Visitor II

Solved

CR95HF and 14443B question

Forum|Forum|9 years ago
November 23, 2016
7 replies
2334 views

Posted on November 23, 2016 at 06:35

Hello NFC support,

We got 8700 : Frame wait time out OR no tag

when using CR95HF to send APDU command 0xA4 to a 14443B tag

what's possible cause and how to fix it?

Thanks alot in advanced

#cr95hf-14443b-reqb-attrib #cr95hf-iso14443b

This topic has been closed for replies.

Best answer by Peter Boringer

Posted on November 29, 2016 at 13:50

Hi Kevin,

I guess you have a wrong PCB value it might be ''02'' 1st with the command:

>>> CR95HFDLL_SENDRECV, 0200A4000C020103

<<< 8006

02

9000296A00

As highlighted the answer of the tag is 02

Then you command write should have the PCB set to ''03''

CR95HFDLL_SENDRECV,

03

00D64010BF00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

You will get the answer:

<<< 8006

03

SW1(1Byte) SW2 (1Byte) CRC(2 Bytes) 00

The next command will be with a PCB = ''02'' the next ''03'' ....

Else I think that the script error come from the fact that the lenght of datas is eset to ''BF'' whereas the DATA field have more than '''BF'' Bytes. remove all the ''00'' bytes at the end (as shown above.)

Hope it will works

Regards

P

Peter Boringer

Visitor II

Posted on November 25, 2016 at 17:33

Hello Kevin,

Can you please provide more information on:

The Tag you are using, the initialisation sequence to access the tag prior sending the ADPU command.Does the tag answer to the REQB?

Thanks

J

jaumingAuthor

Visitor II

Posted on November 28, 2016 at 04:27

Hello NFC support,

1 Tag using:

MN63Y1213

2. Initialisation sequence to access the tag prior sending the ADPU command:

>>> CR95HFDLL_ECHO

<<< 5500

>>> CR95HFDLL_STCMD, 01 090468010710

<<< 0000

>>> CR95HFDLL_STCMD, 01 090468010700

<<< 0000

>>> CR95HFDLL_SELECT, 03010180

<<< 0000

>>> CR95HFDLL_STCMD, 01 090468010130

<<< 0000

>>> CR95HFDLL_SENDRECV, 050000

<<< 800F5000000000000000009181E0D98300

>>> CR95HFDLL_SENDRECV, 1D0000000000080100

<<< 800410F9E000

>>> CR95HFDLL_SENDRECV, 00A4000C020103

<<< 8700 : Frame wait time out OR no tag

3. Yes, tag answer to the REQB,

response is 800F5000000000000000009181E0D98300

it also answer ATTRIB.

Thank you

>>> CR95HFDLL_ECHO<<< 5500>>> CR95HFDLL_STCMD, 01 090468010710<<< 0000>>> CR95HFDLL_STCMD, 01 090468010700<<< 0000>>> CR95HFDLL_SELECT, 03010180<<< 0000>>> CR95HFDLL_STCMD, 01 090468010130<<< 0000>>> CR95HFDLL_SENDRECV, 050000<<< 800F5000000000000000009181E0D98300>>> CR95HFDLL_SENDRECV, 1D0000000000080100<<< 800410F9E000>>> CR95HFDLL_SENDRECV, 00A4000C020103<<< 8700 : Frame wait time out OR no tag

P

Peter Boringer

Visitor II

Posted on November 28, 2016 at 15:37

Hello Kevin,

Your init sequence is correct.

The problem come fron the last request you sent to the tag.

Purpose I think is to send an adpu command in ISO 14443B to select the CC file of your tag

That means that you want to send a i_block which is described as follow:

i-block = PCD (DID) CLA INS P1 P2 LC DATA Le (CRC) Optional in bracket

in the command you sent you forget the PCD that is toogling after each adpu command (from 02 to 03 as example).

The correct command might be:

CR95HFDLL_SENDRECEIVE, 0300A4000C02E103

and next command:

CR95HFDLL_SENDRECEIVE, 0200A4000C02E103

I would suggest before selecting the CC to perform a NDEF Tag Application Select with the following command:

CR95HFDLL_SENDRECEIVE, 0200A4040007D276000085010100

This sequence should work.

