IDENTIVE TECHNOLOGIES AMID2US00 Multi ISO HF Reader User Manual

Download:
Mirror Download [FCC.gov]
Document ID	1147722
Application ID	NmkO5zZmG/TwC4TqREb1FA==
Document Description	User Manual
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	74.15kB (926904 bits)
Date Submitted	2009-07-31 00:00:00
Date Available	2009-07-31 00:00:00
Creation Date	2009-07-03 13:34:24
Producing Software	Acrobat Distiller 8.1.0 (Windows)
Document Lastmod	2009-07-27 17:08:40
Document Title	Microsoft Word - User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc
Document Creator	PScript5.dll Version 5.2
Document Author:	Administrator

User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
User Manual
Multi-ISO HF Reader – USB
Erthalstrasse 1
D - 55118 Mainz
Germany
Phone +49 (0) 61 31-30476-0
Fax +49 (0) 61 31-30 476-20
info@arygon.com • http://www.arygon.com
Version: 1.6
Page 1 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
CONTENTS
GETTING STARTED ................................................................................................................................... 5
1.1
1.2
DIAGNOSTICS .............................................................................................................................................. 9
2.1
2.2
DRIVER VERSION DETECTION ................................................................................................................. 9
FIRMWARE VERSION DETECTION.......................................................................................................... 11
CARD READER SUITE – TEST APPLICATION ................................................................................. 13
3.1
3.2
3.3
DRIVER INSTALLATION ........................................................................................................................... 5
TROUBLE SHOOTING DRIVER INSTALLATION ......................................................................................... 8
FIRMWARE DOWNLOAD ........................................................................................................................ 13
PCSC DIAGNOSTICS ............................................................................................................................... 13
BINARY CONFIGURATION ...................................................................................................................... 14
PCSC 2.0........................................................................................................................................................ 15
4.1
HOW TO ACCESS CONTACTLESS CARDS VIA PCSC?............................................................................ 15
4.1.1
Establish Context ............................................................................................................................. 15
4.1.2
List Readers ..................................................................................................................................... 15
4.1.3
Connect ............................................................................................................................................ 16
4.1.4
Data and Command transfer with Card.......................................................................................... 16
4.1.5
Disconnect........................................................................................................................................ 16
4.1.6
Release ............................................................................................................................................. 16
4.2
ATR GENERATION ................................................................................................................................ 17
4.2.1
CPU Cards....................................................................................................................................... 17
4.2.2
Storage Cards .................................................................................................................................. 17
ACCESSING READER THROUGH PCSC............................................................................................. 18
5.1
READER CONTROL COMMANDS ............................................................................................................ 18
5.1.1
Get Static RF Parameters................................................................................................................ 18
5.1.2
Set Static RF Parameters................................................................................................................. 19
5.1.3
Get Dynamic RF Parameters .......................................................................................................... 19
5.1.4
Set Dynamic RF Parameters ........................................................................................................... 19
5.1.5
RF Parameters Data Structure........................................................................................................ 20
5.2
KEY MANAGEMENT .............................................................................................................................. 23
5.2.1
Reader Authentication ..................................................................................................................... 23
5.2.2
Load Keys......................................................................................................................................... 24
ACCESSING CARDS THROUGH PCSC................................................................................................ 26
6.1
MIFARE CARDS...................................................................................................................................... 26
6.1.1
Authenticate ..................................................................................................................................... 26
6.1.2
Write Binary..................................................................................................................................... 27
6.1.3
Read Binary ..................................................................................................................................... 27
6.1.4
Value Increment............................................................................................................................... 27
6.1.5
Value Decrement.............................................................................................................................. 28
6.2
ISO 15693 CARDS ................................................................................................................................. 29
6.2.1
Read Single Block ............................................................................................................................ 29
6.2.2
Write Single Block ........................................................................................................................... 29
6.2.3
Lock Block........................................................................................................................................ 29
6.2.4
Read Multiple Blocks....................................................................................................................... 30
6.2.5
Write AFI ......................................................................................................................................... 31
6.2.6
Write DSFID .................................................................................................................................... 31
6.2.7
Get System Information:.................................................................................................................. 31
6.2.8
Get Multiple Block Security Status: ................................................................................................ 32
6.3
CRYPTO RF CARDS ............................................................................................................................... 33
6.3.1
Set User Zone................................................................................................................................... 33
6.3.2
Read User Zone ............................................................................................................................... 33
Version: 1.6
Page 3 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.3.3
Write User Zone............................................................................................................................... 33
6.3.4
Read System Zone ............................................................................................................................ 34
6.3.5
Write System Zone ........................................................................................................................... 34
6.3.6
Check Password............................................................................................................................... 34
6.4
DESFIRE CARDS ................................................................................................................................... 35
6.5
GENERIC APDUS .................................................................................................................................. 35
6.5.1
Get UID............................................................................................................................................ 35
6.5.2
Traverse ........................................................................................................................................... 35
6.6
STATUS WORD ...................................................................................................................................... 37
APDU SAMPLES TO ACCESS CARDS .................................................................................................. 38
7.1
7.2
7.3
7.3.1
7.4
7.5
7.6
HOW TO ACCESS MIFARE CLASSIC CARDS? ........................................................................................ 38
HOW TO ACCESS MIFARE UL CARDS? ................................................................................................ 39
HOW TO ACCESS DESFIRE CARDS? ..................................................................................................... 40
DESFIRE EV1 Specific commands:................................................................................................ 43
HOW TO ACCESS ISO15693 CARDS? ..................................................................................................... 44
HOW TO ACCESS CRYPTO RF CARDS?................................................................................................... 45
HOW TO ACCESS ICODE-SLI CARDS? .................................................................................................. 46
APPENDIX A
TERMS AND ABBREVIATIONS..................................................................................... 47
APPENDIX B
REFERENCES..................................................................................................................... 48
Version: 1.6
Page 4 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
1 Getting Started
The Multi-ISO HF USB Reader/Writer is a Desktop contactless smart card/tag reader and writer
for accessing MIFARE, ISO14443-4 TypeA, ISO14443-4 TypeB, Mifare DESFire, Mifare DESFire EV1,
NFC tags and ISO 15693 tags. This document is intended for application developers who want to
access contactless cards using the Multi-ISO HF USB Reader/Writer.
Following sections explain how to install drivers for the Multi-ISO HF USB Reader/Writer in
Windows operating system (illustrations are taken from Windows XP, same being applicable for other
Windows versions).
1.1 Driver Installation
Drivers are necessary to access Multi-ISO HF USB Reader/Writer. The following steps illustrate
the installation procedure.
1. Plug in the reader in USB port
2. “Found New Hardware Wizard” will appear. Select “No, not this time” and click “Next” to
continue driver installation.
Version: 1.6
Page 5 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
3. In the next appearing dialog box, select “Install from a list or specific location (Advanced)”
and click on “Next”
4. In next dialog box select “Search for the best driver in these locations” and “Search
removable media (floppy, CD-ROM…)” sub option. Insert the installation CD that is given
along with the reader kit and click “Next”.
Version: 1.6
Page 6 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
5. Wait until the driver installation is completed by the operating system and the installation
success dialog is displayed as shown below. Click “Finish”. Now the drivers are installed
successfully.
Version: 1.6
Page 7 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
1.2 Trouble Shooting Driver Installation
Device will not function properly if wrong driver is installed or if there is a version incompatibility
between the firmware and driver. In these cases, the installed driver must be uninstalled and proper
driver must be installed as explained below
Un-installation procedure is as follows.
