Difference between revisions of "MOD-RFID1356MIFARE"

(Bootloader mode (firmware upgrade))
(Operation)
 
(8 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
MOD-RFID1356MIFARE is an Olimex device that allows you to read and write NFC / MIFARE RFID tags operating at 13.56Mhz.
 
MOD-RFID1356MIFARE is an Olimex device that allows you to read and write NFC / MIFARE RFID tags operating at 13.56Mhz.
 
MOD-RFID1356MIFARE uses NXP PN532 to read and write NFC / MIFARE RFID cards. In addition we put second microcontroller on the board which allow 3 additional ways to communicate with host device: USB HID keyboard, USB CDC serial communication, and UART CMOS level for boards with UEXT.
 
MOD-RFID1356MIFARE uses NXP PN532 to read and write NFC / MIFARE RFID cards. In addition we put second microcontroller on the board which allow 3 additional ways to communicate with host device: USB HID keyboard, USB CDC serial communication, and UART CMOS level for boards with UEXT.
 +
 +
Notice! The firmware supports Classic and Ultralight tags.
  
 
== Operation ==
 
== Operation ==
Line 10: Line 12:
  
 
The board can operate in the following user modes:
 
The board can operate in the following user modes:
* USB-HID - acts as human interface device, prints the ID of the read tags in a text field
+
* USB-HID - acts as QWERTY keyboard, prints the ID of the read tags in a text field
 
* UART - allows connection to equipment via the serial cable at the UEXT, allows usage of different commands at fixed baud rate of 38400
 
* UART - allows connection to equipment via the serial cable at the UEXT, allows usage of different commands at fixed baud rate of 38400
 
* USB-CDC - same as above but via the mini USB port and can work up to 115200
 
* USB-CDC - same as above but via the mini USB port and can work up to 115200
Line 154: Line 156:
 
Note that there is no command line help in the latest firmware (no space available for help); however we introduced error messages, that can be seen! The switch to bootloader mode command was also removed. The commands available are described below follows:
 
Note that there is no command line help in the latest firmware (no space available for help); however we introduced error messages, that can be seen! The switch to bootloader mode command was also removed. The commands available are described below follows:
  
  i - shows information about the firmware
+
  i - shows information about the firmware;
  erB - Read data in block B.
+
  erB - Read data in block B;
  erS,E - Read data from block S to block E.
+
  erS,E - Read data from block S to block E;
  ewB,X - Write data to block B. X must be hex, maximum 16 bytes.
+
  ewB,X - Write data to block B. X must be hex, maximum 16 bytes. If mkl enabled - should be preceded by muA;
  e0 - Disable eeprom read.
+
  e0 - Disable eeprom read;
  e1 - Enable eeprom read.
+
  e1 - Enable eeprom read;
  mlE - Set led mode to disabled (E=0) or enabled (E=1)
+
  mlE - Set led mode to disabled (E=0) or enabled (E=1);
  mtF - Set scan interval. Values between 1 and 30000 are accepted.
+
  mtF - Set scan interval. Values between 1 and 30000 are accepted;
  mkK - Set work key, (K=a) for Key_A or (K=b) for Key_B.
+
  mkK - Set work key, (K=a) for Key_A or (K=b) for Key_B;
  kA - Read current key, where A is 'a', 'b' or '?'.
+
  kA - Read current key, where A is 'a', 'b' or '?'. Will not work if locked with mkl;
 +
mkl - Locks the reading of all keys for security reasons. Disables key read kA command. The only way to disable is the mku command;
 +
muA - set UID of target card for next write operation (A=UID);
 +
mku - Unlocks read command and resets keys to ka=000000000000 and kb=FFFFFFFFFFFF;
 
  kA,X - Set new key, where A is 'a' or 'b'. X is 6 bytes in hex format.
 
  kA,X - Set new key, where A is 'a' or 'b'. X is 6 bytes in hex format.
  
Line 248: Line 253:
 
  OK
 
  OK
  
* '''k?''' - Shows the currently selected key and the value stored
+
* '''k?''' - Shows the currently selected key and the value stored, unless locked with mkl
 
    
 
    
 
   >k?
 
