Professional Documents
Culture Documents
Website: www.acs.com.hk
Email: info@acs.com.hk
Table of Contents
1.0 Introduction ..........................................................................................................................................4
1.1 USB Interface ...................................................................................................................................4
2.0 Implementation ....................................................................................................................................5
2.1 Communication Flow Chart of ACR122U.........................................................................................5
2.2 Smart Card Reader Interface Overview ...........................................................................................5
3.0 PICC Interface Description ..................................................................................................................6
3.1 ATR Generation ...............................................................................................................................6
3.1.1 ATR format for ISO 14443 Part 3 PICCs...................................................................................6
3.1.2 ATR format for ISO 14443 Part 4 PICCs...................................................................................7
4.0 PICC Commands for General Purposes .............................................................................................8
4.1 Get Data ...........................................................................................................................................8
5.0 PICC Commands (T=CL Emulation) for MIFare Classic Memory Cards ............................................9
5.1 Load Authentication Keys.................................................................................................................9
5.2 Authentication.................................................................................................................................10
5.3 Read Binary Blocks ........................................................................................................................12
5.4 Update Binary Blocks .....................................................................................................................13
5.5 Value Block Related Commands ...................................................................................................13
5.5.1 Value Block Operation .............................................................................................................13
5.5.2 Read Value Block ....................................................................................................................14
5.5.3 Restore Value Block ................................................................................................................15
6.0 Pseudo APDUs..................................................................................................................................16
6.1 Direct Transmit ...............................................................................................................................16
6.2 Bi-Color LED and Buzzer Control ..................................................................................................16
6.3 Get the Firmware Version of the reader.........................................................................................17
6.4 Get the PICC Operating Parameter ...............................................................................................18
6.5 Set the PICC Operating Parameter................................................................................................18
7.0 Basic Program Flow for Contactless Applications.............................................................................19
7.1 How to access PCSC Compliant Tags (ISO14443-4)?..................................................................20
7.2 How to access DESFIRE Tags (ISO14443-4)? .............................................................................21
7.3 How to access FeliCa Tags (ISO18092)?......................................................................................22
7.4 How to access NFC Forum Type 1 Tags (ISO18092)? E.g. Jewel and Topaz Tags ....................22
7.5 Get the current setting of the contactless interface........................................................................24
Appendix 1: ACR122 PCSC Escape Command......................................................................................25
Appendix 2: APDU Command and Response Flow for ISO14443 Compliant Tags................................27
Appendix 3: APDU Command and Response Flow for ISO18092 Compliant Tags................................28
Page 2 of 33
Page 3 of 33
1.1
USB Interface
The ACR122U is connected to a computer through USB as specified in the USB Specification 1.1.
The ACR122U is working in Full speed mode, i.e. 12 Mbps.
Pin
1
2
3
4
Signal
VBUS
DD+
GND
Function
+5V power supply for the reader (Max 200mA, Normal 100mA)
Differential signal transmits data between ACR122U and PC.
Differential signal transmits data between ACR122U and PC.
Reference voltage level for power supply
Page 4 of 33
Page 5 of 33
8N
T0
80
TD1
01
TD2
80
T1
Tk
3+N
4F
0C
RID
4+N
SS
C0 .. C1
00 00 00 00
UU
4
To
Description
RFU
TCK
Where:
T0
TD1
TD2
T1
Tk
Length
RID
Standard
8F
80
01
80
4F
0C
A0 00 00
03 06
03
Length (YY)
RID
Standard (SS)
Card Name (C0 .. C1)
Card
Name
00 01
RFU
TCK
00 00 00
00
6A
= 0C
= A0 00 00 03 06 (PC/SC Workgroup)
= 03 (ISO14443A, Part 3)
= [00 01] (MIFare 1K)
Where, Card Name (C0 .. C1)
00 01: Mifare 1K
00 02: Mifare 4K
00 03: Mifare Ultralight
00 26: MiFare Mini
.
F0 04: Topaz and Jewel
F0 11: FeliCa 212K
F0 12: Felica 424K
FF [SAK]: Undefined
Page 6 of 33
8N
T0
80
TD1
01
TD2
4
to
3+N
XX
XX
XX
XX
T1
Tk
Description
4+N
UU
TCK
T0
TD1
TD2
3B
86
80
01
ATS
T1 Tk
06 75 77 81 02 80
TCK
00
T0
TD1
TD2
3B
86
80
01
ATQB
T1 Tk
50 12 23 45 56 12 53 54 4E 33 81 C3
TCK
55
Since this card follows ISO 14443 Type B, the response would be ATQB which is 50 12 23
45 56 12 53 54 4E 33 81 C3 is 12 bytes long with no CRC-B
Note: You can refer to the ISO7816, ISO14443 and PCSC standards for more details.