1. Open the device manager -> Smart card readers and select “Multi-ISO HF Reader – USB”
2. Right click on “Multi-ISO HF Reader – USB” and select “Uninstall”
3. In the following dialog click “OK”.
4. The device will now disappear from the device manager
5. Un-plug and re-plug the device
6. System will prompt for drivers. Install the drivers as described in the driver installation
procedure section 1.1.
Version: 1.6
Page 8 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
2 Diagnostics
Version of the driver and firmware plays an important role in the proper working of the device.
Device may malfunction if incompatible drivers are installed for particular version of firmware. The
compatibility of the driver and firmware can be found in the “Document history” section of this
document.
2.1 Driver Version Detection
Driver version detection is described in the following procedure.
1. Right click on the “My Computer” icon and click on “Manage”
2. In following dialog, select “Device Manager” under “System Tools” menu in the left pane.
3. Double click on “Smart card readers” in the right pane. Right click on “Multi-ISO HF Reader
- USB”, and select “Properties”.
Version: 1.6
Page 9 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
4. In the dialog box which appears, select the “Driver” tab, driver version can be found in the tab
window. For example, the driver version will appear as
“Driver Version: 1.0.2.0” for driver version 1.02
Version: 1.6
Page 10 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
2.2 Firmware Version Detection
To detect the current version of the firmware in the device, follow the same procedures as in the
Driver version detection up to step 3.
1. In the dialog box which appears, select “Details” tab. And in the drop down list box select
“Firmware Revision” as shown below.
Version: 1.6
Page 11 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
2. In the dialog box, the version of the firmware currently in the device will be displayed as
shown below
Version: 1.6
Page 12 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
3 Card Reader Suite – Test Application
CardRdrSuite is a test application that is provided along with Multi-ISO HF USB Reader/Writer
for customer use. CardRdrSuite consists of several sub-applications covering the following functions
3.1 Firmware Download
Reader firmware can be downloaded into the reader/writer using this sub-application. Salient
features are
• Auto reader detection
• User friendly GUI
• Provision to view device’s current firmware version and the version of the firmware to be
downloaded
The application operates in two modes
•
•
DFU class mode
o Disaster recovery mode to recover reader if
accidentally during firmware download
o Individual DFU driver to handle this mode
the reader is plugged out
Proprietary mode
o Firmware download support without using the DFU driver
Refer to section “Firmware Download” of Card Reader Suite help file for detailed description.
Help file can be launched using the “Help” button in the main window of the Card Reader Suite
application.
3.2 Pcsc Diagnostics
Any Card APDU or Pseudo APDU can be issued and tested using this sub-application.
Salient features are
• APDU execution from script file (.APDU)
• Easy to edit script files
• Error status logging in a file
• Working sample scripts for each card type supported
Refer to section “Pcsc Diagnostics” of the Card Reader Suite help file for detailed description
Version: 1.6
Page 13 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
3.3 Binary configuration
All configurable parameters of the reader can be modified using these sub-applications. These
applications will configure the firmware binary file only.
Configure Binary
• Configures
o USB Chapter 09 parameters
o Firmware Version parameters
o Hardware Version parameters
o Other firmware configurations
• Provides option to make the parameters non-modifiable after configuring
Refer to section “Configure binary” of Card Reader Suite help file for detailed description
Edit Binary
• Configures
o RF parameters
o Mifare keys stored in the non-volatile memory of the reader
o DESFire keys stored in the non-volatile memory of the reader
• Provides option to make the parameters non-modifiable after configuring
Refer to section “Edit Binary” of Card Reader Suite help file for detailed description
Version: 1.6
Page 14 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
4 PCSC 2.0
“Multi-ISO HF USB Reader/Writer” can be accessed using the standard PCSC architecture for
communicating with cards. This makes card access easy, as it uses the same communication
procedure for all the cards.
The Microsoft Developer Network (MSDN) library gives valuable information and a detailed
description of all SCard APIs for communicating with the reader, through the Windows PCSC
framework (WINSCARD APIs – Refer [R4]).
4.1 How to Access Contactless Cards via PCSC?
Contactless cards can be easily accessed through PCSC using standard WINSCARD smart
card API’s for card access. The following steps provide guidelines for using the PCSC compliant
WINSCARD API’s to access cards using the Multi-ISO HF USB Reader/Writer.
4.1.1 Establish Context
This is the first step. This API will initialize all other PCSC APIs and allocate all resources
necessary for a smart card session. The SCardEstablishContext function establishes the resource
manager context (the scope) within which database operations is performed.
LONG SCardEstablishContext ( IN DWORD dwScope,
IN LPCVOID pvReserved1,
IN LPCVOID pvReserved2,
OUT LPSCARDCONTEXT phContext);
4.1.2 List Readers
The next step is to get a list of all PCSC readers connected to the system using the
SCardListReaders function. Look for “Multi-ISO HF Reader – USB - 0000000000000001 0”, in the list
returned. If multiple Multi-ISO HF USB Reader/Writers are connected to your system, they will be
enumerated with different serial numbers.
Example: “Arygon Multi-ISO 0000000000000001 0”, “Arygon Multi-ISO 0000000000000002 0”, could
be the list returned when the following function is executed.
LONG SCardListReaders (IN SCARDCONTEXT *phContext,
IN LPCTSTR mszGroups,
OUT LPTSTR mszReaders,
IN OUT LPDWORD pcchReaders);
Note: The OUT parameter phContext of SCardEstablishContext is used as in parameter for this API.
Version: 1.6
Page 15 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
4.1.3 Connect
Next step is to connect to the card via the reader/writer. The SCardConnect API establishes a
connection (using a specific resource manager context) between the calling application and a smart
card contained by the specific reader. If no card exists in the specified reader, an error is returned.
LONG SCardConnect ( IN SCARDCONTEXT *phContext,
IN LPCTSTR szReader,
IN DWORD dwShareMode,
IN DWORD dwPreferredProtocols,
OUT LPSCARDHANDLE phCard,
OUT LPDWORD pdwActiveProtocol);
Note: The OUT parameter phContext of SCardEstablishContext is used as in parameter for this API.
4.1.4 Data and Command transfer with Card
Command and data that are transferred to the card are called as APDUs (application protocol
data unit) in smart card terminology. The SCardTransmit function sends a service request to the smart
card, and expects data back from the card.
LONG SCardTransmit ( IN SCARDHANDLE *phCard,
IN LPCSCARD_I0_REQUEST pioSendPci,
IN LPCBYTE pbSendBuffer,
IN DWORD cbSendLength,
IN OUT LPSCARD_IO_REQUEST pioRecvPci,
OUT LPBYTE pbRecvBuffer,
IN OUT LPDWORD pcbRecvLength);
Note: The OUT parameter phCard of SCardConnect is used as in parameter for this API.
4.1.5 Disconnect
It is not mandatory to disconnect the card after the completion of all transactions, but it is
recommended. The SCardDisconnect function terminates a connection previously opened between
the calling application and a smart card in the target reader.
LONG SCardDisconnect (IN SCARDHANDLE *phCard,
IN DWORD dwDisposition);
Note: The OUT parameter phCard of SCardConnect is used as in parameter for this API.
4.1.6 Release
This step ensures that all system resources are being released. The SCardReleaseContext
function closes an established resource manager context, freeing any resources allocated under that
context.
LONG SCardReleaseContext (IN SCARDCONTEXT *phContext);
Note: The OUT parameter phContext of SCardEstablishContext is used as in parameter for this API.
