Topic: iso14443-A card emulation

Hello,
I'm trying to emulate an iso14443-A card with a PN533 motherboard using lib nfc 1.7.0.
The strucuture I filled for the initiation is :
----------------------------------------------------
  nfc_target nt = {
    .nm = {
      .nmt = NMT_ISO14443A,
      .nbr = NBR_106,
    },
    .nti = {
      .nai = {
        .abtAtqa = { 0x00, 0x02 },
        .abtUid = { 0x08, 0x01, 0x02, 0x03 },
        .btSak = 0x20,
        .szUidLen = 4,
        .szAtsLen = 5,
        .abtAts = { 0x75, 0x77, 0x81, 0x02 , 0x80},
      },
    },
  };
--------------------------------------------------------

When the programme is launched, the Pn533 is detected as a Type A card during 1s then the terminal doesn't detect any card.
This is the result :
NFC device: NXP / PN533 opened
Init ok RecvBits : 2
[+] Received initiator command: e0  50 
[+] Configuring communication
R: c2

The communication is not done so i can't send Apdus from the terminal.

Anyone knows what could be the problem?

Thanks

Re: iso14443-A card emulation

Hello,
It would be easier with a complete trace (LIBNFC_LOG_LEVEL=3)
From what I see your emulator receives a RATS from the terminal (e0 50).
Do you reply to this RATS with an ATS?

Phil

Re: iso14443-A card emulation

Hello,

How do i modify the LIBNFC_LOG_LEVEL, and where the traces are saved ?
I receive the RATS from the terminal, but isnt the reply ATS already done by the function nfc_target_init as the structure nfc_target nt  contains the ATS ?

Thanks for your help

Re: iso14443-A card emulation

LIBNFC_LOG_LEVEL is just an environment variable.
Trace will go to stderr.

Re: iso14443-A card emulation

I modified the LIBNFC_LOG_LEVEL.
I compiled the program nfc-emulate-tag.c to emulate a type A card.

I modified the structure, btSak = 0x20 to be iso14443 compliant :
  nfc_target nt = {
    .nm = {
      .nmt = NMT_ISO14443A,
      .nbr = NBR_UNDEFINED,
    },
    .nti = {
      .nai = {
        .abtAtqa = { 0x00, 0x04 },
        .abtUid = { 0x08, 0xab, 0xcd, 0xef },
        .btSak = 0x20,
        .szUidLen = 4,
        .szAtsLen = 0,
      },
    },
  };

This strcuture is supposed to enable the communication 14443-3 ? As it contains the ATQA and the SAK ?
I want to send APDUs with a terminal and receive them from the device.
When i put the device near a terminal (ACR 122) i have the following results :
ISO/IEC 14443A (undefined baud rate) target:
    ATQA (SENS_RES): 00  04 
* UID size: single
* bit frame anticollision supported
       UID (NFCID3): 08  ab  cd  ef 
* Random UID
      SAK (SEL_RES): 20 
* Compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 3
* MIFARE Plus (4 Byte UID or 4 Byte RID) 4K, Security level 3
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
NFC device (configured as target) is now emulating the tag, please touch it with a second NFC device (initiator)
    In: e0  50 
    Out: 01 
nfc_target_send_bytes: Not (yet) Implemented
nfc_target_emulate_tag: Not (yet) Implemented

What are these errors ?

Then i replaced nfc_target_send_bytes by nfc_target_send_bits and changed the sizeof() * 8 :
      if (nfc_target_send_bits(dev, abtTx, szTx*8, 0) < 0) {
        nfc_perror(dev, "nfc_target_send_bits");
        return false;
      }

After execution i have the results :