   >k?
 +
  Key B : FFFFFFFFFFFF
 +
  OK
 +
  >
 +
 +
* '''mkl''' - Locks the reading of all keys for security reasons. Disables key read kA command. The only way to disable is the mku command
 +
  >mkl
 +
  ok
 +
  >ka 112233445566
 +
  ok
 +
  >k?
 +
  ERR:0x7f
 +
  >ka
 +
  ERR:0x7f
 +
  >er6 7
 +
  OK
 +
  >-AA0E012C-
 +
  Block  6 : 12 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
 +
  Block  7 : 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF
 +
  OK
 +
 +
* '''muA''' - set UID of target card for next write operation (A=UID)
 +
  >muaa0e012c
 +
  OK
 +
  >ew6 223344
 +
  OK                         
 +
  >-AA0E012C-
 +
  SAVED
 +
  >-AA0E012C-
 +
  Block  6 : 22 33 44 FF FF FF FF FF FF FF FF FF FF FF FF FF
 +
  OK
 +
 +
* '''mku''' - Unlocks read command and resets keys to ka=000000000000 and kb=FFFFFFFFFFFF
 +
  >mku
 +
  OK
 +
  >ka
 +
  Key A : 000000000000
 +
  OK
 +
  >kb
 
   Key B : FFFFFFFFFFFF
 
   Key B : FFFFFFFFFFFF
 
   OK
 
   OK
Line 286: Line 329:
 
   0x13 DEP Protocol / Mifare / ISO/IEC 14443-4: The data format does not match to the  
 
   0x13 DEP Protocol / Mifare / ISO/IEC 14443-4: The data format does not match to the  
 
   specification.
 
   specification.
   0x14 Mifare: Authentication error (improper Key used
+
   0x14 Mifare: Authentication error (improper Key used); make sure EEPROM is present and readable
 
   0x23 ISO/IEC 14443-3: UID Check byte is wrong
 
   0x23 ISO/IEC 14443-3: UID Check byte is wrong
 
   0x7f unknown command
 
   0x7f unknown command

Latest revision as of 00:54, 20 January 2023

MOD-RFID1356MIFARE

Description

MOD-RFID1356MIFARE is an Olimex device that allows you to read and write NFC / MIFARE RFID tags operating at 13.56Mhz. MOD-RFID1356MIFARE uses NXP PN532 to read and write NFC / MIFARE RFID cards. In addition we put second microcontroller on the board which allow 3 additional ways to communicate with host device: USB HID keyboard, USB CDC serial communication, and UART CMOS level for boards with UEXT.

Notice! The firmware supports Classic and Ultralight tags.

Operation

Plug the board to your personal computer via mini USB cable. The red LED would start to blink.

The board can operate in the following user modes:

  • USB-HID - acts as QWERTY keyboard, prints the ID of the read tags in a text field
  • UART - allows connection to equipment via the serial cable at the UEXT, allows usage of different commands at fixed baud rate of 38400
  • USB-CDC - same as above but via the mini USB port and can work up to 115200


Additionally there is another "service" mode:

  • Bootloader mode - used to upgrade the firmware


Once the board is powered you can change the user mode of operation.

Press and hold the button. All modes would cycle and each mode is identified by a different LED behavior. Wait until you reach the desired mode of operation and release the button to set the unit in that mode. The modes change cyclically after 2-3 seconds in the following order HID-CDC-UART. The combinations of LED behavior during a button press and board mode after button release are:

  • Only red led is blinking: USB-HID mode
  • Only green led is blinking: USB-CDC mode
  • Both green and red leds are blinking: UART mode


The mode selected is saved, in the event of power down and power up, the last mode selected gets loaded.

The blinking would remain after the new mode is entered to indicate the current mode. You can disable the LEDs (e.g. to save power) with ml0 command.

If you have disabled the LEDs with ml1 command - you can check the current mode with a brief button press and release - this would show the indication for the current mode of operation.

Bootloader mode (firmware upgrade)

In order to enter bootloader mode:

1. Disconnect the board from the USB cable;

2. Press and hold the button;

3. Apply the USB cable to the mini USB connector;

4. Wait at least 2 seconds and release the button.

After that you'll see both LEDs blinking one after another for a few seconds. In this mode you can upload new firmware.

Uploading new firmware

New versions of the firmware can be downloaded to the board via the mini USB connector from your personal computer with the help of a serial terminal software without the need of additional hardware.

To update the firmware we need a couple of software resources:

1.1. First install serial terminal software that is capable of sending files via the serial connection. We used the open source TeraTerm software here, and this is the terminal software that I would recommend under Windows. The web-page of TeraTerm is here: https://ttssh2.osdn.jp/index.html.en

Linux guys should use software terminal that supports XMODEM transfer.

The serial baud rate for updating the firmware should be 19200.

