Elatec Nano Module Multi ISO Technical Manual Download Page 61 | Manualshive

Page: 61 / 65

background image

Elatec GmbH

Page 61 of 65

10. Mifare® PLUS

10.1 Security Levels

Mifare® PLUS supports four security levels. The initial delivery configuration is SL0. Within this level,
cards must be personalized. After that, the card is switched to a higher security level. Once a card has
been switched to a higher level, it cannot be switched back to a lower level. Depending on card type,
different ways of switching are possible:

SL0

SL1

SL2

SL3

S

, X

X

S

, X

X

L3

SL0:

Initial delivery configuration. Only commands „Select‟, „Write Personalization Data‟ and
„Commit Personalization‟ work. Depending on transponder type, the „Commit Personalization‟
command switches the card either to SL1 or SL3.

SL1:

Mifare® Classic compatibility mode. The transponder behaves like a Mifare® Classic 2K/4K
card. If the transponder is a Mifare® PLUS X card, it can be switched to SL2 or directly to SL3,
otherwise only SL3 is possible.

SL2:

AES authentication required, Crypto1 session key is generated, communication is furthermore
secured by Crypto1.

SL3:

Authentication and MACing based on AES. If the transponder is a Mifare® PLUS X card, the
entire communication between reader and transponder is secured by AES cryptography,
Mifare® PLUS S uses plain communication.

«
...
59
60
61
62
63
...
»

Summary of Contents for Nano Module Multi ISO

Page 1: ...Transponder Reader Multi ISO Technical Manual Doc Rev 1 05 ...

Page 2: ...0Bh 11 5 4 1 AutoStart 11 5 4 2 Binary 11 5 4 3 MultiTag 11 5 4 4 NewSerialMode 11 5 4 5 ExtendID 12 5 5 Baudrate Control Register 0Ch 12 5 5 1 Resetting the Baudrate to Default 13 5 6 Operation Mode Register 1 0Eh 14 5 7 Protocol Configuration Register 2 13h 14 5 7 1 Disable Startup Message 14 5 7 2 Noisy Environment 14 5 7 3 Reset Recovery Time Multiplier 14 5 8 Reset Off Time 14h 15 5 9 Reset R...

Page 3: ...0 7 4 3 Write Data Block w wb 31 7 4 3 1 Mifare Ultralight Ultralight C 31 7 4 4 Mifare Value Block Related Commands 32 7 4 4 1 Create Value Block wv 33 7 4 4 2 Read Value Block rv 33 7 4 4 3 Increment Value Block 34 7 4 4 4 Decrement Value Block 34 7 4 4 5 Copy Value Block 35 7 4 5 Mifare PLUS Related Commands 36 7 4 5 1 Write Personalization Data nwp 36 7 4 5 2 Commit Personalization ncp 37 7 4 ...

Page 4: ...S Data Encryption Decryption as 49 7 6 16 DES Triple DES Data Encryption Decryption ds 50 8 Typical Data Transaction Procedures 51 8 1 Mifare Classic Mifare PLUS 51 8 2 Mifare Ultralight 52 8 3 Mifare Ultralight C 53 8 4 I Code SLI SRX 54 9 Memory Organization of Mifare Transponders 55 9 1 Mifare Classic 1k 55 9 2 Mifare Classic 4k 56 9 3 Mifare PLUS 57 9 4 Mifare Ultralight 58 9 5 Mifare Ultralig...

Page 5: ...e Multi ISO The readers are using the same reading technology so this document is applicable for both devices Note In order to use the functionality which is described in this document your Multi ISO reader needs a firmware version V1 15 or above In order to update the firmware from an elder version please refer to chapter 8 Firmware update ...

Page 6: ...tenna receiver input 2 AntTX1 Antenna transmitter output 1 3 20 VCC 5V 4 6 19 GND Ground 5 AntTX2 Antenna transmitter output 2 7 SAM_CLK SAM clock 8 SAM_IO Bidirectional SAM I O line 9 SAM_RESET SAM reset 10 NC Not connected 11 RXD RS 232 receiver input 12 TXD RS 232 transmitter output 13 GPIO0 General purpose input output 0 14 GPIO1 Beeper General purpose input output 1 connection port for beeper...

