Philips MF RD700 User Manual

INTEGRATED CIRCUITS

Phili

MF RD700

Command Set

User & Reference Manual

User Manual Revision 3.0

Semiconductors

June 2005

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

CONTENTS

1 GENERAL INFORMATION 5

1.1 Scope 5

1.2 General description 5

2 MF RD700 COMMAND SET 7

2.1 General Description of serial communication 7

2.2 Overview of the delivered library stack 8

2.3 MfRC500 Interface wrappers 9

2.3.1 Mf500InterfaceOpen 9

2.3.2 Mf500InterfaceClose 10

3 MODULES 11

3.1 Administration Command Set 12

3.1.1 Included Functions 12

3.1.2 Function Desription 12

3.1.2.1 PcdGetRICVersion 12

3.1.2.2 PcdGetSnr 13

3.1.2.3 PcdReadE2 13

3.1.2.4 PcdReset 14

3.1.2.5 PcdRfReset 14

3.1.2.6 PcdSetTmo 15

3.1.2.7 PcdWriteE2 15

3.2 MIFARE® Classic Command Set 16

3.3 Handling the MIFARE Classic World 16

3.3.1 Included Functions 17

3.3.2 Function Description 18

3.3.2.1 Mf500PcdConfig 18

3.3.2.2 Mf500ActiveAntennaMasterConfig 18

3.3.2.3 Mf500ActiveAntennaSlaveConfig 19

3.3.2.4 Mf500PiccAnticoll 19

3.3.2.5 Mf500PiccCommonRead 20

3.3.2.6 Mf500PiccCommonWrite 21

3.3.2.7 Mf500PiccHalt 22

3.3.2.8 Mf500PiccRead 22

3.3.2.9 Mf500PiccRequest 23

3.3.2.10 Mf500PiccSelect 24

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.3.2.11 Mf500PiccValue 25

3.3.2.12 Mf500PiccValueDebit 26

3.3.2.13 Mf500PiccWrite 27

3.3.2.14 Mf500PiccWrite4 28

3.4 MIFARE® Authentication Procedures 29

3.4.1 Included Functions 29

3.4.2 Function Desription 30

3.4.2.1 Mf500PiccAuthE2 30

3.4.2.2 Mf500PiccAuthKey 31

3.5 MIFARE® Commands with calling compatible Interface 32

3.5.1 Inlcuded Functions 32

3.5.2 Function Description 32

3.5.2.1 Mf500PiccAuth 32

3.6 ISO 14443A Low Level Commands 33

3.6.1 Included Functions 33

3.6.2 Function Desription 34

3.6.2.1 Mf500PcdGetAttrib 34

3.6.2.2 Mf500PcdSetAttrib 35

3.6.2.3 Mf500PcdSetDefaultAttrib 36

3.6.2.4 Mf500PiccActivation 36

3.6.2.5 Mf500PiccActivateIdle 38

3.6.2.6 Mf500PiccActivateIdleLoop 39

3.6.2.7 Mf500PiccActivateWakeup 42

3.6.2.8 Mf500PiccCascAnticoll 43

3.6.2.9 Mf500PiccCascSelect 44

3.6.2.10 Mf500PiccCommonRequest 45

3.6.2.11 Mf500PiccExchangeBlock 46

3.7 Transparent Communication Channel between Host and Reader IC 47

3.7.1 Included Functions 47

3.7.2 Function Description 48

3.7.2.1 ExchangeByteStream 48

3.7.2.2 ReadRC 50

3.7.2.3 WriteRC 50

3.7.2.4 ReadMultiple 51

3.7.2.5 WriteMultiple 51

3.8 Utility Functions 52

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.8.1

Included Functions 52

3.8.2 Function Desription 53

3.8.2.1 PcdEnableHighBaudRates 53

3.8.2.2 HostGetExecutionTime 53

3.8.2.3 HostTransTmrStart 54

3.8.2.4 HostTransTmrStop 54

3.8.2.5 Mf500HostCodeKey 55

3.8.2.6 Mf500PcdLoadKeyE2 55

3.8.2.7 PcdSetIdleMode 56

3.8.2.8 SwitchLED 56

3.8.2.9 DbgTrigger 57

3.8.2.10 StartDownload 57

3.8.2.11 PcdGetFwVersion 58

3.9 Self Test Functions 59

3.9.1 included Functions 59

3.9.2 Function Description 59

3.9.2.1 RicTestPcd 59

3.9.2.2 RicTestPicc 60

3.9.2.3 RicTestFlashNr 60

3.9.2.4 RicTestCommunication 61

4 RETURN VALUES OVERVIEW 62

4.1 Table of Return values 62

4.1.1 Common Communication Return Codes 62

4.1.2 Return Values’ Overview 63

5 REVISION HISTORY 68 Contact Information 70

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

1 GENERAL INFORMATION

1.1 Scope

This document describes the functionality of the command set for MF RD700 ‘Pegoda’ reader. It include s the functional description of the used commands and gives details, how to use or design-in this device from a system and software viewpoint.

