1 /*
2  * Author: Jon Trulson <jtrulson@ics.com>
3  * Copyright (c) 2015 Intel Corporation.
4  *
5  * This code is heavily based on the Adafruit-PN532 library at
6  * https://github.com/adafruit/Adafruit-PN532, which is licensed under
7  * the BSD license. See upm/src/pn532/license.txt
8  *
9  * Permission is hereby granted, free of charge, to any person obtaining
10  * a copy of this software and associated documentation files (the
11  * "Software"), to deal in the Software without restriction, including
12  * without limitation the rights to use, copy, modify, merge, publish,
13  * distribute, sublicense, and/or sell copies of the Software, and to
14  * permit persons to whom the Software is furnished to do so, subject to
15  * the following conditions:
16  *
17  * The above copyright notice and this permission notice shall be
18  * included in all copies or substantial portions of the Software.
19  *
20  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24  * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26  * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27  */
28 
29 #include <unistd.h>
30 #include <math.h>
31 #include <iostream>
32 #include <string>
33 #include <stdexcept>
34 
35 #include "pn532.h"
36 
37 using namespace upm;
38 using namespace std;
39 
40 
41 #define PN532_PACKBUFFSIZ 64
42 static uint8_t pn532_packetbuffer[PN532_PACKBUFFSIZ];
43 
44 static uint8_t pn532ack[] = {0x00, 0x00, 0xFF, 0x00, 0xFF, 0x00};
45 static uint32_t pn532_firmwarerev = 0x00320106;
46 
PN532(int irq,int reset,int bus,uint8_t address)47 PN532::PN532(int irq, int reset, int bus, uint8_t address):
48   m_gpioIRQ(irq), m_gpioReset(reset), m_i2c(bus)
49 {
50   m_addr = address;
51   m_uidLen = 0;
52   m_inListedTag = 0;
53   m_SAK = 0;
54   m_ATQA = 0;
55   m_isrInstalled = false;
56   m_irqRcvd = false;
57 
58   memset(m_uid, 0, 7);
59   memset(m_key, 0, 6);
60 
61   // turn off debugging by default
62   pn532Debug(false);
63   mifareDebug(false);
64 
65   mraa::Result rv;
66   if ( (rv = m_i2c.address(m_addr)) != mraa::SUCCESS)
67     {
68       throw std::runtime_error(std::string(__FUNCTION__) +
69                                ": I2c.address() failed");
70       return;
71     }
72 
73   m_gpioIRQ.dir(mraa::DIR_IN);
74   m_gpioReset.dir(mraa::DIR_OUT);
75 }
76 
~PN532()77 PN532::~PN532()
78 {
79   if (m_isrInstalled)
80     m_gpioIRQ.isrExit();
81 }
82 
init()83 bool PN532::init()
84 {
85   m_gpioReset.write(1);
86   m_gpioReset.write(0);
87   usleep(400000);
88 
89   // install an interrupt handler
90   m_gpioIRQ.isr(mraa::EDGE_FALLING, dataReadyISR, this);
91   m_isrInstalled = true;
92 
93   m_gpioReset.write(1);
94 
95   return true;
96 }
97 
98 /**************************************************************************/
99 /*!
100     @brief  Prints a hexadecimal value in plain characters
101 
102     @param  data      Pointer to the byte data
103     @param  numBytes  Data length in bytes
104 */
105 /**************************************************************************/
PrintHex(const uint8_t * data,const uint32_t numBytes)106 static void PrintHex(const uint8_t * data, const uint32_t numBytes)
107 {
108   uint32_t szPos;
109   for (szPos=0; szPos < numBytes; szPos++)
110     {
111       fprintf(stderr, "0x%02x ", data[szPos] & 0xff);
112     }
113   fprintf(stderr, "\n");
114 }
115 
116 /**************************************************************************/
117 /*!
118     @brief  Prints a hexadecimal value in plain characters, along with
119             the char equivalents in the following format
120 
121             00 00 00 00 00 00  ......
122 
123     @param  data      Pointer to the byte data
124     @param  numBytes  Data length in bytes
125 */
126 /**************************************************************************/
PrintHexChar(const uint8_t * data,const uint32_t numBytes)127 static void PrintHexChar(const uint8_t * data, const uint32_t numBytes)
128 {
129   uint32_t szPos;
130   for (szPos=0; szPos < numBytes; szPos++)
131     {
132       fprintf(stderr, "0x%02x ", data[szPos] & 0xff);
133     }
134   fprintf(stderr, "  ");
135   for (szPos=0; szPos < numBytes; szPos++)
136     {
137       if (data[szPos] <= 0x1F)
138         fprintf(stderr, ".");
139       else
140         fprintf(stderr, "%c ", (char)data[szPos]);
141     }
142   fprintf(stderr, "\n");
143 }
144 
145 
146 /**************************************************************************/
147 /*!
148   @brief  Checks the firmware version of the PN5xx chip
149 
150   @returns  The chip's firmware version and ID
151 */
152 /**************************************************************************/
getFirmwareVersion()153 uint32_t PN532::getFirmwareVersion()
154 {
155   uint32_t response = 0;
156 
157   pn532_packetbuffer[0] = CMD_GETFIRMWAREVERSION;
158 
159   if (! sendCommandCheckAck(pn532_packetbuffer, 1))
160     return 0;
161 
162   // read data packet
163   readData(pn532_packetbuffer, 12);
164 
165   int offset = 7;  // Skip the ready byte when using I2C
166 
167   response <<= 8;
168   response |= pn532_packetbuffer[offset++];
169   response <<= 8;
170   response |= pn532_packetbuffer[offset++];
171   response <<= 8;
172   response |= pn532_packetbuffer[offset++];
173 
174   if (response != pn532_firmwarerev)
175     fprintf(stderr,
176             "Warning: firmware revision 0x%08x does not match expected rev 0x%08x\n",
177             response, pn532_firmwarerev);
178 
179   return response;
180 }
181 
182 
183 /**************************************************************************/
184 /*!
185   @brief  Sends a command and waits a specified period for the ACK
186 
187   @param  cmd       Pointer to the command buffer
188   @param  cmdlen    The size of the command in bytes
189   @param  timeout   timeout before giving up
190 
191   @returns  1 if everything is OK, 0 if timeout occured before an
192   ACK was recieved
193 */
194 /**************************************************************************/
195 // default timeout of one second
sendCommandCheckAck(uint8_t * cmd,uint8_t cmdlen,uint16_t timeout)196 bool PN532::sendCommandCheckAck(uint8_t *cmd, uint8_t cmdlen,
197                                 uint16_t timeout)
198 {
199   uint16_t timer = 0;
200 
201   // clear any outstanding irq's
202   isReady();
203 
204   // write the command
205   writeCommand(cmd, cmdlen);
206 
207   // Wait for chip to say its ready!
208   if (!waitForReady(timeout)) {
209     cerr << __FUNCTION__ << ": Not ready, timeout" << endl;
210     return false;
211   }
212 
213   if (m_pn532Debug)
214     cerr << __FUNCTION__ << ": IRQ received" << endl;
215 
216   // read acknowledgement
217   if (!readAck()) {
218     if (m_pn532Debug)
219       cerr << __FUNCTION__ << ": No ACK frame received!" << endl;
220 
221     return false;
222   }
223 
224   return true; // ack'd command
225 }
226 
227 /**************************************************************************/
228 /*!