Version: 1.6
Page 16 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
4.2 ATR Generation
To make contactless cards available within the PCSC framework, the Multi-ISO HF USB
Reader/Writer generates a PCSC compliant ATR according to PCSC v2.01.09 “Interoperability
Specification for ICCs and Personal Computer Systems” (reference [R2])
4.2.1 CPU Cards
The ATR of Contactless processor cards are composed as described in PCSC v2.01.09,
Part3: Requirements for PC connected Interface Devices, 3.1.3.2.3.1, Table 3.5
4.2.2 Storage Cards
The ATR of storage cards (i.e. cards without CPU) are composed as described in PCSC
v2.01.09, Part3: Requirements for PC connected Interface Devices, 3.1.3.2.3.2, Table 3.6. In order to
allow the HOST application to identify a storage card type properly, its standard and card name is
mapped according to the Part3: Supplement Document of PCSC v2.01.04
Note:
The registered Application Provider Identifier (RID) returned by the Multi-ISO HF USB
Reader/Writer for storage cards (cards without CPU) is A0 00 00 03 06, which is the RID of the PCSC
workgroup
Version: 1.6
Page 17 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
5 Accessing Reader through PCSC
In some specific situations, PC/SC specifications are not enough to cover the whole functional
field. This happens typically
•
•
When working with memory cards or even microprocessor based cards not following the ISO
7816-4 standard (APDU formalism)
When needing to perform actions on to the reader/writer itself, and not onto the card (Like
modifying the RF parameters of the reader/writer)
In order to cover the above two cases, proprietary 7816 wrappers are supported. These are called
Pseudo APDUs. Refer to [R7] in order to understand the basic structure of APDU
Reader commands are covered under this section. While Pseudo APDU for accessing ISO 78164 non-compliant cards are covered in Section 6
Mifare cards and ISO 15693 cards use proprietary 7816 APDU structures. DESFire cards use the
7816 wrapper as described in the DESFire specifications [R3] & [R11]
All command and response bytes are sent and received as hexadecimal values respectively
Note:
In the pseudo APDUs described in this section, specifying a value of 00 in the Le field indicates
maximum no of available response bytes from the card, as described in reference [R7]
5.1 Reader Control Commands
The Reader/Writer control commands are used to modify the reader/writer parameters in order
to fine tune the reader/writer’s performance or to suit the end applications requirements. It follows
standard ISO 7816-4 (as per reference [R7]) command/ response format
The Reader/Writer control commands have the following general APDU format
Command Format:
CLA
INS
P1
P2
FF
00
00
00
Lc
No of bytes in
Data field
Response Format:
Data
Reader/Writer Control Response
Data
Reader/Writer Control
Command
Command Parameters
Le
00
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
The following are the Reader/Writer control commands:
5.1.1 Get Static RF Parameters
Get Static RF Parameters command is used to get the RF parameters from the non-volatile
area of the reader/writer
Command Data:
CLA INS P1
FF
00
00
P2
00
Lc
03
Data
01
00
Response Data:
Data
RF Parameters as in the Structure
shown in Table 4.1 (128 bytes)
Version: 1.6
03
Le
00
Status
9000
Page 18 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
Note:
•
•
The command fails if the reader/writer configuration is invalid
The command fails if any of the command byte is invalid
5.1.2 Set Static RF Parameters
Set Static RF Parameters command is used to modify the RF parameters in the non-volatile
area of the reader/writer. The reader/writer uses these parameters from the next power ON
Command Data:
CLA INS P1
FF
00
00
P2
00
Lc
83
Data
02 00
03
RF Parameters as in the Structure shown in Table
4.1 (128 bytes)
Le
Response Data:
Data Status Word
9000
Note:
•
•
•
•
•
In the above command data, modifying the parameter value 0300 might cause the
reader/writer to malfunction
The command fails if the reader/writer configuration is invalid
The command fails if any of the command byte is invalid
The command fails if the length mentioned in the RF parameters structure is not equal to
0x0080
Modifying the Flag value to anything other than 0x01, might make the reader/writer un-usable
5.1.3 Get Dynamic RF Parameters
Get Dynamic RF Parameters command is used to get the RF parameters from the volatile
area of the reader/writer (current in use parameters)
Command Data:
CLA INS P1
FF
00
00
P2
00
Lc
01
Data
03
Response Data:
Data
RF Parameters as in the Structure
shown in Table 4.1 (128 bytes)
Le
00
Status Word
9000
5.1.4 Set Dynamic RF Parameters
Set Dynamic RF Parameters command is used to modify the RF parameters in the volatile
area of the reader/writer (temporarily for this session). Immediately following this control command,
the reader/writer restarts its entire activity on the RF interface with the new parameters
Command Data:
CLA INS P1
FF
00
00
P2
00
Lc
81
Data
04
RF Parameters as in the Structure
Shown in Table 4.1 (128 bytes)
Le
Response Data:
Data Status Word
9000
Note:
•
The command fails if the length mentioned in the RF parameters structure is not equal to
0x0080
Version: 1.6
Page 19 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
•
The command fails if any of the command byte is invalid
5.1.5 RF Parameters Data Structure
Parameter
Length in bytes
Flag
A106 - CWCONDUCTANCE
A106 – RXTHRESHOLD
A106 - RXCONTROL1
A212 - CWCONDUCTANCE
A212 - RXTHRESHOLD
A212 - RXCONTROL1
A424 - CWCONDUCTANCE
A424 - RXTHRESHOLD
A424 - RXCONTROL1
A828 - CWCONDUCTANCE
A828 - RXTHRESHOLD
A828 - RXCONTROL1
B106 - CWCONDUCTANCE
B106 - RXTHRESHOLD
B106 - RXCONTROL1
B106 - MODCONDUCTANCE
B106 - TYPEBFRAMING
B212 - CWCONDUCTANCE
B212 - RXTHRESHOLD
B212 - RXCONTROL1
B212 - MODCONDUCTANCE
B212 - TYPEBFRAMING
B424 - CWCONDUCTANCE
B424 - RXTHRESHOLD
B424 - RXCONTROL1
B424 - MODCONDUCTANCE
B424 - TYPEBFRAMING
B848 - CWCONDUCTANCE
B848 - RXTHRESHOLD
B848 - RXCONTROL1
B848 - MODCONDUCTANCE
B848 - TYPEBFRAMING
TESTANASELECT
TESTDIGISELECT
Reserved
RF Reset Width in milliseconds
Card de-bounce delay in milliseconds
All Timeout Values Multiplication scale
All Timeout Values Division scale
All constant Delay Multiplication scale
All constant Delay Division scale
All Loop counts Multiplication scale
All Loop counts Division scale
Type-A Max baud limit
Type-B Max baud limit
Card Polling scheme
Reserved
No of bytes
2 [Value = 0x0080]
1 [Value = 0x01]
11
67
Table 4.1 RF parameters data structure
Version: 1.6
Page 20 of 48
Offset
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
48
50
52
53
54
55
56
57
58
59
60
61
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
Naming Convention
In the above table,
• The Parameters starting with ‘A’ or ‘B’ refer to the respective ISO 14443 card types
• The number following the alphabet indicates the baud rate at which the card should be
operating
• The actual RF parameter follows the ‘-’. This parameter will take effect for that type of card
operating at that baud rate
Example: - A106 – CWCONDUCTANCE indicates the CWCONDUCTANCE parameter of ISO 14443
TypeA cards operating at 106 Kbps
Parameter Description
RF Control Parameter:
“CWCONDUCTANCE” parameter controls the strength of RF field when there is no
modulation. Its value can vary from 0x00 to 0x3F. The chosen value would get directly programmed
into the (Address 0x12) RFID reader silicon. For more details refer to the respective datasheet of
RFID reader silicon (reference [R12]).
