Fig 1. Structure of the NXP Reader Library Export Controlled
1. Introduction
1.1 NXP libraries comparison
NXP Reader Library
This document describes the NXP Reader Library (Public), which is the software written
in C language enabling the customers to create their own software stack for their
contactless reader. The NXP Reader Library is available at [1].
There are another two NXP Reader Libraries giving to the developer advanced
possibilities. Particular libraries are restricted for usage on LPC microcontroller models.
For example the NXP Reader Library that is intended to run on NXP LPC1227 board.
NXP Reader Library Export Controlled: comprehensive software API enabling the
customers to create their own software stack for their contactless reader. The library
includes software representing cards, which may be export controlled or common criteria
certified. Therefore the whole software is export controlled and subject to NDA with NXP.
Library enables usage of SAM module which enables encrypted communication between
the host and reader chip (PCD). There must be hardware support from SAM unit, of
course.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
Fig 2. Structure of the NXP Reader Library NFC P2P
NXP Reader Library NFC P2P: is intended to run on NXP LPC1227 board which is
either connected to PNEV512 v1.4 blue board or CLRC663 Blue board v2.1. It is the
software support for Near Field Communication (NFC) including Data Exchange Format.
1.1.1 Layer Structure of the NXP Reader Library
The MCU implementing the Library is able to utilize several types of reader chips to
access any MIFARE card. To satisfy such versatile feature, architecture of the Library
was designed with multi layered structure – see Fig 3. Each layer is indep end ent from
the other layers.
Vertical structure of the NXP Reader Librar y is classified into following layers:
• Application layer (AL)
• Protocol abstraction layer (PAL)
• Hardware abstraction la yer (HAL)
• Bus abstraction layer (BAL)
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
Although this document describes the NXP Reader Library from Fig 3, in this section
there is slightly introduced most of the cards (components) from (green) AL in Fig 1. The
Application Layer of the NXP Reader Library implements commands for onl y MIFARE
Classic and MIFARE Ultralight among contactless cards listed below. The Application
Layer enables developer to access particular card by using its command set – it means
reading, writing, modifying and other operations with data on the card.
MIFARE Classic[2]: the leading industry standard for contactless and dual interface
smart card schemes, with an immense worldwide installed base. The platform offers a
full range of compatible contactless smartcard and reader ICs, as well as dual-interfaces
ICs. The MIFARE Classic family covers contactless smart cards used in applications like
public transport, access management, loyalty cards and many more. MIFARE Classic is
fully compliant with ISO/IEC 14443 Type A, available with 1k and 4k memory and 7 Byte
as well as 4 Byte identifiers. The Application Layer of the MIFARE Classic is closer
described in Section 2.4.
MIFARE Ultralight EV1[3]:It is intended for use with single trip tickets in public
transportation networks, loyalty cards or day passes for events as a replacement for
conventional ticketing solutions such as paper tickets, magnetic stripe tickets or coins.
The mechanical and electrical specifications of MIFARE Ultralight are tailored to meet the
requirements of paper ticket manufacturers. It can be easily integrated into existing
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
contactless system without need for serious changes of the system. MIFARE Ultralight is
fully compliant with ISO/IEC 14443 Type A.
The Application Layer of the MIFARE Ultralight is closer described in Section 2.5.
MIFARE Plus [4]: Migrate classic contactless smart card systems to the next security
level. After the security upgrade, MIFARE Plus uses AES-128 (Advanced Encryption
Standard) for authentication, data integrity and encryption. MIFARE Plus is based on
open global standards for both air interface and cryptographic methods at the highest
security leve l.
MIFARE DESFire[5]: fully compliant with ISO/IEC14443A(part 1 - 4) and uses optional
ISO/IEC7816-4 commands. The selectable cryptographic methods include 2KTDES,
3KTDES and AES128. The highly secure microcontroller based IC is certified with
Common Criteria EAL4+. MIFARE DESFire is multi-application smart card used in public
transport schemes, access management or closed-loop e-payment applications. It fulfills
the requirements for fast and highly secure data transmission, flexible memory
organization and interoper a bility with existing infrastructure.
ISO/IEC15693[6]: contactless vicinity card defined by ISO/IEC Standard.
ICODE SLI[7]: the first member of a product family of smart label ICs based on
ISO/IEC15693. This IC is dedicated for intelligent label applications like supply chain
management as well as baggage and parcel identification in airline business and mail
service.
Felica[11][12]: contactless smart card developed by the Son y com pan y with usag e
spread in Japan.
ICODE ILT[8]: dedicated chip for passive, intelligent tags and labels supporting the
ISO18000-3 mode 3 RFID standard. It is especially suited for applications where reliable
identification and high anti-collision rates are required. The ICODE ILT supports
ISO/IEC18000-3mode3 RFID standard.
1.1.1.2 Protocol Abstraction Layer
The Protocol Abstraction Layer implements the activation and exchange operations
regarding the protocol of the contactless communication. Each protocol has its own
folder in the library structure NxpRdbLib_PublicRelease/comps/phpal<protocolName>.
The NXP Reader Library supports following ISO standard protocols:
ISO/IEC14443-3A[9]: air interface communication at 13.56MHz for the cards of type A
ISO/IEC14443-3B[9]: air interface communication at 13.56MHz for the cards of type B
ISO/IEC14443-4[9]: specifies a half-duplex block transmission protocol featuring the
special needs of a contactless environment and defines the activation and deactivation
sequence of the protocol.
ISO/IEC14443-4A
[9]: previous protocol for the cards of type A
MIFARE(R): needs to be included for any MIFARE card. Contains support for MIFARE
authentication and data exchange reader chip and PC or PICC according to protocols
ISO/IEC14443-3A and ISO/ IEC1 444 3-4.
ISO/IEC15693[6]/ISO18000-3m1[10]: smart cards based on ISO/IEC15693 are used like
SKIPASS.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
ISO/IEC18000-3m3[10]: The ISO 18000-3 mode 3/EPC Class-1 HF standard allows the
commercialized provision of mass adoption of HF RFID technology for passive smart
tags and labels.
applications are supply chain management and logistics for worldwide use.
ISO/IEC18092 Mode Passive Initiator[12]: the DEP protocol as well as the passive
communication mode
Felicia: compliant protoco l[11], parts of it are also part of ISO 18092[12]
This document is focused on description of MIFARE Classic card which is compliant to
the ISO/IEC14443-3A protocol. The protocol layer ensures software functionality of
specified procedures: R equestA, Activate, Anti-collision, Select, HaltA, WakeUpA. The
PAL layer is software solution, how to ensure on the PC or MCU side all the procedures,
states and the states changes regarding to ISO/IEC14443-3A[9].
1.1.1.3 Hardware abstraction layer
The Hardware Abstraction Layer implements the hardware specific elements of the
reader chip. The reader chip could be considered as an additional module of MCU or PC
– connection provider between the MCU or PC and the card. From this point of view the
HAL layer is software how to utilize this module. There are many different card readers
supported by the NXP Reader Library. They differ in peripheral modules, memory
organization, command set etc or support various package of ISO protocols. According
to Fig 3 the NXP Reader Library supports two Pegoda readers and three reader chips
and their derivatives.
RD70x and RD710 Pegoda readers: contactless reader designed for an easy reader
adaptation to a PC to use these devices for test and application purposes and reference
design for new reader development based on the CLRC632 MFRC500 reader ICs
respectively.
Three major card reader chips and their derivatives:
There are several aspects that can be each reader chip considered from:
• support for card types
• support for types of ISO protocols from previous section 1.1.1.2
• support for secure access module (SAM)
• support for host communication interface
Check datasheet of particular reader chip to check if it satisfies your requirements.
Although there are some differences between these reader chips within each group also,
PCDs of one group share the same HAL layer source code – each PCD group owns a
separate folder in NxpRdbLib_PublicRelease/comps/phhalHw<readerChip>.