229   @brief  Configures the SAM (Secure Access Module)
230 */
231 /**************************************************************************/
SAMConfig(void)232 bool PN532::SAMConfig(void)
233 {
234   pn532_packetbuffer[0] = CMD_SAMCONFIGURATION;
235   pn532_packetbuffer[1] = 0x01; // normal mode;
236   pn532_packetbuffer[2] = 0x14; // timeout 50ms * 20 = 1 second
237   pn532_packetbuffer[3] = 0x01; // use IRQ pin!
238 
239   if (! sendCommandCheckAck(pn532_packetbuffer, 4))
240     return false;
241 
242   // read data packet
243   readData(pn532_packetbuffer, 8);
244 
245   int offset = 6;
246   return  (pn532_packetbuffer[offset] == 0x15);
247 }
248 
249 /**************************************************************************/
250 /*!
251   Sets the MxRtyPassiveActivation byte of the RFConfiguration register
252 
253   @param  maxRetries    0xFF to wait forever, 0x00..0xFE to timeout
254   after mxRetries
255 
256   @returns 1 if everything executed properly, 0 for an error
257 */
258 /**************************************************************************/
setPassiveActivationRetries(uint8_t maxRetries)259 bool PN532::setPassiveActivationRetries(uint8_t maxRetries)
260 {
261   pn532_packetbuffer[0] = CMD_RFCONFIGURATION;
262   pn532_packetbuffer[1] = 5;    // Config item 5 (MaxRetries)
263   pn532_packetbuffer[2] = 0xFF; // MxRtyATR (default = 0xFF)
264   pn532_packetbuffer[3] = 0x01; // MxRtyPSL (default = 0x01)
265   pn532_packetbuffer[4] = maxRetries;
266 
267   if (m_mifareDebug)
268     cerr << __FUNCTION__ << ": Setting MxRtyPassiveActivation to "
269          << (int)maxRetries << endl;
270 
271   if (! sendCommandCheckAck(pn532_packetbuffer, 5))
272     return false;  // no ACK
273 
274   return true;
275 }
276 
277 /***** ISO14443A Commands ******/
278 
279 /**************************************************************************/
280 /*!
281   Waits for an ISO14443A target to enter the field
282 
283   @param  cardBaudRate  Baud rate of the card
284   @param  uid           Pointer to the array that will be populated
285   with the card's UID (up to 7 bytes)
286   @param  uidLength     Pointer to the variable that will hold the
287   length of the card's UID.
288 
289   @returns 1 if everything executed properly, 0 for an error
290 */
291 /**************************************************************************/
readPassiveTargetID(BAUD_T cardbaudrate,uint8_t * uid,uint8_t * uidLength,uint16_t timeout)292 bool PN532::readPassiveTargetID(BAUD_T cardbaudrate, uint8_t * uid,
293                                 uint8_t * uidLength, uint16_t timeout)
294 {
295   pn532_packetbuffer[0] = CMD_INLISTPASSIVETARGET;
296   pn532_packetbuffer[1] = 1;  // max 1 cards at once (we can set this
297                               // to 2 later)
298   pn532_packetbuffer[2] = cardbaudrate;
299 
300   if (!sendCommandCheckAck(pn532_packetbuffer, 3, timeout))
301     {
302       if (m_pn532Debug)
303         cerr << __FUNCTION__ << ": No card(s) read" << endl;
304 
305       return false;  // no cards read
306     }
307 
308   // wait for a card to enter the field (only possible with I2C)
309   if (m_pn532Debug)
310     cerr << __FUNCTION__ << ": Waiting for IRQ (indicates card presence)" << endl;
311 
312   if (!waitForReady(timeout)) {
313     if (m_pn532Debug)
314       cerr << __FUNCTION__ << ": IRQ Timeout" << endl;
315 
316     return false;
317   }
318 
319   // read data packet
320   readData(pn532_packetbuffer, 20);
321 
322   // check some basic stuff
323 
324   /* ISO14443A card response should be in the following format:
325 
326      byte            Description
327      -------------   ------------------------------------------
328      b0..6           Frame header and preamble
329      b7              Tags Found
330      b8              Tag Number (only one used in this example)
331      b9..10          SENS_RES
332      b11             SEL_RES
333      b12             NFCID Length
334      b13..NFCIDLen   NFCID                                      */
335 
336   // SENS_RES   SEL_RES     Manufacturer/Card Type    NFCID Len
337   // --------   -------     -----------------------   ---------
338   // 00 04      08          NXP Mifare Classic 1K     4 bytes
339   // 00 02      18          NXP Mifare Classic 4K     4 bytes
340 
341   if (m_mifareDebug)
342     cerr << __FUNCTION__ << ": Found " <<  (int)pn532_packetbuffer[7] << " tags"
343          << endl;
344 
345   // only one card can be handled currently
346   if (pn532_packetbuffer[7] != 1)
347     return false;
348 
349   uint16_t sens_res = pn532_packetbuffer[9];
350   sens_res <<= 8;
351   sens_res |= pn532_packetbuffer[10];
352 
353   // store these for later retrieval, they can be used to more accurately
354   // ID the type of card.
355 
356   m_ATQA = sens_res;
357   m_SAK = pn532_packetbuffer[11]; // SEL_RES
358 
359   if (m_mifareDebug)
360     {
361       fprintf(stderr, "ATQA: 0x%04x\n", m_ATQA);
362       fprintf(stderr, "SAK: 0x%02x\n", m_SAK);
363     }
364 
365   /* Card appears to be Mifare Classic */
366   // JET: How so?
367 
368   *uidLength = pn532_packetbuffer[12];
369   if (m_mifareDebug)
370     fprintf(stderr, "UID: ");
371 
372   for (uint8_t i=0; i < pn532_packetbuffer[12]; i++)
373     {
374       uid[i] = pn532_packetbuffer[13+i];
375       if (m_mifareDebug)
376         fprintf(stderr, "0x%02x ", uid[i]);
377     }
378   if (m_mifareDebug)
379     fprintf(stderr, "\n");
380 
381   return true;
382 }
383 
384 /**************************************************************************/
385 /*!
386   @brief  Exchanges an APDU with the currently inlisted peer
387 
388   @param  send            Pointer to data to send
389   @param  sendLength      Length of the data to send
390   @param  response        Pointer to response data
391   @param  responseLength  Pointer to the response data length
392 */
393 /**************************************************************************/
inDataExchange(uint8_t * send,uint8_t sendLength,uint8_t * response,uint8_t * responseLength)394 bool PN532::inDataExchange(uint8_t * send, uint8_t sendLength,
395                            uint8_t * response, uint8_t * responseLength)
396 {
397   if (sendLength > PN532_PACKBUFFSIZ-2) {
398     if (m_pn532Debug)
399       cerr << __FUNCTION__ << ": APDU length too long for packet buffer"
400            << endl;
401 
402     return false;
403   }
404   uint8_t i;
405 
406   pn532_packetbuffer[0] = CMD_INDATAEXCHANGE; // 0x40
407   pn532_packetbuffer[1] = m_inListedTag;
408   for (i=0; i<sendLength; ++i) {
409     pn532_packetbuffer[i+2] = send[i];
410   }
411 
412   if (!sendCommandCheckAck(pn532_packetbuffer,sendLength+2,1000)) {
413     if (m_pn532Debug)
414       cerr << __FUNCTION__ << ": Could not send ADPU" << endl;
415 
416     return false;
417   }
418 
419   if (!waitForReady(1000)) {
420     if (m_pn532Debug)
421       cerr << __FUNCTION__ << ": Response never received for ADPU..." << endl;
422 
423     return false;
424   }
425 
426   readData(pn532_packetbuffer, sizeof(pn532_packetbuffer));
427 
428   if (pn532_packetbuffer[0] == 0 && pn532_packetbuffer[1] == 0 &&
429       pn532_packetbuffer[2] == 0xff)
430     {
431 
432       uint8_t length = pn532_packetbuffer[3];
433       if (pn532_packetbuffer[4]!=(uint8_t)(~length+1))
434         {
435           if (m_pn532Debug)
436             fprintf(stderr, "Length check invalid: 0x%02x != 0x%02x\n", length,
437                     (~length)+1);
438 
439           return false;
440         }
441       if (pn532_packetbuffer[5]==PN532_PN532TOHOST &&
442           pn532_packetbuffer[6]==RSP_INDATAEXCHANGE)
443         {
444           if ((pn532_packetbuffer[7] & 0x3f)!=0)
445             {
446               if (m_pn532Debug)
447                 cerr << __FUNCTION__ << ": Status code indicates an error"
448                      << endl;
449 
450               return false;
451             }
452 
453           length -= 3;
454 
455           if (length > *responseLength) {
456             length = *responseLength; // silent truncation...
