Closed GoogleCodeExporter closed 9 years ago
[deleted comment]
I am using libnfc 1.3.4, pcsc 1.6.4, ccid svn
I attach the dump Nokia.
Original comment by zamby....@gmail.com
on 11 Aug 2010 at 8:56
Attachments:
Hello,
Thanks for report.
Could you try with current libnfc's trunk version ?
On which OS do you use libnfc ?
Original comment by romu...@libnfc.org
on 12 Aug 2010 at 12:48
Thanks for the reply.
I used micmd in Windows XP.
Even with Ubuntu 10.04, libnfc 1.3.4 have the same problem.
Now i'm using Slackware 13 with libusb 1.0.0 because 1.0.8 have problems with
stability with the reader.
However, try libnfc svn version in Slackware 13:
bash-3.1# nfc-list
nfc-list use libnfc 1.3.9 (r520)
Connected to NFC reader: ACS ACR 38U-CCID 00 00 / ACR122U102 - PN532 v1.4 (0x07)
1 ISO14443A passive targets was found:
ATQA (SENS_RES): 00 02
UID (NFCID1): 6b a0 22 02
SAK (SEL_RES): 38
ATS (ATR): 78 80 84 02 00 73 c8 40 13 00 90 00
bash-3.1# nfc-mfclassic r a nokiadump2svn.out
Connected to NFC reader: ACS ACR 38U-CCID 00 00 / ACR122U102 - PN532 v1.4 (0x07)
Found MIFARE Classic 4K card with UID: 0222a06b
Reading out 256 blocks |........................................|
Done, 256 of 256 blocks read.
Writing data to file: nokiadump2svn.out ... Done.
bash-3.1# hexdump -C -v nokiadump2svn.out
00000000 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000010 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000020 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000030 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000040 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
......
I attach the libnfc config log.
Original comment by zamby....@gmail.com
on 12 Aug 2010 at 11:33
Attachments:
I'll take it!
Looks like the trunk is broken… I could not have a proper dump using
nfc-mfclassic.
Bogus 4k card dump:
00000000 ff ff ff ff ff ff cc 87 16 47 00 00 00 00 00 00 |.........G......|
*
00001000
Original comment by romain.t...@gmail.com
on 13 Aug 2010 at 7:33
This issue was updated by revision r526.
This should fix the problem: because the response was not the expected length,
the actual card data was not copied to the buffer, so it was always the same 16
uninitialized bytes that where returned for any block.
PR: Issue 98
Submitted by: zamby.ing
Pointy hat to: me
Original comment by rtarti...@il4p.fr
on 13 Aug 2010 at 7:53
zamby.ing, can you please confirm that r526 fix the issue?
Thanks!
Original comment by romain.t...@gmail.com
on 13 Aug 2010 at 7:56
[deleted comment]
Negative.
bash-3.1# nfc-list
nfc-list use libnfc 1.3.9 (r526)
Connected to NFC reader: ACS ACR 38U-CCID 00 00 / ACR122U102 - PN532 v1.4 (0x07)
1 ISO14443A passive targets was found:
ATQA (SENS_RES): 00 02
UID (NFCID1): 6b a0 22 02
SAK (SEL_RES): 38
ATS (ATR): 78 80 84 02 00 73 c8 40 13 00 90 00
-------------------
bash-3.1# nfc-mfclassic r a test2.out
Connected to NFC reader: ACS ACR 38U-CCID 00 00 / ACR122U102 - PN532 v1.4 (0x07)
Found MIFARE Classic 4K card with UID: 0222a06b
Reading out 256 blocks |........................................|
Done, 256 of 256 blocks read.
Writing data to file: test2.out ... Done.
bash-3.1# hexdump -C -v test2.out
00000000 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000010 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000020 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000030 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000040 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
00000050 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿ̪§T......|
....
Original comment by zamby....@gmail.com
on 15 Aug 2010 at 8:41
Meh. In this case, I can't reproduce the issue.
Please ensure:
- You are using the code from trunk (e.g. svn info);
- You are not running old versions of the examples (the best to ensure you run examples with the appropriate library is to run them using the wrappers in the examples directory (i.e. ./examples/nfc-list and so on).
You may also try with a non-emulated target (just in case)
Can you please add --enable-debug=yes to your ./configure flags and retry?
Thanks!
Original comment by romain.t...@gmail.com
on 15 Aug 2010 at 9:40
With debug mode, binary in examples directory.
bash-3.1# svn info
Path: .
URL: http://libnfc.googlecode.com/svn/trunk
Repository Root: http://libnfc.googlecode.com/svn
Repository UUID: 45cb0fa4-f8fe-11dd-984d-ab748d24aa7e
Revision: 526
Node Kind: directory
Schedule: normal
Last Changed Author: rtartiere@il4p.fr
Last Changed Rev: 526
Last Changed Date: 2010-08-13 21:53:13 +0200 (Fri, 13 Aug 2010)
Attach:
./nfc-mfclassic r a test3.out &>nfc-mfclassic.debug
thanks.