Functions of this layer are responsible for execution of native commands of particular
reader chip and all the management to be utilized effectively concurrently with stress on
preventing software from infinite loops. This means mainly:
• reading/writing from/into reader’s registers.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
• RF field management, receiver and transmitter configuration
• Timers configuration
• Resolving interrupt sources from reader chip
• FIFO management
Data passed from upper layers are packed together with command code into special
order, thus reader is able to decode them as command code, address and data. Section
2.1 is focused on description of functions performing CLRC663 native commands and
section 2.2 describes some HAL layer functions independent of reader chip.
The NXP Reader Library also supports Pegoda reader
1.1.1.4 Bus Abstraction Layer
The Bus Abstraction Layer ensures correct communication interface between the master
device and the reader chip. The master device can be PC with Windows or Linux
platform installed or MCU and it sends to the reader chip commands and other command
related data like addresses and data bytes. The card reader can send some register
values or received data like the response to requests from the mater device.
The NXP Reader Library supports following communication interfaces:
SerialWin:
serial connection for Windows platform
Rd70x USB Win: drivers for Windows platform to enable connection to Pegoda reader
PcscWin: driver for PC/SC interface running on Windows platform
Stub: Originally it was intended like component without functionality to ease
implementation of additional busses. Cur rently it supports SPI, I2C and RS232 interfac es
enabling connection to the Blueboard
The reader chip can possibly send replies – mostly when MCU requests value of
particular register.
1.1.1.5 Common Layer
The NXP Reader Library also includes utilities independent of any card and hardware
(card reader) – meaning they can be implemented regardless of hardware components.
All of them are encapsulated into the Common Layer
phTools: this part of common layer is able to perform binary operations related to CRC
and bit parity both for various lengths. CRC and parity check are used very rarely in
communication between PC or MCU and the card reader.
Note: These functions must not be implemented into the reader and any card
intercommunication. All the CRC checksum is done by both the sides automatically.
phKeyStore: is key handling software – storage, changing key format etc.. But the NXP
Reader Library supports only key storage utility. Only the NXP Reader Library Export
Controlled version supports full key storage functionalities and for those card readers
from phKeyStore part in
Each layer uses its own data structure to store important data, parameters for hardware
and software configuration. Members of structures determine branching of program flow
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
during software running, which means triggering, enabling or disabling of particular
software utilities and hardware modules.
At the beginning of program, it is necessary to load data parameter structure of layer with
default values by calling an initialization function of that layer. At the moment, when
particular data parameter structure is being initialized, underlaying structure must have
already been allocated - pointer to the structure must be known. So it is recommended to
begin initialization of particular data param eter structures from bottom to top layers. To
successfully implem ent func tions desc r ibed in this doc ument, all the layer components
from Table 1 need to be incorporated and their structures initialized:
Initialization functions for HAL CLRC663, PAL ISO14443-3A, MIFARE Classic, MIFARE
Ultralight are described in sections 2.2.2 2.3.2, 2.4.1, 2.5.1 respectively. BAL and
MIFARE layer components initializations are mentioned in sample code in section 3 in
line 150 and 153 respectively.
Check each init function of data parameter structures whether its default values agrees
with your intended cause, otherwise, init manually. Pay special attention to
bBalConnectionType
member in
phhalHw_Rc663_DataParams_t
, to set custom bus
communication between reader chip and MCU. However, you will need to initiate
bBalConnectionType
“manually” (see sample code in section 3 line 164 or line 169), due to
HAL init function sets RS232 interface on default. The partial description of CLRC663
HAL layer structure and its initialization function are in sections 2.2.1 and 2.2.2
respectively. The HAL layer has its own couple of
phhalHw_GetConfig()
functions (see sections 2.2.3 and 2.2.4) to modify parameters of the
phhalHw_SetConfig()
and
structure and change configuration of the reader.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
2. Exemplary explanati on of t he li bra ry functions
A project defining a CLRC663 Blueboard communication with a MIFARE classic is
herewith explained.
2.1 HAL: CLRC663 commands
2.1.1 General
The reader chip is not able to execute compiled C code, but executes commands of
command set. For that reason the PCD reader is controlled by host device able to
execute the library code (PC or MCU) and sends particular commands to the PCD via
communication bus. In this chapter are described command related functions. Together
with command itself, described functions mostly call many other support routines to
ensure flawless command run. So the described functions are not PCD’s native
commands literally, but larger functions ensuring particular command execution. This
attitude intends to focus developer on most important issues without redundant
knowledge about underlaying functions.
2.1.2 Idle command
This command indicates that the PCD is in idle mode. This command is used to
terminate actually executed command. It also indicates. Unlike other commands this
command does not have its own function. Only way, how to perform the Idle command is
This function performs the low-power card detection and an automatic trimming of the
LPO. The values of the sampled I and Q channel are stored in the register map. The
value is compared with the min/max values in the register. If it exceeds the limits, an
LPCD IRQ will be raised. After the command the standby is activated if selected.
*pDataParams: pointer to the HAL layer data parameter structure.
bMode: there are three different modes that LPCD can run. Each is matched with one of
three following defines:
- phhalHw_Rc663_Cmd_Lpcd()
PHHAL_HW_RC663_CMD_LPCD_MODE_DEFAULT:
on 64 kHz frequency. Function ignores last two input arguments, but uses
PHHAL_HW_RC663_LPCD_T3_RELOAD_MIN
phhalHw_Rc663_Config.h file to set power-down and detection time amounts.
PHHAL_HW_RC663_CMD_LPCD_MODE_POWERDOWN:
time and performs LPC after wakeup. If no card is found the PCD is powered down again
and the procedure is restarted. If a card is found the function returns and the PCD
remains powered up.
Try LPCD until timeout is reached. T4timer runs
and
PHHAL_HW_RC663_LPCD_T4_RELOAD_MIN
Powers down the PCD for a certain amount of
from
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
set with either
Guard-timer in this case is only running during the power-up phases, so the timeout has
to be adjusted properly.
PHHAL_HW_RC663_CMD_LPCD_MODE_OPTION_TRIMM_LPO:
perform LPO trimming together with the LPCD command.
PHHAL_HW_RC663_CMD_LPCD_MODE_OPTION_IGNORE_IQ
the function to set I and Q channel values.
bI: I-Channel value in case of no card on antenna.
bQ: is Q-Channel value in case of no card on antenna.
wPowerDownTimeMs: power-down time in milliseconds if power-down mode is used.
wDetectionTimeUs: detection time in microseconds if power-down mode is used.
returnValues:
PH_ERR_SUCCESS
PH_ERR_IO_TIMEOUT
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.1.4 LoadKey
Same as previous, but uses the timeout
PHHAL_HW_CONFIG_TIMING_US
or
PHHAL_HW_CONFIG_TIMING_MS
Or this bit to the desired mode to
Or this bit to the desired mode to prevent
- card present.
- no card found.
- operation successful.
- phStatus_t phhalHw_R c663_Cmd_LoadKey ()
as abort criteria.
This function loads a MIFARE Key (6 bytes) into the Key buffer of the reader, that
necessary for further authentication.
*pDataParams: pointer to the HAL layer data parameter structure.
*pKey: pointer to the 6 byte MIFARE key array. Value of this key is defined by software,
so any value of key satisfying 6 byte size may be used for attempt to Authenticate. This
is different from LoadKeyE2 command loads key from EEPROM without any possibility to find out actual value of the key.
returnValues:
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.1.5 LoadKeyE2
This function loads the MIFARE Key (6 bytes) from a position in the PCD EEPROM Key
Storage Area into the Key buffer. Subsequently, with such loaded key the authentication
can be executed.
Note: Before you decide to use this function, see more complex
function in section
purpose.
*pDataParams: pointer to the HAL layer data parameter structure.
bKeyNo: key number in EEPROM in range 0x00 - 0xFF.
returnValues:
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.1.6 MFAuthent
This function performs MFAuthent command (entire three pass Authentication procedure
to the given EEPROM block of the card) with key currently loaded in the Key buffer. If
Authentication passes through all three phases successfully, then the EEPROM block is
fully accessible for data manipulation MIFARE Classic commands: reading, writing,
increment, decrement, restore and data transfer. For MIFARE Classic, if once access to
the block is obtained, then access to entire sector (4 blocks) retains until next attempt to
authenticate to any EEPROM block of card.[2]
Note:
This function does not provide any loading into the Key buffer. The key intended to
be used for the authentication needs to be loaded by
function
EEPROM see an alternative to this function
*pDataParams: pointer to the HAL layer data parameter structure.