457           }
458 
459           for (i=0; i<length; ++i) {
460             response[i] = pn532_packetbuffer[8+i];
461           }
462           *responseLength = length;
463 
464           return true;
465         }
466       else {
467         fprintf(stderr, "Don't know how to handle this command: 0x%02x\n",
468                 pn532_packetbuffer[6]);
469         return false;
470       }
471     }
472   else {
473     cerr << __FUNCTION__ << ": Preamble missing" << endl;
474     return false;
475   }
476 }
477 
478 /**************************************************************************/
479 /*!
480   @brief  'InLists' a passive target. PN532 acting as reader/initiator,
481   peer acting as card/responder.
482 */
483 /**************************************************************************/
inListPassiveTarget()484 bool PN532::inListPassiveTarget()
485 {
486   m_inListedTag = 0;
487 
488   pn532_packetbuffer[0] = CMD_INLISTPASSIVETARGET;
489   pn532_packetbuffer[1] = 1;
490   pn532_packetbuffer[2] = 0;
491 
492   if (m_pn532Debug)
493     cerr << __FUNCTION__ << ": About to inList passive target" << endl;
494 
495   if (!sendCommandCheckAck(pn532_packetbuffer,3,1000)) {
496     if (m_pn532Debug)
497       cerr << __FUNCTION__ << ": Could not send inlist message" << endl;
498 
499     return false;
500   }
501 
502   if (!waitForReady(30000)) {
503     return false;
504   }
505 
506   readData(pn532_packetbuffer, sizeof(pn532_packetbuffer));
507 
508   if (pn532_packetbuffer[0] == 0 && pn532_packetbuffer[1] == 0 &&
509       pn532_packetbuffer[2] == 0xff) {
510 
511     uint8_t length = pn532_packetbuffer[3];
512     if (pn532_packetbuffer[4]!=(uint8_t)(~length+1)) {
513       if (m_pn532Debug)
514         fprintf(stderr, "Length check invalid: 0x%02x != 0x%02x\n", length,
515                 (~length)+1);
516 
517       return false;
518     }
519     if (pn532_packetbuffer[5]==PN532_PN532TOHOST &&
520         pn532_packetbuffer[6]==RSP_INLISTPASSIVETARGET) {
521       if (pn532_packetbuffer[7] != 1) {
522         cerr << __FUNCTION__ << ": Unhandled number of tags inlisted: "
523              << (int)pn532_packetbuffer[7] << endl;
524         return false;
525       }
526 
527       m_inListedTag = pn532_packetbuffer[8];
528       if (m_pn532Debug)
529         cerr << __FUNCTION__ << ": Tag number: " << (int)m_inListedTag << endl;
530 
531       return true;
532     } else {
533       if (m_pn532Debug)
534         cerr << __FUNCTION__ << ": Unexpected response to inlist passive host"
535              << endl;
536 
537       return false;
538     }
539   }
540   else {
541     if (m_pn532Debug)
542       cerr << __FUNCTION__ << ": Preamble missing" << endl;
543 
544     return false;
545   }
546 
547   return true;
548 }
549 
550 
551 /***** Mifare Classic Functions ******/
552 /*  MIFARE CLASSIC DESCRIPTION
553     ==========================
554 
555     Taken from: https://www.kismetwireless.net/code-old/svn/hardware/kisbee-02/firmware/drivers/rf/pn532/helpers/pn532_mifare_classic.c
556 
557     MIFARE Classic cards come in 1K and 4K varieties.  While several
558     varieties of chips exist, the two main chipsets used are described
559     in the following publicly accessible documents:
560 
561         MF1S503x Mifare Classic 1K data sheet:
562         http://www.nxp.com/documents/data_sheet/MF1S503x.pdf
563 
564         MF1S70yyX MIFARE Classic 4K data sheet:
565         http://www.nxp.com/documents/data_sheet/MF1S70YYX.pdf
566 
567     Mifare Classic cards typically have a a 4-byte NUID, though you may
568     find cards with 7 byte IDs as well
569 
570     EEPROM MEMORY
571     =============
572     Mifare Classic cards have either 1K or 4K of EEPROM memory. Each
573     memory block can be configured with different access conditions,
574     with two seperate authentication keys present in each block.
575 
576     The two main Mifare Classic card types are organised as follows:
577 
578         1K Cards: 16 sectors of 4 blocks (0..15)
579         4K Cards: 32 sectors of 4 blocks (0..31) and
580                   8 sectors of 16 blocks (32..39)
581 
582     4 block sectors
583     ===============
584     Sector  Block   Bytes                                                           Description
585     ------  -----   -----                                                           -----------
586                     0   1   2   3   4   5   6   7   8   9   10  11  12  13  14  15
587 
588     1       3       [-------KEY A-------]   [Access Bits]   [-------KEY A-------]   Sector Trailer 1
589             2       [                            Data                           ]   Data
590             1       [                            Data                           ]   Data
591             0       [                            Data                           ]   Data
592 
593     0       3       [-------KEY A-------]   [Access Bits]   [-------KEY A-------]   Sector Trailer 1
594             2       [                            Data                           ]   Data
595             1       [                            Data                           ]   Data
596             0       [                     Manufacturer Data                     ]   Manufacturer Block
597 
598     Sector Trailer (Block 3)
599     ------------------------
600     The sector trailer block contains the two secret keys (Key A and Key B), as well
601     as the access conditions for the four blocks.  It has the following structure:
602 
603         Sector Trailer Bytes
604         --------------------------------------------------------------
605         0   1   2   3   4   5   6   7   8   9   10  11  12  13  14  15
606         [       Key A       ]   [Access Bits]   [       Key B       ]
607 
608     For more information in using Keys to access the clock contents, see
609     Accessing Data Blocks further below.
610 
611     Data Blocks (Blocks 0..2)
612     -------------------------
613     Data blocks are 16 bytes wide and, depending on the permissions set in the
614     access bits, can be read from and written to. You are free to use the 16 data
615     bytes in any way you wish.  You can easily store text input, store four 32-bit
616     integer values, a 16 character uri, etc.
617 
618     Data Blocks as "Value Blocks"
619     -----------------------------
620     An alternative to storing random data in the 16 byte-wide blocks is to
621     configure them as "Value Blocks".  Value blocks allow performing electronic
622     purse functions (valid commands are: read, write, increment, decrement,
623     restore, transfer).
624 
625     Each Value block contains a single signed 32-bit value, and this value is
626     stored 3 times for data integrity and security reasons.  It is stored twice
627     non-inverted, and once inverted.  The last 4 bytes are used for a 1-byte
628     address, which is stored 4 times (twice non-inverted, and twice inverted).