Original comment by zamby....@gmail.com
on 15 Aug 2010 at 11:21
Attachments:
Sorry, but I have only 2 nokia 6212, external NFC Chip, 1k tag. I do not own
tags 4k card type.
Original comment by zamby....@gmail.com
on 15 Aug 2010 at 11:26
Thanks for the debug trace! If I compare yours and mine I see something that
looks like extra bytes in your case (e.g. I get: "RX: d5 41 00 90 00" when
you have "RX: d5 41 00 6e 00 90 00".
I'll hopefully come back to you soon with a fix / questions.
Original comment by romain.t...@gmail.com
on 15 Aug 2010 at 11:40
Thank you very much and good work.
I remind you that sometimes I even stability problems. I do not know if there
are traces of this. I will try in coming days to use Ubuntu because worked
better.
I did a test with key b.
bash-3.1# hexdump -C -v dumpnokia-keyb.out |head -n 12
00000000 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
00000010 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
00000020 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
00000030 00 00 00 00 00 00 6b a0 22 02 ff ff ff ff ff ff
|......k ".ÿÿÿÿÿÿ|
00000040 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
00000050 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
00000060 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
00000070 00 00 00 00 00 00 6b a0 22 02 ff ff ff ff ff ff
|......k ".ÿÿÿÿÿÿ|
00000080 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
00000090 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
000000a0 ff ff ff ff ff ff 6b a0 22 02 00 00 00 00 00 00
|ÿÿÿÿÿÿk ".......|
000000b0 00 00 00 00 00 00 6b a0 22 02 ff ff ff ff ff ff
|......k ".ÿÿÿÿÿÿ|
Original comment by zamby....@gmail.com
on 15 Aug 2010 at 12:13
Attachments:
Hum, no more luck but that does not surprise me: if authentication with Key A
gives strange results, I feel better knowing that authentication with Key B
also does the same :-)
A quick way to see if some data is actually read is to check the debug output:
in your case, no RX lines contains data, while you should have looooooong RX
lines such as:
TX: ff 00 00 00 05 d4 40 01 30 07
RX: d5 41 00 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff 90 00
TX: ff 00 00 00 05 d4 40 01 30 06
RX: d5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
TX: ff 00 00 00 05 d4 40 01 30 05
RX: d5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
In your case it's more like:
TX: ff 00 00 00 05 d4 40 01 30 07
RX: d5 41 00 6f 00 90 00
TX: ff 00 00 00 05 d4 40 01 30 06
RX: d5 41 00 6f 00 90 00
TX: ff 00 00 00 05 d4 40 01 30 05
RX: d5 41 00 6f 00 90 00
... I guess there is some error checking missing in the examples ;-)
Let's dig into your frames:
0xd541 is a reply to the 0xd540 command. The next byte 0x00 is supposed to be
the error status (0 = no error) and the rest should be the data returned by the
card, according to the PN532 documentation. Here it starts to be tricky, for a
reply to a Mifare Classic "read" command:
- The libfreefare comments says "No result. The MIFARE tag just ACKed." and I was pretty sure there was no additional data at all (since I wrote that comment);
- I have 0x9000 (meh … however, at the libfreefare's level I don't see this extra data. I just see it at the libnfc level. But I can't recall how these bytes are stripped... I'll have to look at this I guess since it does not work as I think it does);
- You have 0x6e009000 and 0x6f009000 (which is even more weird).
Let's make it even a bit more funny, (with no search, so maybe it is 100 %
irrelevant, but it's so unlikely I can't think it is a coincidence):
- 0x9000 correspond to the status-byes in ISO/IEC 7816-4 for "Normal processing";
- 0x6e00 is a "Class not supported" error in the same document, same table;
- 0x6f00 is a "No precise diagnosis" error always in the same status-bytes table.
… Looks like an error frame (0 bytes of data followed by the error status
"0x6x00") is transmitted "as-it" successfully (2 bytes of data "0x6x00"
followed by the success status-code "0x9000")...
You said you have a passive 1k target? Can you please try to dump it and attach
a trace like you did previously? I would like to be sure about the extra bytes
being send by the telephone emulating a NFC target (and not added by the NFC
initiator) and that everything is fine when you use passive targets.
It might also be interesting to give the libfreefare's examples a try: they
might fail "earlier" with more relevant error messages (not that my
brain-embedded hexadecimal ADPU decoder is bad, but it might miss things).
And finally, have you ever got the examples working with the telephone
emulating a target ?
Thanks!
Original comment by romain.t...@gmail.com
on 15 Aug 2010 at 1:05
For the moment i attach the debug 1k tags.
Original comment by zamby....@gmail.com
on 15 Aug 2010 at 7:42
Attachments:
Hey!
Looks like the uploaded debug trace is not the good file, but BTW, the dump
looks-like much more what we expect!
