded in the ACR122U reader device. So this basically defines the wrapping to fit native commands into the APDU-based protocol that you talk to the reader over PC/SC (& CCID):
0xFF 0x00 0x00 0x00 <Lc> <DATA>
where <DATA> is actually a command for the PN532.
PC_to_RDR_Escape is the CCID message (device class/protocol that is spoken over USB) that is invoked by the PC/SC stack when you send an escape command. For instance, if you use the Java SmartcardIO API's Card.transmitControlCommand() method, the PC/SC stack will send a PC_to_RDR_Escape message over USB. THe reader answers this message with a RDR_to_PC_Escape response.
Similarly if you use the method CardChannel.transmit() method, this cause the PS/SC stack to issue one (or more?) PC_to_RDR_XfrBlock messages over USB.
As you found out in this answer, it seems as if you would use the APDU format of the "direct transmit command" for both command exchange methods.
Whether you need to use the escape command or the transmit command seems to depend on the firmware version of the reader. For instance, for firmware version 101, 102 (and 103?) you would typically only need the transmit command, but the next generation versions (2xx) seem to prefer/require (if they don't emulate an ATR) the escape command approach.

Formatting Modbus requests in ruby

I have a modbus device I am trying to communicate with using an ethernet to RS485 device. I'm not sure whether the device uses modbus ASCII or RTU.
I am trying to format a request to a device with address 1. The command code is 11h. I'm not sure I'm formatting the request properly
Here is the string I am using for ASCII - ":010B000000000C\x0D\x0A"
Here is the hex I'm using for RTU: "\x01\x0B\x00\x00\x00\x00\x0B\xA4"
When I send this command it is echoed back but I'm not getting responses. I've been through the modbus documentation and I think I have the correct byte structure. I'm wondering if I'm encoding it right for ruby?
It turned out my ethernet to RS485 device wasn't capable of the correct timing for modbus. Once I purchased a new unit the ascii strings worked.
Are you sure the checksum should be written in pure bytes, not in ASCII? I mean, try to send :010B000000000C0D0A instead of :010B000000000C\x0D\x0A.
Also, you wrote that the command is 11h - for my understanding it is 0x11 (hex), and you are sending 0x0B. Or the command is 11 (dec)?

NFC - New Ntag21X

I'm attempting to start coding for the new NTAG21X due to be released by the end of the year. There is very limited information available regarding the new tags. Only released to partners :-(
I'm trying to figure out how to use:
password protection on the tag. Will this be a key stored in one of the sectors and how will you go about reading NDEF? Do you pass the password to read?
originality signature. Will it be a sector as on Mifare where you write key and lock the page(s) to protect.
NTAG21x is (will be) a NFC Forum Type 2 Tag (T2T) device, like NTAG203 (hence the "2" in the names). You can expect accessing functionality will be similar to standard T2T (and MIFARE Ultralight) read/write commands (so no MIFARE Classic sectors). Reading of NDEF shall be according to the T2T spec, so no password required. Write protect could be possible (similar to MIFARE Ultralight C).

Resources