“RXTHRESHOLD” parameter controls the receiver input threshold levels. The specified value
would get directly programmed into the (Address 0x1C) RFID reader silicon. For more details refer to
the respective datasheet of RFID reader silicon (reference [R12]).
“RXCONTROL1” parameter controls the receiver input stage gain levels and the low pass
filters. The specified value would get directly programmed into the (Address 0x19) RFID reader silicon.
For more details refer to the respective datasheet of RFID reader silicon (reference [R12]).
“MODCONDUCTANCE” parameter controls the strength of RF field when there is 10%
modulation for Type-B data transmission. Its value can vary from 0x00 to 0x3F. The chosen value
would get directly programmed into the (Address 0x13) RFID reader silicon. For more details refer to
the respective datasheet of RFID reader silicon (reference [R12]).
“TYPEBFRAMING” parameter controls the framing headers SOF & EOF of type B
transmission frames. The specified value would get directly programmed into the (Address 0x17)
RFID reader silicon. For more details refer to the respective datasheet of RFID reader silicon
(reference [R12]).
“TESTANASELECT” parameter controls the analog debug output pin AUX. The specified
value would get directly programmed into the (Address 0x3A) RFID reader silicon. For more details
refer to the respective datasheet of RFID reader silicon (reference [R12]).
“TESTDIGISELECT” parameter controls the digital debug output pin MFOUT. The specified
value would get directly programmed into the (Address 0x3D) RFID reader silicon. For more details
refer to the respective datasheet of RFID reader silicon (reference [R12]).
RF Reset Width in milliseconds:
This parameter defines the width of RF Reset (no RF Power) during the polling sequence.
The value entered is in decimal, from 0 to 65535. The RF reset would have a width of this much
amount of time in milliseconds.
Card de-bounce delay in milliseconds:
This parameter defines the time in milliseconds for which the card arrival is polled and
reconfirmed by repeated RNAK polling, before notifying the arrival of a new card into the RF field, to
the host. The value entered is in decimal, from 0 to 65535.
Version: 1.6
Page 21 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
All Timeout values Multiplication scale & All Timeout values Division scale:
These two parameters are used to scale the Timeout values used by the Wait functions. The
scaling is done using the following formula:
TIMEOUT
Timeout * Timeout Multiplication Scale
Timeout Division Scale
All constant Delay Multiplication scale & All constant Delay Division scale:
These two parameters are used to scale the constant Delays used in the Wait functions. The
scaling is done using the following formula:
DefaultRetryCount * Loop Count Multiplication
Scale
CONSTDELAY =
All Loop counts Multiplication scale & All Loop counts Division scale:
Under ISO 14443 Part 3 & Part 4, on occurrence of any communication errors like CRC,
Framing, Parity and Timeout, the command will be re-tried by the reader/writer. The Retry count value
is scaled using these two parameters, as per the following formula:
RETRYCOUNT
DefaultRetryCount * Loop Count Multiplication
Scale
Type-A Max baud limit & Type-B Max baud limit:
This parameter is used to limit the maximum baud rate at which the reader/writer can operate
with the respective ISO 14443 card types
Value
0x00
0x01
0x02
0x03
Maximum Baud Rate Supported
106 Kbps
212 Kbps
424 Kbps
848 Kbps
Card Polling Scheme:
This parameter enables the user to select the card types he wants the reader/writer to detect.
The Card types disabled here will not be detected
b7
Version: 1.6
b6
b5
b4
b3
b2
b1
b0
Polling Scheme
No Polling
Poll for 14443 TypeA cards
Poll for 14443 TypeB cards
Poll for ISO 15693 cards
Stay in Polling
Page 22 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
5.2 Key Management
The Multi-ISO HF USB Reader/Writer provides provision to store card keys in its non-volatile
memory. The reader can be customized to store card keys. An authenticated user can later refer to
them during card communication using key numbers. This section describes the commands used to
achieve this functionality in detail
5.2.1 Reader Authentication
The Reader Authenticate command is used to authenticate with the reader/writer. The PIN
specified in the command is verified with the PIN stored in the reader/writer
Only after a successful Reader Authenticate, the user can use the Load Keys command to
store card specific keys or modify the Reader PIN in the non-volatile area of the reader/writer
This command is used to ensure that a malicious user does not gain access to modify the
Card keys or Reader PIN stored in the reader/writer.
Command Format:
CLA INS P1 P2
FF
00
00 00
Lc
09
Data
09
Reader PIN
(8 bytes)
Le
Response Format:
Data Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Note:
The Authentication state will be cleared immediately after the first Load Keys command
following the Reader Authenticate command, irrespective of whether the Load Keys command was
successful or not. The user will have to authenticate with the reader/writer before issuing each Load
Keys command
Version: 1.6
Page 23 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
5.2.2 Load Keys
The Load Keys command is used to store Mifare keys, DESFire keys and Reader PIN in the
non-volatile area of the reader/writer.
The user must use Reader Authenticate command (described in section 5.1) to authenticate
with the reader/writer before using this command
The reader/writer has provision to store 1 Reader PIN (8 bytes), 80 Mifare Keys along with
Key type and 8 DESFire TDES keys (1 PICC Master key and 7 Application keys) along with AID, PCD
Key number and PICC Key number.
When a card specific Authenticate APDU is received from the host, the appropriate keys are
fetched from the non-volatile memory pf the reader and used for authentication
This command does not require the presence of a card over the reader; however it may also do so.
Command Format:
CLA INS P1 P2
FF
00
00 00
Lc
No of bytes in
Data field
Data
07
Le
Key Data
Response Format:
Data Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Note:
The user must make sure that he uses the Load Keys command to store the appropriate keys
(Mifare or DESFire) in the reader/writer before trying to issue an Authenticate APDU to the respective
card
5.2.2.1Load Reader Authentication PIN in to Reader
The Following is the Load Keys command format to change the reader PIN. The Reader PIN
can be any 8 byte numeric value
Command Data:
CLA INS P1
FF
00
00
P2
00
Lc
0A
Data
07
FF
Reader PIN (8
bytes)
Le
Example:
Change Reader PIN in the reader
Command: FF 00 00 00 0A 07 FF 01 02 03 04 05 06 07 08
Response: 90 00
5.2.2.2 Load Mifare Authentication Keys in to Reader
The following is the Load Keys command format to load the Mifare authentication keys into the reader
Command Data:
CLA INS P1
FF
00
00
Version: 1.6
P2
00
Lc
0A
Data
07
00
Mifare Key data
(as shown below)
Page 24 of 48
Le
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
Mifare Key data:
Key Data
Key Number
(1 Byte)
Key Type
(1 Byte)
Key
(6 Bytes)
Where,
Key Number
Key Type
- any value from 00 to 4F
- 60 (Key Type A) or 61 (Key Type B)
Example:
Command for loading Mifare Keys with PCD Key Number = 00, Key Type = Key A
Command: FF 00 00 00 0A 07 00 00 60 FF FF FF FF FF FF
Response: 90 00
5.2.2.3Load DESFire Authentication Keys in to Reader
The following is the Load Keys command format to load DESFire authentication keys into the reader
Command Data:
CLA INS P1
FF
00
00
P2
00
Lc
1F
Data
07
01
DESFire Key data
(as shown below)
Le
DESFire Key data:
PCD Key No
PCD Key No
(1 byte)
AID
AID
(3 bytes)
PICC Key No
PICC Key No
(1 byte)
KEY Data
TDES Key
(24 bytes)
Where,
PCD Key No
AID
PICC Key No
TDES Keys
- any value from 00 to 07
o Key no 00 refers to TDES PICC Master Key
o Key no’s 01 to 07 refer to TDES Application Keys
- Application identifier in the card to which the Key belongs
o Must be 000000 for PICC Master Key
- Key No to be used in the DESFire Authenticate command
- Key1 (8 bytes), Key2 (8 bytes) & Key3 (8 bytes). Key1 == Key3
Example 1:
Command – Loading TDES PICC Master Key with AID = 000000, PCD Key No = 00, PICC
Key No = 00
Command: FF 00 00 00 1F 07 01 00 00 00 00 00 11 22 33 44 55 66 77 88 12 34 56
78 12 34 56 78 11 22 33 44 55 66 77 88
Response: 90 00
Example 2:
Command – Loading TDES PICC Application_1 Key with AID = A1B1C1, PCD Key No = 01,
PICC Key No = 00
Command: FF 00 00 00 1F 07 01 01 A1 B1 C1 00 11 22 33 44 55 66 77 88 12 34
56 78 12 34 56 78 11 22 33 44 55 66 77 88
Response: 90 00
Note:
RdrLoadKeys will fail if any of the command parameters is invalid
Version: 1.6
Page 25 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6 Accessing Cards through PCSC
Mifare cards and ISO 15693 cards use proprietary 7816 APDU structures. DESFire cards use
the 7816 wrapper as described in the DESFire specifications [R3] & [R11]
All command and response bytes are sent and received as hexadecimal values respectively
Note:
In the pseudo APDUs described in this section, specifying a value of 00 in the Le field indicates
maximum no of available response bytes from the card, as described in reference [R7]
6.1 Mifare Cards
Pseudo APDUs supported for Mifare cards are explained in this section
6.1.1 Authenticate
This APDU performs three pass authentication with the card for the Block No. specified in the
data field. It uses the Key of the Key no specified
Command APDU:
CLA
INS
P1
FF
86
00
Data:
Byte 1
01
P2
00
Byte 2
Block No (MSB)
Where,
Block No
Key No
Lc
05
Data
See Table below (5 bytes)
Byte 3
Block No (LSB)
Byte 4
00
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Version: 1.6
Byte 5
Key No.
