我正在构建一个Windows/Java程序(使用javax.smartcardio(,以使用ACR122U设备(内部带有PN532 NFC控制器芯片(与Jewel/Topaz512标签(来自Innovision/BBroadcom(进行通信。
我实现了Topaz512协议(在此数据表中(,但只有一半的命令可以工作。
- 一些有效的命令:
RID, RALL, READ, WRITE-NE, RSEG - 一些不起作用的命令:
WRITE-E, READ8, WRITE-E8, WRITE-NE8
WRITE-NO-ERASE命令示例
例如,以下是我发送WRITE-NO-ERASE命令时得到的信息:
命令:FF:00:00:00:0C:D4:40:01:1A:7F:42:38:01:9A:00:17:E8
其中:
- CCD_ 5是InDataExchange命令
1A:7F:42是WRITE-NO-ERASE命令(值:0x42,块0x0F,字节7(- CCD_ 7是4字节的标签UID
- CCD_ 8是CRC
响应:D5:41:00:42:90:00
这里的响应是正确的:0x42。状态字节(0x00(通知一切顺利。
WRITE-WIT-ERASE命令示例
以下是我发送WRITE-WIT-ERASE命令时得到的结果:
命令:FF:00:00:00:0C:D4:40:01:53:7F:42:38:01:9A:00:28:6E
其中:
- CCD_ 13是InDataExchange命令
53:7F:42是WRITE-WIT-ERASE命令(值:0x42,块0x0F,字节7(- CCD_ 15是4字节的标签UID
- CCD_ 16是CRC
响应:D5:41:01:90:00
这里,状态字节(0x01(通知PN532检测到的超时。(来自PN532文档(p67(:"超时,目标未应答-0x01"(
此外,当我删除PN532超时(使用FF:00:00:00:06:D4:32:02:00:00:00(时,非工作命令不响应D5:41:01:90:00,而是等待更长时间,然后我没有得到响应。
编辑2020-04-20
我只是尝试使用gscriptor(来自pcsc工具套件(执行命令,得到了相同的行为。以下是我的结果:
脚本:
FF 00 00 00 06 D4 32 05 02 02 02
# SAMConfiguration
FF 00 00 00 04 D4 14 01 00
# SetParameters
FF 00 00 00 03 D4 12 04
# InListPassiveTarget: Jewel mode
FF 00 00 00 04 D4 4A 01 04
# InDataExchange: RID
FF 00 00 00 04 D4 40 01 78
# InDataExchange: RALL
FF 00 00 00 04 D4 40 01 00
# InDataExchange: RSEG 0-3
FF 00 00 00 05 D4 40 01 10 00
FF 00 00 00 05 D4 40 01 10 20
FF 00 00 00 05 D4 40 01 10 40
FF 00 00 00 05 D4 40 01 10 60
##########
# GetFirmwareVersion
FF 00 00 00 02 D4 02
# GetGeneralStatus
FF 00 00 00 02 D4 04
##########
# RFConfiguration: No timeout
FF 00 00 00 06 D4 32 02 00 00 00
# InDataExchange: READ-1
FF 00 00 00 05 D4 40 01 01 7F
# InDataExchange: READ-8
FF 00 00 00 05 D4 40 01 02 00
# InDataExchange: WRITE-E-1
FF 00 00 00 06 D4 40 01 53 7F 42
# InDataExchange: WRITE-E-8
FF 00 00 00 0C D4 40 01 55 02 01 02 03 04 05 06 07 08
# InDataExchange: WRITE-NE-1
FF 00 00 00 06 D4 40 01 1A 7F 42
# InDataExchange: WRITE-NE-8
FF 00 00 00 0C D4 40 01 1B 02 01 02 03 04 05 06 07 08
结果:
Sending: FF 00 00 00 06 D4 32 05 02 02 02
Received: D5 33 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 14 01 00
Received: D5 15 90 00
Normal processing.
Sending: FF 00 00 00 03 D4 12 04
Received: D5 13 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 4A 01 04
Received: D5 4B 01 01 0C 00 38 01 9A 00 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 40 01 78
Received: D5 41 00 12 4C 38 01 9A 00 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 40 01 00
Received: D5 41 00 12 4C 38 01 9A 00 00 10 25 00 00 10 3F
00 01 03 F2 30 33 02 03 F0 02 03 03 E3 D1 01 DF
54 02 65 6E 30 31 32 33 34 35 36 37 38 39 30 30
31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 55 55 AA
AA 12 4C 06 00 01 E0 00 00 00 00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 00
Received: D5 41 00 38 01 9A 00 00 10 25 00 00 10 3F 00 01
03 F2 30 33 02 03 F0 02 03 03 E3 D1 01 DF 54 02
65 6E 30 31 32 33 34 35 36 37 38 39 30 30 31 32
33 34 35 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 55 55 AA AA 12
4C 06 00 01 E0 00 00 00 00 00 00 00 00 00 00 00
00 00 47 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 20
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 40
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 60
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 02 D4 02
Received: D5 03 32 01 06 07 90 00
Normal processing.
Sending: FF 00 00 00 02 D4 04
Received: D5 05 01 00 01 01 00 00 02 80 90 00
Normal processing.
Sending: FF 00 00 00 06 D4 32 02 00 00 00
Received: D5 33 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 01 7F
Received: D5 41 00 47 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 02 00
Received:
wrong SW size for:
Sending: FF 00 00 00 06 D4 40 01 53 7F 42
Received:
wrong SW size for:
Sending: FF 00 00 00 0C D4 40 01 55 02 01 02 03 04 05 06
07 08
Received:
wrong SW size for:
Sending: FF 00 00 00 06 D4 40 01 1A 7F 42
Received: D5 41 00 47 90 00
Normal processing.
Sending: FF 00 00 00 0C D4 40 01 1B 02 01 02 03 04 05 06
07 08
Received:
wrong SW size for:
Script was executed without error...
不久前,我对此进行了详细研究,并得出结论,恩智浦的PN532 NFC控制器芯片的固件存在问题,无法成功接收带有NFC Forum Type 1标签(Topaz/Jewel品牌(的一些命令。如前所述,ACR122U基于该芯片。
当我尝试使用WRITE-E8 (0x54)命令一次写入8字节块时,收到的响应是0x01,这是等待标签响应的超时。
我尝试过的不起作用的东西:
包括InDataExchange中的UID echo,我甚至使用了UID echo的endianness,结果仍然相同。
使用inCommunicateThru命令而不是InDataExchange,并在应用程序级别计算CRC1和CRC2值(结果相同(
我得出的最终结论是:
PN532无法在类型1标签上写入页面0x10及更高版本,这使得无法在流行型号(如Topaz 512(上写入全部内存。
推荐:
2012年,当Topaz 512是一款低成本但高内存的NFC标签时,这个问题就很重要了。现在有了NAG215和NTAG216型号,我建议使用那些具有高内存和与NFC阅读器通用兼容性的型号。