The default configuration for the MF RD700 uses the MF RC500 as the contactless reader IC. In fact, the reader module can be used with all members of the new contactless reader IC family without any additional hardware changes.

The command set defines all commands, which can be used by the different reader ICs as the MF RC530 and the MF RC531. These reader-ICs will be available soon to give the user the possibility to integrate these ICs easy in the Pegoda environment. Consequently not all described commands are available in the standard configuration of the Pegoda reader based on the MF RC500 reader IC. These commands are marked in the description.

1.2 General description

The MF RD700 Pegoda reader is ready to be connected to a PC. Figure 1 shows the basic overview of the MF RD700’s software concept. Different levels of the PC libraries can be identified:

 Application Level

This level is user specific and might be used by the user to implement own applications and test programs. The evaluation kit packages for the MF RC700 provide the MIFAREWND program and the source code for the Rges program as example for small test programs on application level.

 MF RD700 Command Set

This document describes the library giving the user the possibility to program an application to the PEGODA reader. All necessary settings and command are explained in detail on the following pages.

 HostRDCom

The library for the host to reader communication. This library establishes the communication between the host and the reader. Default usage for the MF RD700 is the USB interface. Additionally RS232 and IrDA are supported to give the user a large variety of interfaces. The description is included to that package in the Application Note HostRDCom- User & Reference Manual.

 The firmware of the MF RD700 covers the functionality of the basic function library of the MF RC 500.

This basic function library is described in the Application Note MIFARE® MF RC500 Basic F unction Library.

The supported operating systems are limited to the Microsoft Windows Platform. Depending on the selected connectivity type, Win98, Win2000 or Win NT 4.0 is supported. The content of this document should be precise enough, to give the user the possibility writing own communication libraries for other operating systems.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

Application 2

Application 1

T= CL

MfG en eric

T=CL LL

RS232 API

RS232 Driver

RS232

MfRc500

RD700

Library Interface

HostRdCom

Sequenzer/Desequenzer

Generic Input/Output

IRDA API

IRDA Driver

IRDA

USB Protocol Driver

USB HW spec. Driver

USB

RS232 RX /T X

RS232 dep. access

T=CL

MIFARE LLL

IRDA RX/TX

IRDA dep. access

Read/W rite Memo ry

Sequenzer/Desequenzer

Shared Cmds

Read/W rite Memory

Reader IC

Antenna

Figure 1. General Software Overview

USB DMA

USB dep. access

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

2 MF RD700 COMMAND SET

The following parts describe the MF RD700 command set in detail. The described functions are clustered in different blocks as

 general description of the serial interface  overview of the delivered library stack  MF Rc500 interface wrappers

General return values for the described functions are listed in chapter 4. Only relevant return values for the explained commands are mentioned the description does not cover all communication-related errors.

