多种非接触卡 ATQA 字节说明

原文地址

13.56 MHz RFID

Software

  • An Open Source implementation of an NFC stack, and various related utilities is available from the LibNFC project.
  • The author of this page has released a number of small utilities, and enhancements to third-party ones in a repository on BitBucket.
  • A link to a tool for examining data stored on Atmel CryptoRF tokens, and errata is available in this forum post.
  • The RFIDIOT project supply a package of tools for manipulating the contents of various types of RFID tokens, and examining Machine-Readable Travel Documents and EMV cards.
  • A driver that supposedly allows for use of LibNFC with generic PCSC-enabled applications is available from the ifdnfc project on SourceForge.

    This doesn‘t seem to build against the latest version of LibNFC:

ifd-nfc.c: In function ‘IFDHTransmitToICC’:ifd-nfc.c:355:17: error: too few arguments to function ‘nfc_initiator_transceive_bytes’/usr/local/include/nfc/nfc.h:80:19: note: declared here

Datasheets

  • datasheet is available for the STMicroElectronics SRI512 ISO/IEC 14443-B chipset.
  • datasheet is available from ACS for the InnoVision/Broadcom Topaz family of ISO/IEC 14443-A chipsets.
  • datasheet is available for FuDan‘s FM11RF08 chipset (which is supposedly compatible with existing MiFare Classic implementations).
  • The Users Manual for the NXP PN532 chipset is available.
  • manual for a variant of the ACS ACR122U card reader is available.

Hardware

FeliCa tokens

Sony FeliCa Lite RC-S701

  • LibNFC‘s nfc-list -v command reports:
1 Felica (212 kbps) passive target(s) found:        ID (NFCID2): 01  27  00  5d  1a  05  88  cd      Parameter (PAD): 00  f0  00  00  02  06  03  00     System Code (SC): 88  b4  

1 Felica (424 kbps) passive target(s) found:        ID (NFCID2): 01  27  00  5d  1a  05  88  cd      Parameter (PAD): 00  f0  00  00  02  06  03  00     System Code (SC): 88  b4  
  • LibNFC‘s nfc-read-forum-tag3 command reports:
Place your NFC Forum Tag Type 3 in the field...NDEF Mapping version: 1.0NFC Forum Tag Type 3 capacity: 208 bytesNDEF data lenght: 60 bytes

libnfc.chip.pn53x - InListPassiveTarget libnfc.driver.acr122 - TX: ff 00 00 00 09 d4 4a 01 01 00 ff ff 01 00 libnfc.driver.acr122 - RX: d5 4b 01 01 14 01 01 27 00 5d 1a 05 88 cd 00 f0 00 00 02 06 03 00 88 b4 90 00

libnfc.chip.pn53x - InListPassiveTarget libnfc.driver.acr122 - TX: ff 00 00 00 09 d4 4a 01 02 00 ff ff 01 00 libnfc.driver.acr122 - RX: d5 4b 01 01 14 01 | 01 27 00 5d 1a 05 88 cd | 00 f0 00 00 02 06 03 00 | 88 b4 | 90 00

ISO/IEC 14443-A tokens

NXP MiFare Classic 4KB

  • LibNFC‘s nfc-list -v command reports:
1 ISO14443A passive target(s) found:    ATQA (SENS_RES): 00  02  * UID size: single* bit frame anticollision supported       UID (NFCID1): 7c  52  49  e4        SAK (SEL_RES): 18  * Not compliant with ISO/IEC 14443-4* Not compliant with ISO/IEC 18092Fingerprinting based on ATQA & SAK values:* Mifare Classic 4K* SmartMX with Mifare 4K emulation
  • Using the MFOC utility under Linux, it is possible to derive the sector keys for a genuine MiFare Classic card, whilst dumping and decrypting its entire contents in a reasonable timeframe (several minutes) on a moderately powerful PC.

    It appears that this tool does not work properly under VirtualBox, due to latency induced by its USB passthrough implementation.

NXP MiFare DESFire EV1

  • LibNFC‘s nfc-list -v command reports:
1 ISO14443A passive target(s) found:    ATQA (SENS_RES): 03  44  * UID size: double* bit frame anticollision supported       UID (NFCID1): 04  8b  1f  f1  ad  26  80        SAK (SEL_RES): 20  * Compliant with ISO/IEC 14443-4* Not compliant with ISO/IEC 18092                ATS: 75  77  81  02  80  * Max Frame Size accepted by PICC: 64 bytes* Bit Rate Capability:  * PICC to PCD, DS=2, bitrate 212 kbits/s supported  * PICC to PCD, DS=4, bitrate 424 kbits/s supported  * PICC to PCD, DS=8, bitrate 847 kbits/s supported  * PCD to PICC, DR=2, bitrate 212 kbits/s supported  * PCD to PICC, DR=4, bitrate 424 kbits/s supported  * PCD to PICC, DR=8, bitrate 847 kbits/s supported* Frame Waiting Time: 77.33 ms* Start-up Frame Guard Time: 0.6041 ms* Node ADdress not supported* Card IDentifier supported* Historical bytes Tk: 80    * No COMPACT-TLV objects found, no status foundFingerprinting based on ATQA & SAK values:* Mifare DESFire / Desfire EV1