Page 7: ...iameter use 5 turns For antenna loop larger than 40mm diameter use 3 turns Use between 1mm to 2mm track width Middle tap improves EMC compliance but can be omitted for simple designs All capacitors have to be chosen to create maximum field strength measure antenna field with an oscilloscope and the voltage induced in some auxiliary loop alternatively measure the module power consumption which is m...

Page 8: ...nd sink capability of max 25mA An overcharge of GPIO pins can damage the module A non self oscillating beeper can also be connected to GPIO1 The tone length and frequency can be controlled by commands 2 4 4 Asynchronous Reset In usual operating environments the reset pin can be left floating For an asynchronous hardware reset pull the reset pin to a logic low level Nano Module Multi ISO continues ...

Page 9: ...t1 Inside Contactless PicoPass1 HID ICLASS1 my d EM4033 EM4233 EM4135 1 UID only 4 Setting up a Terminal Program In order to establish a connection between the reader and a terminal program the following steps have to be done Connect your reader to a PC Start your preferred terminal program for Windows e g HyperTerminal Select the serial port e g COM1 where you connected the reader Set up the conn...

Page 10: ...audrate Control Register 0Dh R W 20h RFU never change this register 0Eh R W 7Fh Operation mode Register 1 0Fh R W 0Ah RFU never change this register 10h R W 00h Internal use 11h R W 00h Internal use 12h R W 00h Internal use 13h R W 00h Protocol Configuration Register 2 14h R W 0Ah Reset Off Time 15h R W 25h Reset Recovery Time 16h R W 00h Application Family Identifier AFI 17h R W 10h Internal use ...

Page 11: ...ation Register 1 specifies the general behavior of the reader Protocol Configuration Register 1 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 ExtendID RFU RFU RFU NewSerial Mode MultiTag Binary AutoStart 5 4 1 AutoStart If set the reader will start up in continuous read mode Default value 1 5 4 2 Binary If set the reader uses binary protocol Refer to binary protocol description for further infor...

Page 12: ...ossible values for the prefix byte are Prefix Description 01h Cascade Level 1 transponder e g Mifare Classic 02h Cascade Level 2 transponder e g Mifare Ultralight 03h Cascade Level 3 transponder 5 5 Baudrate Control Register 0Ch The Baudrate control register defines the start up baudrate of the reader For baudrate values refer to the tables below Baudrate Control Register Bit 7 Bit 6 Bit 5 Bit 4 B...

Page 13: ...turns its baudrate setting to 9600 bps This configuration remains valid until a subsequent reset or power down event occurs The user may now write the desired baudrate setting to the Baudrate Control Register After that a reset must be executed so that the new settings may take effect In order to reset the baudrate the host has to send the value FFh at 9600 bps three times to the reader The bytes ...

Page 14: ...e further general behavior of the reader Protocol Configuration Register 2 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU RFU Reset Recovery Time Multiplier Noisy Environment RFU Disable Startup Message RFU 5 7 1 Disable Startup Message If set the reader will not print the start up message MultiISO 1 15 when powered or if a reset occurs Default value 0 5 7 2 Noisy Environment If set the reade...

Page 15: ... 0Ah The image below shows the activity of the RF field The Reset Off Time register has been set to 80h this results in a pause of 128ms 5 9 Reset Recovery Time 15h The Reset Recovery Time register represents the recovery time in milliseconds after the RF field is turned on This register is used for the continuous read mode c single tag select s and multi tag select m commands The value of the reg...

Page 16: ... register 3 specifies the further general behavior of the reader Protocol Configuration register 3 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 TagInfo ReqA Extended ID Internal use do not change RFU RFU RFU 5 11 1 ReqA Extended ID If set the reader will replace the cascade level information 1 byte by the ReqA response 2 bytes This bit has only effect in combination with ISO14443A transponders ...