Page 7 of 33
Le
00
(Full Length)
Meaning
The operation completed successfully.
The operation failed.
Function not supported.
Examples:
1. To get the serial number of the connected PICC
UINT8 GET_UID[5]={0xFF, 0xCA, 0x00, 0x00, 0x04};
2. To get the ATS of the connected ISO 14443 A PICC
UINT8 GET_ATS[5]={0xFF, 0xCA, 0x01, 0x00, 0x04};
Page 8 of 33
FF
82
Key Structure
Key Number
Lc
Data In
06
Key
(6 bytes)
Examples:
1. Load a key {FF FF FF FF FF FF} into the key location 0x00.
APDU = {FF 82 00 00 06 FF FF FF FF FF FF}
Page 9 of 33
NOTE: For MIFARE 1K Card, it has a total of 16 sectors and each sector consists of 4 consecutive
blocks. E.g. Sector 0x00 consists of Blocks {0x00, 0x01, 0x02 and 0x03}; Sector 0x01 consists of Blocks
{0x04, 0x05, 0x06 and 0x07}; the last sector 0x0F consists of Blocks {0x3C, 0x3D, 0x3E and 0x3F}.
Once the authentication is done successfully, there is no need to do the authentication again provided that
the blocks to be accessed belong to the same sector. Please refer to the MIFARE 1K/4K specification for
more details.
Data Blocks
(3 blocks, 16 bytes per
block)
0x00 ~ 0x02
0x04 ~ 0x06
Trailer Block
(1 block, 16 bytes)
0x38 ~ 0x0A
0x3C ~ 0x3E
0x3B
0x3F
0x03
0x07
1K
Bytes
Page 10 of 33
Data Blocks
(3 blocks, 16 bytes per
block)
0x00 ~ 0x02
0x04 ~ 0x06
Trailer Block
(1 block, 16 bytes)
0x78 ~ 0x7A
0x7C ~ 0x7E
0x7B
0x7F
Sectors
(Total 8 sectors. Each sector
consists of 16 consecutive
blocks)
Sector 32
Sector 33
..
..
Sector 38
Sector 39
Data Blocks
(15 blocks, 16 bytes per
block)
Trailer Block
(1 block, 16 bytes)
0x80 ~ 0x8E
0x90 ~ 0x9E
0x8F
0x9F
0xE0 ~ 0xEE
0xF0 ~ 0xFE
0xEF
0xFF
0x03
0x07
2K
Bytes
2K
Bytes
Page
Serial Number
Serial Number
Internal / Lock
OTP
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
Data read/write
SN0
SN3
BCC1
OPT0
Data0
Data4
Data8
Data12
Data16
Data20
Data24
Data28
Data32
Data36
Data40
Data44
SN1
SN4
Internal
OPT1
Data1
Data5
Data9
Data13
Data17
Data21
Data25
Data29
Data33
Data37
Data41
Data45
SN2
SN5
Lock0
OTP2
Data2
Data6
Data10
Data14
Data18
Data22
Data26
Data30
Data34
Data38
Data42
Data46
BCC0
SN6
Lock1
OTP3
Data3
Data7
Data11
Data15
Data19
Data23
Data27
Data31
Data35
Data39
Data43
Data47
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
512 bits
Or
64 bytes
Example:
1. To authenticate the Block 0x04 with a {TYPE A, key number 0x00}. For PC/SC V2.01,
Obsolete.
APDU = {FF 88 00 04 60 00};
2. To authenticate the Block 0x04 with a {TYPE A, key number 0x00}. For PC/SC V2.07
alaAPDU = {FF 86 00 00 05 01 00 04 60 00}
Note:
MIFARE Ultralight does not need to do any authentication. The memory is free to access.