629 
630     Data blocks configured as "Value Blocks" have the following structure:
631 
632         Value Block Bytes
633         --------------------------------------------------------------
634         0   1   2   3   4   5   6   7   8   9   10  11  12  13  14  15
635         [   Value   ]   [   ~Value  ]   [   Value   ]   [A  ~A  A   ~A]
636 
637     Manufacturer Block (Sector 0, Block 0)
638     --------------------------------------
639     Sector 0 is special since it contains the Manufacturer Block. This block
640     contains the manufacturer data, and is read-only.  It should be avoided
641     unless you know what you are doing.
642 
643     16 block sectors
644     ================
645     16 block sectors are identical to 4 block sectors, but with more data blocks.  The same
646     structure described in the 4 block sectors above applies.
647 
648     Sector  Block   Bytes                                                           Description
649     ------  -----   -----                                                           ----------
650                     0   1   2   3   4   5   6   7   8   9   10  11  12  13  14  15
651 
652     32      15      [-------KEY A-------]   [Access Bits]   [-------KEY B-------]   Sector Trailer 32
653             14      [                            Data                           ]   Data
654             13      [                            Data                           ]   Data
655             ...
656             2       [                            Data                           ]   Data
657             1       [                            Data                           ]   Data
658             0       [                            Data                           ]   Data
659 
660     ACCESSING DATA BLOCKS
661     =====================
662 
663     Before you can access the cards, you must following two steps:
664 
665     1.) You must retrieve the 7 byte UID or the 4-byte NUID of the card.
666         This can be done using pn532_mifareclassic_WaitForPassiveTarget()
667         below, which will return the appropriate ID.
668 
669     2.) You must authenticate the sector you wish to access according to the
670         access rules defined in the Sector Trailer block for that sector.
671         This can be done using pn532_mifareclassic_AuthenticateBlock(),
672         passing in the appropriate key value.
673 
674         Most new cards have a default Key A of 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF,
675         but some common values worth trying are:
676 
677             0XFF 0XFF 0XFF 0XFF 0XFF 0XFF
678             0XD3 0XF7 0XD3 0XF7 0XD3 0XF7
679             0XA0 0XA1 0XA2 0XA3 0XA4 0XA5
680             0XB0 0XB1 0XB2 0XB3 0XB4 0XB5
681             0X4D 0X3A 0X99 0XC3 0X51 0XDD
682             0X1A 0X98 0X2C 0X7E 0X45 0X9A
683             0XAA 0XBB 0XCC 0XDD 0XEE 0XFF
684             0X00 0X00 0X00 0X00 0X00 0X00
685             0XAB 0XCD 0XEF 0X12 0X34 0X56
686 
687     3.) Once authenication has succeeded, and depending on the sector
688         permissions, you can then read/write/increment/decrement the
689         contents of the specific block, using one of the helper functions
690         included in this module.
691 
692 */
693 /**************************************************************************/
694 /*!
695   Indicates whether the specified block number is the first block
696   in the sector (block 0 relative to the current sector)
697 */
698 /**************************************************************************/
mifareclassic_IsFirstBlock(uint32_t uiBlock)699 bool PN532::mifareclassic_IsFirstBlock (uint32_t uiBlock)
700 {
701   // Test if we are in the small or big sectors
702   if (uiBlock < 128)
703     return ((uiBlock) % 4 == 0);
704   else
705     return ((uiBlock) % 16 == 0);
706 }
707 
708 /**************************************************************************/
709 /*!
710   Indicates whether the specified block number is the sector trailer
711 */
712 /**************************************************************************/
mifareclassic_IsTrailerBlock(uint32_t uiBlock)713 bool PN532::mifareclassic_IsTrailerBlock (uint32_t uiBlock)
714 {
715   // Test if we are in the small or big sectors
716   if (uiBlock < 128)
717     return ((uiBlock + 1) % 4 == 0);
718   else
719     return ((uiBlock + 1) % 16 == 0);
720 }
721 
722 /**************************************************************************/
723 /*!
724   Tries to authenticate a block of memory on a MIFARE card using the
725   INDATAEXCHANGE command.  See section 7.3.8 of the PN532 User Manual
726   for more information on sending MIFARE and other commands.
727 
728   @param  uid           Pointer to a byte array containing the card UID
729   @param  uidLen        The length (in bytes) of the card's UID (Should
730   be 4 for MIFARE Classic)
731   @param  blockNumber   The block number to authenticate.  (0..63 for
732   1KB cards, and 0..255 for 4KB cards).
733   @param  keyNumber     Which key type to use during authentication
734   (0 = MIFARE_CMD_AUTH_A, 1 = MIFARE_CMD_AUTH_B)
735   @param  keyData       Pointer to a byte array containing the 6 byte
736   key value
737 
738   @returns 1 if everything executed properly, 0 for an error
739 */
740 /**************************************************************************/
mifareclassic_AuthenticateBlock(uint8_t * uid,uint8_t uidLen,uint32_t blockNumber,uint8_t keyNumber,uint8_t * keyData)741 bool PN532::mifareclassic_AuthenticateBlock (uint8_t * uid, uint8_t uidLen,
742                                              uint32_t blockNumber,
743                                              uint8_t keyNumber,
744                                              uint8_t * keyData)
745 {
746   uint8_t len;
747   uint8_t i;
748 
749   // Hang on to the key and uid data
750   memcpy (m_key, keyData, 6);
751   memcpy (m_uid, uid, uidLen);
752   m_uidLen = uidLen;
753 
754   if (m_mifareDebug)
755     {
756       fprintf(stderr, "Trying to authenticate card ");
757       PrintHex(m_uid, m_uidLen);
758       fprintf(stderr, "Using authentication KEY %c: ",
759               keyNumber ? 'B' : 'A');
760       PrintHex(m_key, 6);
761     }
762 
763   // Prepare the authentication command //
764   pn532_packetbuffer[0] = CMD_INDATAEXCHANGE;   /* Data Exchange Header */
765   pn532_packetbuffer[1] = 1;                              /* Max card numbers */
766   pn532_packetbuffer[2] = (keyNumber) ? MIFARE_CMD_AUTH_B : MIFARE_CMD_AUTH_A;
767   pn532_packetbuffer[3] = blockNumber;                    /* Block
768                                                              Number
769                                                              (1K =
770                                                              0..63, 4K
771                                                              =
772                                                              0..255 */
773   memcpy (pn532_packetbuffer+4, m_key, 6);
774   for (i = 0; i < m_uidLen; i++)
775     {
776       pn532_packetbuffer[10+i] = m_uid[i];                /* 4 byte card ID */
777     }
778 
779   if (! sendCommandCheckAck(pn532_packetbuffer, 10+m_uidLen))
780     return false;
781 
782   if (!waitForReady(1000)) {
783     if (m_pn532Debug)
784       cerr << __FUNCTION__ << ": timeout waiting auth..." << endl;
785 
786     return false;
787   }
788 
789   // Read the response packet
790   readData(pn532_packetbuffer, 12);
791 
792   // check if the response is valid and we are authenticated???
793   // for an auth success it should be bytes 5-7: 0xD5 0x41 0x00
794   // Mifare auth error is technically byte 7: 0x14 but anything other
795   // and 0x00 is not good
796   if (pn532_packetbuffer[7] != 0x00)
797     {
798       if (m_pn532Debug)
799         {
800           fprintf(stderr, "Authentication failed: ");
801           PrintHexChar(pn532_packetbuffer, 12);
802         }
803 
804       return false;
805     }
806 
807   return true;
808 }
809 
810 /**************************************************************************/
811 /*!