Page 17: ... ISO14443B transponder FF Unknown transponder 5 12 Installation Identifier E0h EFh The Installation Identifier is used for Mifare PLUS in virtual card environment The Installation Identifier must match with the one stored in the Mifare PLUS transponder that shall be identified using Virtual Card Select command 5 13 Operation Mode Register 2 FEh The Operation Mode register 2 defines which tag types...

Page 18: ...selects a predefined frequency from the table below Tone 3 0 Frequency Standard pitch Vienna scale 0000 523Hz C 0001 554Hz Cis 0010 587Hz D 0011 622Hz Dis 0100 659Hz E 0101 699Hz F 0110 739Hz Fis 0111 784Hz G 1000 831Hz Gis 1001 880Hz A 1010 932Hz Ais 1011 988Hz H 1100 Reserved 1101 Reserved 1110 Reserved 1111 Reserved The following formula defines the beep length BeepLength Length 3 0 1 x 62 5ms ...

Page 19: ...rrect framing A binary frame is built up as follows STX Station ID Length Data BCC ETX 1 byte 1 byte 1 byte Various length 1 byte 1 byte In binary mode the reader only gives a response if a command is issued This means the reader does not show the start up string and also continuous read does not work 6 2 1 STX Start of transmission 02h 6 2 2 Station ID 00h Reserved for the bus master Responses ar...

Page 20: ...0 of a Mifare card using transport key FFh STX Station ID Length Data BCC ETX 02 01 04 6C 00 FF 0D 9B 03 6 2 8 Remarks If an invalid instruction frame is received e g BCC is wrong or if the requested Station ID does not match the internal ID of the reader the command is not executed ...

Page 21: ... tag type ISO14443B 7 5 6 and 7 5 7 o p o p Include Exclude tag type PicoPass ICLASS 7 5 6 and 7 5 7 o s o s Include Exclude tag type SRX 7 5 6 and 7 5 7 o v o v Include Exclude tag type ISO15693 7 5 6 and 7 5 7 oa Set tag type ISO14443A 7 5 5 ob Set tag type ISO14443B 7 5 5 op Set tag type PicoPass ICLASS 7 5 5 os Set tag type SRX 7 5 5 ot Search for all supported tag types 7 5 5 ov Set tag type ...

Page 22: ...zation 7 4 5 2 nl Perform Mifare PLUS authentication 7 4 1 3 nvcs Virtual Card Select 7 3 4 nw Write configuration data 7 4 5 3 nwp Write Personalization Data 7 4 5 1 npc Proximity Check 7 4 5 4 7 1 3 ISO15693 specific commands Command Description For details view chapter k Lock block 7 6 14 7 2 Error Codes Error Code Description CR LF Unknown command E CR LF Invalid key format F CR LF General fai...

Page 23: ...the MultiTag flag must be activated The response data length mainly depends on the tag type Command c Answer Answer Description Data CR LF Serial number UID n bytes 7 3 2 Select Single Tag s This command selects a single tag in the antenna field It shall only be used in single tag environments use the m command in multiple tag environments In case of success the command returns the UID of the sele...

Page 24: ...rating distance is decreased the more transponders are present Principally the operating distance depends on the used transponders the total amount of transponders and the ambient conditions e g if metal is surrounding the reader Command m CR m UID CR Command Description m CR List all present tags m UID CR Select tag by its UID Answer Answer Description Data CR LF Serial number UID n bytes N CR LF...

Page 25: ... must match Furthermore two AES keys are required These are the Virtual Card Polling Encryption key and the Virtual Card Polling MAC key Please note that only EEPROM keys can be used Command nvcs VCPEKey VCPMACKey Parameters Description VCPEKey Virtual Card Polling Encryption EEPROM AES key 1 byte VCPMACKey Virtual Card Polling MAC EEPROM AES key 1 byte Answer Answer Description UID CR LF Real UID...

