java - 来自带有 Jewel/Topaz512 NFC 标签的 ACR122U 阅读器的“超时，目标尚未回答”

Question

我正在构建一个 Windows/Java 程序（使用javax.smartcardio）以使用 ACR122U 设备（内部带有 PN532 NFC 控制器芯片）与 Jewel/Topaz512 标签（来自 Innovision/Broadcom）进行通信。

我实现了 Topaz512 协议（来自此数据表），但我的命令只有一半有效。

• 一些有效的命令：RID, RALL, READ, WRITE-NE, RSEG
• 一些不起作用的命令：WRITE-E, READ8, WRITE-E8, WRITE-NE8

使用 WRITE-NO-ERASE 命令的示例

例如，这是我发送 WRITE-NO-ERASE 命令时得到的结果：

命令：FF:00:00:00:0C:D4:40:01:1A:7F:42:38:01:9A:00:17:E8

在哪里：

• D4:40:01是 InDataExchange 命令，
• 1A:7F:42是 WRITE-NO-ERASE 命令（值：0x42，块 0x0F，字节 7），
• 38:01:9A:00是 4 字节的标签 UID，
• 17:E8是CRC。

回复：D5:41:00:42:90:00

这里的回答是正确的：0x42。状态字节 ( 0x00) 通知一切顺利。

使用 WRITE-WITH-ERASE 命令的示例

这是我发送 WRITE-WITH-ERASE 命令时得到的结果：

命令：FF:00:00:00:0C:D4:40:01:53:7F:42:38:01:9A:00:28:6E

在哪里：

• D4:40:01是 InDataExchange 命令，
• 53:7F:42是 WRITE-WITH-ERASE 命令（值：0x42，块 0x0F，字节 7），
• 38:01:9A:00是 4 字节的标签 UID，
• 28:6E是CRC。

回复：D5:41:01:90:00

这里，状态字节 ( 0x01) 通知 PN532 检测到超时。（来自PN532 文档(p67)：“超时，目标未回答 - 0x01”）

此外，当我删除 PN532 超时（使用FF:00:00:00:06:D4:32:02:00:00:00）时，非工作命令不响应D5:41:01:90:00，但等待更长时间，然后我没有得到响应。

编辑 2020-04-20

我只是尝试使用 gscriptor（来自pcsc-tools套件）执行命令，我得到了相同的行为。这是我的结果：

剧本：

FF 00 00 00 06 D4 32 05 02 02 02

# SAMConfiguration
FF 00 00 00 04 D4 14 01 00

# SetParameters
FF 00 00 00 03 D4 12 04

# InListPassiveTarget: Jewel mode
FF 00 00 00 04 D4 4A 01 04

# InDataExchange: RID
FF 00 00 00 04 D4 40 01 78

# InDataExchange: RALL
FF 00 00 00 04 D4 40 01 00

# InDataExchange: RSEG 0-3
FF 00 00 00 05 D4 40 01 10 00
FF 00 00 00 05 D4 40 01 10 20
FF 00 00 00 05 D4 40 01 10 40
FF 00 00 00 05 D4 40 01 10 60

##########

# GetFirmwareVersion
FF 00 00 00 02 D4 02

# GetGeneralStatus
FF 00 00 00 02 D4 04

##########

# RFConfiguration: No timeout
FF 00 00 00 06 D4 32 02 00 00 00

# InDataExchange: READ-1
FF 00 00 00 05 D4 40 01 01 7F

# InDataExchange: READ-8
FF 00 00 00 05 D4 40 01 02 00

# InDataExchange: WRITE-E-1
FF 00 00 00 06 D4 40 01 53 7F 42

# InDataExchange: WRITE-E-8
FF 00 00 00 0C D4 40 01 55 02 01 02 03 04 05 06 07 08

# InDataExchange: WRITE-NE-1
FF 00 00 00 06 D4 40 01 1A 7F 42

# InDataExchange: WRITE-NE-8
FF 00 00 00 0C D4 40 01 1B 02 01 02 03 04 05 06 07 08

结果：

Sending: FF 00 00 00 06 D4 32 05 02 02 02
Received: D5 33 90 00
Normal processing.