2.1 General Description of serial communication

The MF RD700 reader can only be connected via serial data interfaces. The default configuration offers a USB connection. Additionally, the command set includes additionally RS232 and IrDA interface to a host.

The serial data stream consists depend from the selected interface type frame- and transfer data.

 Frame data depend on the selected interface  Transfer data depend only on the selected command

To explain this dependency, the expected serial transfer data stream is described at command level. From a reader point of view the transfer data consists of an IN-transfer and an OUT-transfer.

 IN-transfer data is sent from the host to the reader module.  OUT-transfer data is sent from the reader module to the host.

Additionally, the command code, which identifies the function at reader side is listed at each function. Each function is described with the corresponding function prototype and stream data composition. The

number of bytes occupied by this parameter is written in brackets. Multiple byte parameters are converted to the serial byte stream with the least significant byte first. Example:

short value 0x0A05 is converted to

long value 0x04030201

is converted to

data[x] = 0x05

data[x+1] = 0x0A

data[x+3] = 0x04

data[x] = 0x01 data[x+1] = 0x02 data[x+2] = 0x03

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

Note: Pay attention, that the order of the parameter variables within the data stream may be different to the order in

the function prototype. The order of parameters in the function prototype is given by the logical matching of the parameters. The data-stream’s order is given by data direction and data length. A word -aligned access to multiple byte parameters is possible.

2.2 Overview of the delivered library stack

The RD700 command set and the HostRdCom libraries are necessary to access the reade r. All reader commands are included in the RD700 command set. Therefore, the parameters of the functions are equal to the parameters of the reader commands with the exception that the reader protocol has to be passed as first parameter. Example:

If the MF RC500’s basic function library command PcdWriteE2 to write data to the RC 500 EEPROM

signed char PcdWriteE2 (unsigned short startaddr, unsigned char length, unsigned char * data)

Cmd-Code: 0x24 IN startaddr (2) length (1) data (length) OUT

Is called from the RD700 library, the corresponding interface looks like

signed short PcdWriteE2 (ProtocolBase* p_PB, unsigned short startaddr, unsigned char length, unsigned char * data)

Only the first parameter is additional and the return value range is extended to a short. This conversion is done for any function in the Rd700 library.

The MFRC500 library encapsulates the interface handling to the application prog ramme r. At RC 500 level the first parameter disappears and the interface changes to

signed short PcdWriteE2 (unsigned short startaddr, unsigned char length, unsigned char * data)

which is similar to the reader command except the enlarged return value. The MFRC500 library can only handle one reader for one application. Taking the advantage of the USB

interface offering the possibility to connect more than one reader to a PC, the user would probably like to select one reader for his application. In this case the access to the HostRdCom interface is needed and the additional first parameter is necessary.

If the MfRc500 library is used and more than one reader has to be connected to one PC, the first application will select the first connected reader and second application the second one. You have no possibility to change the order.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

Note: In the following document the interface description for the Rd700 library has to be extended by the interface handle and the enlarged return value. For the MfRc500 library the return value is extended compared to the following description.

The MfRc500 library contains of two functions described in the chapter 2.3 covering the interface handling. All other functions of this library and also of the Rd700 library are passed directly as reader commands to the reader device.

2.3 MfRC500 Interface wrappers

As explained above, the MfRc500 library is a wrapper library over Rd700 and HostRdCom. In order to provide a simpler (but less flexible) interface handling the library introduces two new functions.

Function name

Mf500InterfaceOpen

Mf500InterfaceClose

Table 2-1. MF RC500 Interface wrappers

2.3.1 MF500INTERFACEOPEN

signed char Mf500InterfaceOpen (unsigned long mode, unsigned long options)

Parameters:

mode (IN) 4 bytes interface type description

0x00000030 USB 0x00000040 RS232 0x00000050 IrDA

signed char Mf500InterfaceOpen (unsigned long mode, unsigned long options)

signed char Mf500InterfaceClose (void)

Function call

options (IN) 4 bytes interface options

Depending on the interface type, this parameter is used to specify additional parameters. For USB and IrDA devices, this parameter is ignored.