Page 26: ...ge 00h 3Fh KeyType AAh authenticate with key type A FFh authenticate with key type A transport key FFFFFFFFFFFFh BBh authenticate with key type B 10h 2Fh authenticate with stored key type A 00h 1Fh 30h 4Fh authenticate with stored key type B 00h 1Fh Key CR Enter key manually 6 bytes or tell the reader to login with a transport key by submitting a carriage return CR 1 byte Answer Answer Description...

Page 27: ...r is able to store up to 16 Triple DES keys Command l 00 KeyType Key CR Parameters Description 00 To maintain backward compatibility the first parameter shall be set to 00h KeyType CCh denotes Triple DES Ultralight C key 50h 5Fh authenticate with stored Triple DES key 00h 0Fh Key CR Enter key manually 16 bytes or tell the reader to login with a transport key by submitting a carriage return CR 1 by...

Page 28: ...on can be done in SL1 using the SL1 card authentication key Command nl Sector KeyNumber KeyType KeyAES KeyCrypto1 Parameters Description Sector KeyNumber Sector or Keynumber valid range 00h 2Ch 00h 27h Parameter addresses a data sector 28h Card master key 29h Card configuration key 2Ah Level 2 switch key 2Bh Level 3 switch key 2Ch SL1 card authentication key KeyType AAh authenticate with key type ...

Page 29: ...key type B compute Crypto1 session key key base is transport key B0B1B2B3B4B5h nl06AA0011223344556677 8899AABBCCDDEEFF16 CR Authenticate into sector 06 using specified AES key 00112233445566778899AABBCCDDEEFFh key type A compute Crypto1 session key key base is EEPROM Crypto1 key 06 nl07AA54A0A1A2A3A4A5 CR Authenticate into sector 07 using EEPROM AES key 04 compute Crypto1 session key key base is s...

Page 30: ...s per block Command r BlockAddr rb BlockAddr Answer Answer Description Data CR LF Block data F CR LF Error read failure N CR LF Error no tag in the field or the tag does not respond R CR LF Error Block address out range the block address of the r command is higher than 40h use the rb command instead Example Command Description r08 Reads block 08 sector 02 block 00 7 4 2 1 Mifare Ultralight Ultrali...

Page 31: ...Description w08000102030405060708090A0B0C0D0E0F Writes data 000102030405060708090A0B0C0D0E0F to block 08 sector 02 block 00 w1A11223344 Writes data 11223344 to block 1Ah 7 4 3 1 Mifare Ultralight Ultralight C If data is written to a page of this transponder family the reader performs the so called Compatibility write procedure This means the reader expects 16 bytes of data but only the first 4 byt...

Page 32: ...rt value block commands in SL3 A value block contains 4 bytes user data the remaining 12 bytes are processed internally by the Mifare transponder for increased data integrity A value block is formatted as follows Byte 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Data Value Value Value A A A A The value data is stored three times twice non inverted and once inverted The lowest significant byte is stored i...

Page 33: ... Error write failure I CR LF Error invalid block format Examples Command Description wv0800000000 Formats block 08 as a value block Initial value 00000000h wv0912345678 Formats block 09 as a value block Initial value 12345678h wv0AFFFFFFFE Formats block 0A as a value block Initial value FFFFFFFFEh 2 7 4 4 2 Read Value Block rv Use this command to read a value block This command checks if data of t...

Page 34: ...les Command Description 0800000001 Increments block 08 by 00000001h 0812345678 Increments block 08 by 12345678h 7 4 4 4 Decrement Value Block Use this command to decrement a value block by a defined value A read after decrement is performed automatically The command fails if the specified block is not formatted as value block You must log into the respective sector before this command can be execu...

Page 35: ...rmat You must log into the respective sector before this command can be executed Command SourceBlock TargetBlock Parameters Description SourceBlock Source block address 1 byte TargetBlock Target block address 1 byte Answer Answer Description Data CR LF New value of target block F CR LF Error general failure I CR LF Error invalid block format Examples Command Description 0809 Copy value block 08 to...