Sending: FF 00 00 00 04 D4 14 01 00
Received: D5 15 90 00
Normal processing.

Sending: FF 00 00 00 03 D4 12 04
Received: D5 13 90 00
Normal processing.

Sending: FF 00 00 00 04 D4 4A 01 04
Received: D5 4B 01 01 0C 00 38 01 9A 00 90 00
Normal processing.

Sending: FF 00 00 00 04 D4 40 01 78
Received: D5 41 00 12 4C 38 01 9A 00 90 00
Normal processing.

Sending: FF 00 00 00 04 D4 40 01 00
Received: D5 41 00 12 4C 38 01 9A 00 00 10 25 00 00 10 3F
00 01 03 F2 30 33 02 03 F0 02 03 03 E3 D1 01 DF
54 02 65 6E 30 31 32 33 34 35 36 37 38 39 30 30
31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 55 55 AA
AA 12 4C 06 00 01 E0 00 00 00 00 00 00 90 00
Normal processing.

Sending: FF 00 00 00 05 D4 40 01 10 00
Received: D5 41 00 38 01 9A 00 00 10 25 00 00 10 3F 00 01
03 F2 30 33 02 03 F0 02 03 03 E3 D1 01 DF 54 02
65 6E 30 31 32 33 34 35 36 37 38 39 30 30 31 32
33 34 35 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 55 55 AA AA 12
4C 06 00 01 E0 00 00 00 00 00 00 00 00 00 00 00
00 00 47 90 00
Normal processing.

Sending: FF 00 00 00 05 D4 40 01 10 20
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.

Sending: FF 00 00 00 05 D4 40 01 10 40
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.

Sending: FF 00 00 00 05 D4 40 01 10 60
Received: D5 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 90 00
Normal processing.

Sending: FF 00 00 00 02 D4 02
Received: D5 03 32 01 06 07 90 00
Normal processing.

Sending: FF 00 00 00 02 D4 04
Received: D5 05 01 00 01 01 00 00 02 80 90 00
Normal processing.

Sending: FF 00 00 00 06 D4 32 02 00 00 00
Received: D5 33 90 00
Normal processing.

Sending: FF 00 00 00 05 D4 40 01 01 7F
Received: D5 41 00 47 90 00
Normal processing.

Sending: FF 00 00 00 05 D4 40 01 02 00
Received:
wrong SW size for:

Sending: FF 00 00 00 06 D4 40 01 53 7F 42
Received:
wrong SW size for:

Sending: FF 00 00 00 0C D4 40 01 55 02 01 02 03 04 05 06
07 08
Received:
wrong SW size for:

Sending: FF 00 00 00 06 D4 40 01 1A 7F 42
Received: D5 41 00 47 90 00
Normal processing.

Sending: FF 00 00 00 0C D4 40 01 1B 02 01 02 03 04 05 06
07 08
Received:
wrong SW size for:

Script was executed without error...

Answer 1

前段时间，我对此进行了详细调查并得出结论，NXP 的 PN532 NFC 控制器芯片的固件存在问题，导致它无法成功接收带有 NFC Forum Type 1 标签（Topaz/Jewel 品牌）的一些命令。如前所述，ACR122U 基于此芯片。

当我尝试使用该WRITE-E8 (0x54)命令一次写入 8 个字节块时，收到的响应是0x01，等待标签响应的超时。

我试过的东西不起作用：

包括 中的 UID 回显InDataExchange，我什至使用了 UID 回显的字节顺序，结果仍然相同。

使用inCommunicateThru命令而不是InDataExchange在应用程序级别计算 CRC1 和 CRC2 值（结果相同）

我得出的最后结论是：

PN532 无法写入0x10Type 1 标签上的页面和更大范围，这使得无法写入流行型号（如 Topaz 512）上的全部内存。

推荐：

这个问题与 2012 年有关，当时 Topaz 512 是一款低成本但高内存的 NFC 标签。现在有了 NAG215 和 NTAG216 型号，我推荐使用那些具有高内存和与 NFC 读卡器通用兼容性的型号。