Set
(
section 2.1.4). In case of using the key from the key storage area of PCD’s
pDataParams->pKeyStoreDataParams = NULL
- operation successful.
- phhalHw_Rc663_MfcAuthenticate_Int()
phhalHw_Rc663_Cmd_LoadKey()
phalMfc_Authenticate()
to run EEPROM key store branch.
in section 2.4.2.
bBlockNo: number of block in EEPROM of the card to authenticate to. Authentication to
block enables access to entire section which the block is part of. In case of the MIFARE
Classic it must be in range from 0 to 63.
bKeyType: can be either
PHAL_MFC_KEYA
or
PHAL_MFC_KEYB
. In case of MIFARE Classic
each block can be authenticated by using anyone of these two keys specified for that
block.[2]
*pUid: pointer to UID of the card to be authenticated. Each card has its own unique
identification number.
Note: In this function there is no pointer to array containing 6 byte key used for
authentication. Thus before calling this function, the key intended to be used for
authentication must be loaded into the Key buffer by the function
phhalHw_Rc663_Cmd_LoadKey()
section 2.1.14. In case of key stored in MKA see
– see section 2.1.4. or by the
phalMfc_Authenticate()
phKeyStore_SetKey()
– see
in section 2.4.2
as an alternative to this function.
returnValues:
PH_ERR_AUTH_ERROR:
Authentication procedure fails, if the key currently loaded in the Key
buffer of reader does not match with key for given block in card tried to be accessed.
PH_ERR_INVALID_PARAMETER
bKeyType
–
wKeyVersion
other than
other than NULL.
PHAL_MFC_KEYA
or
PHAL_MFC_KEYB
.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
Other: depending on implementation and underlaying component.
2.1.7 Receive
This function handles receiver, then waits for eventually coming data. There are many
data related errors that can occur during reception: framing, CRC, buffer overflow,
protocol, integrity, collision error. Weather successful frame reception or any among
many possible errors occur, they are used as return values, so developer can further
manage particular situation himself. Receiving also terminates as soon as number of
received data overflows FIFO WaterLevel. Waterlevel is set on default size FIFO-1 bytes,
so abort from this interrupt source should not occur. If necessary, use
exceeds half of maximum possible number of keys in
- Authentication command itself did not succeeded while timeout from
- operation successful.
- phhalHw_Rc663_Cmd_Receive()
to set
*pDataParams: pointer the HAL layer data param eter s truc tur e.
pDataParams->bRfResetAfterTo == PH_ON
: provokes RF field reset, after unsuccessful
reception due to timeout. Although this is just software parameter (no register related), it
is recommended to set this option by
PHHAL_HW_CONFIG_RFRESET_ON_TIMEOUT, PH_ON)
wOption:
PHHAL_HW_RC663_OPTION_RXTX_TIMER_START
phhalHw_SetConfig(pDataparams,
function (see section 2.2.3).
should be passed here to prevent
software from freezing while waiting for received data for a long time. This option
employs both T0 and T1 timers.
**ppRxBuffer: the pointer to byte where function writes received data.
*pRxLength: is pointer to the number of received data bytes.
returnValues:
– no coming data detected and while timeout from timer 1 terminated.
- Data is written into the FIFO when it is already full.
- Data was written into the FIFO, during a transmission of a
possible CRC, during "RxWait", "Wait for data" or "Receiving" state, or during an
authentication command.
PH_ERR_FRAMING_ERROR
were
received.
PH_ERR_COLLISION_ERROR
byte.
- A valid SOF was received, but afterwards less than 4 data bits
– A collision has occurred. Software routine retrieves valid bits of last
PH_ERR_PROTOCOL_ERROR
received data byte is not written into the FIFO.
– A protocol error has occurred. When a protocol error occurs the last
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
possible CRC, during "RxWait", "Wait for data" or "Receiving" state, or during an
authentication command.
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.1.9 WriteE2
buffers Tx
-Data into internal buffer instead of transmitting it.
does not clear the internal buffer before operation. If this bit
– invalid value of the
– ‘No data’ error. Data should be sent, but no data is in FIFO.
– Data written into the FIFO when it is already full.
– Data was written into the FIFO, during a transmission of a
- operation successful.
- phhalHw_Rc663_Cmd_WriteE2
starts timer after transmission before reception,
wOption
parameter.
Write one byte of data to the given EEPROM address. There is no software waiting loop
to protect program flow from delay, while writi ng data into EE PROM.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
*pDataParams: pointer to the HAL layer data parameter structure.
wAddress: address in EEPROM, where data byte shall be written to. Firmware does not
verify validity of address.
bData: data byte to be written.
returnValues:
PH_ERR_READ_WRITE_ERROR
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.1.10 WriteE2 Page
Write up to 64 bytes of data to a given EEPROM page. There is no software waiting loop
to stop program flow, while writing data into EEPROM. In comparis on with prev iou s
function, this function handles medium amount of data.
*pDataParams: pointer to the HAL layer data parameter structure.
wAddress: 2 byte address. Better said page number in range from 0 to 128.
*pData: pointer to data byte array to be stored in EEPROM.
bDataLen: length of data to be written, up to 64 bytes.
returnValues:
PH_ERR_INVALID_PARAMETER
– error occurred during writing data into EEPROM – invalid
wAddress
parameter
- operation successful.
- phhalHw_Rc663_Cmd_WriteE2Page
-
wAddress
greater than 64
PH_ERR_READ_WRITE_ERROR
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
2.1.11 ReadE2
- phhalHw_Rc663_Cmd_ReadE2()
This function reads up to 256 bytes from the EEPROM of the reader. Since all requested
data are firstly loaded into FIFO buffer, High Alert Interrupt is enabled. This causes abort
as soon as loaded data in FIFO reaches FIFO top Waterlevel defined in Waterlevel (03h)
register. Outside of this function, you can increase FIFO size from default 256 to 512
bytes by setting FIFO. Use
*pDataParams: pointer to the HAL layer data parameter structure.
wAddress: 2 byte address; Range is 0x0000 - 0x1FFF.
wNumBytes: number of data bytes to read. If
function aborts before any read operation, although some addresses might be valid.
*pData: pointer to requested data. This value must not be NULL, else no data will be
returned.
returnValues:
PH_ERR_INVALID_PARAMETER - wNumBytes
PH_ERR_READ_WRITE_ERROR
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
2.1.12 LoadReg command
Reads a defined number of bytes from the EEPROM and copies the value into the
register set, beginning at the given register address. Function includes a software
protection from attempt to access invalid address. Verification is done before even the
first read command execution. All the register and EEPROM addresses intended to be
read/written must be in valid range, otherwise no load register operation is performed,
although some of EEPROM or register addresses might be valid.
*pDataParams: pointer to the HAL layer data parameter structure.
wEEAddress: 2 byte address within the section 2 of EEPROM: from 192 to 6143.
bRegAddress: register address in range of 0 – 128.
bNumBytes: number of bytes to copy.
returnValues:
PH_ERR_INVALID_PARAMETER
PH_ERR_READ_WRITE_ERROR
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
– attempt to access EEPROM address out of section 2 or
register address out of 0 – 128.
– error occurred during writing data into EEPRO M
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
This function configures receiver and transmitter of reader to communicate according
given ISO protocol. The function needs to be called before the Activation. Reader chip
keeps configuration of the latest protocol set, unless changed by this function or direct
command LoadProtocol or Load Register. All values necessary to configure RX and TX
registers correctly are read from special EEPROM section and loaded to RX/TX
configuration registers important to protocol selection.
*pDataParams: pointer to the HAL layer data parameter structure.