Page 36: ...rameter addresses an AES key of data sector 28h Card master key 29h Card configuration key 2Ah Level 2 switch key 2Bh Level 3 switch key 2Ch SL1 card authentication key 2Dh Select Virtual Card key 2Eh Proximity Check key 2Fh Virtual Card Polling Encryption key 30h Virtual Card Polling MAC key 40h MFP Configuration Block 41h Installation Identifier 42h ATS Information 43h Field Configuration Block ...

Page 37: ...onfiguration key Key Change Card master key Level switch keys Card configuration key MFP Configuration block Installation Identifier ATS Card master key Card configuration key Field configuration block Virtual card keys Proximity check key Card configuration key Command nw AESSectorKey SpecialBlock KeyType Data Parameters Description AESSectorKey SpecialBlock If KeyType is present and set to AA or...

Page 38: ...7 4 5 4 Proximity Check npc Use this command to perform a proximity check in order to verify if the transponder is within the proximity of the reader This helps you to secure the reader from relay attacks Depending on the configuration of the transponder proximity check might even be mandatory before any login can take place Note that only Mifare PLUS X transponders support proximity check Command...

Page 39: ...h the card automatically this means the commands RATS ISO14443A and ATTRIB ISO14443B are part of the selection process The maximum allowed frame size is 40 bytes The passed data must comply with ISO14443 4 data framing For details regarding the Mifare DESFire command set please contact NXP Semiconductors in order to receive the appropriate documentation Command t DataLength 0F ISO14443 4 Frame Ans...

Page 40: ...1 byte Example Command Description rp0A Reads register 0Ah Station ID 7 5 2 Write Byte to EEPROM wp Use this command to write a byte to the internal reader EEPROM Only the configuration bank is accessible by the user if any keys shall be written the respective commands have to be used The address byte ranges from 00h to FFh A read after write check is performed automatically Command wp EEPROMAddr ...

Page 41: ...ader at once and they are lost when a reset occurs or the reader is powered down Command of FlagAddr State Answer Answer Description Data CR LF State of the modified flag R CR LF Error Flag out of range Flag address Description 00h MultiTag 01h NewSerialMode 05h ExtendID 07h NoisyEnvironment 08h Reset Recovery Time Multiplier 11h ReqAExtendID 12h TagInfo Examples Command Description of0001 Set Mul...

Page 42: ...ample Command Description og0310 Set Reset Off Time to 10h 16ms og0420 Set Reset Recovery Time to 20h 32ms 7 5 5 Set Tag Type oa ob op os ot ov Use this command to search for only one specific transponder type e g only ISO14443A In contrast to the EEPROM registers the settings of the o command are volatile this means they are taking effect on the behavior of the reader at once and they are lost wh...

Page 43: ...ASS transponders O S CR LF Search for SRX transponders O V CR LF Search for ISO15693 transponders 7 5 7 Exclude Tag Type o a o b o p o s o v Use this command to exclude specific transponder types from the transponder search In contrast to the EEPROM register the settings of the o command are volatile this means they are taking effect on the behavior of the reader at once and they are lost when a r...

Page 44: ... Written key Example Command Description wm1A1234567890AB Writes key 1234567890AB to location 1Ah 7 5 8 2 Write AES Triple DES Key wd Use this command to store a 16 Byte Triple DES authentication key into the EEPROM of the reader The reader is able to store up to 16 keys The key locations are write only so the keys can t be read back Command wd KeyNumber Key Answer Answer Description Key CR LF Wri...

Page 45: ...performs a subsequent PPS Protocol and parameter selection exchange Note that not all ISO 7816 compatible cards support PPS Command ei PPS Answer Answer Description ATR CR LF ISO 7816 compliant answer to reset from the SAM card N CR LF Error No response from SAM card Examples Command Description ei00 Init SAM card perform no PPS exchange ei01 Init SAM card perform PPS exchange 7 5 9 2 SAM Transmit...

Page 46: ...and performed 7 6 3 Antenna Power On pon Use this command to turn on the RF field manually If a tag related command is submitted the RF field is also turned on Command pon Answer Description P CR LF Power on command performed 7 6 4 Get Version v Use this command to receive the current firmware version of the reader Command v Answer Description MultiISO 1 15 CR LF Version string 7 6 5 Reset x Use t...