- Block number of the Mifare card which is to be authenticated
- Key number specified in the RDRLoadKeys command to store the corresponding
Authentication key in the non-volatile area of the reader/writer
Response:
Data
Le
Page 26 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.1.2 Write Binary
This APDU writes data to the Mifare Block no specified
Command APDU:
CLA
INS
P1
FF
D6
00
P2
Mifare Block No
Lc
10
Data
Data to Card
Le
Response:
Data Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.1.3 Read Binary
This APDU reads data from the Mifare Block no specified
Command APDU:
CLA
INS
FF
B0
P1
00
P2
Mifare Block No
Response:
Data
Data from the specified
block
in the Mifare card
Lc
Data
Le
Expected no of
bytes from card
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.1.4 Value Increment
This APDU increments the data in a Value block, using the 4 byte value specified
Command APDU:
CLA INS
P1
FF
FC
00
P2
00
Lc
06
Data
C1 Mifare Block
No
4 bytes of value to be added to the
block value
Response:
Data Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Version: 1.6
Page 27 of 48
Le
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.1.5 Value Decrement
This APDU decrements the data in a Value block, using the 4 byte value specified
Command APDU:
CLA INS
P1
FF
FC
00
P2
00
Lc
06
Data
C0 Mifare Block
No
4 bytes of value to be subtracted from
the block value
Le
Response:
Data Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Note:
The Pseudo APDUs for Authenticate, Write Binary and Read Binary described in this section
are as defined in the PCSC v2.01.09, Part3: Requirements for PC connected Interface Devices, under
section 3.2.2.1
Version: 1.6
Page 28 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.2 ISO 15693 Cards
Pseudo APDUs supported for ISO 15693 cards are explained in this section
6.2.1 Read Single Block
This APDU reads 4 bytes of data from the block no specified
Command APDU:
CLA INS P1 P2
FF
FC
00 00
Lc
No of bytes in Data
field
Response:
Data
Read single block response
as described in reference
[R1]
Data
Read single block command as
described in reference [R1]
Le
Expected no of
bytes from card
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.2.2 Write Single Block
This APDU writes 4 bytes of data to the block no specified
Command APDU:
CLA INS P1 P2
FF
FC
00 00
Lc
No of bytes in Data
field
Data
Write single block command as
described in reference [R1]
Response:
Data
Write single block response as described in reference
[R1]
Le
Status Word
SW1
SW2
For possible values and description of status word refer Table 6.1
6.2.3 Lock Block
This APDU Locks the specified Block no. Once successfully locked, the block will become read only
Command APDU:
CLA INS P1 P2
FF
FC
00 00
Lc
No of bytes in Data
field
Data
Lock block command as described in
reference [R1]
Response:
Data
Lock block response as described in reference [R1]
Status Word
SW1
SW2
For possible values and description of status word refer Table 6.1
Version: 1.6
Page 29 of 48
Le
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.2.4 Read Multiple Blocks
This APDU reads 4 bytes of data from each of the requested no of blocks, starting from the block no
specified
Command APDU:
CLA INS P1 P2
FF
FC
00 00
Lc
No of bytes in Data
field
Data
Read multiple block command as
described in reference [R1]
Response:
Data
Read multiple block response as described in reference [R1]
For possible values and description of status word refer Table 6.1
Version: 1.6
Page 30 of 48
Status Word
SW1
SW2
Le
Expected no of
bytes from card
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.2.5 Write AFI
This APDU writes the AFI value specified into the card’s memory
Command APDU:
CLA INS P1 P2
FF
FC
00 00
Lc
No of bytes in Data
field
Response:
Data
Write AFI response
as described in reference
[R1]
Data
Write AFI command as described in
reference [R1]
Le
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.2.6 Write DSFID
This APDU writes the DSFID value specified into the card’s memory
Command APDU:
CLA INS P1 P2
FF
FC
00 00
Lc
No of bytes in Data
field
Data
Write DSFID command as described
in reference [R1]
Response:
Data
Write DSFID response as described in reference [R1]
Le
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.2.7 Get System Information:
This APDU retrieves system information, like UID, DSFID, AFI, Memory information, IC
Manufacturer code etc from the card
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Get system information command as
described in reference [R1]
Response:
Data
Get system information response as described in reference [R1]
For possible values and description of status word refer Table 6.1
Version: 1.6
Page 31 of 48
Status Word
SW1 SW2
Le
Expected no of
bytes from card
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.2.8 Get Multiple Block Security Status:
This APDU retrieves the block security status of each of the requested no of blocks, starting from the
block no specified
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Get multiple block security status command as
described in reference [R1]
Response:
Data
Get multiple block security status response as described in
reference [R1]
Le
00
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Note:
In all the above 15693 card commands, the optional Flags byte and optional UID field must be
omitted. In all the above 15693 card responses, Flags byte will be omitted and Error Code (if any)
will be sent as SW2
Version: 1.6
Page 32 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.3 Crypto RF Cards
Pseudo APDUs supported for Atmel CryptoRF cards are explained in this section
6.3.1 Set User Zone
This APDU selects the specified user Zone. All further user zone operations will be done in
the selected user zone. The command is also used to enable anti-tearing mode, following which all
writes to this user zone will use anti-tearing
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Set User Zone Command as per
reference [R10]
Response:
Data
Set User Zone response as per reference [R10]
Le
Status Word
SW1
SW2
For possible values and description of status word refer Table 6.1
6.3.2 Read User Zone
This APDU reads data from the currently selected user zone
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Read User Zone Command
as per reference [R10]
Response:
Data
Read User Zone response as per reference [R10]
Le
Expected no of bytes from
card
Status Word
SW1
SW2
For possible values and description of status word refer Table 6.1
6.3.3 Write User Zone
This APDU writes data to the currently selected user zone. In anti-tearing mode the maximum
no of bytes that can be written is 8 bytes
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Write User Zone Command as
per reference [R10]
Response:
Data
Write User Zone response as per reference [R10]
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Version: 1.6
Page 33 of 48
Le
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.3.4 Read System Zone
This APDU reads system data from the configuration memory of the card. Depending on the
value of the PARAM byte (part of the command), this command may read data from the configuration
zone, the fuses or a checksum
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Read System Zone Command
as per reference [R10]
Response:
Data
Read System Zone response as per reference [R10]
Le
Expected no of bytes from
card
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.3.5 Write System Zone
This APDU writes data to the configuration memory. Depending on the value of the PARAM
byte (part of the command), this command may write data to the configuration zone or program fuses.