Except the load protocol settings themselves, it is necessary receiver module to be set
additionally. For this purpose following parameter is dedicated:
pDataParams->bLoadRegMode
PH_OFF
: function performs loading RX/TX registers with default software def in ed va lues
from
gpkhhalHw_Rc663_<protocol_name>
more comfortable and highly recommended option than the next one. This is default
value after the HAL layer data parameter structure initiated.
PH_ON:
function calls native Load Register command to load RX/TX registers with values
from dedicated EEPROM addresses. This option assumes that the configuration values
have been stored yet in the EEPROM of the reader. This implies other parameters to be
set:
- phhalHw_Rc663_ApplyProtocolSettings()
is binary switch and It must be one of two following values
MSB byte of the EEPROM address
LSB byte of the EEPROM address
register address. 0x34 is the first address for the
configuration of the receiver of CLRC663 reader.
pDataParams->pLoadRegConfig[3]:
number of bytes to be copied. Recommended value for
configuration of CLRC663 reader is 6, which is length
of configuration registers of receiver in register space.
All EEPROM and register addresses must be valid.
bCardType: protocol related to card intended to be handled. Constants representing all
Note: This function configures same communication protocol for both receiver and
transmitter as well. If developer needs for any purpose to run them on different protocols
concurrently, in this case it is necessary to do it via direct calling of lower layer function
phhalHw_Rc663_Cmd_LoadProtocol()
command. But be careful about using this function, because it does not provide
necessary timer configurations.
returnValues:
PH_ERR_INVALID_PARAMETER
PH_ERR_READ_WRITE_ERROR
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.1.14 StoreKeyE2
This function writes a given key to Firstly, a given key is passed to the FIFO and
subsequently written to specified position in EE PR OM . Unlike CLRC663 native
SetKeyE2 command, this function stores just 2 keys into reader’s key storage area. If an
incomplete key (less than 6 bytes) is passed to this function, that key is not stored into
the EEPROM.
– attempt to access EEPROM address out of section 2 or
register address out of 0 – 128.
– error occurred during writing data into EEPROM
- operation successful.
- phKeyStore_SetKey()
*pDataParams: pointer to the HAL layer data parameter structure.
wKeyNo: indicates the first key in MIFARE key area (up to 128) that will be writt en . In
other words number of section that key is matched to.
wKeyVersion: is key version of the key to be loaded. Parameter has no effect.
wKeyType: is key type of the key to be loaded. Only
supported.
*pNewKey: is pointer to the new key to be stored in EEPROM.
wNewKeyVersion: is new key version of the key to be updated. Parameter has no
effect.
returnValues:
PH_ERR_READ_WRITE_ERROR
PH_KEYSTORE_TYPE_MIFARE
is
– unsuccessful writing the key into EEPROM. If writing not
finished after time defined by
PH_KEYSTORE_RC663_EEP_WR_TO_MS
in phKeyStore_Rc663_Int.h then function stops command
executing and returns this error.
- error from write into EEPROM
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
Other: depending on implementation and underlaying component.
2.1.15 SoftReset
- phhalHw_Rc663_Cmd_SoftReset()
This function performs the SoftReset command. Triggered by this command all the
default values for the register setting will be read from the EEPROM and copied into the
register set. It is up to the caller to wait until the IC is powered-up and ready again. In
addition to that, the caller should call
*pDataParams: pointer to the HAL layer data parameter structure.
returnValues:
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
2.2 HAL: Additional description of HAL layer
In this section there is firstly partially described HAL layer data parameter structure and
for CLRC663 reader, then HAL layer functions common for all the reader chips supported
by the library. Those functions can be implemented independently of hardware. Field
controlling and reading/writing registers functions are general functionalities necessary
for various the PCDs.
again to re-
2.2.1 CLRC663 HAL layer data parameter structure
Entire structure is defined in the file phhalHw.h in folder NxpRdLib_PublicRelease\intfs.
In this section there are mentioned only some parameters from the CLRC663 HAL layer
data parameter structure which are implemented in the functions described in this
document.
void
*pBalDataParams: pointer to the undelaying BAL data parameter structure.
uint8_t
Register mode in
mode intended to be used,
defined.
uint8_t
uint8_t
member is set by
uint16_t wCfgShadow[PHHAL_HW_RC663_SHADOW_COUNT]
configuration of receiver and transmitter for current card type.
uint16_t
in section 2.2.9. How long
nothing else.
bLoadRegMode: binary switch for enabling/disabling (
ApplyProtocolSettings()
pLoadRegConfig
function (see section 2.1.13). If Load Register
(see line bellow) must have already been
*pLoadRegConfig: pointer to configuration buffer for Load Register mode.
bCardType: type of card for which the HAL component is configured for. This
ApplyProtocolSettings()
function (see section 2.1.13).
; configuration shadow. Stores
wFieldOffTime: field off time in milliseconds for
FieldReset()
function holds the field turned off while doing
PH_ON/PH_OFF
FieldReset()
function described
) Load
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
bRfResetAfterTo: binary switch for field reset after timeout. If any PAL
ISO/IEC14443-3A function (described in section ) receives no response from PICC after
timeout expiration and this parameter is set
FieldReset()
function.
2.2.2 Initialization HAL
This function loads entire HAL layer data parameter struc tur e with va lues .The HAL layer
data parameter structure contains much more parameters than number of input
parameters of this function. Consequently, by this function developer can influence only
those HAL layer parameters matched to input parameters whilst the rest of the HAL
parameters are initialized on default values. Check definition of initialization function for
particular reader chip in NxpRdLib_PublicRelease\comps\phhalHw\src\ <FolderOfReaderChip>\phhalHw<ReaderChip> whether default initialization values
satisfy your intended purpose. Use
modify any parameter of a HAL layer component on any legal value.
phStatus_t phhalHw_Rc663_Init(
reader connected to the MCU via RS232.
reader connected to the MCU via SPI.
reader connected to the MCU via I2C.
*pDataParams: pointer to the HAL layer parameter structure.
wSizeOfDataParams: specifies the size of the data parameter structure.
*pBalDataParams: pointer to the underlaying BAL layer data parameter structure.
*pLoadRegConfig: pointer to configuration buffer for Load Register mode in
ApplyprotocolSettings()
(see section 2.1.13).
*pTxBuffer: pointer to global transmit buffer used by data exchange in PAL
ISO/IEC14443-3A layer.
wTxBufSize: size of the global transmit buffer.
*pRxBuffer: pointer to global receive buffer used by data exchange in PAL
ISO/IEC14443-3A laye r.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
wRxBufSize: size of the global receive buffer. Specify the buffer +1 byte, because one
byte is reserved for SPI communication.
2.2.3 SetConfig
This function performs changing the value of the particular parameter (member) of the
HAL layer data parameter structure, but it does not modify the structure itself (adding or
erasing new parameters - members) because one structure is fix defined for particular
reader chip. For example, this function can be used to set timeouts for
function. This function is implemented by many functions of HAL and PAL layer as well,
for example to set timeouts and bits according to set desired communication protocol. If a
parameter is closely matched with particular register, in addition
function executes writing the value to correct PCD register (for example
*pDataParams: pointer to the HAL layer data parameter structure.
wConfig: configuration identifier specifies parameter (member) to be changed. All the
configuration identifiers (
phhalHw.h file in folder NxpRdLib_PublicRelease\intfs.
wValue: configuration value. New value of the parameter.
returnValue:
- phhalHw_SetConfig()
are related to FifoSize register). Therefore rather use this function to
PHHAL_HW_CONFIG_<CONFIGURATION_IDENTIFIER>
FieldReset()
phhalHw_SetConfig()
bFifoSize
) are listed in
or
2.2.4 GetConfig
- phhalHw_GetConfig()
This function is complementary to the previous
previous section 2.2.3). It reads current configuration value of given parameter from HAL
data parameter structure component.
This function performs reset of the RF field. Firstly the RF field is turned off by
(see section 2.2.8) function and subsequently the RF field is enabled by
section 2.2.7) function. Both those states are hold for a certain amount of time while
doing nothing else.
*pDataParams: pointer to the HAL layer data parameter structure. HAL structure
parameters
how long (in milliseconds)
Default value for both the timeouts is 5 milliseconds. Whilst field off and field recovery
times can be changed by
unchangeable (milliseconds are fixed).
returnValues:
PH_ERR_SUCCESS
PH_ERR_INTERFACE_ERROR
2.2.10 Wait
- phhalHw_Wait()
operation successful.
communication error.
- phhalHw_FieldReset()
pDataParams->wFieldOffTime
FieldOff()
and
pDataParams->wFieldRecoveryTime
and
FieldOn()
phhalHw_SetConfig()
operation successful.
communication error.
FieldOn()
functions hold their field states.
function individually, units are
FieldOff()
(see
determine
This function utilizes reader chip timers T0 and T1 to hold program flow for a given
amount of time. Program leaves this function when timeout elapses.
The ISO/IEC 14443 part 3 defines the start of communication and how to select the PICC
and resolve situations, when more cards are present in the field of reader. Sometimes
this is called “Card activation Sequence”. ISO/IEC 14443-3 protocol is split into A and B
version. MIFARE Cl assic uses A type.
A particular feature of these functions is complexity. They represent software
implementation of procedures defined in ISO/IEC14443-3 exploiting functions of
underlaying HAL layer to execute partial steps of procedures. All the following mentioned
functions are involved in protocol abstraction layer with
phpalI14443p3a_Sw_DataParams_t storing parameters of layer.
It is recommended to use activation function
section 2.3.4 which implements all other functions inside and executes all the procedures
according ISO/IEC14443p3. This is just a recommendation due to comfort. If any reason
to call particular function, it is possible call it separately, of course.
2.3.2 Init ISO14443-3A
This function initiates PAL ISO14443-3A component.
*pDataParams: pointer to the PAL layer data parameter structure.
wSizeOfDataParams: specifies the size of the data parameter structure. Recommended
to pass here
*pHalDataParams: pointer to the parameter structure of the underlying HAL layer.
returnValues:
PH_ERR_SUCCESS
PH_ERR_INVALID_DATA_PARAMS
ISO14443p3A structure.
sizeof(phalMfc_Sw_DataParams_t)
- operation successful.
phpalI14443p3a_ActivateCard()
- phpalI14443p3a_Sw_Init()
.
–
wSizeOfDataParams
does not agree with define d si ze of PAL
described in
Except previous function this layer implements also one additional important component
MIFARE Although PAL MIFARE component
2.3.3 Request A
- phStatus_t phpalI1444 3p3a_RequestA ()
This function transmits request type A (REQA) then it expects immediate answer to that
request (ATQA). Data rates are automatically configured on 106kHz data rate for both
receiver and transmitter. During this operation CRC module of reader chip is turned off
for both reception and transmission signal. After request is transmitted, routine waits for
any answer until timeout (timers T1, T0) expires.
*pAtqa: pointer to ATQA. If RequestA is successful, then 2 byte ATQA is written to this
variable.
returnValues:
PH_ERR_PROTOCOL_ERROR
PH_ERR_SUCCESS
Other: depending on implementation and underlaying com ponent.
Note:. If no answer to request is received nor any changes of field near subcarrier
detected by receiver during dedicated time, then function is aborted with timeout error.
There are two time constants defined in phpalI14443p3a_Sw_Int.h file to determine for
ATQA timeout:
Resulting waiting time is in microseconds and equals to sum of both the values.
2.3.4 Activate Card
This function gets card into Active state, whether it was is Halt state or has not been
activated yet. After successful activation, the card may be turned into Halt state due to
intention to be handled near future use. Activate procedure is quite complex, therefore
this function calls nearly all the other functions from this chapter: RequestA or Wake up,
Anticollision, Selection. Inside this function they are integrated into powerful software tool
executing entire Activation procedure covering all the states and situations specified in
ISO/IEC14443p3.
This function performs Anti-collision and Selection operation respectively. Successful
Activation results in acquiring actual and complete UID of given card. Even if there are
more PICCs present in the range of PCD’s field, the activation function ensures just one
UID captured. If the card has been pushed to Halt state before, this function provides
Wake up command.
*pDataParams: pointer to the PAL layer data parameter structure.
are changed.
*pUidIn: pointer to UID of card to get activated. If this parameter equals NULL and there
is at least one card in range of PCD’s field, then one card will be activated – UID of a
card will captured.
bLenUidIn: number of relevant bytes of
0 – means UID is unknown, thus function begins with RequestA. At the end of function
complete UID of card should be captured.
4, 7, 10 - Wake up command is performed.
*pUidOut: pointer to complete UID of activated card.
*pLenUidOut: length of
pUidIn
pUidOut
. Only values 4, 7, 10 are possible.
UidLength
and
Uidab
array. Just 0, 4, 7, 10 are valid values:
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
*pSak: pointer to one byte SAK. byte code specifying type of card. MIFARE card type is
determined by bits according to table of SAK values in [26].
*pMoreCardsAvailable: indicates whether one or more cards are in range of PCD field
at the same time. But still only one card’ UID is captured in one function run.
PH_ON
: more cards available. Collision occurred.
PH_OFF
: just one card in PCD field.
returnValues:
PH_ERR_INVALID_PARAMETER
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.3.5 Anticollision
This function is responsible for handling just one card during Activation procedure in case
more cards are present in the PCD field. Anti-collision routine performs 1 or 3 loops
depending on card currently activating, until complete UID acquired. The Anti-collision
procedure is mandatory for ISO/IEC 14443A compliant products and all the NXP
MIFARE products support the Anti-collision to ISO/IEC14443A.
PCD transmits cascade level byte part of anti-collision command to PICC. If value differs
from these three values, command is invalid.
Cards owning 4 byte long UID, run only. After third cascade complete, UID must be
known for any UID length case.
*pUidIn: is pointer to UID of card.
bNvbUidIn: is number of valid bits UID of the card currently processed by Anti-collision
procedure. Actually, this variable carries two information encoded within. MSB four bytes
keeps information about number of valid bytes and lower foursome of bytes represents
number of valid bits for currently processed UID.
*pUidOut: is pointer to array, where updated UID of card will be load after function
finishes successfully. The array is increased in amount of bytes depending on a current
Anticollision phase of the Anti-collision represented by
bCascadeLevel
. During operation of
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
Other: depending on implementation and underlaying component.
2.3.6 Selection
This function provides Selection - a partial operation of Activation procedure. This
function and
phpalI14443p3a_ActivateCard()
obtaining of compete UID in a way satisfying ISO/IEC14443p3.
After this Selection executes successfully, card specified by UID responds by SAK byte
code which refers to the card type (MIFARE Classis 1k, 4K, MIFARE DESFire etc.). If the
PCD reader requested to be able to handle more card types, particular MIFARE card
type can be recognized by SAK one byte code. Further task for developer is to design
branching of software to run correct routines compliant to type (SAK byte) of the card
currently selected.
PHPAL_I14443P3A_CASCADE_TAG
– invalid cascade level or invalid
- invalid response received.
- operation successful.
- phpalI14443p3a_Select()
phpalI14443p3a_Anticollision()
are both together implemented within the
function. Cooperation of this couple of functions results in
, which indicates,
bNvbUidIn.
Note: Use this function just for purpose of finding out SAK byte, which determines type of
card.
Cards owning 4 byte long UID, run only one cascade level. After the third cascade level
is completed, UID must be obtained for any card - all UID lengths’ cases. For further
information see ISO/IEC14443p3.
*pUidIn: UID of card to be selected. This value should not be NULL, due to this function
process only relevant even if incomplete input UID.
*pSak: byte code specifying type of card. MIFARE card type is determined by bits
according to table of SAK values in [26]. There is one special case SAK==0x04 which
means UID of currently selected card is not complete yet and next cascade of activation
loop is necessary to perform. Therefore Selection function is used inside Activation
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
function, where SAK == 0x04 provokes next cascade level to obtain complete UID by
Anti-collision function
phpalI14443p3a_Anticollision()
.
returnValues:
PH_ERR_PROTOCOL_ERROR:
UID
pUidIn[0] == PHPAL_I14443P3A_CASCADE_TAG
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.3.7 Exchange
In comparison with PCD CLRC663 native commands performing functions are
ISO/IEC14443p3 related functions more complex and exploit different communication
principle to achieve correct performing of particular ISO operation. PCD transmits partial
command to PICC (if any), afterwards PCD receives eventual reply from PICC. Common
issue for all ISO/IEC14443p3A related functions is bidirectional communication (halfduplex base) between PCD and PICC. Exchange function performs transmission and
reception respectively, via suitably exploiting native Transceive command and additional
register settings ensuring flawless communication.
Note:
Although ISO/IEC14443-3A functions directly implement
function, in this section it is described another one (from PAL layer), which implements
that function also.
Disagreement between first byte of UID and SAK. First byte of
- operation successful.
- phpalI14443p3a_Exchange()
together with
SAK != 0x04
phhalHw_Exchange()
or vice versa.
*pDataParams: pointer to the PAL layer parameter structure.
wOption: all ISO/IEC14443p3 functions pass default parameter EXCHANGE_DEFAULT
*pTxBuffer: pointer to data array to be transmitted. Actually, this array contains PICC
command defined by byte code and data for PICC.
wTxLength: number of data bytes to be transmitted. If function performing a card
command calls this function, then this variable is one greater than length of data to be
transmitted, due to length of command itself. Developer does not need to care about this,
command related functions handles it automatically.
**ppRxBuffer: pointer to pointer to received data.
*pRxLength: pointer to address, where information about received data is passed.
returnValues:
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.3.8 Halt A
After MIFARE card has been activated one option is to get the card into Halt state. The
card can be later reactivated by WakeUpA or
phStatus_t phpalI14443p3a_HaltA(
- operation successful.
- phStatus_t phpalI14 443p3a_HaltA()
phpalI14443p3a_ActivateCard()
function.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
*pDataParams: pointer to the PAL layer data parameter structure.
returnValues:
PH_ERR_SUCCESS
has been transmitted to the card and no subsequent RF signal from card received. Time
to wait is by value
microseconds.
PH_ERR_PROTOCOL_ERROR
echo signal has been detected, which is considered that card has not turned Halt mode.
Other: depending on implementation and underlaying component.
2.3.9 Wake up A
This function reactivates a card if the card has been pushed to Halt state before. The
Request Guard Time (see 6.2.2, ISO/IEC 14443-3:2009(E)) is mandatory and is neither
implemented here nor implemented in every HAL layer. Make sure that either the used
HAL or the used application does comply to this rule.
*pDataParams pointer to the PAL layer data parameter structure.
*pAtqa pointer to ATQA. If WakuUpA is successful, then 2 byte ATQA is written to this
variable.
returnValues:
PH_ERR_PROTOCOL_ERROR:
: card has been turned into Halt mode successfully. After Halt command
PHPAL_I14443P3A_HALT_TIME_US
+
PHPAL_I14443P3A_EXT_TIME_US
in
: protocol error occurred. After transmitting Halt command some
- phStatus_t phpalI1 4443p3a_WakeU pA()
invalid response code received.
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
2.4 AL: MIFARE Classic commands
This section describes MIFARE Authentication function and data manipulating functions
reflecting data manipulating MIFARE commands. You can find further information about
the MIFARE Classic commands in [2]. All of them are implemented in the Application
Layer of the NXP Reader Library in the folder NxpRdbLib_PublicRelease/comps/phalMfc.
2.4.1 Init MIFARE Classic
This function initiates MIFARE Classic card component.
*pKeyStoreDataParams: pointer to the underlaying KeyStore parameter structure.
returnValues:
PH_ERR_SUCCESS
- operation successful.
PH_ERR_INVALID_DATA_PARAMS
MFC component.
2.4.2 MF Authentication
This function loads a key from the key store area of PCD’s EEPROM into the Key buff er.
Then it performs entire procedure of three pass Authentication to the given EEPROM
block of the card. If Authentication passes through all the three phases success f ully, then
the EEPROM block is fully accessible for data manipulation MIFARE Classic commands:
reading, writing, increm ent, decrement, restore and data transfer. Once access to block
is obtained, access to entire section (4 blocks) retains until next attempt to authenticate
to any EEPROM block of card. This function integrates two functions: . In case of
authentication by “software” defined key - out of PCD key storage area use
phhalHw_Rc663_Cmd_LoadKey()
and subsequently function
authenticate.
This function could be divided into two branches:
Software key store branch: unfortunately contains functions with de facto no executable
source code.
EEPROM key store: utilizes
into crypto unit then executes MIFARE three pass Authentication.
function (section 2.1.4) to load the key into the Key buffer
phhalHw_Rc663_MfcAuthenticate_Int()
phhalHw_Rc663_Cmd_LoadKeyE2
(section 2.1.6) to
to load a key from EEPROM
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
pDataParams->pKeyStoreDataParams == NULL
bodyless functions from the Software Key store branch run and authentication has no
effect.
bBlockNo: number of block in EEPROM of card to authenticate to. Authentication to
block enables access to entire section which the block is part of.
bKeyType: can be either
authenticated by using anyone of these two keys specified for that block.[2]
wKeyNumber: key number from the PCD’s EEPROM to be used in authenticat ion.
RC663 has key storage area of volume of 1024 bytes. This variable has no special
predefined match with block number of the MIFARE card. Developer must to manage
storing of the keys responsibly (by reliable system) to avoid later mismatch in
authentication.
to run EEPROM key store branch. Otherwise
PHAL_MFC_KEYA
or
PHAL_MFC_KEYB
. Each block can be
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
Fig 4. One value block in EEPROM of the MIFARE Classic
wKeyVersion: key version to be used in authentication. This is a useless variable, but
must be NULL.
*pUid: pointer to UID of the card to be authenticated. Each card has its own unique
identification number.
bUidLength: length of UID. Only lengths 4, 7 or 10 are legal.
returnValues:
PH_ERR_AUTH_ERROR:
buffer of reader does not match with key for given block in card tried to be accessed.
PH_ERR_INVALID_PARAMETER
bKeyType
wKeyNo
the EEPROM
PH_ERR_IO_TIMEOUT
timer1 terminated.
PH_ERR_SUCCESS
Other: depending on implementation and underlaying com ponent.
2.4.3 ReadValue
This function performs MIFARE Classic Read command first then in addition verifies all
the read bytes from the 16 byte receive buffer regarding to data format in Fig 4.
Verification is done by
Authentication procedure fails, if the key currently loaded in the Key
–
wKeyVersion
other than NULL.
other than
PHAL_MFC_KEYA
or
PHAL_MFC_KEYB
exceeds half of maximum possible number of keys in
: Authentication command itself did not succeeded while timeout from
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
bBlockNo: block number to be read from.
*pValue: pointer to 4 byte array containing read value from the MIFARE Classic card
value block.
*pAddrData: pointer to one byte containing address read from the MIFARE Classic card
value block.
returnValues:
PH_ERR_PROTOCOL_ERROR
– error when other than 16 bytes read from MIFARE Classic card
value block.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
- data or address bytes within the 16 byte receive buffer do not
satisfy MIFARE Block data rules according to Fig 4.
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.4.4 WriteValue
Firstly, this function creates from 4 byte input value and input address the 16 byte
formatted structure according to Fig 4. Then it performs MIFARE Classic Write command
of that 16 byte value. Formatting is done automatically by MCU software -
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
bBlockNo: block number to be written into.
*pValue: 4 byte array to be written to the MIFARE Classic card value block. This function
converts and includes it to the 16 byte format ready to be written.
bAddrData: one byte array of address data to be written to the MIFARE Classic card
value block. This function converts and includes it to the 16 byte format ready to be
written.
returnValues:
- operation successful.
- phalMfc_WriteValue()
.
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.4.5 Increment
It adds the operand to the value of the addressed block, and stores the result in a volatile
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
bBlockNo: block number to be incremented.
*pValue: pValue[4] containing value (LSB first) to be incremented on the MIFARE(R)
card.
returnValues:
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.4.6 Decrement
It subtracts the operand from the value of the addressed block, and stores the result in a
volatile memory.
