Skip to main content
Visitor II
November 23, 2016
Solved

CR95HF and 14443B question

  • November 23, 2016
  • 7 replies
  • 2334 views
Posted on November 23, 2016 at 06:35

Hello NFC support,

We got 8700 : Frame wait time out OR no tag

when using CR95HF to send APDU command 0xA4 to a 14443B tag

what's possible cause and how to fix it?

Thanks alot in advanced

#cr95hf-14443b-reqb-attrib #cr95hf-iso14443b
    This topic has been closed for replies.
    Best answer by Peter Boringer
    Posted on November 29, 2016 at 13:50

    Hi Kevin,

    I guess you have a wrong PCB value it might be ''02'' 1st with the command:

    >>> CR95HFDLL_SENDRECV, 0200A4000C020103

    <<< 8006

    02

    9000296A00

    As highlighted the answer of the tag is 02

    Then you command write should have the PCB set to ''03''

    CR95HFDLL_SENDRECV,

    03

    00D64010BF00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

    You will get the answer:

    <<< 8006

    03

    SW1(1Byte) SW2 (1Byte) CRC(2 Bytes) 00

    The next command will be with a PCB = ''02'' the next ''03'' ....

    Else I think that the script error come from the fact that the lenght of datas is eset to  ''BF'' whereas the DATA field have more than '''BF'' Bytes. remove all the ''00'' bytes at the end  (as shown above.)

    Hope it will works

    Regards

     

    7 replies

    Visitor II
    November 25, 2016
    Posted on November 25, 2016 at 17:33

    Hello Kevin,

    Can you please provide more information on:

    The Tag you are using, the initialisation sequence to access the tag prior sending the ADPU command.Does the tag answer to the REQB?

    Thanks

    jaumingAuthor
    Visitor II
    November 28, 2016
    Posted on November 28, 2016 at 04:27

    Hello NFC support,

    1 Tag using: 

     MN63Y1213

    2. Initialisation sequence to access the tag prior sending the ADPU command:

    >>> CR95HFDLL_ECHO

    <<< 5500

    >>> CR95HFDLL_STCMD, 01 090468010710

    <<< 0000

    >>> CR95HFDLL_STCMD, 01 090468010700

    <<< 0000

    >>> CR95HFDLL_SELECT, 03010180

    <<< 0000

    >>> CR95HFDLL_STCMD, 01 090468010130

    <<< 0000

    >>> CR95HFDLL_SENDRECV, 050000

    <<< 800F5000000000000000009181E0D98300

    >>> CR95HFDLL_SENDRECV, 1D0000000000080100

    <<< 800410F9E000

    >>> CR95HFDLL_SENDRECV, 00A4000C020103

    <<< 8700 : Frame wait time out OR no tag

    3. Yes,  tag answer to the REQB,

    response is 800F5000000000000000009181E0D98300

    it also answer ATTRIB.

    Thank you

    >>> CR95HFDLL_ECHO<<< 5500>>> CR95HFDLL_STCMD, 01 090468010710<<< 0000>>> CR95HFDLL_STCMD, 01 090468010700<<< 0000>>> CR95HFDLL_SELECT, 03010180<<< 0000>>> CR95HFDLL_STCMD, 01 090468010130<<< 0000>>> CR95HFDLL_SENDRECV, 050000<<< 800F5000000000000000009181E0D98300>>> CR95HFDLL_SENDRECV, 1D0000000000080100<<< 800410F9E000>>> CR95HFDLL_SENDRECV, 00A4000C020103<<< 8700 : Frame wait time out OR no tag

    >>> CR95HFDLL_ECHO<<< 5500>>> CR95HFDLL_STCMD, 01 090468010710<<< 0000>>> CR95HFDLL_STCMD, 01 090468010700<<< 0000>>> CR95HFDLL_SELECT, 03010180<<< 0000>>> CR95HFDLL_STCMD, 01 090468010130<<< 0000>>> CR95HFDLL_SENDRECV, 050000<<< 800F5000000000000000009181E0D98300>>> CR95HFDLL_SENDRECV, 1D0000000000080100<<< 800410F9E000>>> CR95HFDLL_SENDRECV, 00A4000C020103<<< 8700 : Frame wait time out OR no tag

    Visitor II
    November 28, 2016
    Posted on November 28, 2016 at 15:37

    Hello Kevin,

    Your init sequence is correct.

    The problem come fron the last request you sent to the tag.

    Purpose I think is to send an adpu command in ISO 14443B  to select the CC file of your tag

    That means that you want to send a i_block which is described as follow:

    i-block = PCD (DID) CLA INS P1 P2 LC DATA Le (CRC) Optional in bracket

    in the command you sent you forget the PCD that is toogling after each adpu command (from 02 to 03 as example).

    The correct command might be:

    CR95HFDLL_SENDRECEIVE, 0300A4000C02E103

    and next command:

    CR95HFDLL_SENDRECEIVE, 0200A4000C02E103

    I would suggest before selecting  the CC to perform a NDEF Tag Application Select with the following command:

    CR95HFDLL_SENDRECEIVE, 0200A4040007D276000085010100

    This sequence should work.

    CR95HF CONFIGURATION : ISO14443-B protocol

                >>> CR95HFDLL_SELECT, 03010180

                <<< 0000

    ISO14443-B : INCREASE DEMOD GAIN

                >>> CR95HFDLL_STCmd, 01090468010130

                <<< 0000

    REQB/SENSB_REQ

                >>> CR95HFDLL_SENDRECEIVE, 050000

                <<< 800F50AABBCCDD30ABAB010081E1AE0000

    ATTRIB

                >>> CR95HFDLL_SENDRECEIVE, 1DAABBCCDD00040100

                <<< 8004207AD100

    NFC SEND I-Block Tag application select

                >>> CR95HFDLL_SENDRECEIVE, 0200A4040007D276000085010100

                <<< 8006029000296A00

     NFC SEND I-Block Capacity container select

                >>> CR95HFDLL_SENDRECEIVE, 0300A4000C02E103

                <<< 8006039000F53000

     NFC SEND I-Block Read CC lenght

                >>> CR95HFDLL_SENDRECEIVE, 0200B0000002

                <<< 800802000F9000658A00

    NFC SEND I-Block read binary CC

                >>> CR95HFDLL_SENDRECEIVE, 0300B000000F

                <<< 801503000F2000FF00FF040600011002000090003DED00Provide your feedbacks are welcome

    Thanks & Regards

    >>> CR95HFDLL_ECHO<<< 5500>>> CR95HFDLL_STCMD, 01 090468010710<<< 0000>>> CR95HFDLL_STCMD, 01 090468010700<<< 0000>>> CR95HFDLL_SELECT, 03010180<<< 0000>>> CR95HFDLL_STCMD, 01 090468010130<<< 0000>>> CR95HFDLL_SENDRECV, 050000<<< 800F5000000000000000009181E0D98300>>> CR95HFDLL_SENDRECV, 1D0000000000080100<<< 800410F9E000>>> CR95HFDLL_SENDRECV, 00A4000C020103<<< 8700 : Frame wait time out OR no tag

    jaumingAuthor
    Visitor II
    November 29, 2016
    Posted on November 29, 2016 at 03:10

    Hello, NFC Support,

    We preceded

    ''00 A4 00 0C 02 01 03'' with ''03''

    and it answer to select command(A4), Thanks alot

    Currently, we got: ''

    !!! Script Error : Data not compliant with dll command !!!''

    The question is how to send APDU command D6 with data length 190 bytes?

    1. Which value should we preced before ''00 D6...'' (03?, 02? or 04? ...)

    2. Is there a packet size limit with dll command?

    The error log is as following:

    >>> CR95HFDLL_ECHO

    <<< 5500

    >>> CR95HFDLL_STCMD, 01 090468010710

    <<< 0000

    >>> CR95HFDLL_STCMD, 01 090468010700

    <<< 0000

    >>> CR95HFDLL_SELECT, 03010180

    <<< 0000

    >>> CR95HFDLL_STCMD, 01 090468010130

    <<< 0000

    >>> CR95HFDLL_SENDRECV, 050000

    <<< 800F5000000000000000009181E0D98300

    >>> CR95HFDLL_SENDRECV, 1D0000000000080100

    <<< 800410F9E000

    >>> CR95HFDLL_SENDRECV, 0300A4000C020103

    <<< 8006029000296A00

    >>> CR95HFDLL_SENDRECV,0300D64010BF00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    !!! Script Error : Data not compliant with dll command !!! 

    Thanks & Regards,

    Visitor II
    November 29, 2016
    Posted on November 29, 2016 at 13:50

    Hi Kevin,

    I guess you have a wrong PCB value it might be ''02'' 1st with the command:

    >>> CR95HFDLL_SENDRECV, 0200A4000C020103

    <<< 8006

    02

    9000296A00

    As highlighted the answer of the tag is 02

    Then you command write should have the PCB set to ''03''

    CR95HFDLL_SENDRECV,

    03

    00D64010BF00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

    You will get the answer:

    <<< 8006

    03

    SW1(1Byte) SW2 (1Byte) CRC(2 Bytes) 00

    The next command will be with a PCB = ''02'' the next ''03'' ....

    Else I think that the script error come from the fact that the lenght of datas is eset to  ''BF'' whereas the DATA field have more than '''BF'' Bytes. remove all the ''00'' bytes at the end  (as shown above.)

    Hope it will works

    Regards

     

    jaumingAuthor
    Visitor II
    December 1, 2016
    Posted on December 01, 2016 at 03:43

    Thank you NFC product support5 for your advice about PCB  and DATA length fix

    The APDU command A4 and D6 works now.

    We need to repeat D6 command 25 times in our application

    (each with data length 190 bytes)

    and found there are error data byte in tag-side received data

    (for example reader send data byte 0xFF, but tag received data byte 0x00)

    Is there any other things to check in reader configuration or command flow?

    Your advice is very much appreciated.

    Thank you.

    Visitor II
    December 2, 2016
    Posted on December 02, 2016 at 12:02

    Hello kevin

    Can you provide the trace showing data transfer?

    Are you in chaining mode?

    What are the error codse reported by the Tag or the CR95HF?

    Regards

    jaumingAuthor
    Visitor II
    December 12, 2016
    Posted on December 12, 2016 at 08:55

    Hi NFC product support5

    We switch to ST25R3911 for its 1W ouput and problem solved

    Current question is how to form a correct APDU read command?

    Do we also need to prefix with 02/03? for example:

    03 00 B0 40 10 0F 00

    Is above a correct read command packet?

    Thanks alot in advanced