Page 47: ... High Example Command Description iw0201 Sets GPIO2 to logical state High iw0300 Sets GPIO3 to logical state Low 7 6 9 Read GPIO1 pr Use this command to read GPIO1 GPIO1 is switched to input prior reading The command has the same effect as command ir01 It has been implemented in order to adhere backward compatibility Command pr Answer Answer Description Data CR LF Status of GPIO1 00 means Low 01 m...

Page 48: ... brought into power up state The timing of the reset can be controlled by parameters Command y ResetOffTime ResetRecoveryTime Answer Answer Description Y CR LF Field reset performed Example Command Description y1020 Field reset Reset Off Time 16ms Reset Recovery Time 32ms 7 6 14 Lock Block ISO15693 only k Some ISO15693 transponders provide the Lock block feature so that a data block can be turned ...

Page 49: ... Bit 3 Bit 2 Bit 1 Bit 0 RFU RFU RFU RFU RFU Encode RFU KeyIndex Encode 1 Encode the data 0 Decode the data KeyIndex 1 The command uses the EEPROM key specified by KeyNumber 0 The key is passed via serial connection Answer Answer Description Data CR LF Encrypted Decrypted data R CR LF Error Key index out of range Examples Command Description as00001122334455667788 99AABBCCDDEEFF00102030 4050607080...

Page 50: ...rypted 8 bytes Option byte Options Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 RFU RFU RFU RFU RFU Encode KeyLength KeyIndex Encode 1 Encode the data 0 Decode the data KeyLength 1 Use Triple DES algorithm with 16 bytes key 0 Use Single DES algorithm with 8 bytes key KeyIndex 1 The command uses the EEPROM key specified by KeyNumber 0 The key is passed via serial connection Answer Answer Descrip...

Page 51: ...llowing diagram shows the typical command flow in order to access the data area of a Mifare Classic PLUS transponder Select transponder s m Transponder selected no Login into sector l nl Login successful no yes yes Perform read write actions r w Read write successful no yes Read write completed yes no ...

Page 52: ...ralight In contrast to Mifare Classic transponders no login is required to access the EEPROM memory Select transponder s m Transponder selected no no yes Perform read write actions r w Read write successful no yes Read write completed yes no ...

Page 53: ... is required The following diagram shows the typical command flow in order to access the data area of a Mifare Ultralight C transponder Select transponder s m Transponder selected no Login into sector l Login successful no yes yes Perform read write actions r w Read write successful no yes Read write completed yes no Login required yes no ...

Page 54: ...l command flow in order to access the data area of an I Code SLI or SRX transponder No authentication is required prior accessing the data area Select transponder s m Transponder selected no no yes Perform read write actions r w Read write successful no yes Read write completed yes no ...

Page 55: ...a The following table shows the memory organization of a Mifare Classic 1k card Sector address Block addresses 00h 03h 02h 01h 00h 01h 07h 06h 05h 04h 02h 0Bh 0Ah 09h 08h 03h 0Fh 0Eh 0Dh 0Ch 04h 13h 12h 11h 10h 05h 17h 16h 15h 14h 06h 1Bh 1Ah 19h 18h 07h 1Fh 1Eh 1Dh 1Ch 08h 23h 22h 21h 20h 09h 27h 26h 25h 24h 0Ah 2Bh 2Ah 29h 28h 0Bh 2Fh 2Eh 2Dh 2Ch 0Ch 33h 32h 31h 30h 0Dh 37h 36h 35h 34h 0Eh 3Bh 3...