1.2. Download the archive with the latest firmware that is provided by Olimex. In the archive you can find this description, the firmware img and some pictures. Link to the archive:

https://drive.google.com/open?id=1Fl1wAhNq9U5F0fSRMPaNGsKUO5fVeJWO

At this point all software requirements are already available at the PC! Proceed:

2.1. Enter the MOD-RFID1356MIFARE board in bootloader mode as described in the previous chapter.

2.2. Open "Windows Device Manager" and identify the COM port that the board created. It is in the "Ports (COM & LPT)" section. Remember the COM port number or keep the manager open for a quick reference.

2.3. (optional) If the board is listed in "Ports (COM & LPT)" but reports that the it is unrecognized, then you would need to install a driver. The driver files are located in folder "2.WINDOWS_DRIVER" - in order to install the driver point manually to to folder inf file. It usually goes like this: right-click over the entry for the unit in "Windows Device Manager" –> "Update Driver Software" –> "Browse My Computer For Driver Software" –> "Let me pick from a list of device drivers on my computer" –> mark the entry of the RFID unit –> "Have Disk" –> "Browse" –> point to olimexvirser.inf –> "Open" –> "OK" –> "Next" –> if a warning pops-up ignore it –> "Finish". You might need to disable "Windows Driver Signature" enforcement if the unit still gets blocked.

2.4. Start TeraTerm

2.5. Select the bottom radio button "Serial" and select the COM port identified in point 2.2. Click "OK"

2.6. You would establish a connection with the board and you would see "CCCC..." coming from the board. This means that the board is ready to receive new firmware.

2.7. Navigate to "File" -> "Transfer" -> "XMODEM" -> "Send..."; this would bring an explorer window and we have to point to the img file that contains the firmware. It is located in folder "FIRMWARE IMAGES" of the folder that you downloaded in point 1.2.

2.8. Once the download is complete, wait for a few seconds and power cycle the board (remove the USB cable, wait a few seconds, plug it back in). Your board now has the latest firmware.

Firmware releases download

220 - Latest release [recommended] - Added new commands: for locking key for reading; unlocking performs key reset; Fixed bash issue - now space character can also be used as separator (in addition to comma): download link 2.20

219 - Eight release - fixed update bug preventing certain version of the firmware from successful update; added EEPROM format before firmware update; this update deletes the EEPROM contents so if you have stored important data to the MIFARE make sure to back it up before upgrading to version 219: download link 2.19

218 - Seventh release - fixed bug - hang in CDC mode due to large string of data after printing the response to "i", "?", "h".: download link

216 - Sixth release - fixed two major bugs - 7 byte cards reading in CDC mode and setting saving between power downs: download link

200 - Fifth release - complete re-write of the original firmware; also separate images for each mode available: download link

103 - Fourth release - fixed delay bug; several minor improvements: download link

102 - Third release - added compatibility for MIFARE Ultralight and MIFARE Ultralight EV1 tags; several other improvements: download link

101 - Second release - several improvements and fixes over release 100; most notably fixed unavailability for reading tags with EEPROM different from FF:FF:FF:FF:FF:FF:FF:FF: download link

100 - Initial release (not recommended): download link

USB-HID mode

The device is shown as keyboard. In this mode only the red LED blinks. On Linux machine you should see something like this:

 # dmesg
 
 usb 3-2: new full-speed USB device number 5 using ohci-pci
 usb 3-2: New USB device found, idVendor=15ba, idProduct=0039
 usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=220
 usb 3-2: Product: MOD-RFID1356MIFARE
 usb 3-2: Manufacturer: Olimex Ltd
 usb 3-2: SerialNumber: 95xxxxxxxxx0C1D0
 input: Olimex Ltd MOD-RFID1356MIFARE as /devices/pci0000:00/0000:00:13.0/usb4/4-4/4-4:1.0/0003:15BA:0039.0003/input/input11
 hid-generic hid-generic 0003:15BA:0039.0003: input,hidraw2: USB HID v1.11 Keyboard [Olimex Ltd MOD-RFID1356MIFARE] on usb-0000:00:13.0-4/

How to use it?

Open some text editor and approach card to the reader, you will see RFID-card UUID typed as if entered by keyboard.

Note that state of your keyboard CAPSLOCK, SHIFT, CONTROL etc buttons will affect what is typen. For instance if the tag info is 74bc3eb7 and you press CAPSLOCK the reader will type 74BC3EB7, if SHIFT is pressed the reader will type &$BC#EB&

Note that there is a separate firmware that has ONLY this mode enabled.