Page 11 of 33
FF
B0
00
Block Number
Le
Number of Bytes to Read
0 <= N <= 16
SW1
90
63
00
00
SW2
Meaning
Example:
1. Read 16 bytes from the binary block 0x04 (MIFARE 1K or 4K)
APDU = {FF B0 00 04 10}
2. Read 4 bytes from the binary Page 0x04 (MIFARE Ultralight)
APDU = {FF B0 00 04 04}
3. Read 16 bytes starting from the binary Page 0x04 (MIFARE Ultralight) (Pages 4, 5, 6 and 7 will
be read)
APDU = {FF B0 00 04 10}
Page 12 of 33
FF
D6
00
Block
Number
Number of
Bytes to
Update
Data In
Block Data
4 Bytes for MIFARE
Ultralight
or
16 Bytes for MIFARE
1K/4K
where:
Block Number (1 Byte):The starting block to be updated.
Number of Bytes to Update (1 Byte):
90
00
Error
63
00
Example:
1. Update the binary block 0x04 of MIFARE 1K/4K with Data {00 01 .. 0F}
APDU = {FF D6 00 04 10 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F}
2. Update the binary block 0x04 of MIFARE Ultralight with Data {00 01 02 03}
APDU = {FF D6 00 04 04 00 01 02 03}
FF
D7
00
Block
Number
05
VB_OP
Data In
VB_Value
(4 Bytes)
{MSB .. LSB}
Page 13 of 33
LSB
FC
LSB
01
Le
04
Page 14 of 33
90
63
00
00
03
Data In
Target Block
Number
Source Block Number (1 Byte): The value of the source value block will be copied to the target value
block.
Target Block Number (1 Byte): The value block to be restored. The source and target value blocks must
be in the same sector.
Example:
1. Store a value 1 into block 0x05
APDU = {FF D7 00 05 05 00 00 00 00 01}
Answer: 90 00
2. Read the value block 0x05
APDU = {FF B1 00 05 00}
Answer: 00 00 00 01 90 00 [9000]
3. Copy the value from value block 0x05 to value block 0x06
APDU = {FF D7 00 05 02 03 06}
Answer: 90 00 [9000]
4. Increment the value block 0x05 by 5
APDU = {FF D7 00 05 05 01 00 00 00 05}
Answer: 90 00 [9000]
Page 15 of 33
0xFF
0x00
0x00
0x00
Number
of Bytes
to send
Payload
Response Data
0xFF
0x00
0x40
LED
State
Control
Bit 4
Bit 5
Bit 6
Bit 7
0x04
Data In
(4 Bytes)
Blinking Duration
Control
Description
1 = On; 0 = Off
1 = On; 0 = Off
1 = Update the State
0 = No change
1 = Update the State
0 = No change
1 = On; 0 = Off
1 = On; 0 = Off
1 = Blink
0 = Not Blink
1 = Blink
0 = Not Blink
Page 16 of 33
Byte 3
Link to Buzzer
Byte 3: Link to Buzzer. Control the buzzer state during the LED Blinking.
0x00: The buzzer will not turn on
0x01: The buzzer will turn on during the T1 Duration
0x02: The buzzer will turn on during the T2 Duration
0x03: The buzzer will turn on during the T1 and T2 Duration.
90
63
Meaning
Description
1 = On; 0 = Off
1 = On; 0 = Off
Note:
A. The LED State operation will be performed after the LED Blinking operation is completed.
B. The LED will not be changed if the corresponding LED Mask is not enabled.
C. The LED will not be blinking if the corresponding LED Blinking Mask is not enabled. Also, the number
of repetition must be greater than zero.
D. T1 and T2 duration parameters are used for controlling the duty cycle of LED blinking and Buzzer
Turn-On duration. For example, if T1=1 and T2=1, the duty cycle = 50%. #Duty Cycle = T1 / (T1 +
T2).
E. To control the buzzer only, just set the P2 LED State Control to zero.
F. To make the buzzer operational, the number of repetition must greater than zero.
G. To control the LED only, just set the parameter Link to Buzzer to zero.
0xFF
0x00
P1
P2
Le
0x48
0x00
0x00
Page 17 of 33
0xFF
0x00
P1
P2
Le
0x50
0x00
0x00
P1
0x51
P2
New PICC Operating
Parameter
Le
0x00
Polling Interval
FeliCa 424K
FeliCa 212K
Topaz
ISO14443 Type B
ISO14443 Type A
#To detect the MIFARE
Tags, the Auto ATS
Generation must be
disabled first.
