nfcsmartcardmifarendefpcsc

How to read binary blocks of mifare card?

I am developing an application which reads NFC card from the reader. I know the code for reading binary block like this:

FF B0 00 04 10

04 for the block 4 and 10 for 16 bytes data. My card has the data "TEST009996". I run 5 code for read binary blocks from 4-8 like this:

FF B0 00 04 10
FF B0 00 05 10
FF B0 00 06 10
FF B0 00 07 10
FF B0 00 08 10

I got the following results:

T☻enTEÉ ☺
T☻enTEST00É
T☻enTEST009996É
enTEST009996■  6É
ST009996■  6    É

or in hexadecimal:

01 03 A0 10 44 03 11 D1 01 0D 54 02 65 6E 48 43 90 00
44 03 11 D1 01 0D 54 02 65 6E 48 43 49 44 30 30 90 00
01 0D 54 02 65 6E 48 43 49 44 30 30 39 39 39 36 90 00
65 6E 48 43 49 44 30 30 39 39 39 36 FE 00 00 36 90 00
49 44 30 30 39 39 39 36 FE 00 00 36 00 00 00 00 90 00

Should I create an algorithm to cut the result to get the data? Are there any better ways?

Source:

http://downloads.acs.com.hk/drivers/en/API-ACR122U-2.02.pdf

Solution

  • It seems that your tag is an NFC Forum Type 2 Tag (find the NFC Forum Type 2 Tag Operation specification on the NFC Forum website). As you mention MIFARE this could, for instance, be a MIFARE Ultralight, MIFARE Ultralight C or NTAG tag.

    A block on a Type 2 Tag consists of 4 bytes. The read command reads 4 blocks at a time. So the read command gives you 4 blocks (4 bytes each) starting at a given block offset plus a status word for the read command (0x9000 for success). In your case you get:

    Read(4, 16): 0103A010 440311D1 010D5402 656E4843 9000
Read(5, 16):          440311D1 010D5402 656E4843 49443030 9000
Read(6, 16):                   010D5402 656E4843 49443030 39393936 9000
Read(7, 16):                            656E4843 49443030 39393936 FE000036 9000
Read(8, 16):                                     49443030 39393936 FE000036 00000000 9000

    Consequently, the memory of your tag looks like this:

    0103A010 
440311D1
010D5402
656E4843
49443030
39393936
FE000036
00000000

    A Type 2 Tag (btw. in order to make sure that this tag actually conforms to the Type 2 Tag Operation Specification you would also need to read the capability container which is located in block 3) contains a series of tag-length-value (TLV) structures:

    01 (Tag: Lock Control TLV)
  03 (Length: 3 bytes)
  A0 10 44 (Value: Information on position and function of lock bytes)
03 (Tag: NDEF Message TLV)
  11 (Length: 17 bytes)
  D1010D5402656E48434944303039393936 (Value: NDEF message)
FE (Tag: Terminator TLV; has no length field)

    So your tag contains the NDEF message

    D1010D5402656E48434944303039393936

    This translates to

    D1 (Header byte of record 1)
    - Message begin is set (= first record of an NDEF message)
    - Message end is set (= last record of an NDEF message)
    - Short record flag is set (= Payload length field consists of 1 byte only)
    - Type Name Format = 0x1 (= Type field contains an NFC Forum well-known type)
  01 (Type length: 1 byte)
  0D (Payload length: 13 bytes)
  54 (Type: "T")
  02656E48434944303039393936 (Payload field)

    The payload field of a NFC Forum Text record decodes like this:

    02 (Status byte: Text is UTF-8 encoded, Language code has a length of 2 bytes)
656E (Language code: "en")
48434944303039393936 (Text: "TEST009996")