USB-CDC mode

When you switch to this mode, only green LED is blinking, and in the terminal you'll see something like:

# dmesg
 
usb 3-2: new full-speed USB device number 5 using ohci-pci
usb 3-2: New USB device found, idVendor=15ba, idProduct=003a
usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=4
usb 3-2: Product: MOD-RFID1356MIFARE
usb 3-2: Manufacturer: Olimex Ltd
usb 3-2: SerialNumber: xxxxxxxxxxxxxxx
cdc_acm 3-2:1.0: ttyACM0: USB ACM device

As you can see a new device /dev/ttyACM0 was created. If can be opened by any terminal emulator such as putty, minicom, etc. Since the device is USB-CDC it supports various baud rates - up to 115200.

Open device:

# picocom -b 115200 /dev/ttyACM0

Press Enter and you'll see cursor marker:

>
>

To see firmware info enter i:

>i
 MOD-RFID1356MIFARE
 FRev: 2.00
 Read WIKI at https://www.olimex.com/wiki/MOD-RFID1356MIFARE

COMMAND SET FOR CDC AND UART MODE

Note that there is no command line help in the latest firmware (no space available for help); however we introduced error messages, that can be seen! The switch to bootloader mode command was also removed. The commands available are described below follows:

i - shows information about the firmware;
erB - Read data in block B;
erS,E - Read data from block S to block E;
ewB,X - Write data to block B. X must be hex, maximum 16 bytes. If mkl enabled - should be preceded by muA;
e0 - Disable eeprom read;
e1 - Enable eeprom read;
mlE - Set led mode to disabled (E=0) or enabled (E=1);
mtF - Set scan interval. Values between 1 and 30000 are accepted;
mkK - Set work key, (K=a) for Key_A or (K=b) for Key_B;
kA - Read current key, where A is 'a', 'b' or '?'. Will not work if locked with mkl;
mkl - Locks the reading of all keys for security reasons. Disables key read kA command. The only way to disable is the mku command;
muA - set UID of target card for next write operation (A=UID);
mku - Unlocks read command and resets keys to ka=000000000000 and kb=FFFFFFFFFFFF;
kA,X - Set new key, where A is 'a' or 'b'. X is 6 bytes in hex format.

Usage if the commands is as follow:

  • erB - Read data in block B. This will read 16 bytes from block B. Usually card have up to 64 blocks. For example to read what is stored in block 10 type:
>er0,7

Next time when you check card this will pop:

-1E68EFA6
Block   0 : 1E 68 EF A6 3F 88 04 00 47 B9 94 D6 45 30 36 09 
Block   1 : 12 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
Block   2 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
Block   3 : 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF 
Block   4 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
Block   5 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
Block   6 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
Block   7 : 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF 
OK
>
  • eWB,X - Write data to block B. X must be hex, maximum 16 bytes. This will write hex number to EEPROM. Again your card should NOT be locked. To write 0x1234 to block 9:
>ew9,1234
OK

Write will be executed only once. When you check card:

>er9
-1E68EFA6
Block   9 : 12 34 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
OK

The remaining unused bytes are replaced with F.

  • e0 - Disable eeprom read.
-74BC3EB72
Block   9 : 12 34 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
OK
>e0
>
-74BC3EB7
-74BC3EB7
-74BC3EB7
  • e1 - Enable eeprom read.
>e1
>
-74BC3EB72
Block   9 : 12 34 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
OK
-74BC3EB72
Block   9 : 12 34 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
OK
  • mlE - Set led mode to disabled (E=0) or enabled (E=1) To enable leds:
>ml1
OK

To disable leds:

>ml0
OK

The blinking would remain after the new mode is entered to indicate the current mode. You can disable the LEDs (e.g. to save power) with ml0 command. You can enable them with ml1 command.

If you have disabled the LEDs with ml0 command - you can check the current mode with a brief button press and release - this would show the indication for the current mode of operation.

