开发者

How to send APDU command using T=CL(ISO7816) protocol with ISO14443 layer

I want connect with card on T=CL protocol with ISO14443A layer. And, for example, send to it APDU-command { 0xFF, 0xCA, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } - it must return card ID.

For it I'm using librfid library and device wich reader NXP CLRC 632.

I'm rewrite any functions in librfid in file rfid_reader_spidev.c such as:

int spidev_read(unsigned char reg, unsigned char len, const unsigned char *buf);
int spidev_write(unsigned char reg, unsigned char len, const unsigned char *buf);
int spidev_reg_read(struct rfid_asic_transport_handle *rath, unsigned char reg, unsigned char *value);
int spidev_reg_write(struct rfid_asic_transport_handle *rath, unsigned char reg, unsigned char value);

for work it on my device.

Then I rewrite main function from librfid-tool.c:

int main(int argc, char *argv[])  
{ 

      int rc;
    unsigned char buf[0x100];
    unsigned int len;
    unsigned int protocol = RFID_PROTOCOL_TCL,
                 layer2 = RFID_LAYER2_ISO14443A;

    printf("initializing librfid\n");
    //--------------------------------
    if (reader_init() < 0){
        printf("Err reader_init\n");
        return;
    }
    if (l2_init(layer2) < 0) {
            rfid_reader_close(rh);
            printf("Err l2_init\n");
            return;
    }
    if (l3_init(protocol) < 0) {
            rfid_reader_close(rh);
            printf("Err l3_init\n");
            return;
    }
    //--------------------------------
    printf("Protocol T=CL\n");
    // we've established T=CL at this point
    printf("selecting Master File\n");
    rc = select_mf();
    if (rc < 0) {
            printf("error selecting MF\n");
            return;
    }

    printf("Send APDU command\n");
    rc = send_apdu();
    if (rc < 0) {
            printf("error sending APDU command\n");
            return;
    }

    printf("Getting random challenge, length 255\n");
    rc = iso7816_get_challenge(0xff);
    if (rc < 0) {
            printf("error getting random challenge\n");
            return;
    }
    printf("selecting Passport application\n");
    rc = iso7816_select_application();
    if (rc < 0) {
            printf("error selecting passport application\n");
            return;
    }
    printf("selecting EF 0x1e\n");
    rc = iso7816_select_ef(0x011e);
    if (rc < 0) {
            printf("error selecting EF 0x1e\n");
            return;
    }
    printf("selecting EF 0x01\n");
    rc = iso7816_select_ef(0x0101);
    if (rc < 0) {
            printf("error selecting EF 0x01\n");
            return;
    }
    while (1) {
            printf("reading EF1\n");
            len = sizeof(buf);
            printf("reading ef\n");
            rc = iso7816_read_binary(buf, &len);
            if (rc < 0) {
                    printf("error reading EF\n");
                    return;
            }
    }
}

I add function send_apdu, but I don't know as rule it:

static int send_apdu(void)
{
  unsigned char apdu[] = { 0xFF, 0xCA, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  unsigned char msg[128];
  unsigned char ret[256];
  unsigned int rlen = sizeof(ret), msglen;
  int rv;

  msg[0] = 0x6f;//PC_to_RDR_XfrBlock;
  msg[5] = 0;    /* slot */
  msg[6] = 1;    //seqno = handle->seqno++;
  msg[7] = 4; /* bBWI */
  msg[8] = 0; /* RFU */
  msg[9] = 0; /* RFU */
  memcpy (msg+10, apdu, 8);
  set_msg_len (msg, 8);
  msglen = 10 + 8;

  rv = rfid_protocol_transceive(ph, msg, msglen/*sizeof(apdu)*/, ret, &rlen, 0, 0);
  if (rv < 0)
    return rv;

  printf("%d: [%s]\n", rlen, hexdump(ret, rlen));
  return 0;
}

I get an error at the step "selecting Master File" in my program as you can see in log:

initializing librfid
opening reader handle OpenPCD, CM5x21
spidev_open
entering
 reg = 0x09, val = 0x00
 reg = 0x09, val = 0x10
entering
 reg = 0x09, val = 0x10
 reg = 0x09, val = 0x00
 reg = 0x00, val = 0x00
 reg = 0x11, val = 0x5b
entering
 reg = 0x11, val = 0x5b
 reg = 0x11, val = 0x58
entering
 reg = 0x11, val = 0x58
 reg = 0x11, val = 0x5b
opening layer2 handle
 reg = 0x09, val = 0x01
 reg = 0x11, val = 0x5b
 reg = 0x12, val = 0x3f
 reg = 0x13, val = 0x3f
 reg = 0x14, val = 0x19
 reg = 0x15, val = 0x13
 reg = 0x16, val = 0x3f
 reg = 0x17, val = 0x00
 reg = 0x19, val = 0x73
 reg = 0x1a, val = 0x08
 reg = 0x1b, val = 0xa9
 reg = 0x1c, val = 0xff
 reg = 0x1d, val = 0x00
 reg = 0x1e, val = 0x01
 reg = 0x21, val = 0x06
 reg = 0x22, val = 0x03
 reg = 0x23, val = 0x63
 reg = 0x24, val = 0x63
running layer2 anticol(_open)
 reg = 0x0f, val = 0x07
 reg = 0x09, val = 0x00
 reg = 0x22, val = 0x03
timeout=92, rx_len=0, tx_len=2
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x7f
 reg = 0x03, val = 0x05
status_flag: 0x05, ERR, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
timeout 920 usec, prescaler = 0, divisor = 6
 reg = 0x2a, val = 0x06
 reg = 0x2b, val = 0x06
 reg = 0x07, val = 0x20
 reg = 0x06, val = 0xa0
 reg = 0x2c, val = 0xc3
 len=, data= 26
 reg = 0x01, val = 0x1e
 reg = 0x06, val = 0x20
irq_en: 0x20, TIMER
 reg = 0x06, val = 0xac
 reg = 0x03, val = 0x0d
status_flag: 0x0d, ERR, IRQ, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
 reg = 0x07, val = 0x1d
irq_rq: 0x1d, LoA, IDLE, RX, TX
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x08
rc632_wait_idle >> ret=0
 reg = 0x04, val = 0x02
rx_len == 2
 len=, data= 04 00
 reg = 0x0f, val = 0x00
 reg = 0x0a, val = 0x40
ATQA: 0x04 0x00
 reg = 0x09, val = 0x00
 reg = 0x22, val = 0x03
 reg = 0x0f, val = 0x00
timeout=50, rx_len=0, tx_len=64
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x7f
 reg = 0x03, val = 0x05
status_flag: 0x05, ERR, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
timeout 500 usec, prescaler = 0, divisor = 5
 reg = 0x2a, val = 0x05
 reg = 0x2b, val = 0x06
 reg = 0x07, val = 0x20
 reg = 0x06, val = 0xa0
 reg = 0x2c, val = 0xd4
 len=, data= 93 20
 reg = 0x01, val = 0x1e
 reg = 0x06, val = 0x2c
irq_en: 0x2c, IDLE, RX, TIMER
 reg = 0x06, val = 0xac
 reg = 0x03, val = 0x0d
status_flag: 0x0d, ERR, IRQ, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
 reg = 0x07, val = 0x1d
irq_rq: 0x1d, LoA, IDLE, RX, TX
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x08
rc632_wait_idle >> ret=0
 reg = 0x04, val = 0x05
rx_len == 5
 len=, data= 4d 1f 1f 89 c4
 reg = 0x0a, val = 0x40
tran_acf->0 boc: -1
 reg = 0x22, val = 0x0f
tx_len=7
timeout=1236, rx_len=0, tx_len=3
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x7f
 reg = 0x03, val = 0x05
status_flag: 0x05, ERR, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
timeout 12360 usec, prescaler = 0, divisor = 10
 reg = 0x2a, val = 0x0a
 reg = 0x2b, val = 0x06
 reg = 0x07, val = 0x20
 reg = 0x06, val = 0xa0
 reg = 0x2c, val = 0xa4
 len=, data= 93 70 4d 1f 1f 89 c4
 reg = 0x01, val = 0x1e
 reg = 0x06, val = 0x2c
irq_en: 0x2c, IDLE, RX, TIMER
 reg = 0x06, val = 0xac
 reg = 0x03, val = 0x0d
status_flag: 0x0d, ERR, IRQ, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
 reg = 0x07, val = 0x1d
irq_rq: 0x1d, LoA, IDLE, RX, TX