The anti-tearing mode can also be enabled using the PARAM byte. The maximum number of bytes
that can be written in anti-tearing mode is 8 bytes
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Write System Zone Command as
per reference [R10]
Response:
Data
Write System Zone response as per reference [R10]
Le
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.3.6 Check Password
This APDU is used to send the password for validation against the password selected with
the password index byte (part of the command). This command is used to gain access, to read or
write in user zones that require password validation
Command APDU:
CLA INS P1 P2
FF
FC 00 00
Lc
No of bytes in
Data field
Data
Check Password Command as
per reference [R10]
Response:
Data
Check Password response as per reference [R10]
Le
Status Word
SW1
SW2
For possible values and description of status word refer Table 6.1
Note:
In all the above CryptoRF card commands, the CID field (higher nibble of the command byte),
must be set to 0. In all the above CryptoRF card responses, the Command byte and ACK/NACK byte
will be omitted. Status byte will be sent as SW2
Version: 1.6
Page 34 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.4 DESFire Cards
For DESFire cards, the Multi-ISO HF USB Reader/Writer supports the 7816-4 APDU wrapper
as described in the DESFire specification (as per reference [R3]).
6.5 Generic APDUs
This section describes the generic Pseudo APDUs used with all supported cards
6.5.1 Get UID
This APDU retrieves the card Unique ID (UID). Length of the UID varies depending on the card
Command APDU:
CLA
INS
FF
CA
Response:
Data
UID of the Card
P1
00
P2
00
Lc
Data
Le
00
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
6.5.2 Traverse
This APDU is used to send the “Raw Card Command“ in the data field to the card without any
command specific processing by the reader/writer and returns the response data from the Card. The
reader/writer only takes care of the protocol specific processing (CRC, Prologue field etc ...)
The reader/writer uses the Frame type specified in the P2 parameter field and the Frame
waiting time specified in the P1 parameter field, while sending the command and receiving the
response, respectively
Command APDU:
CLA INS P1
FF
FD FWT Code (as
defined in the table
below)
Version: 1.6
P2
Frame Type (as defined
in the table below)
Page 35 of 48
Lc
No of data bytes
sent to the card
Data
Raw Card
Command
Le
00
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
FWT:
FWT
Code
00
01
02
03
04
05
06
07
08
09
0A
0B
0C
0D
0E
0F
10
11
12
13
14
Frame Type:
Frame
Type
00
01
01
FWT (in microseconds)
500
1000
2000
5000
10000
25000
50000
75000
100000
250000
500000
750000
1000000
1250000
1500000
1750000
2000000
2500000
3000000
4000000
5000000
Description
FRAMETYPE_SHORT
FRAMETYPE_STD
FRAMETYPE_ACBITORIENTED
Response:
The response from the card is returned as such without any processing. Reception of any
response from the card is considered as success irrespective of the content of the response
Data
Response from Card
Status Word
SW1 SW2
For possible values and description of status word refer Table 6.1
Version: 1.6
Page 36 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
6.6 Status Word
Status Word (HEX)
SW1
SW2
90
00
63
00
69
83
69
82
69
88
67
00
68
00
6B
00
6A
81
6C
XX
6F
00
6D
00
Description
Command Successful
Reason for error unknown
Authentication is required to access the block in the card
Block’s security status prevents access
Wrong key no. was specified to authenticate with the block
Length parameter in the APDU is wrong
Class byte in the APDU is wrong
Invalid parameter in the APDU
Command is not supported
Wrong Le field. Actual Le is mentioned in place of XX
No Precise diagnosis
Instruction code not supported or invalid
Table 6.1 Status Word Description
Version: 1.6
Page 37 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
7 APDU Samples to Access Cards
The basic card access sequence using would be:
•
•
•
Connect to the card using SCardConnect API
Send commands to the card using SCardTransmit API
Use SCardDisconnect API to disconnect from the card
7.1 How to access MIFARE classic cards?
Get Uid
Command: FF CA 00 00 00
Response: XX XX XX XX 90 00
Reader Authenticate (PIN : '0000000000000000')
Command: FF 00 00 00 09 09 00 00 00 00 00 00 00 00
Response: 90 00
Mifare Load Keys (PCD Key No. : 00, Key Type : Key A)
Command: FF 00 00 00 0A 07 00 00 60 FF FF FF FF FF FF
Response: 90 00
Authenticate (Block No. : 001E, PCD Key No. : 00)
Command: FF 86 00 00 05 01 00 1E 00 00
Response: 90 00
Read Binary - Traverse (Block No. : 1E)
Command: FF FD 0A 01 02 30 1E 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Read Binary (Block No. : 1E)
Command: FF B0 00 1E 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Read Binary (Block No. : 1E)
Command: FF B0 00 1E 10
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Write Binary (Block No. : 1E)
Command: FF D6 00 1E 10 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
Response: 90 00
Read Binary (Block No. : 1E)
Command: FF B0 00 1E 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Write Binary (Block No. : 1E)
Command: FF D6 00 1E 10 A1 B2 C3 D4 E5 F6 1F 2E 3D 4C 5B 6A BB CC DD EE
Response: 90 00
Read Binary (Block No. : 1E)
Command: FF B0 00 1E 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Prepare Block as value block (Block No. : 1E, Value : 64000000)
Command: FF D6 00 1E 10 64 00 00 00 9B FF FF FF 64 00 00 00 00 FF 00 FF
Response: 90 00
Version: 1.6
Page 38 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
Value Increment (Block No. : 1E)
Command: FF FC 00 00 06 C1 1E 01 00 00 00
Response: 90 00
Value Decrement (Block No. : 1E)
Command: FF FC 00 00 06 C0 1E 01 00 00 00
Response: 90 00
7.2 How to access MIFARE UL cards?
Get Uid
Command: FF CA 00 00 00
Response: XX XX XX XX XX XX XX 90 00
Read Binary (Block No. : 09)
Command: FF B0 00 09 00
Response: xx xx xx xx 90 00
Read Binary Traverse (Block No. : 09)
Command: FF FD 0A 01 02 30 09 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Write Binary (Block No. : 09)
Command: FF D6 00 09 04 01 02 03 04
Response: 90 00
Read Binary (Block No. : 09)
Command: FF B0 00 09 00
Response: XX XX XX XX 90 00
Write Binary (Block No. : 09)
Command: FF D6 00 09 10 A1 B2 C3 D4 01 01 01 01 01 01 01 01 01 01 01 01
Response: 90 00
Read Binary (Block No. : 09)
