• State
  • Locked Locked
  • Replies 6 replies
  • Subscribers 16 subscribers
  • Views 4574 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

NFC Sniffer

Royston D'souza
Intellectual 816 points
Other Parts Discussed in Thread: TRF7970A

Hi,

I am using a TRF7970a and a Sony Experia M in peer to peer communication mode. The TRF7970a acts as a passive target. The phone send the SENS_REQ and I get that in TRF7970a. Now TRF7970a replies with SENS_RES but I do not receive any ATTR_REQ from the phone.

I need to find out if the TRF7970a is sending the SENS_RES correctly in passive mode to the phone. Is there a way to make an NFC Sniffer?

Can I use another TRF7970a EVM and configure the TRF7970a of the EVM to act as a silent listener. I know I would be able to get the data sent by the phone since the phone is in active mode, but can I sniff/read what was sent by my passive TRF7970a in reply to the SENS_REQ using the TRF7970a EVM acting as the sniffer.

Regards

Royston

  • 0
    TI__Expert 7820 points

    There are two ways of using the TRF7970A EVM as a sniffer.

    1.) NFC Passive mode - this mode is possible and as I understand the TRF7970A will decode the communication and place it in the FIFO.  

    2.) Put the TRF7070A EVM in direct mode 0 and receive the modulated signals on MISO.  The EVM will act as a sniffer.  What you will get is the raw modulated data from both the sender and receiver.  To be fair, I have only confirmed this working on ISO14443B and ISO15693 protocols.  I anticipate that it will also work on ISO14443A.  You would need a logic analyzer, best from Saleae.

    To interpret the raw data you would have to spend some time manually analyzing the signal, since we currently do not have a automatic decoder for ISO14443A with Saleae.  But you will at least be able to determine if data is being sent out from either side pretty quickly.

    I can definitely help you with getting the firmware project for option 2.  Option 1 I may be able to but it depends on another person.

    - Alex

  • 0 in reply to Alex K.
    Intellectual 816 points

    Hi Alex,

    Thank you for the information. I will try out option 1 as it currently seems the fastest I can implement. I have the TRF7970 already working as a passive NFC target. What I will do is get another TRF7970 to work in the NFC passive mode and instead of replying to the Phone, I will store the received data internally. So I should get a SENS_REQ from the phone and a SENS_RES which is sent by the 1st TRF7970.

    I hope this is inline with your suggestion of option 1, if not please correct me where I am wrong.

    Thank you once again for your response.

    Regards

    Royston

  • 0 in reply to Royston D'souza
    TI__Mastermind 38620 points

    Royston,

    Another option is to purchase a sniffer.  Please have a look at the Frontline Comprobe device below.  I have personally used this and it is quite nice in regards to the software interface and protocol decoding.  If you will be developing extensively with NFC, you will find such a device is incredible useful! 

    http://www.fte.com/products/NFC.aspx

  • 0 in reply to Royston D'souza
    TI__Expert 7820 points

    Just to be clear, we have source code for option 1, but that only returns the PCD or reader side of the communication.  

    For option 2 we have the full source code that is expected to return the modulated data from both sides.  I say expected because we have tested it to only work with ISO15693 and ISO14443B.  I am away from my office to confirm if it will sniff ISO14443A.  I really expect it to.

  • 0 in reply to Eddie LaCost
    Intellectual 816 points

    Hi Eddie,

    Thank you for your suggestion and pointing out a good product. At the moment I need to just connect to an android phone and send a text and receive a text for the project which is an automated Lock opening mechanism. I will try and resolve the issue with Alex's suggestion, but if it really get tough I am glad you pointed me out to the right tool. Have asked them for a quote as well.

    Thanks once again,

    Regards
    Royston

  • 0 in reply to Royston D'souza
    Intellectual 816 points

    Hi Alex,

    Thank you for your email. I will email you to get the sources. Information is always useful

    Regards
    Royston