812   Tries to read an entire 16-byte data block at the specified block
813   address.
814 
815   @param  blockNumber   The block number to authenticate.  (0..63 for
816   1KB cards, and 0..255 for 4KB cards).
817   @param  data          Pointer to the byte array that will hold the
818   retrieved data (if any)
819 
820   @returns 1 if everything executed properly, 0 for an error
821 */
822 /**************************************************************************/
mifareclassic_ReadDataBlock(uint8_t blockNumber,uint8_t * data)823 bool PN532::mifareclassic_ReadDataBlock (uint8_t blockNumber, uint8_t * data)
824 {
825   if (m_mifareDebug)
826     cerr << __FUNCTION__ << ": Trying to read 16 bytes from block "
827          << (int)blockNumber << endl;
828 
829   /* Prepare the command */
830   pn532_packetbuffer[0] = CMD_INDATAEXCHANGE;
831   pn532_packetbuffer[1] = 1;                      /* Card number */
832   pn532_packetbuffer[2] = MIFARE_CMD_READ;        /* Mifare Read
833                                                      command = 0x30 */
834   pn532_packetbuffer[3] = blockNumber;            /* Block Number
835                                                      (0..63 for 1K,
836                                                      0..255 for 4K) */
837 
838   /* Send the command */
839   if (! sendCommandCheckAck(pn532_packetbuffer, 4))
840     {
841       if (m_mifareDebug)
842         cerr << __FUNCTION__ << ": Failed to receive ACK for read command"
843              << endl;
844 
845       return false;
846     }
847 
848   /* Read the response packet */
849   readData(pn532_packetbuffer, 26);
850 
851   /* If byte 8 isn't 0x00 we probably have an error */
852   if (pn532_packetbuffer[7] != 0x00)
853     {
854       if (m_mifareDebug)
855         {
856           fprintf(stderr, "Unexpected response: ");
857           PrintHexChar(pn532_packetbuffer, 26);
858         }
859       return false;
860     }
861 
862   /* Copy the 16 data bytes to the output buffer        */
863   /* Block content starts at byte 9 of a valid response */
864   memcpy (data, pn532_packetbuffer+8, 16);
865 
866   /* Display data for debug if requested */
867   if (m_mifareDebug)
868     {
869       fprintf(stderr, "Block %d: ", blockNumber);
870       PrintHexChar(data, 16);
871     }
872 
873   return true;
874 }
875 
876 /**************************************************************************/
877 /*!
878   Tries to write an entire 16-byte data block at the specified block
879   address.
880 
881   @param  blockNumber   The block number to authenticate.  (0..63 for
882   1KB cards, and 0..255 for 4KB cards).
883   @param  data          The byte array that contains the data to write.
884 
885   @returns 1 if everything executed properly, 0 for an error
886 */
887 /**************************************************************************/
mifareclassic_WriteDataBlock(uint8_t blockNumber,uint8_t * data)888 bool PN532::mifareclassic_WriteDataBlock (uint8_t blockNumber, uint8_t * data)
889 {
890   if (m_mifareDebug)
891     fprintf(stderr, "Trying to write 16 bytes to block %d\n", blockNumber);
892 
893   /* Prepare the first command */
894   pn532_packetbuffer[0] = CMD_INDATAEXCHANGE;
895   pn532_packetbuffer[1] = 1;                      /* Card number */
896   pn532_packetbuffer[2] = MIFARE_CMD_WRITE;       /* Mifare Write
897                                                      command = 0xA0 */
898   pn532_packetbuffer[3] = blockNumber;            /* Block Number
899                                                      (0..63 for 1K,
900                                                      0..255 for 4K) */
901   memcpy (pn532_packetbuffer+4, data, 16);          /* Data Payload */
902 
903   /* Send the command */
904   if (! sendCommandCheckAck(pn532_packetbuffer, 20))
905     {
906       if (m_mifareDebug)
907         cerr << __FUNCTION__ << ": Failed to receive ACK for write command"
908              << endl;
909 
910       return false;
911     }
912   usleep(10000);
913 
914   /* Read the response packet */
915   readData(pn532_packetbuffer, 26);
916 
917   return true;
918 }
919 
920 /**************************************************************************/
921 /*!
922   Formats a Mifare Classic card to store NDEF Records
923 
924   @returns 1 if everything executed properly, 0 for an error
925 */
926 /**************************************************************************/
mifareclassic_FormatNDEF(void)927 bool PN532::mifareclassic_FormatNDEF (void)
928 {
929   uint8_t sectorbuffer1[16] = {0x14, 0x01, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
930                                0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
931   uint8_t sectorbuffer2[16] = {0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1,
932                                0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1, 0x03, 0xE1};
933   uint8_t sectorbuffer3[16] = {0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0x78, 0x77,
934                                0x88, 0xC1, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
935 
936   // Note 0xA0 0xA1 0xA2 0xA3 0xA4 0xA5 must be used for key A
937   // for the MAD sector in NDEF records (sector 0)
938 
939   // Write block 1 and 2 to the card
940   if (!(mifareclassic_WriteDataBlock (1, sectorbuffer1)))
941     return false;
942   if (!(mifareclassic_WriteDataBlock (2, sectorbuffer2)))
943     return false;
944   // Write key A and access rights card
945   if (!(mifareclassic_WriteDataBlock (3, sectorbuffer3)))
946     return false;
947 
948   // Seems that everything was OK (?!)
949   return true;
950 }
951 
952 /**************************************************************************/
953 /*!
954   Writes an NDEF URI Record to the specified sector (1..15)
955 
956   Note that this function assumes that the Mifare Classic card is
957   already formatted to work as an "NFC Forum Tag" and uses a MAD1
958   file system.  You can use the NXP TagWriter app on Android to
959   properly format cards for this.
960 
961   @param  sectorNumber  The sector that the URI record should be written
962   to (can be 1..15 for a 1K card)
963   @param  uriIdentifier The uri identifier code (0 = none, 0x01 =
964   "http://www.", etc.)
965   @param  url           The uri text to write (max 38 characters).
966 
967   @returns 1 if everything executed properly, 0 for an error
968 */
969 /**************************************************************************/
mifareclassic_WriteNDEFURI(uint8_t sectorNumber,NDEF_URI_T uriIdentifier,const char * url)970 bool PN532::mifareclassic_WriteNDEFURI (uint8_t sectorNumber,
971                                         NDEF_URI_T uriIdentifier,
972                                         const char * url)
973 {
974   if (!url)
975     return false;
976 
977   // Figure out how long the string is
978   uint8_t len = strlen(url);
979 
980   // Make sure we're within a 1K limit for the sector number
981   if ((sectorNumber < 1) || (sectorNumber > 15))
982     return false;
983 
984   // Make sure the URI payload is between 1 and 38 chars
985   if ((len < 1) || (len > 38))
986     return false;
987 
988   // Note 0xD3 0xF7 0xD3 0xF7 0xD3 0xF7 must be used for key A
989   // in NDEF records
990 
991   // Setup the sector buffer (w/pre-formatted TLV wrapper and NDEF message)
992   uint8_t sectorbuffer1[16] = {0x00, 0x00, 0x03, static_cast<uint8_t>(len+5),
993                                0xD1, 0x01, static_cast<uint8_t>(len+1),
994                                0x55, static_cast<uint8_t>(uriIdentifier), 0x00, 0x00, 0x00, 0x00,
995                                0x00, 0x00, 0x00};
996   uint8_t sectorbuffer2[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
997                                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
998                                0x00, 0x00};
999   uint8_t sectorbuffer3[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1000                                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1001                                0x00, 0x00};
1002   uint8_t sectorbuffer4[16] = {0xD3, 0xF7, 0xD3, 0xF7, 0xD3, 0xF7, 0x7F,
1003                                0x07, 0x88, 0x40, 0xFF, 0xFF, 0xFF, 0xFF,
1004                                0xFF, 0xFF};
1005   if (len <= 6)
1006     {
1007       // Unlikely we'll get a url this short, but why not ...
