reading ntag213 with trf797a above page 15

Oleksandr Kozaruk78

Other Parts Discussed in Thread: TRF7970A

Hello,

I'm trying to read NTAG213. The read is successful for pages below 16.

I'm reading 4 pages block with READ (0x30) command. If I read a block starting from page 15, page 15 is read correctly and then the rest of the data is from page 0, 1, 2.

If I try to start reading from page 16 and above, I don't get any reply from trf7970a, and reading timeouts.

The function that reads block sends the following sequence:

8F 91 3D 00 20 30 [BLOCK_ADDRESS]

8F 91 3D 00 20 30 0C ------------------> OK

8F 91 3D 00 20 30 10 ------------------> NOT OK

For pages bellow 16 I get write interrupt after ~0.53 ms, send command to reset FIFO, and then get read interrupt after ~1.5 ms

I don't get read interrupt if BLOCK_ADDRESS >= 16

I have two tags, and I can read the content of a tag with NFC TagInfo app, thus I think it means no pages are under password.

We are using custom board and tms320C28xx microcontroller.

over 8 years ago

0 Eddie LaCost over 8 years ago

TI__Mastermind 38590 points

Hello Oleksandr,

I am researching this since I do not have any of these tags currently. I also ordered some tags to work with, but won't receive them until Friday. When you read using the NFC TagInfo app, can you confirm it reads all pages of the tag? I also have a sniffer, so when I receive the tags, I can sniff the communication between the phone and tag to determine exactly what commands are being used.

0 Oleksandr Kozaruk78 over 8 years ago in reply to Eddie LaCost

Prodigy 30 points

Hello Eddie,

Yes, TagInfo reads all the pages.
Bellow is the TagInfo ouput:

** TagInfo scan (version 3.0) 2015-08-28 16:03:05 **

-- INFO ------------------------------

# IC manufacturer:
NXP Semiconductors

# IC type:
NTAG213

-- NDEF ------------------------------

# No NFC data set available:

# NDEF Capability Container (CC):
Mapping version: 1.0
Maximum NDEF data size: 144 bytes (0x12)
NDEF access: Read & Write (0x00)
E1 10 12 00 |.... |

# Control TLVs:
Lock Control TLV at address 0x04, offset 0
* Dynamic lock bytes at address 0x28, offset 0
- 12 lock bits (0x0C)
- 8 bytes locked per lock bit (0x3)
- Address calculation:
~ page address: 0xA
~ byte offset: 0x0
~ 16 bytes per page (1<<0x4)
01 03 A0 0C 34 |....4 |

-- EXTRA ------------------------------

# Memory size:
144 bytes user memory
* 36 pages, with 4 bytes per page

# IC detailed information:
Full product name: NT2H1311G0DUx
Capacitance: 50 pF

# Version information:
Vendor ID: NXP (0x04)
Type: NTAG (0x04)
Subtype: 50 pF (0x02)
Major version: 1 (0x01)
Minor version: V0 (0x00)
Storage size: 144 bytes (0x0F)
Protocol: ISO/IEC 14443-3 (0x03)

# Configuration information:
ASCII mirror disabled
NFC counter: disabled
No limit on wrong password attempts
Strong load modulation enabled

# Originality check:
Signature verified with NXP public key
Public key:
* 0x04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61
ECDSA signature:
* r: 0x2610A0A8FC533FDCCF908340B80D0791
* s: 0xD50D2A5D9B0C1EBEFE8351DEBA2880D2

-- TECH ------------------------------

# Technologies supported:
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible

# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.NfcA, android.nfc.tech.MifareUltralight,
android.nfc.tech.Ndef]
android.nfc.tech.Ndef
android.nfc.tech.MifareUltralight
android.nfc.tech.NfcA
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 618 ms
No MIFARE Classic support present in Android

# Detailed protocol information:
ID: 04:5E:76:4A:9A:3D:80
ATQA: 0x4400
SAK: 0x00

# Memory content:
[00] * 04:5E:76 A4 (UID0-UID2, BCC0)
[01] * 4A:9A:3D:80 (UID3-UID6)
[02] . 6D 48 00 00 (BCC1, INT, LOCK0-LOCK1)
[03] . E1:10:12:00 (OTP0-OTP3)
[04] . 01 03 A0 0C |....|
[05] . 34 03 00 FE |4...|
[06] . 00 00 00 00 |....|
[07] . 00 00 00 00 |....|
[08] . 00 00 00 00 |....|
[09] . 00 00 00 00 |....|
[0A] . 00 00 00 00 |....|
[0B] . 00 00 00 00 |....|
[0C] . 00 00 00 00 |....|
[0D] . 00 00 00 00 |....|
[0E] . 00 00 00 00 |....|
[0F] . 00 00 00 00 |....|
[10] . 00 00 00 00 |....|
[11] . 00 00 00 00 |....|
[12] . 00 00 00 00 |....|
[13] . 00 00 00 00 |....|
[14] . 00 00 00 00 |....|
[15] . 00 00 00 00 |....|
[16] . 00 00 00 00 |....|
[17] . 00 00 00 00 |....|
[18] . 00 00 00 00 |....|
[19] . 00 00 00 00 |....|
[1A] . 00 00 00 00 |....|
[1B] . 00 00 00 00 |....|
[1C] . 00 00 00 00 |....|
[1D] . 00 00 00 00 |....|
[1E] . 00 00 00 00 |....|
[1F] . 00 00 00 00 |....|
[20] . 00 00 00 00 |....|
[21] . 00 00 00 00 |....|
[22] . 00 00 00 00 |....|
[23] . 00 00 00 00 |....|
[24] . 00 00 00 00 |....|
[25] . 00 00 00 00 |....|
[26] . 00 00 00 00 |....|
[27] . 00 00 00 00 |....|
[28] . 00 00 00 BD (LOCK2-LOCK4, CHK)
[29] . 04 00 00 FF (CFG, MIRROR, AUTH0)
[2A] . 00 05 -- -- (ACCESS)
[2B] +P FF FF FF FF (PWD0-PWD3)
[2C] +P 00 00 -- -- (PACK0-PACK1)

*:locked & blocked, x:locked,
+:blocked, .:un(b)locked, ?:unknown
r:readable (write-protected),
p:password protected, -:write-only
P:password protected write-only

--
Regards,
Sasha

0 Eddie LaCost over 8 years ago in reply to Oleksandr Kozaruk78

TI__Mastermind 38590 points

This was resolved outside of the e2e forums with Sasha. I have attached the Saleae logic analyzer shots of the correct reading of NTAG213. ntag213_read_39_blocks_of_data.logicdata

Other wireless

Other wireless technologies forum

reading ntag213 with trf797a above page 15