DESFire EV1 Oyster

  • The mifare-desfire-info utility reports:
===> 0000   90 60 00 00 00                                   |.`...           |<=== 0000   04 01 01 01 00 16 05 91 af                       |.........       |===> 0000   90 af 00 00 00                                   |.....           |<=== 0000   04 01 01 01 03 16 05 91 af                       |.........       |===> 0000   90 af 00 00 00                                   |.....           |<=== 0000   04 8b 1f f1 ad 26 80 00 00 00 00 00 42 08 91 00  |.....&......B...|===> Version information for tag 048b1ff1ad2680:UID:                      0x048b1ff1ad2680Batch number:             0x0000000000Production date:          week 42, 2008Hardware Information:    Vendor ID:            0x04    Type:                 0x01    Subtype:              0x01    Version:              1.0    Storage size:         0x16 (=2048 bytes)    Protocol:             0x05Software Information:    Vendor ID:            0x04    Type:                 0x01    Subtype:              0x01    Version:              1.3    Storage size:         0x16 (=2048 bytes)    Protocol:             0x05===> 0000   90 45 00 00 00                                   |.E...           |<=== 0000   0b 01 91 00                                      |....            |Master Key settings (0x0b):    0x08 configuration changeable;    0x00 PICC Master Key not required for create / delete;    0x02 Free directory list access without PICC Master Key;    0x01 Allow changing the Master Key;===> 0000   90 64 00 00 01 00 00                             |.d.....         |<=== 0000   31 91 00                                         |1..             |Master Key version: 49 (0x31)===> 0000   90 6e 00 00 00                                   |.n...           |<=== 0000   e0 04 00 91 00                                   |.....           |Free memory: 1248 bytesUse random UID: no

NXP MiFare UltraLight

  • LibNFC‘s nfc-list -v command reports:
1 ISO14443A passive target(s) found:    ATQA (SENS_RES): 00  44  * UID size: double* bit frame anticollision supported       UID (NFCID1): 04  45  57  ba  34  23  80        SAK (SEL_RES): 00  * Not compliant with ISO/IEC 14443-4* Not compliant with ISO/IEC 18092Fingerprinting based on ATQA & SAK values:* Mifare Ultralight* Mifare UltralightC

Orange Cash PayPass Card

  • LibNFC‘s nfc-list -v command reports:
1 ISO14443A passive target(s) found:    ATQA (SENS_RES): 00  04  * UID size: single* bit frame anticollision supported       UID (NFCID1): 29  8b  cf  51        SAK (SEL_RES): 28  * Compliant with ISO/IEC 14443-4* Not compliant with ISO/IEC 18092                ATS: 78  80  82  02  80  31  80  66  b0  84  12  01  6e  01  83  00  90  00  * Max Frame Size accepted by PICC: 256 bytes* Bit Rate Capability:  * Same bitrate in both directions mandatory* Frame Waiting Time: 77.33 ms* Start-up Frame Guard Time: 1.208 ms* Node ADdress not supported* Card IDentifier supported* Historical bytes Tk: 80  31  80  66  b0  84  12  01  6e  01  83  00  90  00    * Tk after 0x80 consist of optional consecutive COMPACT-TLV data objects;    the last data object may carry a status indicator of one, two or three bytes.    See ISO/IEC 7816-4 8.1.1.3 for more infoFingerprinting based on ATQA & SAK values:* JCOP31 v2.3.1* SmartMX with Mifare 1K emulation
  • Using the following TAMA script, it is possible to access the EMV Payment System Environment, and obtain the name of the first application:
02; // Get firmware version4A  01  00; // 1 target requested

// Select the payment system environment40 01 00 A4 04 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31;

40 01 80 A8 00 00 02 83 00;

40 01 00 c0 00 00 26;

40 01 00 b2 00 0c 00;

40 01 00 b2 01 0c 00;

40 01 00 b2 01 0c 21;

ISO/IEC 14443-B tokens

  • Issue #168 on the LibNFC project‘s issues list contains some details pertinent to the proprietary "14443-B‘" technology used by some Calypso transport cards.