So, I suspect a weirdness in the communication with the telephone (and not the
device)… Do you have some "advanced documentation" that way have useful
information about "how emulation works" ? I don't really know what you can
look for exactly, but maybe you can "switch NFC communication modes" on the
telephone, or maybe it is required to put the PN532 in a particular
configuration… No real idea, mobile-phones or somewhat cursed devices as far
as I can tell (I don't own one).
Thanks, and good luck!
Original comment by romain.t...@gmail.com
on 15 Aug 2010 at 7:57
ops.
Original comment by zamby....@gmail.com
on 15 Aug 2010 at 8:18
Attachments:
Thanks, I confirm that everything is fine and as-expected with your passive
target.
Original comment by romain.t...@gmail.com
on 15 Aug 2010 at 8:25
Hello zamby.ing,
Could you explains actions you do with your phone before putting it on device
and read it ?
I have a 6212 Classic and I want to replay your case.
Original comment by romu...@libnfc.org
on 16 Aug 2010 at 8:20
Reset owner: I can't reproduce the issue.
Original comment by romain.t...@gmail.com
on 16 Aug 2010 at 7:01
1) I am sure that the phone is turned on. ;-)
(Access to the secure element is to set free)
2) I write on the console > nfc-mfclassic r a ....
3) I position my hand and phone near the reader (1 cm).
4) Press ENTER on the keyboard.
5) I stand while reading.
6) After the reading, take away the phone.
7) I read the result.
I attach a screenshot of the Feig reader and its software manager. The reading
is correct.
Original comment by zamby....@gmail.com
on 16 Aug 2010 at 7:11
Attachments:
Hey
I see a Protocol and ADPU tabs on the bottom on the screen. I guess that the
output can be relevant to us ;-) Can you attach them?
Thanks
Original comment by romain.t...@gmail.com
on 16 Aug 2010 at 7:19
Of course, I ask my friend to do it tomorrow.
But, what you used to reproduce the error? you have an NFC phone? working?
Original comment by zamby....@gmail.com
on 16 Aug 2010 at 7:26
Got it!
Your note: "Access to the secure element is to set free" fix my setup ^^
Bug is now reproduced here.
Original comment by romu...@libnfc.org
on 16 Aug 2010 at 7:51
Well, Romuald does have one, and we work together (while we are ~500 kilometers
from each other) so the more data we have, the best it is for us to think
together :-)
And since I suspect this is related to some protocol detection (let's say that
the PN532 detect that the telephone is ISO-14443-4 compliant and start sending
frames in the wrong format… somthing like that), having a trace of the
exchanges of a working connection would help us to determine how we can detect
and handle this the most efficiently.
Original comment by romain.t...@gmail.com
on 16 Aug 2010 at 7:58
Original comment by romu...@libnfc.org
on 17 Aug 2010 at 10:22
[deleted comment]
Hi,
sorry, I would ask questions to understand.
Mifare emulated problem is in the code of the nfc-mfclassic or libnfc?
LibFreeFare contains some tools, I'm not good in C language.
Exist an easy way to read the contents of the tag with libfreefare?.
I would like to format Nokia 6212 using the tool Mifare-Classic-format? could
be risky?
If you need the APDU of Feige and documentations, send them to you in a few
days. I don't have the reader.
I have a very expensive SDK, with many tags, but not 4k.
I would like to test with Mifare 4k (card). I can not find in internet. The
kits are very expensive. I need only 3 or 4 tags. You have 4k tags? Can you
send me some tags? I'll pay you. Or you know a company where I can buy
individually?
I have other types of tags that do not use. DesFire, Icode, T.I. ISO 15693, are
you interested?
Thanks for your help.
Andrea.
Original comment by zamby....@gmail.com
on 18 Aug 2010 at 8:21
Hi,
This bug is related to both nfc-mfclassic and libnfc: nfc-mfclassic have to
fail earlier on error (done in trunk) and libnfc use a chip function that
choose sending protocol "automagically"... but the magic doesn't work with
emulated mifare that presents itself as ISO14443-4 compliant.
If you don't understand what I'm talking about, consider that a simple libnfc
bug.
libfreefare use same mecanism to "talk" with mifare, so currently you will have
the same result with libfreefare: a big failure :)
About tags, at http://smartcardworld.com/ you can buy cards per unit nut the
best if you want one or two cards is to find free samples: some device
resellers offer samples or maybe NXP could send few tags, I don't know about it.
AFAIK, Icode and T.I. ISO 15693 aren't compliant with major NFC devices, that
use other frequencies or modulations than ISO14443.
Original comment by romu...@libnfc.org
on 19 Aug 2010 at 9:19
This is now fixed in trunk (r555).
BTW, I can't dump my Nokia's emulated Mifare Classic 4k because I don't know
the authentication key.
Original comment by romu...@libnfc.org
on 19 Aug 2010 at 12:28
I understand perfectly.
Thank you for your responses. Good luck and see you soon. Bye.
Original comment by zamby....@gmail.com
on 20 Aug 2010 at 8:02
Original issue reported on code.google.com by
zamby....@gmail.com
on 11 Aug 2010 at 8:39