1008       memcpy (sectorbuffer1+9, url, len);
1009       sectorbuffer1[len+9] = 0xFE;
1010     }
1011   else if (len == 7)
1012     {
1013       // 0xFE needs to be wrapped around to next block
1014       memcpy (sectorbuffer1+9, url, len);
1015       sectorbuffer2[0] = 0xFE;
1016     }
1017   else if ((len > 7) && (len <= 22))
1018     {
1019       // Url fits in two blocks
1020       memcpy (sectorbuffer1+9, url, 7);
1021       memcpy (sectorbuffer2, url+7, len-7);
1022       sectorbuffer2[len-7] = 0xFE;
1023     }
1024   else if (len == 23)
1025     {
1026       // 0xFE needs to be wrapped around to final block
1027       memcpy (sectorbuffer1+9, url, 7);
1028       memcpy (sectorbuffer2, url+7, len-7);
1029       sectorbuffer3[0] = 0xFE;
1030     }
1031   else
1032     {
1033       // Url fits in three blocks
1034       memcpy (sectorbuffer1+9, url, 7);
1035       memcpy (sectorbuffer2, url+7, 16);
1036       memcpy (sectorbuffer3, url+23, len-24);
1037       sectorbuffer3[len-23] = 0xFE;
1038     }
1039 
1040   // Now write all three blocks back to the card
1041   if (!(mifareclassic_WriteDataBlock (sectorNumber*4, sectorbuffer1)))
1042     return false;
1043   if (!(mifareclassic_WriteDataBlock ((sectorNumber*4)+1, sectorbuffer2)))
1044     return false;
1045   if (!(mifareclassic_WriteDataBlock ((sectorNumber*4)+2, sectorbuffer3)))
1046     return false;
1047   if (!(mifareclassic_WriteDataBlock ((sectorNumber*4)+3, sectorbuffer4)))
1048     return false;
1049 
1050   // Seems that everything was OK (?!)
1051   return true;
1052 }
1053 
1054 
1055 /***** NTAG2xx/ultralight Functions ******/
1056 
1057 // Ultralight tags are limited to 64 pages max, with ntag2XX tags can
1058 // have up to 231 pages.
1059 
1060 /*  MIFARE ULTRALIGHT DESCRIPTION
1061     =============================
1062 
1063     Taken from: https://www.kismetwireless.net/code-old/svn/hardware/kisbee-02/firmware/drivers/rf/pn532/helpers/pn532_mifare_ultralight.c
1064 
1065     MIFARE Ultralight cards typically contain 512 bits (64 bytes) of
1066     memory, including 4 bytes (32-bits) of OTP (One Time Programmable)
1067     memory where the individual bits can be written but not erased.
1068 
1069         MF0ICU1 Mifare Ultralight Functional Specification:
1070         http://www.nxp.com/documents/data_sheet/MF0ICU1.pdf
1071 
1072 
1073     Mifare Ultralight cards have a 7-byte UID
1074 
1075     EEPROM MEMORY
1076     =============
1077     Mifare Ultralight cards have 512 bits (64 bytes) of EEPROM memory,
1078     including 4 byte (32 bits) of OTP memory.  Unlike Mifare Classic cards,
1079     there is no authentication on a per block level, although the blocks
1080     can be set to "read-only" mode using Lock Bytes (described below).
1081 
1082     EEPROM memory is organised into 16 pages of four bytes eachs, in
1083     the following order
1084 
1085     Page   Description
1086     ----   ------------
1087     0      Serial Number (4 bytes)
1088     1      Serial Number (4 bytes)
1089     2      Byte 0:    Serial Number
1090            Byte 1:    Internal Memory
1091            Byte 2..3: lock bytes
1092     3      One-time programmable memory (4 bytes)
1093     4..15  User memory (4 bytes)
1094 
1095     Lock Bytes (Page 2)
1096     -------------------
1097     Bytes 2 and 3 of page 2 are referred to as "Lock Bytes".  Each
1098     page from 0x03 and higher can individually locked by setting the
1099     corresponding locking bit to "1" to prevent further write access,
1100     effectively making the memory read only.
1101 
1102     For information on the lock byte mechanism, refer to section 8.5.2 of
1103     the datasheet (referenced above).
1104 
1105     OTP Bytes (Page 3)
1106     ------------------
1107     Page 3 is the OTP memory, and by default all bits on this page are
1108     set to 0.  These bits can be bitwise modified using the Mifare WRITE
1109     command, and individual bits can be set to 1, but can not be changed
1110     back to 0.
1111 
1112     Data Pages (Pages 4..15)
1113     ------------------------
1114     Pages 4 to 15 are can be freely read from and written to,
1115     provided there is no conflict with the Lock Bytes described above.
1116 
1117     After production, the bytes have the following default values:
1118 
1119     Page    Byte Values
1120     ----    ----------------------
1121             0     1     2     3
1122     4       0xFF  0xFF  0xFF  0xFF
1123     5..15   0x00  0x00  0x00  0x00
1124 
1125     ACCESSING DATA BLOCKS
1126     =====================
1127 
1128     Before you can access the cards, you must following two steps:
1129 
1130     1.) 'Connect' to a Mifare Ultralight card and retrieve the 7 byte
1131         UID of the card.
1132 
1133     2.) Memory can be read and written directly once a passive mode
1134         connection has been made.  No authentication is required for
1135         Mifare Ultralight cards.
1136 
1137 */
1138 
1139 
1140 /**************************************************************************/
1141 /*!
1142   Tries to read an entire 4-byte page at the specified address.
1143 
1144   @param  page        The page number (0..63 in most cases)
1145   @param  buffer      Pointer to the byte array that will hold the
1146   retrieved data (if any)
1147 */
1148 /**************************************************************************/
ntag2xx_ReadPage(uint8_t page,uint8_t * buffer)1149 bool PN532::ntag2xx_ReadPage (uint8_t page, uint8_t * buffer)
1150 {
1151   // TAG Type       PAGES   USER START    USER STOP
1152   // --------       -----   ----------    ---------
1153   // NTAG 203       42      4             39
1154   // NTAG 213       45      4             39
1155   // NTAG 215       135     4             129
1156   // NTAG 216       231     4             225
1157 
1158   if (page >= 231)
1159     {
1160       cerr << __FUNCTION__ << ": Page value out of range" << endl;
1161       return false;
1162     }
1163 
1164   if (m_mifareDebug)
1165     fprintf(stderr, "Reading page %d\n", page);
1166 
1167   /* Prepare the command */
1168   pn532_packetbuffer[0] = CMD_INDATAEXCHANGE;
1169   pn532_packetbuffer[1] = 1;                   /* Card number */
1170   pn532_packetbuffer[2] = MIFARE_CMD_READ;     /* Mifare Read command = 0x30 */
1171   pn532_packetbuffer[3] = page;                /* Page Number (0..63
1172                                                   in most cases) */
1173 
1174   /* Send the command */
1175   if (! sendCommandCheckAck(pn532_packetbuffer, 4))
1176     {
1177       if (m_mifareDebug)
1178         cerr << __FUNCTION__ << ": Failed to receive ACK for write command"
1179              << endl;
1180 
1181       return false;
1182     }
1183 
1184   /* Read the response packet */
1185   readData(pn532_packetbuffer, 26);
1186 
1187   if (m_mifareDebug)
1188     {
1189       fprintf(stderr, "Received: \n");
1190       PrintHexChar(pn532_packetbuffer, 26);
1191     }
1192 
1193   /* If byte 8 isn't 0x00 we probably have an error */
1194   if (pn532_packetbuffer[7] == 0x00)
1195     {
1196       /* Copy the 4 data bytes to the output buffer         */
1197       /* Block content starts at byte 9 of a valid response */
1198       /* Note that the command actually reads 16 byte or 4  */
1199       /* pages at a time ... we simply discard the last 12  */
1200       /* bytes                                              */
1201       memcpy (buffer, pn532_packetbuffer+8, 4);
1202     }
1203   else
1204     {
1205       if (m_mifareDebug)
1206         {
1207           fprintf(stderr, "Unexpected response reading block: \n");
1208           PrintHexChar(pn532_packetbuffer, 26);
1209         }
1210 
1211       return false;
1212     }
1213 
1214   /* Display data for debug if requested */
1215   if (m_mifareDebug)
1216     {
1217       fprintf(stderr, "Page %d:\n", page);
1218       PrintHexChar(buffer, 4);
1219     }
1220 
1221   // Return OK signal
1222   return true;
1223 }
1224 
1225 /**************************************************************************/
1226 /*!