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x08
rc632_wait_idle >> ret=0
 reg = 0x04, val = 0x01
rx_len == 1
 len=, data= 28
UID  4d 1f 1f 89
we have a T=CL compliant PICC
running layer3 (ats)
 reg = 0x22, val = 0x0f
tx_len=2
timeout=4833, rx_len=0, tx_len=64
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x7f
 reg = 0x03, val = 0x05
status_flag: 0x05, ERR, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
timeout 48330 usec, prescaler = 0, divisor = 12
 reg = 0x2a, val = 0x0c
 reg = 0x2b, val = 0x06
 reg = 0x07, val = 0x20
 reg = 0x06, val = 0xa0
 reg = 0x2c, val = 0xa0
 len=, data= e0 50
 reg = 0x01, val = 0x1e
 reg = 0x06, val = 0x2c
irq_en: 0x2c, IDLE, RX, TIMER
 reg = 0x06, val = 0xac
 reg = 0x03, val = 0x0c
status_flag: 0x0c, ERR, IRQ, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
 reg = 0x07, val = 0x1d
irq_rq: 0x1d, LoA, IDLE, RX, TX
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x08
rc632_wait_idle >> ret=0
 reg = 0x04, val = 0x0d
rx_len == 13
 len=, data= 0d 78 77 b1 02 4a 43 4f 50 76 32 34 31
This PICC supports CID
ATS parsed:  0d 78 77 b1 02 4a 43 4f 50 76 32 34 31
Dr = 0x7, Ds = 0x7
DrI = 0x2, DsI = 0x2
 reg = 0x22, val = 0x0f
tx_len=3
timeout=618496, rx_len=0, tx_len=1
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x7f
 reg = 0x03, val = 0x05
status_flag: 0x05, ERR, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
timeout 618496开发者_StackOverflow社区0 usec, prescaler = 0, divisor = 0
 reg = 0x2a, val = 0x00
 reg = 0x2b, val = 0x06
 reg = 0x07, val = 0x20
 reg = 0x06, val = 0xa0
 reg = 0x2c, val = 0xc2
 len=, data= d0 11 0a
 reg = 0x01, val = 0x1e
 reg = 0x06, val = 0x2c
irq_en: 0x2c, IDLE, RX, TIMER
 reg = 0x06, val = 0xac
 reg = 0x03, val = 0x0d
status_flag: 0x0d, ERR, IRQ, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
 reg = 0x07, val = 0x3d
irq_rq: 0x3d, LoA, IDLE, RX, TX, TIMER
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x08
rc632_wait_idle >> ret=0
 reg = 0x04, val = 0x01
rx_len == 1
 len=, data= d0
setting rate: 424K
 reg = 0x19, val = 0x73
 reg = 0x19, val = 0x33
 reg = 0x1a, val = 0x08
 reg = 0x1a, val = 0x09
 reg = 0x1c, val = 0x50
 reg = 0x1d, val = 0x0c
setting rate: 424K
 reg = 0x14, val = 0x19
 reg = 0x14, val = 0x01
 reg = 0x15, val = 0x00
we now have layer3 up and running
Protocol T=CL
sending APDU command
selecting Master File
 reg = 0x22, val = 0x0f
tx_len=7
timeout=618496, rx_len=0, tx_len=255
 reg = 0x01, val = 0x00
 reg = 0x07, val = 0x7f
 reg = 0x03, val = 0x05
status_flag: 0x05, ERR, Lo, mIdle
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
timeout 6184960 usec, prescaler = 0, divisor = 0
 reg = 0x2a, val = 0x00
 reg = 0x2b, val = 0x06
 reg = 0x07, val = 0x20
 reg = 0x06, val = 0xa0
 reg = 0x2c, val = 0xc2
 len=, data= 02 00 a4 00 00 02 3f
 reg = 0x01, val = 0x1e
 reg = 0x06, val = 0x2c
irq_en: 0x2c, IDLE, RX, TIMER
 reg = 0x06, val = 0xac
 reg = 0x03, val = 0x6d
status_flag: 0x6d, ERR, IRQ, Lo, mAwaitingRX
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
 reg = 0x07, val = 0x31
irq_rq: 0x31, LoA, TX, TIMER
 reg = 0x01, val = 0x1e
 reg = 0x07, val = 0x08
rc632_wait_idle >> ret=0
 reg = 0x04, val = 0x00
rx_len == 0
 reg = 0x03, val = 0x6d
status_flag: 0x6d, ERR, IRQ, Lo, mAwaitingRX
 reg = 0x0a, val = 0x40
error_flag: 0x40, KEY
 reg = 0x22, val = 0x0f
l2 transceive finished
error selecting MF

