Hi,
I'm working with a PN7150, I'm using the NxpNci library, and I'm working on the card emulation.
I also have a proxmark reader, which I can use to debug the sent and received messages over NFC.
When putting the card in emulation mode, I can observe that the proxmark sends a GetVersion command to the card (02 90 60 00 00 00 14 98), then receives from the PN7150 the message:
f2 08 50 dd.
Is it expected behavior?
Can the response to the GetVersion command be customized?
Best regards
Alberto
解決済! 解決策の投稿を見る。
yes, it is on application level, so you can change it. Do you use RAW communication (defined CARDEMU_RAW_EXCHANGE) or NDEF based one?
Regards,
Andraz
Thank you very much @andraz_skupek, I am using CARDEMU_RAW_EXCHANGE. The problem was on the reader not interpreting correctly the WTX frames.
The reader also sends other messages, like for example 0x0b 0x00 0x6a 0xee 0x40, which asks for the AID list, but these messages seems not to be received by the software (don't see them in `NxpNci_HostTransceive` nor in `NxpNci_WaitForReception`) . Is there a way to customize reaction to such messages, or to handle them in software?
Best regards,
Alberto
CARDEMU_RAW_EXCHANGE is usually used for emulating specific type of card (e.g. Mifare desifre). The entry is "PICC_ISO14443_4_scenario" function in "nfc_task.c". There you can see example of some commands that came from reader. You can add here any other command that want and also prepare correct response. Then you can send it via "NxpNci_CardModeSend function".
Best regards,
Andraz
Thanks @andraz_skupek,
I am not sure to understand, sorry.
If I look at the code of the "PICC_ISO14443_4_scenario", the "NxpNci_CardModeSend" (resp. "NxpNci_CardModeReceive") functions relays upon the "NxpNci_HostTransceive" (resp. "NxpNci_WaitForReception") function.
I have enabled the "NCI_PRINT_BUF("NCI << ", pRBuff, *pBytesread);" and "NCI_PRINT_BUF("NCI << ", pRBuff, *pBytesread);" in these two functions, but I can only see incoming messages that start with:
- "0x00"s (APDUs)
- or with first byte in ["0x20/1", "0x40/1", "0x60/1"] ( -- Command, Response or Notification commands).
For example the message "0x0b 0x00 0x6a 0xee 0x40" from the reader does not appear on the software layer. Am I missing something?
Alberto
It turns out the problem was that the reader was sending commands in Native command mode. If I turn the reader to send commands in Native wrapped mode, then the PN7150 forwards the commands to the software layer and I can handle them in software.
Do you happens to know if there is a way force the 7150 to forward to the software layer also native commands (non wrapped)?
Regards,
Alberto
yes, it is on application level, so you can change it. Do you use RAW communication (defined CARDEMU_RAW_EXCHANGE) or NDEF based one?
Regards,
Andraz