For RS232 devices the COM-port can be specified e.g. 1 for COM1 or 2 for COM2. Returns: MI_OK

This function uses the HostRdCom interface to open a connection to the reader and use this handle for following function calls of this library. Nearly all functions of the Rd700 library are equipped with a new interface, where this handle is used.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

2.3.2 MF500INTERFACECLOSE

signed char Mf500InterfaceClose(void)

Parameters: none Returns:

MI_OK

This function corresponds to the Mf500InterfaceOpen function. Each time, the used interface should be released; this function has to be called.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3 MODULES

The MF RD700 command set contains of several modules covering different functionality:

Module Description

Administration Command set

Several Commands for reader IC administration and configuration.

In order to support MIFARE Command set, some of the Commands are split in a

MIFARE® Classics Command set

general interface and a special Mifare interface; both have the same functionality with different parameter settings.

MIFARE® Commands with calling compatible Interface

ISO 14443A Low Level Commands

MIFARE® authentication procedure compatible to the old reader devices

Specific ISO14443A commands not included in the MIFARE

classic command set

Allows setting and resetting all registers and

Transparent Communication Channel between Ho st

exchanging a byte or bit stream with the tag.

and Reader IC

Utility Functions

Collection of utility functions for the microcontroller environment

Self Test Functions MF RD700 Test Functions

Table 3-1. Modules

and ISO 14443-4

General return values for the described functions are listed in chapter 4. Only specific return values for the explained functions are mentioned, the description does not cover all general communication related errors.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.1 Administration Command Set

The Administration Command Set covers several Commands for reader IC administration and configuration.

3.1.1 INCLUDED FUNCTIONS

Function name

PCDReset PCDSetTmo PCDGetSnr PCDGetRICVersion signed char PcdGetRICVersion(unsigned char* version) PCDReadE2

PCDWriteE2

PCDRFReset

Table 3-2. Administration Commands

Note: In case of an error, the appropriate error code is set. Nevertheless, all received data are returned. This feature helps to debug the errors. Even if all data seems to be received correctly (data is filled up with reasonable values), a CRC, parity or other error could be reported.

signed char PcdReset (void) signed char PcdSetTmo (unsigned long numberOfEtus) signed char PcdGetSnr (unsigned char *snr)

signed char PcdReadE2 (unsigned short startaddr, unsigned char *data)

signed char PcdWriteE2 (unsigned short startaddr, unsigned char *data)

signed char PcdRfReset (unsigned short ms

Function call

unsigned char length,

3.1.2 FUNCTION DESRIPTION

3.1.2.1 PcdGetRICVersion

signed char PcdGetRICVersion (unsigned char * version)

Cmd-Code: 0x64 IN OUT version (5)

Parameters:

snr (OUT) 5 bytes reader type ID

Returns: MI_OK

The reader type ID depends on the current used reader IC. Please refer to the reader ICs data sheet.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.1.2.2 PcdGetSnr

signed char PcdGetSnr (unsigned char * snr)

Cmd-Code: 0x22 IN OUT snr (4)

Parameters:

snr (OUT) 4 bytes serial number of the reader IC

Returns: MI_OK

This function reads out 4 bytes serial number of the reader IC. The serial number is unique for all delivered readers.

3.1.2.3 PcdReadE2

signed char PcdReadE2 (unsigned short startaddr, unsigned char length, unsigned char * data)

Cmd-Code: 0x23 IN startaddr (2) length (1) OUT data (length)

Parameters:

startaddr (IN) EEPROM memory start address, Defines the start address for the read

operation

length (IN) number of data bytes to read data (OUT) is a pointer to the length bytes long data buffer, to store the read data.

