Skip to main content
T
thompeters2004
Visitor II
November 14, 2024
Solved

St25R95 library

  • November 14, 2024
  • 3 replies
  • 1108 views

Hi,

I have successfully ported the ST25R95 library from STMicroelectronics to my own microcontroller, an nRF52832. I am now trying to read the payload of an NFC-A Passive ISO-DEP device with the UID: 5F471DC2783A8E.

In the polling_demo.c file, I see the function demoAPDU. I would like to use this function to read the payload, which contains Bluetooth Out of Band (OOB) data and a key. My goal is to use this for BLE NFC pairing. Can someone assist me with this?

Here is the payload:

a0202548-2a5f-45a5-9c62-5ce03576fe08.jpg

    This topic has been closed for replies.
    Best answer by Brian TIDAL

    Hi

    on my side with your record, I have the following decoding where the LE Device address is displayed:

    Record #1
    Bluetooth:
    Type: 0x11
    Device Address: (length 0)
    EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
    [0000] 04 | . |
    EIR ClassUUID16_partial: None
    EIR ClassUUID16: None
    EIR ClassUUID32_partial: None
    EIR ClassUUID32: None
    EIR ClassUUID128_partial: None
    EIR ClassUUID128: None
    EIR Short Local Name: None
    EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
    [0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
    [0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
    [0010] 6E 67 | n g |
    EIR TxPowerLevel: None
    EIR Device Class: None
    EIR SimplePairingHash: None
    EIR SimplePairingRandomizer: None
    EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
    [0000] F2 D2 C4 3C 54 16 D9 D7 | . . . < T . . . |
    [0008] BB 1E 1E 1F 94 3F F0 E6 | . . . . . ? . . |
    EIR Security Manager Flags: None
    EIR SlaveConnIntervalRange: None
    EIR ServiceSolicitation16: None
    EIR ServiceSolicitation128: None
    EIR ServiceData: None
    EIR Appearance: (EIR length: 0x04, EIR type: 0x19) (length 2)
    [0000] 00 00 | . . |
    EIR LE Device Address: (EIR length: 0x09, EIR type: 0x1B) (length 7)
    [0000] E1 33 AD 66 0D F3 01 | . 3 . f . . . |
    EIR Role: (EIR length: 0x03, EIR type: 0x1C) (length 1)
    [0000] 00 | . |
    EIR Secure Connection Confirmation Value: (EIR length: 0x12, EIR type: 0x22) (length 16)
    [0000] E5 A6 B2 7F FA 99 C4 1E | . . . . . . . . |
    [0008] 96 B7 FD CA D1 F1 A6 29 | . . . . . . . ) |
    EIR Secure Connection Random Value: (EIR length: 0x12, EIR type: 0x23) (length 16)
    [0000] 9B 8C 90 7A 4B E3 F0 50 | . . . z K . . P |
    [0008] CC C2 9D 43 0D 44 77 CF | . . . C . D w . |
    EIR Manufacturer Data: None
    nbUUID16: 0
    nbUUID32: 0
    nbUUID128:0
    nbServiceSolicitation16: 0x00
    nbServiceSolicitation128:0x00
    Operation completed

    I believe your decoding or ndef_dump functions are old. Which package and which version have you used? With a debugger, set a breakpoint in ndefBluetoothDump() and check the value of type->data.bluetooth.eir[0]. It should contain the first EIR (in your case, the LE Device Address element)

    Rgds

    BT

    3 replies

    U
    Ulysses HERNIOSUS
    Technical Moderator
    November 14, 2024

    Hi, 

     

    I would look at ST25 embedded NFC lib which has examples for NDEF reading inside its ndef_rw_ demo (main logic triggered by file ndef_demo.c). The package for ST25R95 is STSW-ST25R017.

     

    BR, Ulysses

      B
      Brian TIDAL
      Technical Moderator
      November 14, 2024

      Hi,

      as explained inside your previous post, you should use ndef_demo.c rather than demo_polling.c to read the NDEF from a tag (this is available from X-CUBE-NFC3 or from  STSW-ST25R017 package).

