• Registered: 2010-06-23
  • Posts: 5

Topic: How to emulate a tag with libnfc

Hi.

I'm trying to emulate a tag using nfc-emulate. I get the following output:

[+] Connected to NFC reader: ACS ACR122 0 / ACR122U205 - PN532 v1.4 (0x07)
[+] Try to break out the auto-emulation, this requires a second reader!
[+] To do this, please send any command after the anti-collision
[+] For example, send a RATS command or use the "nfc-anticol" tool
[+] Received initiator command: e0  81
[+] Configuring communication
[+] Done, the emulated tag is initialized with UID: DEADBEAF

R: 0a  01  00  a4  04  00  09  a0  00  00  03  97  42  54  46  59  cd  43
R: ba  01  37  c8
R: ba  01  37  c8
R: ca  01  f3  38

R: 26 (7 bits)
T: 04  00
R: 93  20
T: de  ad  be  af  62
R: 93  70  de  ad  be  af  62  db  98
T: 08  b6  dd
R: 30  00  02  a8

R: 26 (7 bits)
T: 04  00
R: 93  20
T: de  ad  be  af  62
R: 93  70  de  ad  be  af  62  db  98
T: 08  b6  dd
R: 30  00  02  a8

....etc

Can anyone explain:
1) The first 3 values received from the reader before anti-collision?
2) The last value received in the anti-collision (30 00 02 a8)?
3) Why the Omnikey 5321 is unable to detect the emulated tag at all? It says "no tag present"

Chris

  • roel
  • Administrator
  • Offline
  • Registered: 2009-02-18
  • Posts: 151

Re: How to emulate a tag with libnfc

Hey Chris,

Let me try to answer your questions.

chrissmith51 wrote:

1) The first 3 values received from the reader before anti-collision?

These are values that follow the RATS request. Since we need to "break out" the non-responsive mode of the PN53x chip first, it has to receive a RATS command. After that it will give messages back to the host as feedback where we can handle the anti-collision our self. The OMNIKEY though, still tries to get response from the tag after the RATS. We just ignore those and let the OMNIKEY reader restart.

chrissmith51 wrote:

2) The last value received in the anti-collision (30 00 02 a8)?

This is not a anti-collision request, but a MIFARE Ultralight READ (0x30) BLOCK 0 (0x00) CRC (0x02, 0xa8).
Since the tag is responding as a MIFARE Classic tag, the OMNIKEY reader should first authenticate before sending a READ.
This is a BUG in the (new) driver of the OMNIKEY, try to reinstall the driver with this one. You will see that version 1.1.1.4 will work just fine.

chrissmith51 wrote:

3) Why the Omnikey 5321 is unable to detect the emulated tag at all? It says "no tag present"

Since the tag does not respond on the buggy message the OMNIKEY dismisses the available tag (probably flashes green+red). Updating the OMNIKEY driver should fix the problem wink.

Cheers,

  Roel

  • Registered: 2010-06-23
  • Posts: 5

Re: How to emulate a tag with libnfc

Hi Roel,

Thanks for the feedback. Ive updated (well, reverted) the omnikey driver to what you suggested, and now I don't get any output at all! After running the emulate tool I receive:

R: ba  01  37  c8
R: ba  01  37  c8
R: ca  01  f3  38
R:
R:
R:
R:
R:
....

(This continues as an infinite repetition). When I send external commands to the Omnikey reader it doesnt recognise that there is a tag on it at all. Can you provide any insight as to why?

Chris