Command: FF B0 00 09 00
Response: xx xx xx xx 90 00
Version: 1.6
Page 39 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
7.3 How to access DESFIRE cards?
Select Application (AID : '000000')
Command: 90 5A 00 00 03 00 00 00 00
Response: 91 00
Authenticate (PICC Key No. : 00)
Command: 900A0000010000
Response: 9100
Change Key (PICC Key No. : 00)
Command: 90 C4 00 00 19 00 11 11 11 11 11 11 11 11 22 22 22 22 22 22 22 22 11 11 11 11 11 11
11 11 00
Response: 91 00
GetKeyVersion (PICC Key No. : 00)
Command: 90 64 00 00 01 00 00
Response: xx 91 00
Create DES/TDES Application (AID : 'C3C2C1')
Command: 90 CA 00 00 05 C1 C2 C3 0F 07 00
Response: 91 00
ReaderAuthenticate (PIN : '0000000000000000')
Command: FF 00 00 00 09 09 00 00 00 00 00 00 00 00
Response: 90 00
Desfire Load Keys (PCD Key No. : 01, AID : 'C3C2C1', PICC Key No. : 00)
Command:F0 00 00 00 1F 07 01 01 C1 C2 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
Response: 90 00
ReaderAuthenticate (PIN : '0000000000000000')
Command: FF 00 00 00 09 09 00 00 00 00 00 00 00 00
Response: 90 00
Desfire Load Keys (PCD Key No. : 02, AID : 'C3C2C1', PICC Key No. : 01)
Command:F0 00 00 00 1F 07 01 02 C1 C2 C3 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
Response: 90 00
ReaderAuthenticate (PIN : '0000000000000000')
Command: FF 00 00 00 09 09 00 00 00 00 00 00 00 00
Response: 90 00
Desfire Load Keys (PCD Key No. : 03, AID : 'C3C2C1', PICC Key No. : 02)
Command: F0 00 00 00 1F 07 01 03 C1 C2 C3 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
Response: 90 00
Select Application (AID : 'C3C2C1')
Command: 90 5A 00 00 03 C1 C2 C3 00
Response: 91 00
Authenticate (PICC Key No. : 00)
Command: 90 0A 00 00 01 00 00
Response: 91 00
Version: 1.6
Page 40 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
ChangeKeySettings (Free Access)
Command: 90 54 00 00 01 0F 00
Response: 9100
Change Key (PICC Key No. : 02)
Command: 90 C4 00 00 19 02 FF FF FF FF FF FF FF FF AA AA AA AA AA AA AA AA FF FF FF FF
FF FF FF FF 00
Response: 9100
Change Key (PICC Key No. : 00)
Command: 90 C4 00 00 19 00 AA AA BB BB CC CC DD DD EE EE FF FF 11 11 22 22 AA AA BB
BB CC CC DD DD 00
Response: 91 00
Authenticate (PICC Key No. : 02)
Command: 90 0A 00 00 01 02 00
Response: 91 00
Authenticate (PICC Key No. : 00)
Command: 90 0A 00 00 01 00 00
Response: 91 00
Create StdData File (File No. : 01)
Command: 90 CD 00 00 07 01 00 EE EE FF 02 00 00
Response: 91 00
Create Value File (File No. : 02)
Command: 90 CC 00 00 11 02 00 EE EE 00 00 00 00 FF 00 00 00 00 00 00 00 01 00
Response: 91 00
Create Linear Record File (File No. : 03)
Command: 90 C1 00 00 0A 03 00 EE EE 20 00 00 08 00 00 00
Response: 91 00
Change File Settings (File No. : 01, Comm Mode : Encrypted)
Command: 90 5F 00 00 04 01 03 0E 00 00
Response: 91 00
Write Data (File No. : 01)
Command: 90 3D 00 00 87 01 00 01 00 80 00 00 AA AA BB BB CC CC DD DD AA AA BB BB CC
CC DD DD AA AA BB BB CC CC DD DD AA AA B BB BC CC CD DD DA AA AB BB B CC CC DD
DD AA AA BB BB CC CC DD DD AA AA BB BB CC CC DD DD AA AA BB BB CC CC DD DD AA AA
BB BB CC CC DD DD AA AA BB BB CC CC DD DD AA AA BB BB CC CC DD DD AA AA BB BB CC
CC DD DD AA AA BB BB CC CC DD DD AA AA BB BB CC CC DD DD AA AA BB BB CC CC DD DD
AA AA BB BB CC CC DD DD 00
Response: 91 00
Read Data (File No. : 01)
Command: 90 BD 00 00 07 01 00 00 00 F4 01 00 00
Response: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
Version: 1.6
Page 41 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx 91 00
Get Value (File No. : 02)
Command: 90 6C 00 00 01 02 00
Response: xx xx xx xx 91 00
Credit (File No. : 02)
Command: 90 0C 00 00 05 02 10 00 00 00 00
Response: 91 00
Commit Transaction
Command: 90 C7 00 00 00
Response: 91 00
Get Value (File No. : 02)
Command: 90 6C 00 00 01 02 00
Response: xx xx xx xx 91 00
Debit (File No. : 02)
Command: 90 DC 00 00 05 02 08 00 00 00 00
Response: 91 00
Commit Transaction
Command: 90 C7 00 00 00
Response: 91 00
Get Value (File No. : 02)
Command: 90 6C 00 00 01 02 00
Response: xx xx xx xx 91 00
Debit (File No. : 02)
Command: 90 DC 00 00 05 02 04 00 00 00 00
Response: 91 00
Abort Transaction
Command: 90 A7 00 00 00
Response: 91 00
Get Value (File No. : 02)
Command: 90 6C 00 00 01 02 00
Response: xx xx xx xx 91 00
Write Records (File No. : 03)
Command: 90 3B 00 00 27 03 00 00 00 20 00 00 AA AA BB BB CC CC DD DD AA AA BB BB CC
CC DD DD AA AA BB BB CC CC DD DD AA AA BB BB CC CC DD DD 00
Response: 91 00
Commit Transaction
Command: 90 C7 00 00 00
Response: 91 00
Read Records (File No. : 03)
Command: 90 BB 00 00 07 03 00 00 00 00 00 00 00
Response: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx 9100
Version: 1.6
Page 42 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
7.3.1 DESFIRE EV1 Specific commands:
Select Application (AID : '000000')
Command: 90 5A 00 00 03 00 00 00 00
Response: 91 00
Authenticate (PICC key No : 00)
Command: 90 0A 00 00 01 00 00
Response: 91 00
Change Key (Master Level from DES/TDES to AES)
Command: 90 C4 00 00 12 80 12 34 56 78 9A BC DE F1 23 45 67 89 AB CD EF EE AE 00
Response: 91 00
Authenticate (Master level AES Authentication)
Command: 90 AA 00 00 01 00 00
Response: 91 00
GetVersion
Command: 90 60 00 00 00
Response: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 91 00
Get Card UID
Command: 90 51 00 00 00
Response: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 91 00
Get FreeMemory
Command: 90 6E 00 00 00
Response: xx xx xx 91 00
Set Configuration
Command: 90 5C 00 00 02 00 00 00
Response: 91 00
Set Configuration
Command: 90 5C 00 00 1A 01 11 11 22 22 33 33 44 44 55 55 66 66 77 77 88 88 11 11 22 22 33 33
44 44 FF 00
Response: 91 00
Set Configuration
Command: 90 5C 00 00 0D 02 0C 75 77 81 02 80 00 00 00 00 00 00 00 00
Response: 91 00
Change Key (Master level from AES to DES/TDES)
Command: 90 C4 00 00 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
Response: 91 00
Authenticate (PICC Key No. : 00)