      Rgds

      BT

        T
        thompeters2004Author
        Visitor II
        November 14, 2024

        Hi,

        I am now able to read the NDEF message, but I don’t get a Bluetooth address. Does anyone know how to fix this? Here is the output I’m getting:

        NFC-A Passive ISO-DEP device found. UID: 5F471DC2783A8E
        READ/WRITE NDEF detected.
        Decoding NDEF message:

        Record #1
        Flat payload (length 13):
        [0000] 15 C1 02 00 00 00 04 61 | . . . . . . . a |
        [0008] 63 01 01 30 00 | c . . 0 . |

        Record #2
        Bluetooth:

        • Type: 0x11
        • Device Address: (length 0)
        • EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
          [0000] 04 | . |
        • EIR ClassUUID16_partial: None
        • EIR ClassUUID16: None
        • EIR ClassUUID32_partial: None
        • EIR ClassUUID32: None
        • EIR ClassUUID128_partial: None
        • EIR ClassUUID128: None
        • EIR Short Local Name: None
        • EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
          [0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
          [0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
          [0010] 6E 67 | n g |
        • EIR TxPowerLevel: None
        • EIR Device Class: None
        • EIR SimplePairingHash: None
        • EIR SimplePairingRandomizer: None
        • EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
          [0000] 3A 32 40 F7 9B CF 65 84 | : 2 @ . . . e . |
          [0008] E8 AB C3 5B B4 15 DD D7 | . . . [ . . . . |
        • EIR Security Manager Flags: None
        • EIR SlaveConnIntervalRange: None
        • EIR Service Solicitation: None

        Any guidance would be appreciated. Thanks!

        B
        Brian TIDALAnswer
        Technical Moderator
        November 14, 2024

        Hi

        on my side with your record, I have the following decoding where the LE Device address is displayed:

        Record #1
        Bluetooth:
        Type: 0x11
        Device Address: (length 0)
        EIR Flags: (EIR length: 0x03, EIR type: 0x01) (length 1)
        [0000] 04 | . |
        EIR ClassUUID16_partial: None
        EIR ClassUUID16: None
        EIR ClassUUID32_partial: None
        EIR ClassUUID32: None
        EIR ClassUUID128_partial: None
        EIR ClassUUID128: None
        EIR Short Local Name: None
        EIR Local Name: (EIR length: 0x14, EIR type: 0x09) (length 18)
        [0000] 4E 6F 72 64 69 63 5F 4E | N o r d i c _ N |
        [0008] 46 43 5F 70 61 69 72 69 | F C _ p a i r i |
        [0010] 6E 67 | n g |
        EIR TxPowerLevel: None
        EIR Device Class: None
        EIR SimplePairingHash: None
        EIR SimplePairingRandomizer: None
        EIR SecurityManagerTK: (EIR length: 0x12, EIR type: 0x10) (length 16)
        [0000] F2 D2 C4 3C 54 16 D9 D7 | . . . < T . . . |
        [0008] BB 1E 1E 1F 94 3F F0 E6 | . . . . . ? . . |
        EIR Security Manager Flags: None
        EIR SlaveConnIntervalRange: None
        EIR ServiceSolicitation16: None
        EIR ServiceSolicitation128: None
        EIR ServiceData: None
        EIR Appearance: (EIR length: 0x04, EIR type: 0x19) (length 2)
        [0000] 00 00 | . . |
        EIR LE Device Address: (EIR length: 0x09, EIR type: 0x1B) (length 7)
        [0000] E1 33 AD 66 0D F3 01 | . 3 . f . . . |
        EIR Role: (EIR length: 0x03, EIR type: 0x1C) (length 1)
        [0000] 00 | . |
        EIR Secure Connection Confirmation Value: (EIR length: 0x12, EIR type: 0x22) (length 16)
        [0000] E5 A6 B2 7F FA 99 C4 1E | . . . . . . . . |
        [0008] 96 B7 FD CA D1 F1 A6 29 | . . . . . . . ) |
        EIR Secure Connection Random Value: (EIR length: 0x12, EIR type: 0x23) (length 16)
        [0000] 9B 8C 90 7A 4B E3 F0 50 | . . . z K . . P |
        [0008] CC C2 9D 43 0D 44 77 CF | . . . C . D w . |
        EIR Manufacturer Data: None
        nbUUID16: 0
        nbUUID32: 0
        nbUUID128:0
        nbServiceSolicitation16: 0x00
        nbServiceSolicitation128:0x00
        Operation completed

        I believe your decoding or ndef_dump functions are old. Which package and which version have you used? With a debugger, set a breakpoint in ndefBluetoothDump() and check the value of type->data.bluetooth.eir[0]. It should contain the first EIR (in your case, the LE Device Address element)

        Rgds

        BT

        Terms & ConditionsAccessibility statement