CR95HF CONFIGURATION : ISO14443-B protocol

>>> CR95HFDLL_SELECT, 03010180

<<< 0000

ISO14443-B : INCREASE DEMOD GAIN

>>> CR95HFDLL_STCmd, 01090468010130

<<< 0000

REQB/SENSB_REQ

>>> CR95HFDLL_SENDRECEIVE, 050000

<<< 800F50AABBCCDD30ABAB010081E1AE0000

ATTRIB

>>> CR95HFDLL_SENDRECEIVE, 1DAABBCCDD00040100

<<< 8004207AD100

NFC SEND I-Block Tag application select

>>> CR95HFDLL_SENDRECEIVE, 0200A4040007D276000085010100

<<< 8006029000296A00

NFC SEND I-Block Capacity container select

>>> CR95HFDLL_SENDRECEIVE, 0300A4000C02E103

<<< 8006039000F53000

NFC SEND I-Block Read CC lenght

>>> CR95HFDLL_SENDRECEIVE, 0200B0000002

<<< 800802000F9000658A00

NFC SEND I-Block read binary CC

>>> CR95HFDLL_SENDRECEIVE, 0300B000000F

<<< 801503000F2000FF00FF040600011002000090003DED00Provide your feedbacks are welcome

Thanks & Regards

>>> CR95HFDLL_ECHO<<< 5500>>> CR95HFDLL_STCMD, 01 090468010710<<< 0000>>> CR95HFDLL_STCMD, 01 090468010700<<< 0000>>> CR95HFDLL_SELECT, 03010180<<< 0000>>> CR95HFDLL_STCMD, 01 090468010130<<< 0000>>> CR95HFDLL_SENDRECV, 050000<<< 800F5000000000000000009181E0D98300>>> CR95HFDLL_SENDRECV, 1D0000000000080100<<< 800410F9E000>>> CR95HFDLL_SENDRECV, 00A4000C020103<<< 8700 : Frame wait time out OR no tag

J

jaumingAuthor

Visitor II

Posted on November 29, 2016 at 03:10

Hello, NFC Support,

We preceded

''00 A4 00 0C 02 01 03'' with ''03''

and it answer to select command(A4), Thanks alot

Currently, we got: ''

!!! Script Error : Data not compliant with dll command !!!''

The question is how to send APDU command D6 with data length 190 bytes?

1. Which value should we preced before ''00 D6...'' (03?, 02? or 04? ...)

2. Is there a packet size limit with dll command?

The error log is as following:

>>> CR95HFDLL_ECHO

<<< 5500

>>> CR95HFDLL_STCMD, 01 090468010710

<<< 0000

>>> CR95HFDLL_STCMD, 01 090468010700

<<< 0000

>>> CR95HFDLL_SELECT, 03010180

<<< 0000

>>> CR95HFDLL_STCMD, 01 090468010130

<<< 0000

>>> CR95HFDLL_SENDRECV, 050000

<<< 800F5000000000000000009181E0D98300

>>> CR95HFDLL_SENDRECV, 1D0000000000080100

<<< 800410F9E000

>>> CR95HFDLL_SENDRECV, 0300A4000C020103

<<< 8006029000296A00

>>> CR95HFDLL_SENDRECV,0300D64010BF00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

!!! Script Error : Data not compliant with dll command !!!

Thanks & Regards,

P

Peter BoringerAnswer

Visitor II

Posted on November 29, 2016 at 13:50

Hi Kevin,

I guess you have a wrong PCB value it might be ''02'' 1st with the command:

>>> CR95HFDLL_SENDRECV, 0200A4000C020103

<<< 8006

02

9000296A00

As highlighted the answer of the tag is 02

Then you command write should have the PCB set to ''03''

CR95HFDLL_SENDRECV,

03

00D64010BF00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

You will get the answer:

<<< 8006

03

SW1(1Byte) SW2 (1Byte) CRC(2 Bytes) 00

The next command will be with a PCB = ''02'' the next ''03'' ....

Else I think that the script error come from the fact that the lenght of datas is eset to ''BF'' whereas the DATA field have more than '''BF'' Bytes. remove all the ''00'' bytes at the end (as shown above.)

Hope it will works

Regards

J

jaumingAuthor

Visitor II

Posted on December 01, 2016 at 03:43

Thank you NFC product support5 for your advice about PCB and DATA length fix

The APDU command A4 and D6 works now.

We need to repeat D6 command 25 times in our application

(each with data length 190 bytes)

and found there are error data byte in tag-side received data

(for example reader send data byte 0xFF, but tag received data byte 0x00)

Is there any other things to check in reader configuration or command flow?

Your advice is very much appreciated.

Thank you.

P

Peter Boringer

Visitor II

Posted on December 02, 2016 at 12:02

Hello kevin

Can you provide the trace showing data transfer?

Are you in chaining mode?

What are the error codse reported by the Tag or the CR95HF?

Regards

J

jaumingAuthor

Visitor II

Posted on December 12, 2016 at 08:55

Hi NFC product support5

We switch to ST25R3911 for its 1W ouput and problem solved

Current question is how to form a correct APDU read command?

Do we also need to prefix with 02/03? for example:

03 00 B0 40 10 0F 00

Is above a correct read command packet?

Thanks alot in advanced

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded