I write a text to a Mifare Classic 1K tag using the NFC Tools app on my Android device (through the built-in NFC reader). This text is "moretto" (my last name).
Then, I'm trying to read this text (NDEF format) using the NFC reader ACR1255U with the library provided by ACS.
I am able to get following:
Read block 4: FF B0 00 04 10
response: 0000030ED1010A5402656E6D6F726574 9000
Read block 5: FF B0 00 05 10
response: 746FFE00000000000000000000000000 9000
I know that FE
indicates the end of content and 6D6F726574746F
is my text. But how do I identify where the text begins? I have difficulties to understand the TLV format described in the NXP documentation.
First of all, NXP's proprietary NDEF mapping for MIFARE Classic tags is specified in these two application notes:
As you already found (Unable to authenticate to a MIFARE Classic tag used as NDEF tag), the NDEF data is stored in the data blocks of certain sectors (the NDEF sectors, marked as such by means of the MIFARE Application Directory). Thus, the data relevant for NDEF is the combination of all data from these blocks.
E.g. if your NDEF sectors are sector 1 and 2, you would need to read blocks 4, 5, 6 (= blocks 0..2 of sector 1) and blocks 8, 9, 10 (= blocks 0..2 of sector 2) to aggregate the data of the NDEF tag.
In your case, the data from blocks 4 and 5 seems to be sufficient (since the end of tag data is marked in block 5, as you correctly found yourself). The relevant tag data in your case is
0000030E D1010A54 02656E6D 6F726574 746FFE00 00000000 00000000 00000000
The tag data itself is packed into TLV (tag-length-value) structures. A TLV block consists of a mandatory tag byte, a conditional length field, and an optional data field:
+----------+ | TAG | | (1 byte) | +----------+
+----------+----------+-----------+ | TAG | LENGHT n | DATA | | (1 byte) | (1 byte) | (n bytes) | +----------+----------+-----------+
+----------+----------+-----------+-----------+ | TAG | 0xFF | LENGHT n | DATA | | (1 byte) | (1 byte) | (2 bytes) | (n bytes) | +----------+----------+-----------+-----------+
The interesting tags in your specific case are:
0x00
, no length field, no data field0xFE
, no length field, no data field0x03
, has field, has data field (may have zero length though)Consequently, in your case the data decodes to:
00 NULL TLV (ignore, process next byte) 00 NULL TLV (ignore, process next byte) 03 NDEF Message TLV (contains your NDEF message) 0E Lenght = 14 bytes D1010A5402656E6D6F726574746F Data = NDEF Message FE Terminator TLV (stop processing the data)
An NDEF message can consist of 0, 1 or more NDEF records. In your case, the NDEF message decodes to the following:
D1 Record header (of first and only record) Bit 7 = MB = 1: first record of NDEF message Bit 6 = ME = 1: last record of NDEF message Bit 5 = CF = 0: last or only record of chain Bit 4 = SR = 1: short record length field Bit 3 = IL = 0: no ID/ID length fields Bit 2..0 = TNF = 0x1: Type field represents an NFC Forum well-known type name 01 Type Length = 1 byte 0A Payload length = 10 bytes 54 Type field (decoded according to the setting of TNF) "T" (in US-ASCII) = binary form of type name urn:nfc:wkt:T 02656E6D6F726574746F Payload field (decoded according to the value of the Type field)
Therefore, your NDEF message consists of one Text record (NFC FOrum well-known type with the data payload 02656E6D6F726574746F
. This record payload decodes to:
02 Status byte Bit 7 = 0: Text is UTF-8 encoded Bit 6 = 0: Not used Bit 5..0 = 0x02: Length of IANA language code field 656E IANA language code field "en" (in US-ASCII) = Text is in English 6D6F726574746F Text "moretto" (in UTF-8)