Returns:

CRRC

This function reads out data stored in the reader IC’s EERPOM beginning at the address ‘startaddr’. The number of bytes to be read is given by the variable length and the read out data are stored in the provided data buffer.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.1.2.4 PcdReset

signed char PcdReset (void)

Cmd-Code: 0x21 IN OUT

Parameters: none Returns:

MI_OK MI_RESETERR error while resetting the reader IC

The MF RC500 reset pin is connected to the microcontroller and a reset can be performed. After each reset, the automatic interface recognition of the reader IC is activated. Both, resetting the reader IC and determining the interface is done by this function.

3.1.2.5 PcdRfReset

signed char PcdRfReset (unsigned short ms)

Cmd-Code: 0x20 IN ms (2) OUT

Parameters:

ms (IN) time period in milliseconds. Defines the switch off time of the reader IC's RF-field in

milliseconds. Returns: MI_OK always

This function turns off the RF-field for a specified time in milliseconds by setting the variable ms. Elapsing this time the RF-field is turned on approximately 1 millisecond later.

If the time variable ms is set to 0, the RF-field is turned off.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.1.2.6 PcdSetTmo

signed char PcdSetTmo (unsigned long numberOfEtus)

Cmd-Code: 0x27 IN numberOfEtus (4) OUT

Parameters:

numberOfEtus (IN) Range [1..4294000] timeout period calculated in etu's of 9.44 us

Returns: MI_OK always

This function sets a RF communication time out value. Every communication between the reader IC and the card is controlled by a timeout value.

The timeout value is measured between the last bit sent to the tag and the first bit received from the tag.

3.1.2.7 PcdWriteE2

signed char PcdWriteE2 (unsigned short startaddr, unsigned char length, unsigned char * data)

Cmd-Code: 0x24 IN startaddr (2) length (1) data (length) OUT

Parameters:

startaddr (IN) EEPROM memory start address. Defines the start address for the write operation length (IN) number of data bytes to write data (IN) is a pointer to the length bytes long data buffer containing the data to be written to the

EEPROM. Returns: CRRC

This function writes a given length of data bytes stored in the data buffer to the reader IC's EEPROM beginning at address startaddr.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.2 MIFARE

Classic Command Set

In order to support Mifare and ISO 14443-4 Command set, some of the Commands are split in a general interface and a special Mifare interface; both have the same functionality with different parameter settings.

3.3 Handling the MIFARE

Cards of the MIFARE instructions. The MF RC500 fully supports communication with these cards. Using the functions in this library MIFARE



Classic instructions have to be sent to the card in correct sequences. To apply these sequences in



Classic World



Classic family (MIFARE Standard, MIFARE Light) support a defined set of

the appropriate way is the responsibility of the application software. For further information on the cards command set please refer to the according product description of the MIFARE Standard or the MIFARE Light IC.



The MIFARE of the MIFARE with a grey background in the following table. Having identified and selected the MIFARE MIFARE

Classic command set can be divided in to 2 parts. The identification and selection procedure



protocol is implemented in an ISO14443A compliant way. These commands are marked



specific authentication procedure can be started. Finally, having passed the authentication



card the

procedure memory operations are allowed. In the following table the MIFARE® command set is named according to the MIFARE® card IC specification.

Command Abbr. Code Argument Response Possible After

Request ALL ATR 52 None Tag Type (ATQ) card's POR, HALT,

communication failure

Request IDLE ATR 26 None Tag Type (ATQ) card's POR, communication

failure

Anticollision AC 93,95,

Select SEL 93,95,

Authentication AUT 60

(optional parts of the

card's serial number) Card serial number Answer to select

(rest of) card's serial number

(ATS)

ATR, AC

Block address Acknowledge SEL, AUT, RD, WR, TRANS

Read RD 30 Block address 16 byte data

block

Write WR A0 Block address and

Acknowledge SEL*), AUT, RD, WR,

16 byte data block

Decrement DEC C0 Block address and

Acknowledge SEL*), AUT, RD, WR,

4 byte value

Increment INC C1 Block address and

Acknowledge SEL*), AUT, RD, WR,

4 byte value

Restore REST C2 Block address and

Acknowledge SEL*), AUT, RD, WR,

4 byte dummy value

SEL*), AUT, RD, WR, TRANS

TRANS

TRANS Transfer TRANS B0 Block address Acknowledge DEC, INC, REST Halt HALT 50 Dummy address None SEL, AUT, RD, WR, TRANS

Table 3-3. MIFARE® Classic Command Set

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

A command can be executed successfully only if it is carried out after a function listed in the column 'Possible After'. Otherwise a failure is returned and the card falls back into the initial state.

Although the command might be executed after a SEL command, it will fail since the card is not

authenticated.

3.3.1 INCLUDED FUNCTIONS

Function name

MfPcdConfig

Mf500ActiveAntennaSlaveConfig Mf500ActiveAntennaMasterConfig

Mf500PiccRequest Mf500PiccAnticoll Mf500PiccSelect Mf500PiccRead

Mf500PiccCommonRead

Mf500PiccWrite Mf500PiccWrite4

Mf500PiccCommonWrite

char Mf500PiccValue

Mf500PiccValueDebit

Mf500PiccHalt

Function call

signed char Mf500PcdConfig (void)

signed char Mf500ActiveAntennaSlaveConfig (void) signed char Mf500ActiveAntennaMasterConfig (void

signed char Mf500PiccRequest (unsigned char req_code, unsigned char *atq) signed char Mf500PiccAnticoll (unsigned char bcnt, unsigned char *snr) signed char Mf500PiccSelect (unsigned char *snr, unsigned char *sak) signed char Mf500PiccRead (unsigned char addr, unsigned char *data) signed char Mf500PiccCommonRead (unsigned char cmd,

unsigned char addr,

unsigned char datalen, unsigned char *data) signed char Mf500PiccWrite (unsigned char addr, unsigned char *data) signed char Mf500PiccWrite4 (unsigned char addr, unsigned char *data) signed char Mf500PiccCommonWrite (unsigned char cmd,

unsigned char addr,

unsigned char datalen, unsigned char *data) signed char Mf500PiccValue (unsigned char dd_mode,

unsigned char addr,

unsigned char *value, unsigned char trans_addr) signed char Mf500PiccValueDebit (unsigned char dd_mode,

unsigned char addr, unsigned char *value)

signed char Mf500PiccHalt (void)

Table 3-4, MIFARE® Commands

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.3.2 FUNCTION DESCRIPTION

3.3.2.1 Mf500PcdConfig

signed char Mf500PcdConfig (void)

Cmd-Code: 0x10 IN OUT

Parameters: none Returns:

MI_OK MI_RESETERR MI_INTERFACEERR

This function has to be called before the first data is written to the MF RC500 in order to perform the internal configuration. A reset of the reader IC is done and several registers are set.

3.3.2.2 Mf500ActiveAntennaMasterConfig

signed char Mf500ActiveAntennaMasterConfig(void)

Cmd-Code: 0x2A IN OUT

Parameters: none Returns:

MI_OK always

This function initializes the master reader IC to use it in an active antenna configuration. This function is additional to the standard configuration Mf500PcdConfig. The MF RC500 reader IC configured in the master configuration is able to communicate with another

MF RC500 configured in the slave configuration via the digital MFin and MFout pins. The corresponding slave configuration routine for the slave MF RC 500 can be initialized by the function MF500ActiveAntennaSlaveConfig.

The active antenna configuration itself is described in the datasheet for the MF RC500.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.3.2.3 Mf500ActiveAntennaSlaveConfig

signed char Mf500ActiveAntennaSlaveConfig(void)

Cmd-Code: 0x2B IN OUT

Parameters: none Returns:

CRRC

The MF RC500 reader IC configured in the slave configuration is able to communicate with another MF RC500 configured in the master configuration via the digital MFIn and MFOut pins.

The master MF RC500 reader IC sends commands and data using the MFOut pin. The slave reader IC receives the data via MFIn pin. Sending data back from the slave IC is done connecting the MFOut for the slave IC and MFIn for the master MF RC500.

In this configuration the slave module can not be initialized by the microcontroller because only the MF In/Out interface is connected between both MF RC500's. The slave module has to be initialized before the connection is established. During this initialization the appropriate parameter settings are written to the E2PROM. After POR (power on reset) the IC reads these settings and initializes itself automatically as a slave IC.

Additionally, it is possible to connect the slave reader IC to the µC to have the possibility to change the setting in the application later. ´

3.3.2.4 Mf500PiccAnticoll

signed char Mf500PiccAnticoll (unsigned char bcnt, unsigned char * snr)

Cmd-Code: 0x12 IN bcnt (1) IN/OUT snr (4) OUT

Parameters:

bcnt (IN) Range: [0..32] Number of SNR-bits that are known (default value is 0); snr (IN/OUT) 4 bytes serial number (number of bits, which are known and indicated by bcnt

Returns: CRRC MI_BITCOUNTERR 16 bits expected, wrong number received MI_SERNRERR SNR Check byte does not correspond to SNR

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

This function calls MF500PiccCascAnticoll with a select_code 0x93 to perform the anticollision for MIFARE

3.3.2.5 Mf500PiccCommonRead

signed char Mf500PiccCommonRead (unsigned char cmd, unsigned char addr, unsigned char datalen, unsigned char * data)

Cmd-Code: 0x28 IN cmd (1) addr (1) datalen (1) OUT data (datalen)

Parameters:

cmd read command byte

addr (IN) Range [0..dep.card type]. Addresses the card's block address from which data shall be

Classic card ICs.

PICC_READ16

read. For MIFARE® Standard cards, addr can take a value from 0 to 63 (255 for Mifare Pro), for other card types refer to the according product description.

datalen length of data bytes array

data (OUT) is a pointer to the datalen byte data block read from the card's memory

Returns:

MI_OK CRRC MI_NOTAUTHERR not authenticated for this sector MI_CODINGERR wrong coding of 8 bit ack/nack MI_CODEERR MI_BYTECOUNTERR wrong number of bytes received

This function directly reads out a datalen block from the specified card's blockaddress addr.

Philips Semiconductors User Manual Rev. 3.0 June 2005

Command Set MF RD 700

3.3.2.6 Mf500PiccCommonWrite

signed char Mf500PiccCommonWrite (unsigned char cmd, unsigned char addr, unsigned char datalen, unsigned char * data)

Cmd-Code: 0x1F IN cmd (1) addr (1) datalen (1) data (datalen) OUT

Parameters:

cmd write command byte

PICC_WRITE16 PICC_WRITE4

addr (IN) Range [0..dep.card type] Addresses the card's block address to which data shall be

written. For MIFARE® Standard cards, addr can take values from 0 to 63 (255 for Mifare Pro), for other card types please refer to the according product description.

datalen length of data bytes array data (OUT) is a pointer to the datalen bytes data block, which should be written to the card

Returns: MI_OK CRRC MI_BITCOUNTERR wrong number of bits received MI_NOTAUTHERR not authenticated for this sector MI_WRITEERR error while writing data MI_CODINGERR wrong coding of 8 bit ack/nack MI_CODEERR

This function writes a datalen bytes block to the specified card's block address addr. Having sent the command the card indicates with an ACK, that the direct memory access is possible. Having received the ACK, the MF RC500 sends the datalen bytes data block and waits for an ACK again. In case of an error a return code according to the MF RC500's error flags is generated.

Note:

The card type has to support the selected datalen e.g. Mifare® UltraLight for a 4 bytes write

+ 49 hidden pages