1227   Tries to write an entire 4-byte page at the specified block
1228   address.
1229 
1230   @param  page          The page number to write.  (0..63 for most cases)
1231   @param  data          The byte array that contains the data to write.
1232   Should be exactly 4 bytes long.
1233 
1234   @returns 1 if everything executed properly, 0 for an error
1235 */
1236 /**************************************************************************/
ntag2xx_WritePage(uint8_t page,uint8_t * data)1237 bool PN532::ntag2xx_WritePage (uint8_t page, uint8_t * data)
1238 {
1239   // TAG Type       PAGES   USER START    USER STOP
1240   // --------       -----   ----------    ---------
1241   // NTAG 203       42      4             39
1242   // NTAG 213       45      4             39
1243   // NTAG 215       135     4             129
1244   // NTAG 216       231     4             225
1245 
1246   if ((page < 4) || (page > 225))
1247     {
1248       cerr << __FUNCTION__ << ": Page value out of range" << endl;
1249       return false;
1250     }
1251 
1252   if (m_mifareDebug)
1253     fprintf(stderr, "Trying to write 4 byte page %d\n", page);
1254 
1255   /* Prepare the first command */
1256   pn532_packetbuffer[0] = CMD_INDATAEXCHANGE;
1257   pn532_packetbuffer[1] = 1;    /* Card number */
1258   pn532_packetbuffer[2] = MIFARE_ULTRALIGHT_CMD_WRITE; /* Mifare
1259                                                           Ultralight
1260                                                           Write
1261                                                           command =
1262                                                           0xA2 */
1263   pn532_packetbuffer[3] = page; /* Page Number (0..63 for most cases) */
1264   memcpy (pn532_packetbuffer+4, data, 4); /* Data Payload */
1265 
1266   /* Send the command */
1267   if (! sendCommandCheckAck(pn532_packetbuffer, 8))
1268     {
1269       if (m_mifareDebug)
1270         cerr << __FUNCTION__ << ": Failed to receive ACK for write command"
1271              << endl;
1272 
1273       // Return Failed Signal
1274       return false;
1275     }
1276   usleep(10000);
1277 
1278   /* Read the response packet */
1279   readData(pn532_packetbuffer, 26);
1280 
1281   // Return OK Signal
1282   return true;
1283 }
1284 
1285 /**************************************************************************/
1286 /*!
1287   Writes an NDEF URI Record starting at the specified page (4..nn)
1288 
1289   Note that this function assumes that the NTAG2xx card is
1290   already formatted to work as an "NFC Forum Tag".
1291 
1292   @param  uriIdentifier The uri identifier code (0 = none, 0x01 =
1293   "http://www.", etc.)
1294   @param  url           The uri text to write (null-terminated string).
1295   @param  dataLen       The size of the data area for overflow checks.
1296 
1297   @returns 1 if everything executed properly, 0 for an error
1298 */
1299 /**************************************************************************/
ntag2xx_WriteNDEFURI(NDEF_URI_T uriIdentifier,char * url,uint8_t dataLen)1300 bool PN532::ntag2xx_WriteNDEFURI (NDEF_URI_T uriIdentifier, char * url,
1301                                   uint8_t dataLen)
1302 {
1303   uint8_t pageBuffer[4] = { 0, 0, 0, 0 };
1304 
1305   // Remove NDEF record overhead from the URI data (pageHeader below)
1306   uint8_t wrapperSize = 12;
1307 
1308   // Figure out how long the string is
1309   uint8_t len = strlen(url);
1310 
1311   // Make sure the URI payload will fit in dataLen (include 0xFE trailer)
1312   if ((len < 1) || (len+1 > (dataLen-wrapperSize)))
1313     return false;
1314 
1315   // Setup the record header
1316   // See NFCForum-TS-Type-2-Tag_1.1.pdf for details
1317   uint8_t pageHeader[12] =
1318     {
1319       /* NDEF Lock Control TLV (must be first and always present) */
1320       0x01,         /* Tag Field (0x01 = Lock Control TLV) */
1321       0x03,         /* Payload Length (always 3) */
1322       0xA0,         /* The position inside the tag of the lock bytes
1323                        (upper 4 = page address, lower 4 = byte
1324                        offset) */
1325       0x10,         /* Size in bits of the lock area */
1326       0x44,         /* Size in bytes of a page and the number of bytes
1327                        each lock bit can lock (4 bit + 4 bits) */
1328       /* NDEF Message TLV - URI Record */
1329       0x03,         /* Tag Field (0x03 = NDEF Message) */
1330       static_cast<uint8_t>(len+5),
1331                     /* Payload Length (not including 0xFE trailer) */
1332       0xD1,         /* NDEF Record Header (TNF=0x1:Well known record +
1333                        SR + ME + MB) */
1334       0x01,         /* Type Length for the record type indicator */
1335       static_cast<uint8_t>(len+1),
1336                     /* Payload len */
1337       0x55,         /* Record Type Indicator (0x55 or 'U' = URI Record) */
1338       static_cast<uint8_t>(uriIdentifier)
1339                     /* URI Prefix (ex. 0x01 = "http://www.") */
1340     };
1341 
1342   // Write 12 byte header (three pages of data starting at page 4)
1343   memcpy (pageBuffer, pageHeader, 4);
1344   if (!(ntag2xx_WritePage (4, pageBuffer)))
1345     return false;
1346   memcpy (pageBuffer, pageHeader+4, 4);
1347   if (!(ntag2xx_WritePage (5, pageBuffer)))
1348     return false;
1349   memcpy (pageBuffer, pageHeader+8, 4);
1350   if (!(ntag2xx_WritePage (6, pageBuffer)))
1351     return false;
1352 
1353   // Write URI (starting at page 7)
1354   uint8_t currentPage = 7;
1355   char * urlcopy = url;
1356   while (len)
1357     {
1358       if (len < 4)
1359         {
1360           memset(pageBuffer, 0, 4);
1361           memcpy(pageBuffer, urlcopy, len);
1362           pageBuffer[len] = 0xFE; // NDEF record footer
1363           if (!(ntag2xx_WritePage (currentPage, pageBuffer)))
1364             return false;
1365           // DONE!
