我正在构建一个WindowsJava程序(使用 javax.smartcardio
)与JewelTopaz512标签(来自InnovisionBroadcom)进行通信,使用ACR122U设备(内部有PN532 NFC控制器芯片)。
我实现了Topaz512协议(来自 本数据表)但 我的命令只有一半能用.
RID, RALL, READ, WRITE-NE, RSEG
WRITE-E, READ8, WRITE-E8, WRITE-NE8
例如,当我发送一个WRITE-NO-ERASE命令时,得到的结果是这样的。
命令: FF:00:00:00:0C:D4:40:01:1A:7F:42:38:01:9A:00:17:E8
其中:
D4:40:01
是InDataExchange命令。1A:7F:42
是WRITE-NO-ERASE命令(值:0x42,块0x0F,字节7)。38:01:9A:00
是4个字节的标签UID。17:E8
是《儿童权利公约》。响应。D5:41:00:42:90:00
这里的回答是正确的。0x42
. 状态字节(0x00
)通知一切顺利。
下面是我发送WRITE-WITH-ERASE命令时的结果。
命令: FF:00:00:00:0C:D4:40:01:53:7F:42:38:01:9A:00:28:6E
其中:
D4:40:01
是InDataExchange命令。53:7F:42
是WRITE-WITH-ERASE命令(值:0x42,块0x0F,字节7)。38:01:9A:00
是4个字节的标签UID。28:6E
是《儿童权利公约》。响应。D5:41:01:90:00
这里,状态字节(0x01
)通知PN532检测到的超时。(从 PN532文件 (p67): "超时,目标未应答 - 0x01")
此外,当我删除PN532超时(用的是 FF:00:00:00:06:D4:32:02:00:00:00
)非工作指令不响应 D5:41:01:90:00
,但等的时间长了,那我就得不到回应了。
我刚刚尝试使用gscriptor执行命令(从 pcsc-tools 套装),我得到了同样的行为。
脚本:
FF 00 00 00 06 D4 32 05 02 02 02
# SAMConfiguration
FF 00 00 00 04 D4 14 01 00
# SetParameters
FF 00 00 00 03 D4 12 04
# InListPassiveTarget: Jewel mode
FF 00 00 00 04 D4 4A 01 04
# InDataExchange: RID
FF 00 00 00 04 D4 40 01 78
# InDataExchange: RALL
FF 00 00 00 04 D4 40 01 00
# InDataExchange: RSEG 0-3
FF 00 00 00 05 D4 40 01 10 00
FF 00 00 00 05 D4 40 01 10 20
FF 00 00 00 05 D4 40 01 10 40
FF 00 00 00 05 D4 40 01 10 60
##########
# GetFirmwareVersion
FF 00 00 00 02 D4 02
# GetGeneralStatus
FF 00 00 00 02 D4 04
##########
# RFConfiguration: No timeout
FF 00 00 00 06 D4 32 02 00 00 00
# InDataExchange: READ-1
FF 00 00 00 05 D4 40 01 01 7F
# InDataExchange: READ-8
FF 00 00 00 05 D4 40 01 02 00
# InDataExchange: WRITE-E-1
FF 00 00 00 06 D4 40 01 53 7F 42
# InDataExchange: WRITE-E-8
FF 00 00 00 0C D4 40 01 55 02 01 02 03 04 05 06 07 08
# InDataExchange: WRITE-NE-1
FF 00 00 00 06 D4 40 01 1A 7F 42
# InDataExchange: WRITE-NE-8
FF 00 00 00 0C D4 40 01 1B 02 01 02 03 04 05 06 07 08
结果:
Sending: FF 00 00 00 06 D4 32 05 02 02 02
Received: D5 33 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 14 01 00
Received: D5 15 90 00
Normal processing.
Sending: FF 00 00 00 03 D4 12 04
Received: D5 13 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 4A 01 04
Received: D5 4B 01 01 0C 00 38 01 9A 00 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 40 01 78
Received: D5 41 00 12 4C 38 01 9A 00 90 00
Normal processing.
Sending: FF 00 00 00 04 D4 40 01 00
Received: D5 41 00 12 4C 38 01 9A 00 00 10 25 00 00 10 3F
00 01 03 F2 30 33 02 03 F0 02 03 03 E3 D1 01 DF
54 02 65 6E 30 31 32 33 34 35 36 37 38 39 30 30
31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 55 55 AA
AA 12 4C 06 00 01 E0 00 00 00 00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 00
Received: D5 41 00 38 01 9A 00 00 10 25 00 00 10 3F 00 01
03 F2 30 33 02 03 F0 02 03 03 E3 D1 01 DF 54 02
65 6E 30 31 32 33 34 35 36 37 38 39 30 30 31 32
33 34 35 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 55 55 AA AA 12
4C 06 00 01 E0 00 00 00 00 00 00 00 00 00 00 00
00 00 47 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 20
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 40
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 10 60
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.
Sending: FF 00 00 00 02 D4 02
Received: D5 03 32 01 06 07 90 00
Normal processing.
Sending: FF 00 00 00 02 D4 04
Received: D5 05 01 00 01 01 00 00 02 80 90 00
Normal processing.
Sending: FF 00 00 00 06 D4 32 02 00 00 00
Received: D5 33 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 01 7F
Received: D5 41 00 47 90 00
Normal processing.
Sending: FF 00 00 00 05 D4 40 01 02 00
Received:
wrong SW size for:
Sending: FF 00 00 00 06 D4 40 01 53 7F 42
Received:
wrong SW size for:
Sending: FF 00 00 00 0C D4 40 01 55 02 01 02 03 04 05 06
07 08
Received:
wrong SW size for:
Sending: FF 00 00 00 06 D4 40 01 1A 7F 42
Received: D5 41 00 47 90 00
Normal processing.
Sending: FF 00 00 00 0C D4 40 01 1B 02 01 02 03 04 05 06
07 08
Received:
wrong SW size for:
Script was executed without error...
前段时间我详细研究了一下,得出的结论是:恩智浦的PN532 NFC控制器芯片的固件存在问题,使其无法成功地与NFC论坛1型标签(TopazJewel品牌)进行一些命令的收发。 如上所述,ACR122U就是基于这款芯片的。
当我试着用该芯片一次写入8个字节块时,我的 WRITE-E8 (0x54)
命令,收到的响应是 0x01
,超时等待标签响应。
我试过的东西,都没有用。
将UID回声加入到 InDataExchange
我甚至玩过UID回声的endianness,结果还是一样。
使用 inCommunicateThru
命令而不是 InDataExchange
并计算应用层的CRC1和CRC2值(结果相同)。
最后我得出的结论是。
PN532不能写入页面 0x10
和更大的Type 1标签上,这使得Topaz 512等热门机型无法写入全部内存。
建议:这个问题与2012年有关,当时Topaz 512是一个很好的低价而高内存的NFC产品。
这个问题在2012年的时候就有了,当时Topaz 512是一款低成本高内存的NFC标签。 现在有了NAG215和NTAG216型号,我建议使用那些具有高内存和普遍兼容NFC阅读器的型号。