Description
Option
1 = Enable
0 = Disable
1 = Enable
0 = Disable
1 = 250 ms
0 = 500 ms
1 = Detect
0 = Skip
1 = Detect
0 = Skip
1 = Detect
0 = Skip
1 = Detect
0 = Skip
1 = Detect
0 = Skip
Page 18 of 33
NOTE:
1. The antenna can be switched off in order to save the power.
Turn off the antenna power: FF 00 00 00 04 D4 32 01 00
Turn on the antenna power: FF 00 00 00 04 D4 32 01 01
2. Standard and Non-Standard APDUs Handling.
PICCs that use Standard APDUs: ISO14443-4 Type A and B, MIFARE .. etc
PICCs that use Non-Standard APDUs: FeliCa, Topaz .. etc.
Page 19 of 33
P2
Lc
Data
In
Length
of the
Data In
Le
Expected
length of
the
Response
Data
Response Data
SW1
90
63
00
00
SW2
Meaning
Page 20 of 33
Page 21 of 33
7.4 How to access NFC Forum Type 1 Tags (ISO18092)? E.g. Jewel and Topaz Tags
Typical sequence may be:
- Present the Topaz Tag and Connect the PICC Interface
- Read / Update the memory of the tag
Step 1) Connect the Tag
The ATR = 3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 F0 04 00 00 00 00 9F
In which, F0 04 = Topaz
Step 2) Read the memory address 08 (Block 1: Byte-0) without using Pseudo APDU
<< 01 08
>> 18 [90 00]
In which, Response Data = 18
Or
Step 2) Read the memory address 08 (Block 1: Byte-0) using Pseudo APDU
<< FF 00 00 00 [05] D4 40 01 01 08
In which,
[05] is the length of the Pseudo APDU Data D4 40 01 01 08
D4 40 01 is the DataExchange Command.
01 08 is the data to be sent to the tag.
>> D5 41 00 18 [90 00]
In which, Response Data = 18
Page 22 of 33
Please refer to the Jewel and Topaz specification for more detailed information.
Page 23 of 33
Page 24 of 33
Page 25 of 33
Page 26 of 33
Appendix 2: APDU Command and Response Flow for ISO14443 Compliant Tags
Assume an ISO14443-4 Type B tag is used.
<< Typical APDU Command and Response Flow >>
PC
Reader
Tag
Sequences
USB Interface
(12Mbps)
RF Interface
(13.56MHz)
1. The
command is
sent
Contactless Related
Command
Tag-specific Command
Frame
[APDU Command]
e.g. [00 84 00 00 08] (Get
Challenge)
[APDU Command]
embedded in ISO14443
Frame
Contactless Related
Response
Tag-specific Response
Frame
[APDU Response]
e.g. [11 22 33 44 55 66
77 88] (90 00)
[APDU Response]
embedded in ISO14443
Frame
2. The
response is
received
Page 27 of 33
Reader
Tag
Sequences
USB Interface
(12Mbps)
RF Interface
(13.56MHz)
1. The command
is sent
Contactless Related
Command
[Native Command]
e.g. [01 08] (read
memory address 08)
or
Pseudo APDU
Command
+ [Native Command]
e.g. FF 00 00 00 05 D4
40 01 [01 08]
2. The response
is received
Contactless Related
Response
[Native Response]
e.g. 00 (90 00)
or
Pseudo APDU
Response
+ [Native Response]
e.g. D5 41 00 [00] (90
00)
Page 28 of 33
Error Code
0x00
0x01
0x02
0x03
0x04
0x05
0x06
0x07
0x08
0x0A
0x0B
0x0D
0x0E
0x10
0x12
0x13
0x14
0x23
0x25
0x26
0x27
0x29
0x2A
0x2B
0x2C
0x2D
0x2E
Page 29 of 33
Example 3: To turn off the RED Color LED only, and left the Green Color LED unchanged.
// Assume both Red and Green LEDs are ON initially //
// Not link to the buzzer //
APDU = FF 00 40 04 04 00 00 00 00
Response = 90 02. Green LED is not changed (ON); Red LED is OFF,
Red LED On
Green LED On
Page 30 of 33
T2 = 0ms
Red LED Off
Green LED On
Buzzer Off
T2 =
500ms
Green LED Off
Buzzer On
Buzzer Off
Page 31 of 33
T2 =
500ms
Green LED On
Buzzer Off
Page 32 of 33
T2 =
500ms
Green LED On
Buzzer On
Buzzer Off
Page 33 of 33