Maxim MAX66040E-000AA+

  • LibNFC‘s nfc-list -v command reports:
1 ISO14443B passive target(s) found:               PUPI: a2  a6  02  00     Application Data: 30  00  2b  e0        Protocol Info: 77  21  71  * Bit Rate Capability: * PICC to PCD, 1etu=64/fc, bitrate 212 kbits/s supported * PICC to PCD, 1etu=32/fc, bitrate 424 kbits/s supported * PICC to PCD, 1etu=16/fc, bitrate 847 kbits/s supported * PCD to PICC, 1etu=64/fc, bitrate 212 kbits/s supported * PCD to PICC, 1etu=32/fc, bitrate 424 kbits/s supported * PCD to PICC, 1etu=16/fc, bitrate 847 kbits/s supported* Maximum frame sizes: 32 bytes* Protocol types supported: ISO/IEC 14443-4* Frame Waiting Time: 38.66 ms* Frame options supported: NAD
  • These cards are advertised as having a 64-bit UID, consisting of data in the PUPI field (e.g. a2 a6 02 00 or 34 ab 02 00), and data in theApplication Data field (e.g. 77 21 71).
  • The Application Data field supposedly contains the "upper 32 bits of the UID" (which appears to be consistent between new cards); and the (variable) PUPI corresponds to the "lower 32 bits of the UID".
  • It is possible to run the Get System Information (0x2B) command using this PN532 TAMA shell script on a TouchATag reader:
02; // Get firmware version//4A  01  00; // 1 target requested4a 01 03 00;40 01 2B;
  • The TAMA commands are wrapped in an InDataExchange (0x40) packet that looks like d4 40 01 2b
  • The Get System Information command returns a result similar to 00 00 0f a2 a6 02 00 30 00 2b e0 00 00 13 07 b2

PN532 Pseudo-APDUs

  • ISO/IEC 14443-B
0000   d5 4b 01 01 50 34 ab 02 00 30 00 2b e0 77 21 710010   01 01 90 00
0000   d5 4b 01 01 50 a2 a6 02 00 30 00 2b e0 77 21 710010   01 01 90 00
  • DESFire EV1
0000   d5 4b 01 01 03 44 20 07 04 8b 1f f1 ad 26 80 060010   75 77 81 02 80 90 00
  • MiFare UltraLight
0000   d5 4b 01 01 00 44 00 07 04 2b 6e ba 34 23 80 900010   00
  • Sony FeliCa Lite RC-S701
0000   d5 4b 01 01 14 01 01 27 00 5d 1a 05 8a cd 00 f00010   00 00 02 06 03 00 88 b4 90 00

Hardware Suppliers

  • Atmel of the USA have a product sampling programme.

    Although the order process appears to be successful (since I receive an e-mail in my university account), I have had limited success with using the confirmation URL provided in said e-mail, and have not seen any evidence of a product delivery, or further confirmation to date.

  • Switch Science of Japan supply Sony FeliCa (RC-S701) tags on an international basis, and fulfil orders promptly. They are also quick to provide refunds, should buyers accidentally make multiple payments for an order. As of writing, the grand total cost of shipping 2 tags to the UK was JPY2,168 (£19.19 according to PayPal).
  • The Identive Group of the USA appear to be supplying Topaz 512-byte tags on an international basis - although the author cannot vouch for the company‘s service, due to having never utilised it.
  • Maxim supply a number of RFID-related products through a free sampling programme - although shipments are slightly delayed due to requiring internal Business Manager authorisation; and a commercial or academic e-mail address is required for successful order approval.

    Samples ordered within the UK are usually despatched from a UK-based warehouse, if memory serves correctly.

Other Information

  • The YobiWiki has a fairly exhaustive page on Radio Frequency Identification-related content.
时间: 2024-10-21 10:21:57

多种非接触卡 ATQA 字节说明的相关文章

MIFARE系列2——非接触卡标准

根据信号发送和接收方式的不同,ISO/IEC14443-3定义了TYPEA.TYPEB两种卡型.它们的不同主要在于载波的调制深度及二进制数的编码方式.从读写机具向卡传送信号时,二者是通过13.56Mhz的射频载波传送信号. 以飞利浦,西门子公司为代表的TYPEA.它发送100%ASK调制修正的Miller编码,传输速率106kb/s:接收-副载波调制847.5kHz的Manchester编码.简单说,当表示信息'1'时,信号会有0.2-0.3微妙的间隙,当表示信息'0'时,信号可能有间隙也可能没

Mifare系列2-非接触卡标准(转)