Command: 90 0A 00 00 01 00 00
Response: 91 00
Format PICC
Command: 90 FC 00 00 00
Response: 91 00
Version: 1.6
Page 43 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
7.4 How to access ISO15693 cards?
Get UID of card
Command: FF CA 00 00 00
Response: XX XX XX XX XX XX XX XX 90 00
Write Single Block
Command: FF FC 00 00 06 21 0F 01 02 03 04
Response: 90 00
Lock Block (Block no: 13)
Command: FF FC 00 00 02 22 13
Response: 90 00
Read Single Block (Block no: 0F)
Command: FF FC 00 00 03 20 0F 00
Response: XX XX XX XX 90 00
Write Multiple Block (Start Block no: 10, No of Blocks: 02)
Command: FF FC 00 00 0B 24 10 01 01 01 01 01 01 01 01 01
Response: 90 00
Read Multiple Block (Start Block no: 10, No of Blocks: 04)
Command: FF FC 00 00 04 23 10 03 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Write AFI
Command: FF FC 00 00 02 27 F0
Response: 90 00
Write DSFID
Command: FF FC 00 00 02 29 F0
Response: 90 00
Lock AFI
Command: FF FC 00 00 01 28
Response: 90 00
Lock DSFID
Command: FF FC 00 00 01 2A
Response: 90 00
Get Multiple Block Security Status (Start Block no: 00, No of Blocks: 02)
Command: FF FC 00 00 04 2C 00 01 00
Response: XX XX 90 00
Get System Info
Command: FF FC 00 00 02 2B 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX 90 00
Version: 1.6
Page 44 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
7.5 How to access Crypto RF cards?
Get UID of card
Command: FF CA 00 00 00
Response: 50 FF FF FF 90 00
Set User Zone (User Zone: 00)
Command: FF FC 00 00 02 01 00
Response: 90 00
Write User Zone (Start Address: 0000, Length: 10)
Command: FF FC 00 00 14 03 00 00 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0E 0E 0F
Response: 90 00
Write User Zone - Traverse (Start Address: 0000, Length: 01)
Command: FF FD 04 01 05 03 00 00 00 0B 00
Response: XX 00 00 90 00
Read User Zone (Start Address: 0000, Length: 20)
Command: FF FC 00 00 04 02 00 00 1F 20
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX 90 00
Set User Zone with Anti Tearing (User Zone: 00)
Command: FF FC 00 00 02 01 80
Response: 90 00
Write User Zone with Anti Tearing (Start Address: 0000, Length: 08)
Command: FF FC 00 00 0C 03 00 00 07 08 09 0A 0B 0C 0D 0E 0F
Response: 90 00
Read User Zone (Start Address: 0000, Length: 20)
Command: FF FC 00 00 04 02 00 00 1F 20
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX 90 00
Read System Zone Fuse (Length: 01)
Command: FF FC 00 00 04 06 01 FF 00 00
Response: XX 90 00
Read System Zone Check Sum (Length: 02)
Command: FF FC 00 00 04 06 02 FF 01 00
Response: XX XX 90 00
Check Password
Command: FF FC 00 00 05 0C 07 10 14 7C
Response: 90 00
Write System Zone (Start Address: 0008, Length: 10)
Command: FF FC 00 00 14 04 00 08 0F 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Response: 90 00
Read System Zone (Start Address: 0008, Length: 41)
Command: FF FC 00 00 04 06 00 08 40 41
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
Version: 1.6
Page 45 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
Write System Zone with Anti tearing (Start Address: 0008, Length: 08)
Command: FF FC 00 00 0C 04 80 08 07 08 09 0A 0B 0C 0D 0E 0F
Response: 90 00
Read System Zone (Start Address: 0008, Length: 41)
Command: FF FC 00 00 04 06 00 08 40 41
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX XX XX XX XX
Write System Zone Fuse (Fuse: SEC, Fuse Address: 07)
Command: FF FC 00 00 05 04 01 07 00 01
Response: 90 00
7.6 How to access ICODE-SLI cards?
Get UID of card
Command: FF CA 00 00 00
Response: 20 4D CC 08 00 01 04 E0 90 00
Traverse - Inventory Read (Start Block no: 10, No of Blocks: 05)
Command: FF FD 03 01 06 66 A0 04 00 10 04 00
Response: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX 90 00
Traverse - Set EAS
Command: FF FD 04 01 0B 22 A2 04 BA 4D CC 08 00 01 04 E0 00
Response: 00 90 00
Traverse - EAS Alarm
Command: FF FD 04 01 0B 22 A5 04 BA 4D CC 08 00 01 04 E0 00
Response: 00 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX 90 00
Traverse - Lock EAS
Command: FF FD 04 01 0B 22 A4 04 BA 4D CC 08 00 01 04 E0 00
Response: 00 00 90 00
Traverse - Reset EAS
Command: FF FD 04 01 0B 22 A3 04 BA 4D CC 08 00 01 04 E0 00
Response: 009000
Traverse - EAS Alarm
Command: FF FD 04 01 0B 22 A5 04 BA 4D CC 08 00 01 04 E0 00
Response: 00 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX 90 00
Version: 1.6
Page 46 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
Appendix A Terms and Abbreviations
Terms/ Abbreviations
USB
ATR
APDU
UID
AFI
DSFID
ISO
DES
NFC
GUI
AES
CID
FWT
Version: 1.6
Description
Universal Serial Bus
Answer to Reset
Application Protocol Data Unit
Unique Identifier
Application Family Identifier
Data Storage Format Identifier
International Standard Organization
Data Encryption Standard
Near Field Communication
Graphical User Interface
Advanced Encryption Standard
Card ID Number
Frame Waiting Time
Page 47 of 48
User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc- Confidential
Appendix B
[R1]
[R2]
[R3]
[R4]
[R5]
[R6]
[R7]
[R8]
[R9]
[R10]
[R11]
[R12]
References
ISO/IEC 15693 Part 3, Identification cards – Contactless integrated circuit(s)
cards – Vicinity card(s)
Interoperability Specification for ICCs and Personal Computer Systems Part 3
NXP Mifare® DESFire Datasheet (M075031.pdf)
Microsoft’s PCSC reference documentation is included in most Visual Studio help system and
available online at http://msdn.microsoft.com. Enter “WinSCard” or “SCardTransmit” keywords
in the search box.
PCSC workgroup: http://www.pcscworkgroup.com
ISO/IEC 7816-3 Third Edition 2006-11-01
ISO/IEC 7816-4 Second Edition 2005-01-15
ISO/IEC 14443-4 First Edition 2001-02-01
ISO/IEC 14443-4 Amendment-1 2006-03-15
Atmel CryptoRF Specification (AT88SCXXXXCRF) Rev 2.0 2007-04-13
NXP Mifare® DESFire EV1 Functional Specification (MF3ICD81)
Philips CL RC632 Multiple Protocol Contactless Reader IC Datasheet Rev 3.0 May 2003
Version: 1.6
Page 48 of 48

---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Create Date                     : 2009:07:03 13:34:24+05:30
Modify Date                     : 2009:07:27 17:08:40+05:30
Producer                        : Acrobat Distiller 8.1.0 (Windows)
Mod Date                        : 2009:07:27 17:08:40+05:30
Creation Date                   : 2009:07:03 13:34:24+05:30
Author                          : Administrator
Creator Tool                    : PScript5.dll Version 5.2
Metadata Date                   : 2009:07:27 17:08:40+05:30
Document ID                     : uuid:91ca0a62-575d-4d65-a44f-781eba80848c
Instance ID                     : uuid:d0d63ba1-28da-445d-8231-7c757bec5772
Format                          : application/pdf
Title                           : Microsoft Word - User_Manual - Multi-ISO_HF_Reader - USB_Ver1.6.doc
Creator                         : Administrator
Page Count                      : 48
Has XFA                         : No

EXIF Metadata provided by EXIF.tools