NFC ACR122 TgInitAsTarget, initiator releasing target

5.4k views Asked by At

I'm trying to get my ACR122 (usb) device to emulate a passive NFC tag, but am having difficulty getting the communication to occur properly. I'm hoping someone can see what I'm doing wrong here and help point me in the correct direction.

The response on this other question ACR122 - Card Emulation pointed to a document at http://code.google.com/p/nfcip-java/source/browse/trunk/nfcip-java/doc/ACR122_PN53x.txt but when we follow this to the letter it doesn't behave as expected.

We're using an Samsung Galaxy S3 Android 4.3 device for testing, and are seeing the below behaviour:

Transmit (TgInitAsTarget)
....'......4V@..  FF 00 00 00 27 D4 8C 00 08 00 12 34 56 40 01 FE 
................  A2 A3 A4 A5 A6 A7 C0 C1 C2 C3 C4 C5 C6 C7 FF FF 
...wfUD3"...      AA 99 88 77 66 55 44 33 22 11 00 00 

Receive
..%....7.5<...w.  D5 8D 25 1E D4 00 08 37 D9 35 3C BF D5 AE 77 9C 
...2Ffm.........  00 00 00 32 46 66 6D 01 01 11 03 02 00 13 04 01 
...               96 90 00 

Transmit (GetData)
.......           FF 00 00 00 02 D4 86 

Receive
..)..             D5 87 29 90 00 

The TgInitAsTarget command appears to be working, returning a mode of 0x25 which we understand means "Active mode, DEP, 424kbps".

But then "GetData" command is immediately failing, returning status code 0x29 "The PN532 configured as target has been released by its initiator".

We've tried altering the TgInitAsTarget command with different modes (instead of the 0x00 "All" mode), trying the following which all still return 0x29 for the following GetData command:

  • Mode 0x01 "Passive", resulting in response mode of 0x04 "DEP"
  • Mode 0x02 "DEP", resulting in response mode of 0x25 (same as the "All")
  • Mode 0x03 "DEP Passive" resulting in response mode of 0x04 "DEP"

It appears in all cases as if the Android is not maintaining the connection, although I am not familiar with the NFC DEP protocols enough to know what I'm doing wrong here. I've read the PN532 chip reference, and it seems to indicate that I'm doing everything correctly.

I've also tried a Windows Phone NFC device, and it encounters the same problem and same error code on GetData.

Any help from anyone who is familiar with NFC would be greatly appreciated.

Dave

1

There are 1 answers

11
Michael Roland On BEST ANSWER

For getting the ACR122 (or rather the PN532 NFC controller chip inside it) into card emulation mode, you would do about the following:

  1. ReadRegister:

    > FF000000 08 D406 6305 630D 6338
    < D507 xx yy zz 9000
    
  2. Update register values:

    xx = xx | 0x004;  // CIU_TxAuto |= InitialRFOn
    yy = yy & 0x0EF;  // CIU_ManualRCV &= ~ParityDisable
    zz = zz & 0x0F7;  // CIU_Status2 &= ~MFCrypto1On
    
  3. WriteRegister:

    > FF000000 11 D408 6302 80 6303 80 6305 xx 630D yy 6338 zz
    < D509 9000
    
  4. SetParameters:

    > FF000000 03 D412 30
    < D513 9000
    
  5. TgInitAsTarget

    > FF000000 27 D48C 05 0400 123456 20 000000000000000000000000000000000000 00000000000000000000 00 00
    < D58D xx ... 9000
    

    Where xx should be equal to 0x08.

  6. Communicate using a sequence of TgGetData and TgSetData commands:

    > FF000000 02 D486
    < D587 xx <C-APDU> 9000
    

    Where xx is the status code (should be 0x00 for success) and C-APDU is the command sent from the reader.

    > FF000000 yy D48E <R-APDU>
    < D587 xx 9000
    

    Where yy is 2 + the length of the R-APDU (response) and xx is the status code (should be 0x00 for success).