*pDataParams: pointer MIFARE Classic the AL layer data parameter structure.
bBlockNo: block number to be decremented.
*pValue: pValue[4] containing value (LSB first) to be decremented on the MIFARE(R)
card
returnValues:
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.4.7 Restore
It copies the value of the addressed block into a volatile memory.
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
bBlockNo: block number the transfer buffer shall be restored from.
returnValues:
PH_ERR_SUCCESS
Other: depending on implementation and underlaying component.
2.4.8 Transfer
This function writes the value stored in the volatile memory into one MIFARE Classic
block.
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
- operation successful.
- phalMfc_Restore()
- operation successful.
- phalMfc_Transfer()
bBlockNo: block number the transfer buffer shall be transferred to.
returnValues:
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
2.4.9 IncrementTransfer
This function executes both Increment and Transfer command respectively. Value from
source block is copied into volatile memory where it is incremented by given value then
stored into destination in EEPROM memory. All the mentioned is executed within the
MIFARE Classic card.
bSrcBlockNo: source block number in MIFARE Classic card EEPROM. Value from this
block to be incremented.
bDstBlockNo: destination block number. Incremented value from source block is stored
to this block.
*pValue: 4 byte value that is value from source block incremented by.
returnValues:
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
2.4.10 DecrementTransfer
This function executes both Decrement and Transfer command respectively. Value from
source block is copied into volatile memory where it is decremented by given value then
stored into destination in EEPROM memory. All the mentioned is executed within the
MIFARE Classic card.
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
bSrcBlockNo: block number to be decremented.
bDstBlockNo: destination block number. Decremented value from source block is stored
to this block.
*pValue: 4 byte value that is value from source block decremented by.
returnValues:
PH_ERR_SUCCESS
- operation successful.
- phalMfc_DecrementTransfer()
Other: depending on implementation and underlaying component.
2.4.11 RestoreTransfer
- phalMfc_RestoreTransfer()
This function executes both Decrement and Transfer command respectively. Value from
source block is copied into volatile memory where it is incremented by given value then
stored into destination in EEPROM memory. All the mentioned is executed within the
MIFARE Classic card.
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
bSrcBlockNo: block number to be decremented.
bDstBlockNo: block number to be transferred to.
returnValues:
PH_ERR_SUCCESS
- operation successful.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
This function configures UID to given personalization option, which has direct impact on
behavior during Anti-collision, Selection and. The default configuration at delivery
enables the ISO/IEC 14443-3 compliant anti-collision and selection. The execution of this
command requires an authentication to sector 0. Once this command has been issued
and accepted by the PICC, the configuration is automatically locked.
*pDataParams: pointer to the MIFARE Classic AL layer data parameter structure.
bUidType: UID type.
PHAL_MFC_UID_TYPE_UIDF0 -
ISO/IEC14443-3
#PHAL_MFC_UID_TYPE_UIDF1 -
ISO/IEC 14443-3 and optional usage of a selection process shortcut
PHAL_MFC_UID_TYPE_UIDF2 -
to ISO/IEC
14443-3
PHAL_MFC_UID_TYPE_UIDF3 -
ISO/IEC 14443-3 where the NUID is calculated out of the 7-byte U ID
- phalMfc_PersonalizeUid()
anti-collision and select ion with the double size UID accord ing to
anti-collision and selection with the double size UID according to
anti-collision and selection with a single size random ID according
anti-collision and select ion with a single size NUID according to
returnValues:
PH_ERR_SUCCESS
- operation successful.
Other: depending on implementation and underlaying component.
2.5 AL: MIFARE Ultralight commands
You can find further information about MIFARE Ultralight commands in [3]. All of them
are implemented in the Application Layer of the NXP Reader Library in the folder
NxpRdbLib_PublicRelease/comps/phalMful.
2.5.1 Init MIFARE Ultralight
This function initiates MIFARE Ultralight card component.
*pCryptoDataParams: pointer to the phCrypto data parameters structure.
*pCryptoRngDataParams: pointer to the parameter structure of the CryptoRng layer.
PH_ERR_SUCCESS
PH_ERR_INVALID_DATA_PARAMS
component.
2.5.2 Read -
This function performs MIFARE Ultralight Read command.
In this chapter we introduce a sample code performing basic handling w ith MIFA R E
Classic card. There are only fragments of the complete original source code presented
with focus on most important parts. Main purpose of example code is to clarify functions
and their aim in context of application, what are particular functions responsible for,
prerequisites for some functions necessary to do or call.
104 int main (void)
105
110
111
112
113
114
115
116
117
Before any operations with card and hardware configuration either, declare data
parameter structures for all the layers. When particular data parameter struc tur e will be
initiated later, underlaying structure must already exist. Part ic ular layers and their mutual
relationships and hierar c h y are described in section 1.1.1.
122 phbalReg_Stub_DataParams_t balReader;
123
phhalHw_Rc663_DataParams_t halReader;
124
phpalI14443p3a_Sw_DataParams_t I14443p3a;
125
phpalI14443p4_Sw_DataParams_t I14443p4;
126
phpalMifare_Sw_DataParams_t palMifare;
127
128
phKeyStore_Rc663_DataParams_t Rc663keyStore;
129
phalMfc_Sw_DataParams_t alMfc;
Set interface between the MCU and the reader chip for correct communication. This
includes bus type selection and MCU’s PIN configuration for that purpose.
142 Set_Interface_Link();
Perform reset of reader chip. One of the MCU GPIO pin is connected to the CLRC663
reader chip. MCU sets reset signal on this pin.
145 Reset_RC663_device();
Initialize data parameter structure for the BAL layer.
Initialize data parameter structure for the HAL layer. The
phhalHw_Rc663_DataParams_t
structure is related to the card reader CLRC663 and stores some software configuration
parameters which MCU controls the reader through. This function initiates PCD card
reader. The third passed parameter is address of existing BAL data parameter structure.
Initiate bus connection type separately (line 164 or 169), because
phhalHw_Rc663_Init()
function (see section 2.2.2) sets RS232 interface by default, although real hardware bus
selection has been done in line 142.
153 status = phhalHw_Rc663_Init(
154
&halReader,
155
sizeof(phhalHw_Rc663_DataParams_t),
156
&balReader,
157
0,
158
bHalBufferReader,
159
sizeof(bHalBufferReader),
160
bHalBufferReader,
161
sizeof(bHalBufferReader));
162
#ifdef I2C_USED
163
/* Set the parameter to use the I2C interface */
164
#endif
166
167 #ifdef SPI_USED
168 /* Set the parameter to use the SPI interface */
169 halReader.bBalConnectionType = PHHAL_HW_BAL_CONNECTION_SPI;
170 #endif
Pointer to the HAL layer data parameter structure will be needed by following initiations
of upper layer data parameter structures.
173 pHal = &halReader;
Initialize the 14443-3A PAL (Protocol Abstraction Layer) component (see section 2.3.2).
Before any communication attempt with MIFARE Classic, set up reader chip to
ISO/IEC14443p3A communication protocol, which is MIFAR E Class ic com pliant pr otocol
(see section 2.1.13). Even we don’t know if in the PCD’s field any card at all.
From this time on, reader chip is prepared to communicate with ISO/IEC14443p3A
compliant cards.
It might seem like program ignores the RequestA operation (if there is any card in the
range of field) and skips directly to Activation phase, that would be violating of
ISO14443p3A. But
phpalI14443p3a_ActivateCard()
includes RequestA also. Section 2.3.4
provides quite precious description of this function.
227 status = phpalI14443p3a_ActivateCard(&I14443p3a, NULL, 0x00, bUid,
&bLength, bSak, &bMoreCardsAvailable);
If the is a card in the field and the activation is successful, since last four passed
parameters are pointers. Anti-collision procedure is also included here, so even if there
are more cards in the PCD’s field, only one card is selected – one UID captured.
If there is a card in the field of PCD reader, previous Activate function runs successfully
and obtains SAK byte from the card also. That is byte code saying about the type of the
card.
