Low Level NFC

We had to do some basic nfs tag reading and writing (Short Records, Multiple Short Records). Here is some kind of an overview...

Requirements:

  • OMNIKEY 5421 Reader
  • (compatible) Smartcard
  • some tools and driver (see other blog post how to install it.)

Initialize NFC Communication

00A4040007D2760000850101
00A4000c02e103
00A4000c02e104

Reading

The follwoing command will read the first 64bytes:

00B0000040
Offset Content Explaination
0 0x00 CLA, class Byte
1 0xB0 INS, instruction: ReadBinary
2 - 3 0x00 0x00 P1, P2, offset inside CC File.
4 0x40 Le, length of read data (64byte)

Writing

T first example writes 32 byte without offset, the second one uses a offset of 32bytes.

00d60000200000000000000000000000000000000000000000000000000000000000000000
Offset Content Explaination
0 0x00 CLA, class Byte
1 0xD6 INS, instruction: WriteBinary
2 - 3 0x00 0x00 P1, P2, offset inside CC File.
4 0x20 Le, length of written data (32byte)
5 - 36 0x00 0x00 … 0x00 Message to write

To use an offset of 32 byte byte you have to modify the command like this:

00d60020200000000000000000000000000000000000000000000000000000000000000000
Offset Content Erklärung
0 0x00 CLA, class Byte
1 0xD6 INS, instruction: WriteBinary
2 - 3 0x00 0x20 P1, P2, offset inside CC File.
4 0x20 Le, length of written data (32byte)
5 - 36 0x00 0x00 … 0x00 Message to write

NDef Short Record

NDEF Message

First of all, we defined the NDEF Message itself.

Field Hex value Enkodierter Wert
Short Record (0x01), ME=1 (Message End), MB=1 (Message Begin) d1 MB=1, ME=1, CF=0, SR=1, IL=0, TNF=001
length of record type (type length) 01
payload length 1b
URI record type 55 "U"
ID 02 https://www.
payload 696e736f2e74757769656e2e61632 e61742f67726f75702f3035 someurl.com

Resulting NDEF Message:

d1011b5502696e736f2e74757769656e2e61632e61742f67726f75702f3035 

(31 bytes)

NDEF Update Command

Hex-Value Field Explaination
00 Class byte (CLA)
d6 instruction byte (ins) for updatebinary command
0000 Parameter byte (P1, P2) offset inside the CC file
21 LC field Length command (The number of bytes written to NDEF file. Between 01h and ffh). LCfield=NLEN + 2bytes
001F NLEN (2 bytes are used to encode this value!) length of NDEF Message
d1011b5502696e736f2e7475776965 6e2e61632e61742f67726f75702f3035 NDEF Message

Resulting DNEF Update Message:

00d6000021001Fd1011b5502696e736f2e74757769656e2e61632e61742f67726f75702f3035

Multiple Short Records

We had to encode multiple telephone numbers.

NDEF Messages

3 Messages. Different payloads

Field Hex Value Encoded value
Short Record (0x01), ME=1 (Message End), MB=1 (Message Begin) 91 MB=1, ME=0, CF=0, SR=1, IL=0,TNF=001
type length 01
payload length 08 payload
Record Name 55 "U"
Type 05 tel
payload 30393239303032 0929002
Bezeichnung Hex Wert Enkodierter Wert
Short Record (0x01), ME=1 (Message End), MB=1 (Message Begin) 11 MB=0, ME=0, CF=0, SR=1, IL=0,TNF=001
type length 01
payload length 08
Record Name 55 "U"
Type 05 tel
payload 31303236383834 1026884
Bezeichnung Hex Wert Enkodierter Wert
Short Record (0x01), ME=1 (Message End), MB=1 (Message Begin) 51 MB=0, ME=1, CF=0, SR=1, IL=0,TNF=001
type length 01
payload length 08
Record Name 55 "U"
Type 05 tel
payload 31303236303435 1026045

Resulting NDEF Message:

910108550530393239303032110108550531303236383834510108550531303236303435

(36 bytes)

NDEF Update Command

Hex-Value Field Explaination
00 Class byte (CLA)
d6 instruction byte (ins) for updatebinary command
0000 Parameter byte (P1, P2) offset inside the CC file
26 LC field Length command (The number of bytes written to NDEF file. Between 01h and ffh). LCfield=NLEN + 2bytes
0024 NLEN (2 bytes are used to encode this value!) length of NDEF Message
910108550530393239303032110108550 530393239303032510108550531303236303435 NDEF Message

Resulting DNEF Update Message:

00d60000260024910108550530393239303032110108550531303236383834510108550531303236303435

Appendix A

We used Python to convert a String to it’s Hex representation:

"somestring".encode('utf-8').encode('hex')

'696e736f2e74757769656e2e61632e61742f67726f75702f3035'