1366           return true;
1367         }
1368       else if (len == 4)
1369         {
1370           memcpy(pageBuffer, urlcopy, len);
1371           if (!(ntag2xx_WritePage (currentPage, pageBuffer)))
1372             return false;
1373           memset(pageBuffer, 0, 4);
1374           pageBuffer[0] = 0xFE; // NDEF record footer
1375           currentPage++;
1376           if (!(ntag2xx_WritePage (currentPage, pageBuffer)))
1377             return false;
1378           // DONE!
1379           return true;
1380         }
1381       else
1382         {
1383           // More than one page of data left
1384           memcpy(pageBuffer, urlcopy, 4);
1385           if (!(ntag2xx_WritePage (currentPage, pageBuffer)))
1386             return false;
1387           currentPage++;
1388           urlcopy+=4;
1389           len-=4;
1390         }
1391     }
1392 
1393   // Seems that everything was OK (?!)
1394   return true;
1395 }
1396 
1397 
1398 /**************************************************************************/
1399 /*!
1400   @brief  Tries to read/verify the ACK packet
1401 */
1402 /**************************************************************************/
readAck()1403 bool PN532::readAck()
1404 {
1405   uint8_t ackbuff[6];
1406 
1407   readData(ackbuff, 6);
1408 
1409   return (0 == memcmp((char *)ackbuff, (char *)pn532ack, 6));
1410 }
1411 
1412 
1413 /**************************************************************************/
1414 /*!
1415   @brief  Return true if the PN532 is ready with a response.
1416 */
1417 /**************************************************************************/
isReady()1418 bool PN532::isReady()
1419 {
1420   // ALWAYS clear the m_irqRcvd flag if set.
1421   if (m_irqRcvd)
1422     {
1423       m_irqRcvd = false;
1424       return true;
1425     }
1426 
1427   return false;
1428 }
1429 
1430 /**************************************************************************/
1431 /*!
1432   @brief  Waits until the PN532 is ready.
1433 
1434   @param  timeout   Timeout before giving up
1435 */
1436 /**************************************************************************/
waitForReady(uint16_t timeout)1437 bool PN532::waitForReady(uint16_t timeout)
1438 {
1439   uint16_t timer = 0;
1440   while(!isReady())
1441     {
1442       if (timeout != 0)
1443         {
1444           timer += 10;
1445           if (timer > timeout)
1446             {
1447               return false;
1448             }
1449         }
1450       usleep(10000);
1451     }
1452   return true;
1453 }
1454 
1455 /**************************************************************************/
1456 /*!
1457   @brief  Reads n bytes of data from the PN532 via SPI or I2C.
1458 
1459   @param  buff      Pointer to the buffer where data will be written
1460   @param  n         Number of bytes to be read
1461 */
1462 /**************************************************************************/
readData(uint8_t * buff,uint8_t n)1463 void PN532::readData(uint8_t* buff, uint8_t n)
1464 {
1465   uint8_t buf[n + 2];
1466   int rv;
1467 
1468   memset(buf, 0, n+2);
1469   usleep(2000);
1470   if (m_i2c.address(m_addr) != mraa::SUCCESS)
1471     {
1472       throw std::runtime_error(std::string(__FUNCTION__) +
1473                                ": mraa_i2c_address() failed");
1474       return;
1475     }
1476 
1477   rv = m_i2c.read(buf, n + 2);
1478 
1479   if (m_pn532Debug)
1480     {
1481       cerr << __FUNCTION__ << ": read returned " << rv << "bytes" << endl;
1482 
1483       fprintf(stderr, "(raw) buf (%d) = ", rv);
1484       PrintHex(buf, rv);
1485       fprintf(stderr, "\n");
1486     }
1487 
1488   for (int i=0; i<n; i++)
1489     buff[i] = buf[i+1];
1490 
1491   if (m_pn532Debug)
1492     {
1493       fprintf(stderr, "(returned) buf (%d) = \n", n);
1494       PrintHex(buff, n);
1495       fprintf(stderr, "\n");
1496     }
1497 }
1498 
1499 /**************************************************************************/
1500 /*!
1501   @brief  Writes a command to the PN532, automatically inserting the
1502   preamble and required frame details (checksum, len, etc.)
1503 
1504   @param  cmd       Pointer to the command buffer
1505   @param  cmdlen    Command length in bytes
1506 */
1507 /**************************************************************************/
writeCommand(uint8_t * cmd,uint8_t cmdlen)1508 void PN532::writeCommand(uint8_t* cmd, uint8_t cmdlen)
1509 {
1510   // I2C command write.
1511 
1512   cmdlen++;
1513 
1514   usleep(2000);     // 2ms max in case board needs to wake up
1515 
1516   // command + packet wrapper
1517   uint8_t buf[cmdlen + 8];
1518   memset(buf, 0, cmdlen + 8);
1519   int offset = 0;
1520 
1521   if (m_pn532Debug)
1522     cerr << __FUNCTION__ << ": Sending: " << endl;
1523 
1524   uint8_t checksum = PN532_PREAMBLE + PN532_PREAMBLE + PN532_STARTCODE2;
1525   buf[offset++] = PN532_PREAMBLE;
1526   buf[offset++] = PN532_PREAMBLE;
1527   buf[offset++] = PN532_STARTCODE2;
1528 
1529   buf[offset++] = cmdlen;
1530   buf[offset++] = ~cmdlen + 1;
1531 
1532   buf[offset++] = PN532_HOSTTOPN532;
1533   checksum += PN532_HOSTTOPN532;
1534 
1535   for (uint8_t i=0; i<cmdlen - 1; i++)
1536     {
1537       buf[offset++] = cmd[i];
1538       checksum += cmd[i];
1539     }
1540 
1541   buf[offset++] = ~checksum;
1542   buf[offset] = PN532_POSTAMBLE;
1543 
1544   if (m_i2c.address(m_addr) != mraa::SUCCESS)
1545     {
1546       throw std::runtime_error(std::string(__FUNCTION__) +
1547                                ": mraa_i2c_address() failed");
1548       return;
1549     }
1550 
1551   if (m_i2c.write(buf, cmdlen + 8 - 1) != mraa::SUCCESS)
1552     {
1553       throw std::runtime_error(std::string(__FUNCTION__) +
1554                                ": mraa_i2c_write() failed");
1555       return;
1556     }
1557 
1558   if (m_pn532Debug)
1559     {
1560       cerr << __FUNCTION__ << ": cmdlen + 8 = " << cmdlen + 8
1561            <<", offset = " << offset << endl;
1562 
1563       PrintHex(buf, cmdlen + 8);
1564     }
1565 }
1566 
dataReadyISR(void * ctx)1567 void PN532::dataReadyISR(void *ctx)
1568 {
1569   upm::PN532 *This = (upm::PN532 *)ctx;
1570 
1571   // if debugging is enabled, indicate when an interrupt occurred, and
1572   // a previously triggered interrupt was still set.
1573   if (This->m_pn532Debug)
1574     if (This->m_irqRcvd)
1575       cerr << __FUNCTION__ << ": INFO: Unhandled IRQ detected." << endl;
1576 
1577   This->m_irqRcvd = true;
1578 }
1579 
tagType()1580 PN532::TAG_TYPE_T PN532::tagType()
1581 {
1582   // This is really just a guess, ATQA and SAK could in theory be used
1583   // to refine the detection.
1584 
1585   if (m_uidLen == 4)
1586     return TAG_TYPE_MIFARE_CLASSIC;
1587   else if (m_uidLen == 7)
1588     return TAG_TYPE_NFC2;
1589   else
1590     return TAG_TYPE_UNKNOWN;
1591 }
1592