本文转自 文/闫鑫原创转载请注明出处http://blog.csdn.net/yxstars/article/details/380799 根据信号发送和接收方式的不同,ISO/IEC14443-3定义了TYPEA.TYPEB两种卡型.它们的不同主要在于载波的调制深度及二进制数的编码方式.从读写机具向卡传送信号时,二者是通过13.56Mhz的射频载波传送信号. 以飞利浦,西门子公司为代表的TYPEA.它发送100%ASK调制修正的Miller编码,传输速率106kb/s:接收-副载波调制 847

非结构化数据

rlist扩展包 设计目标:更方便地在R中操作list对象 特性: 提供一系列高阶函数,可以方便地对list对象中的元素进行映射(mapping).筛选(filtering).分组(grouping).排序(sorting).合并(joining).更新(updating).搜索(searching)以及其他常用操作. 对管道操作(pipeline)友好,方便非结构化数据处理的流程化. 整合多种非结构化数据源的读写方法,方便接入数据源和输出数据. 合理利用R的元编程特性,简化使用. 基于表达式的

java中的字节缓冲区ByteBuffer

一.概述:字节缓冲区 类结构: java.lang.Object java.nio.Buffer java.nio.ByteBuffer 类声明: public abstract class ByteBuffer extends Buffer implements Comparable<ByteBuffer> 此类针对字节缓冲区定义了以下六类操作: 读写单个字节的绝对和相对 get 和 put 方法: 将此缓冲区的连续字节序列传输到数组中的相对批量 get 方法: 将 byte 数组或其他字节

非接触IC卡中typeA卡和typeB卡的区别

1.非接触式IC卡的国际规范ISO/IEC14443的由来? 在非接触式IC卡的发展过程中,这些问题逐渐被解决并形成通用的标准,体现在现在的射频IC卡的设计上,国际标准化组织(ISO)和国际电子技术委员会(IEC)为期制定了相应的非接触式IC卡的国际标准——ISO/IEC14443. 2.ISO/IEC14443中的主要内容及typeA,typeB卡的由来 ISO/IEC14443标准包括四个部分: 第一部分ISO/IEC14443-1制定了有关非接触卡的物理特性: 第二部分ISO/IEC144

非接触IC卡中typeA卡和typeB卡的区别--总结,二者的调制方式和编码方式不同

非接触IC卡中typeA卡和typeB卡的区别--总结,二者的调制方式和编码方式不同 1.非接触式IC卡的国际规范ISO/IEC14443的由来? 在非接触式IC卡的发展过程中,这些问题逐渐被解决并形成通用的标准,体现在现在的射频IC卡的设计上,国际标准化组织(ISO)和国际电子技术委员会(IEC)为期制定了相应的非接触式IC卡的国际标准--ISO/IEC14443. 2.ISO/IEC14443中的主要内容及typeA,typeB卡的由来 ISO/IEC14443标准包括四个部分: 第一部分I

我国现阶段非按劳分配收入探讨

我国现阶段非按劳分配收入探讨 我国社会主义初级阶段的个人消费品分配,是通过多种分配方式实现的.除了占主体地位的按劳分配方式之外,还存在许多种类的非按劳分配方式.因此,在我国城乡居民个人收入总额中,除了一部分按劳分配收入之外,还包括多种多样的非按劳分配收入.目前,在有关非按劳分配收入的概念内涵.形式特点及其存在原因等问题上,人们的看法还存在着分岐.为此,本文拟就这些问题作些初步探讨. 一.非按劳分配收入概念的内涵 所谓非按劳分配收入,就是在我国居民个人消费品收入中除去按劳分配收入之外的各种合法收入

解决python疑难杂症python—文件迭代操作,教你读取文件的多种方法

要读取一个文件有很多种方式:按字节数读取.按行读取.按段落读取.一次性全部读取等等.如果不是深入的操作文件数据,按行读.写是最通用的方式. 以下是下面测试时使用的文件a.txt的内容: 1 first line 2 second line 3 third line 在Python中,readline()函数可以一次读取一行,且每次都是前进式的读取一行,读到文件结尾的时候会返回空字符串. 1 >>> f = open('a.txt') 2 >>> f.readline()

Mifare系列1-简介(转)

文章转自 文/闫鑫原创转载请注明出处http://blog.csdn.net/yxstars/article/details/38079827 感谢原创作者的辛勤,对您再次表达感谢! 随着社会的发展,智能卡在很多领域得到了广泛的应用.特别是非接触卡,由于使用方便以及功能强大的特点,在管理.公交.工作证.身份识别等领域得到了快速的普及和推广. 非接触卡已经逐步发展成为一个独立的跨学科的专业领域.它将大量来自完全不同专业领域的技术综合到一起:如高频技术.电磁兼容性技术.半导体技术.数据保护和密码学.