ISO/IEC 14443A (undefined baud rate) target:
    ATQA (SENS_RES): 00  04 
* UID size: single
* bit frame anticollision supported
       UID (NFCID3): 08  ab  cd  ef 
* Random UID
      SAK (SEL_RES): 20 
* Compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
                ATS: 75  77  81  02  80 
* Max Frame Size accepted by PICC: 64 bytes
* Bit Rate Capability:
  * PICC to PCD, DS=2, bitrate 212 kbits/s supported
  * PICC to PCD, DS=4, bitrate 424 kbits/s supported
  * PICC to PCD, DS=8, bitrate 847 kbits/s supported
  * PCD to PICC, DR=2, bitrate 212 kbits/s supported
  * PCD to PICC, DR=4, bitrate 424 kbits/s supported
  * PCD to PICC, DR=8, bitrate 847 kbits/s supported
* Frame Waiting Time: 77.33 ms
* Start-up Frame Guard Time: 0.6041 ms
* Node Address not supported
* Card IDentifier supported
* Historical bytes Tk: 80 
  * No COMPACT-TLV objects found, no status found

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 3
* MIFARE Plus (4 Byte UID or 4 Byte RID) 4K, Security level 3
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
NFC device (configured as target) is now emulating the tag, please touch it with a second NFC device (initiator)
    In command: e0  50 
    Out: 06  75  77  81  02  80 
nfc_target_receive_bits: Timeout
nfc_target_emulate_tag: Timeout

What are these new errors ?

Thanks

Re: iso14443-A card emulation

Here is the trace log :
NFC device (configured as target) is now emulating the tag, please touch it with a second NFC device (initiator)
debug    libnfc.chip.pn53x    ReadRegister
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 0c f4 d4 06 63 02 63 03 63 0d 63 38 63 3d b0 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 08 f8 d5 07 00 80 80 00 15 00 0f 00
debug    libnfc.chip.pn53x    RFConfiguration
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 04 fc d4 32 01 00 f9 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 02 fe d5 33 f8 00
debug    libnfc.chip.pn53x    ReadRegister
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 06 fa d4 06 63 38 63 3d eb 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 05 fb d5 07 00 10 00 14 00
debug    libnfc.chip.pn53x    SetParameters
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 03 fd d4 12 10 0a 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 02 fe d5 13 18 00
debug    libnfc.chip.pn53x    ReadRegister
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 04 fc d4 06 63 05 be 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 04 fc d5 07 00 00 24 00
debug    libnfc.chip.pn53x    PN53X_REG_CIU_TxAuto (Controls the settings of the antenna driver)
debug    libnfc.chip.pn53x    WriteRegister
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 05 fb d4 08 63 05 04 b8 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 03 fd d5 09 00 22 00
debug    libnfc.chip.pn53x    TgInitAsTarget
debug    libnfc.chip.pn53x    No timeout
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 28 d8 d4 8c 01 44 03 ab cd ef 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 80 50 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 05 fb d5 8d 00 e0 50 6e 00
    In: e0  50 
    Out: 06  75  77  81  02  80 
debug    libnfc.chip.pn53x    TgResponseToInitiator
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 08 f8 d4 90 06 75 77 81 02 80 a7 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 03 fd d5 91 00 9a 00
debug    libnfc.chip.pn53x    TgGetInitiatorCommand
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 02 fe d4 88 a4 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
nfc_target_receive_bits: Timeout
nfc_target_emulate_tag: Timeout
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    InRelease
debug    libnfc.driver.pn53x_usb    TX: 00 00 ff 03 fd d4 52 00 da 00
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 00 ff 00
debug    libnfc.chip.pn53x    PN53x ACKed
debug    libnfc.driver.pn53x_usb    RX: 00 00 ff 03 fd d5 53 00 d8 00

Re: iso14443-A card emulation

I have new concerning my problem, i don't know why but when i put i sleep(5ms) between nfc_target_send_bits and nfc_target_receive_bits it works and i can respond with the ATS, i guess after this the communication is established but i receive a byte 0xb2 which i don't recognise.

Following 14443-4, After RATS receive there is the request to ask if PPS is supported, PPS start byte begins with 1101XXXX so it doesn't corresponds with the byte 0xb2, how pcscd was implemented and how to respond to this request ?

Thanks