  • mtF - Set scan interval. Values between 1 and 30000 are accepted Defines scanning interval for near cards. If you want 1 second between scans:
>mt1000
OK
  • mkA - mkK - Set work key, (K=a) for Key_A or (K=b) for Key_B. Key B is optional for some cards.
>mka
OK
  • kA,X - Set new key, where A is 'a' or 'b'. X is 6 bits in hex format
>ka,112233445566
OK
  • kA - Read current key, where A is 'a' or 'b'.
>ka
Key A : 112233445566
OK
  • k? - Shows the currently selected key and the value stored, unless locked with mkl
 >k?
 Key B : FFFFFFFFFFFF
 OK
 >
  • mkl - Locks the reading of all keys for security reasons. Disables key read kA command. The only way to disable is the mku command
 >mkl
 ok
 >ka 112233445566
 ok
 >k?
 ERR:0x7f
 >ka
 ERR:0x7f
 >er6 7
 OK
 >-AA0E012C-
 Block   6 : 12 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
 Block   7 : 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF 
 OK
  • muA - set UID of target card for next write operation (A=UID)
 >muaa0e012c
 OK
 >ew6 223344
 OK                          
 >-AA0E012C-
 SAVED
 >-AA0E012C-
 Block   6 : 22 33 44 FF FF FF FF FF FF FF FF FF FF FF FF FF 
 OK
  • mku - Unlocks read command and resets keys to ka=000000000000 and kb=FFFFFFFFFFFF
 >mku
 OK
 >ka
 Key A : 000000000000
 OK
 >kb
 Key B : FFFFFFFFFFFF
 OK
 >

ERROR SET FOR CDC AND UART MODE

Error messages are now shown in the following command:

 ERR:0xXX

for easier processing using scripts.

Error codes:

 0x01	Time Out, the target has not answered
 0x02	A CRC error has been detected by the contactless UART
 0x03	A Parity error has been detected by the contactless UART
 0x04	During a MIFARE anticollision/select operation, an erroneous Bit Count has been detected
 0x05	Framing error during MIFARE operation
 0x06	An abnormal bit-collision has been detected during bit wise anticollision at 106 kbps
 0x07	Communication buffer size insufficient
 0x09	RF Buffer overflow has been detected by the contactless UART (bit BufferOvfl of the 
 register CL_ERROR)
 0x0a	In active communication mode, the RF field has not been switched on in time by the 
 counterpart (as defined in NFCIP-1 standard)
 0x0b	RF Protocol error (cf. reference [4], description of the CL_ERROR register)
 0x0d	Temperature error: the internal temperature sensor has detected overheating, and therefore 
 has automatically switched off the antenna drivers
 0x0e	Internal buffer overflow
 0x10	Invalid parameter (range, format, ...)
 0x12	DEP Protocol: The the PN532 configured in target mode does not support the command received 
 from the initiator (the command received is not one of the following: ATR_REQ, WUP_REQ, PSL_REQ, 
 DEP_REQ, DSL_REQ, RLS_REQ
 0x13	DEP Protocol / Mifare / ISO/IEC 14443-4: The data format does not match to the 
 specification.
 0x14	Mifare: Authentication error (improper Key used); make sure EEPROM is present and readable
 0x23	ISO/IEC 14443-3: UID Check byte is wrong
 0x7f	unknown command

Recognition problem and solution

In some cases, while in CDC mode, the board might get mis-recognized by the operating system. Under Linux create udev rule to ignore it, create file /etc/udev/rules.d/99-mifare.rules and inside it type:

 ATTRS{idVendor}=="15ba" ATTRS{idProduct}=="003a", ENV{ID_MM_DEVICE_IGNORE}="1"

UART mode

This mode is usually meant for embedded connection. The commands and error messages are the same as in USB-CDC mode (refer to the previous section). The difference is connection method and fixed baud-rate.

Connect the USB serial converter as follows:

  • UEXT pin 2 (GND) -> GND
  • UEXT pin 3 (RX) -> Convertor TX
  • UEXT pin 4 (TX) -> Convertor RX


Open serial port at baud-rate 38400.

Change log

Version 2.2.0 (26 FEB 2020)

  • Added new commands: for locking key for reading; unlocking performs key reset
  • Fixed bash issue - now space can also be used as separator (in addition to comma)

Version 2.1.9 (11 MAR 2019)

  • Before updating backup any EEPROM data since the EEPROM would be formatted clean!
  • Included EEPROM format before firmware upgrade, else certain version couldn't upgrade.

Version 2.1.8 (17 OCT 2018)

  • Fixed hang in CDC mode due to large string of data after printing the response to "i", "?", "h".

Version 2.1.6 (29 AUG 2018)

  • Fixed command saving between power-downs.
  • Fixed the ID truncation of 7 byte cards.

Version 2.0.0 (06 SEP 2017)

  • Completely re-written. A lot of improvements.

Version 1.0.3 (27 APR 2017)

  • Fixed delay bug

Version 1.0.2 (3 APR 2017)

  • Added support for Ultralight tags
  • Fixed some typos

Version 1.0.1 (29 SEP 2016)

  • Increased UART baudrate to 38400
  • Added option for selecting authentication key

Version 1.0.0 (24 MAY 2016)

  • Initial release