From this point nearly to the end is branch for MIFARE Classic card detected.
242 else if (0x08 == (*bSak & 0x08))
243
{
244
debug_printf_msg("Mifare Classic card detected");
Memory of MIFARE Classic is divided into 16 sectors and each sector contains 4 blocks
of 16 byte length. Firstly we need to get access to sector by authentication with key. The
key must agree with key stored in the card for particular sector.
Before authentication we must store the key into key storage area in the EEPROM of the
reader chip. The key is defined array Key[6] – we use a new card here so the key is 6
bytes of 0xFF.
Now the 6 byte key is in key buffer of the crypto unit and retains until next key is buffered
by
phKeyStore_SetKey()
.
Performing authentication function loads from the key storage EEPROM area according
blocknumber passed as parameter to authentication function. See section 2.4.2 to
understand parameters of this function.
265 status = phalMfc_Authenticate(&alMfc, 0, PHHAL_HW_MFC_KEYA, 0, 0,
bUid, bLength);
Successful authentication to block 0 gives access to all the other blocks of sector 0.
Although we already have captured UID since Authent icati on, her e is an alter nat i ve way:
UID of the card is read from block 0 in sector 0 by Read MIFARE native command. But
this assumes sector 0 has already been authenticated.
The NXP Reader Library return defined return values – error codes. This approach
should help the developer with error identification if it occurs and thus make easier way
how to fix bugs during software development. Each error code is type of 16 uint and
includes two pieces of information. Upper byte identifies the layer which an error has
occurred on and lower byte is the byte code of particular error. All the error codes are
defined in ph_Status.h file in the folder NxpRdLib_PublicRelease/types.
5. Abbreviations
Table 2. Abbreviations
NXP Semiconductors
UM10663
NXP Reader Library User Manual
UM10663
All information provided in this docum ent is subject to legal disclaimers.
[8] Data Sheet - ICODE ILT, smart label IC; will be available on NXP Web
[9] ISO/IEC Standard - ISO/IEC14443 Identification cards - Contactless integrated
circuit cards - Proximity cards
[10] Data Sheet - ISO/IEC Standard - ISO 18000-3 Information technology AIDC
techniques - RFID for item management - Air interface, Part 3 - Parameters for air
interface communications at 13.56 MHz, M1 stands for Mode 1, M3 stands for
Mode 3
[11] Data Sheet - JIS Standard JIS X 6319 Specification of implementation for
integrated circuit(s) cards - Part 4: High Speed proximity cards
[12] Data Sheet - ISO/IEC Standard - ISO 18092 Information technology -
Telecommunications and information exchange between systems - Near Field
Communication- Interface and Protocol (NFCIP-1)
[13] Data sheet - MFRC523; Contactless reader IC, BU-ID Doc. No. 1152**, available
Purchase of an NXP Semiconductors IC that complies with one of the Near
implementation of any of those standards.
Purchase of NXP ICs with ISO/IEC 14443 type B functionality
and/or end-user equi pm en t.
Technology
7. Legal information
7.1 Definitions
Draft — The document is a draft version only. The content is still under
internal review and subject to formal approval, which may result in
modifications or additions. NXP Semiconductors does not give any
representations or war ra nti e s as to th e accu racy or completeness of
information included herein and shall have no liability for the consequences
of use of such information.
7.2 Disclaimers
Limited warranty and liability — Information in this document is believed to
be accurate and reliable. However, NXP Semiconductors does not give any
representations or warranties, expressed or implied, as to the accuracy or
completeness of such information and shall have no liability for the
consequences of use of such information.
In no event shall NXP Semiconductors be liable for any indirect, incidental,
punitive, special or cons eq ue ntial damages (includi ng - without limitation lost profits, lost savings, business interruption, costs related to the removal
or replacement of any pr od ucts or re w o rk charges) whether or not such
damages are based on tort (incl uding negligence), wa rra nt y, brea c h of
contract or any other legal theory.
Notwithstanding any damages that customer might incur for any reason
whatsoever, NXP Semiconductors’ aggregate and cumulative liability
towards customer for the products described herein shall be limited in
accordance with the Terms and conditions of commercial sale of NXP
Semiconductors.
Right to make changes — NXP Semiconductors reserves the right to make
changes to information published in this document, including without
limitation specifica ti on s and pr od uct de scri pti ons, at any time and without
notice. This document supersedes and replaces all information supplied prior
to the publication hereof.
Suitability for use — NXP Semiconductors products are not designed,
authorized or warranted to be suitable for use in life support, life-critical or
safety-critical systems or equipment, nor in applications where failure or
malfunction of an NXP Semiconductors product can reasonably be expected
to result in personal injury, death or severe property or environmental
damage. NXP Semiconductors accepts no liability for inclusion and/or use of
NXP Semiconductors products in such equipment or applications and
therefore such inclusion and/or use is at the customer’s own risk.
Applications — Applications that are described herein for any of these
products are for illustrative purposes only. NXP Semiconductors makes no
representation or war ra nt y that such applications will be suitable for the
specified use without further testing or modification.
Customers are responsible for the design and operation of their applications
and products using NXP Semiconductors products, and NXP
Semiconductors accepts no liabilit y for any assistance with applicati ons or
customer product design. It is customer’s sole responsibility to determine
whether the NXP Semiconductors product is suitable and fit for the
customer’s applications and products planned, as well as for the planned
application and use of customer’s third party customer(s). Customers should
provide appropriate design and operating safeguards to minimize the risks
associated with their applications and products.
NXP Semiconductors does not accept any liability related to any default,
damage, costs or problem whic h is bas ed on an y weak n ess or def ault in the
customer’s applications or products, or the application or use by customer’s
third party customer(s). Customer is responsible for doing all necessary
testing for the customer’s applications and products using NXP
Semiconductors products in order to avoid a default of the applications and
the products or of the application or use by customer’s third party
customer(s). NXP does not accept any liability in this respect.
Export control — This document as wel l as the item ( s) described herein
may be subject to export control regulations. Export might require a prior
authorization from competent authorities.
Evaluation products — This product is provided on an “as is” and “with all
faults” basis for evaluation purposes only. NXP Semiconductors, its affiliates
and their suppliers expressly disclaim all warranties, whether express,
implied or statutory, including but not limited to the implied warranties of noninfringement, merchantability and fitness for a particular purpose. The entire
risk as to the quality, or arising out of the use or performance, of this product
remains with customer.
In no event shall NXP Semiconductors, its affiliates or their suppliers be
liable to customer for any special, indirect, consequential, punitive or
incidental damages (including without limitation damages for loss of
business, business interruption, loss of use, loss of data or information, and
the like) arising out the use of or inability to use the product, whether or not
based on tort (including negligence), strict liability, breach of contract, breach
of warranty or any other theory, even if advised of the possibility of suc h
damages.
Notwithstanding any damages that customer might incur for any reason
whatsoever (including without limitation, all damages referenced above and
all direct or general damages), the entire liability of NXP Semiconductors, its
affiliates and their suppliers and customer’s exclusive remedy for all of the
foregoing shall be limited to actual damages incurred by customer based on
reasonable reliance up to the greater of the amount actually paid by
customer for the product or five dollars (US$5.00). The foregoing limitations,
exclusions and disclaimers shall apply to the maximum extent permitted by
applicable law, even if any remedy fails of its essential purpose.
7.3 Licenses
Field Communicatio n (NFC ) st an da rds ISO / IEC 180 92 and ISO/IEC 21481
does not convey an implied license under any patent right infringed by
This NXP Semiconductors IC is ISO/IEC 14443 Type
B software enabled and is licensed under Innovatron’s
Contactless Card patents license for ISO/IEC 14443 B.
The license includes the right to use the IC in systems
RATP/Innovatron
7.4 Trademarks
Notice: All referenced brands, product names, service names and
trademarks are property of their respective owners.
MIFARE — is a trademark of NXP B.V.
MIFARE Ultralight — is a trademark of NXP B.V.
NXP Semiconductors
UM10663
NXP Reader Library User Manual
Please be aware that important notices concerning this document and the product(s)
described herein, h