If you could help me or point out my error, I would be very grateful.


There seems to be an error in the select_mf function (which you haven't supplied). From the log file, it is sending:

02 00 a4 00 00 02 3f

This should be:

00 a4 00 00 02 3f 00


Function select_mf declared in librfid-tool.c and I don't edited it...

static int select_mf(void)
{
        unsigned char cmd[] = { 0x00, 0xa4, 0x00, 0x00, 0x02, 0x3f};//, 0x00, 0x00 };
        unsigned char ret[256];
        unsigned int rlen = sizeof(ret);

        int rv;

        rv = rfid_protocol_transceive(ph, cmd, sizeof(cmd), ret, &rlen, 0, 0);
        if (rv < 0)
                return rv;

        printf("%d: [%s]\n", rlen, hexdump(ret, rlen));

        return 0;
}

As you can see, there sending

00 a4 00 00 02 3f

In rfid_protocol_transceive run function from library "librfid"

int
tcl_transceive(struct rfid_protocol_handle *h,
        const unsigned char *tx_data, unsigned int tx_len,
        unsigned char *rx_data, unsigned int *rx_len,
        unsigned int timeout, unsigned int flags)

where calls

static int 
tcl_refill_xcvb(struct rfid_xcvb *xcvb, struct tcl_tx_context *ctx)
{
    struct tcl_handle *th = &ctx->h->priv.tcl;

    if (ctx->next_tx_byte >= ctx->tx + ctx->tx_len) {
        DEBUGP("tyring to refill tx xcvb but no data left!\n");
        return -1;
    }

    if (tcl_build_prologue_i(th, xcvb->tx.data, 
                 &xcvb->tx.hdr_len) < 0)
        return -1;

    if (tcl_ctx_todo(ctx) > th->fsc - xcvb->tx.hdr_len)
        xcvb->tx.frame_len = max_net_tx_framesize(th);
    else
        xcvb->tx.frame_len = tcl_ctx_todo(ctx);

    memcpy(frb_payload(xcvb->tx), ctx->next_tx_byte,
        xcvb->tx.frame_len);

    ctx->next_tx_byte += xcvb->tx.frame_len;

    /* check whether we need to set the chaining bit */
    if (ctx->next_tx_byte < ctx->tx + ctx->tx_len)
        xcvb->tx.data[0] |= 0x10;

    /* add hdr_len after copying the net payload */
    xcvb->tx.frame_len += xcvb->tx.hdr_len;

    xcvb->timeout = th->fwt;

    return 0;
}

and after it calls our buffer becomes

02 00 a4 00 00 02 3f

What you think about it?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