Skip to main content
L
LltWc
Graduate
September 25, 2024
Solved

Tag Emulation not going to ACTIVE

  • September 25, 2024
  • 2 replies
  • 924 views

I've been working on implementing tag emulation on my device with an ST25R3916 and have run into a problem. First - the code is currently completely separate from the tag reader code, including init, so it's not a matter of not changing modes properly. And this is with my own codebase, not the RFAL. I'm using a Flipper Zero (which actually uses an ST25R3916) to test with since I read other posts about a phone being too fast, and it is specifically in the ISO-14443-4A mode. The Flipper Zero works with the NUCLEO-L476RG + X-NUCLEO-NFC08A1 tag emulation.

I have been closely following the RFAL as I implement my own version, and it only gets part of the way through anticollision. When I put a reader over the antenna, I see EON and RXE_PTA without any issues, but I never get a WU_A interrupt. I have PT_MEM populated with the same values as the RFAL (see pic 1), and follow all the same configurations except for the repeats since the RFAL is doing a lot of mode switching. When I do get an RXE_PTA, I get all the register values I would expect (see pic 2), so I don't understand why it isn't moving to ACTIVE through the automatic responses.

The main part where I diverge from the RFAL is that I'm not doing bitrate detection. Is this mandatory for some reason? Everything on the device is 106 kbit/s NFC-A, so I figured it was unnecessary.

LltWc_0-1727292213281.png

LltWc_1-1727292316338.png

Additionally, when I take the NUCLEO-L476RG + X-NUCLEO-NFC08A1 and place its antenna over my device's, it doesn't even read the NFCID (I added a log right where it obtains the NFCID for a working tag), so it seems like it's not even getting through the SDD_RES.

    This topic has been closed for replies.
    Best answer by LltWc

    This one's all me—I wrote the ISO14443A register wrong and set antcl = 1, which must be set to 0 for anything but reader mode. Problem solved, I haven't implemented any read commands yet but I can recognize the NFCID, ATQA, and SAK from the Flipper Zero and from my phone.

    2 replies

    L
    LltWcAuthor
    Graduate
    September 26, 2024

    As I've continued debugging today, I found that the NFCID is being transmitted properly, but RFAL is returning a timeout error (see pic 1 below). 

    LltWc_0-1727361818322.png

    I switched from the values directly in the RFAL when it's in Listen Mode, and these SENS RES values: {0x01, 0x00}, {0x10, 0x00}, (0x08, 0x00}, {0x04, 0x00}, {0x02, 0x00}, {0x01, 0x00}.

    So far as I can tell, there's some problem with the ST25R3916 causing it to successfully send a SENS_RES and SDD_RES, but not the SEL_RES. My next step will be to comb through RFAL configurations and registers again before I just go and implement anti-collision manually.

    L
    LltWcAuthorAnswer
    Graduate
    September 26, 2024

    This one's all me—I wrote the ISO14443A register wrong and set antcl = 1, which must be set to 0 for anything but reader mode. Problem solved, I haven't implemented any read commands yet but I can recognize the NFCID, ATQA, and SAK from the Flipper Zero and from my phone.

      Terms & ConditionsAccessibility statement