Page 56: ...h 08h 0Bh 02h 12h 48h 4Bh 12h 03h 0Ch 0Fh 03h 13h 4Ch 4Fh 13h 04h 10h 13h 04h 14h 50h 53h 14h 05h 14h 17h 05h 15h 54h 57h 15h 06h 18h 1Bh 06h 16h 58h 5Bh 16h 07h 1Ch 1Fh 07h 17h 5Ch 5Fh 17h 08h 20h 23h 08h 18h 60h 63h 18h 09h 24h 27h 09h 19h 64h 67h 19h 0Ah 28h 2Bh 0Ah 1Ah 68h 6Bh 1Ah 0Bh 2Ch 2Fh 0Bh 1Bh 6Ch 6Fh 1Bh 0Ch 30h 33h 0Ch 1Ch 70h 73h 1Ch 0Dh 34h 37h 0Dh 1Dh 74h 77h 1Dh 0Eh 38h 3Bh 0Eh 1E...

Page 57: ...0h 43h 01h 04h 07h 11h 44h 47h 02h 08h 0Bh 12h 48h 4Bh 03h 0Ch 0Fh 13h 4Ch 4Fh 04h 10h 13h 14h 50h 53h 05h 14h 17h 15h 54h 57h 06h 18h 1Bh 16h 58h 5Bh 07h 1Ch 1Fh 17h 5Ch 5Fh 08h 20h 23h 18h 60h 63h 09h 24h 27h 19h 64h 67h 0Ah 28h 2Bh 1Ah 68h 6Bh 0Bh 2Ch 2Fh 1Bh 6Ch 6Fh 0Ch 30h 33h 1Ch 70h 73h 0Dh 34h 37h 1Dh 74h 77h 0Eh 38h 3Bh 1Eh 78h 7Bh 0Fh 3Ch 3Fh 1Fh 7Ch 7Fh 800h FFFh 20h 80h 8Fh 24h C0h CFh...

Page 58: ... OTP1 OTP2 OTP3 One time programmable 04h Data0 Data1 Data2 Data3 Read Write 05h Data4 Data5 Data6 Data7 Read Write 06h Data8 Data9 Data10 Data11 Read Write 07h Data12 Data13 Data14 Data15 Read Write 08h Data16 Data17 Data18 Data19 Read Write 09h Data20 Data21 Data22 Data23 Read Write 0Ah Data24 Data25 Data26 Data27 Read Write 0Bh Data28 Data29 Data30 Data31 Read Write 0Ch Data32 Data33 Data34 Dat...

Page 59: ...6 Read only 02h BCC1 Internal Lock0 Lock1 Read only Lock 03h OTP0 OTP1 OTP2 OTP3 One time programmable 04h Data0 Data1 Data2 Data3 Read Write 05h Data4 Data5 Data6 Data7 Read Write Read Write 27h Data140 Data141 Data142 Data143 Read Write 28h Lock2 Lock3 RFU RFU Read Write 29h CNT CNT RFU RFU Read Write 2Ah AUTH0 RFU RFU RFU Read Write 2Bh AUTH1 RFU RFU RFU Read Write 2Ch Key1 K0 Key1 K1 Key1 K2 K...

Page 60: ... check fails Furthermore the transponder looses its authenticated state So it is necessary that each write cycle is followed by a subsequent login with the updated part of the new key Command Response s 04169BE1ED2580 CR LF l00CC49454D4B41455242214E4143554F5946 L CR LF w2C07060504000000000000000000000000 F CR LF s 04169BE1ED2580 CR LF l00CC49454D4B04050607214E4143554F5946 L CR LF w2D03020100000000...

Page 61: ...te Personalization Data and Commit Personalization work Depending on transponder type the Commit Personalization command switches the card either to SL1 or SL3 SL1 Mifare Classic compatibility mode The transponder behaves like a Mifare Classic 2K 4K card If the transponder is a Mifare PLUS X card it can be switched to SL2 or directly to SL3 otherwise only SL3 is possible SL2 AES authentication req...

Page 62: ...r in order to satisfy your needs In SL3 value formats are only supported by Mifare PLUS X cards In SL3 Mifare PLUS S transponders use plain communication on the RF field secured by MACing Mifare PLUS X uses fully AES enciphered communication on the RF field including MACing Proximity Check is only supported by Mifare PLUS X in SL3 Mifare PLUS is supported by firmware version 1 05 or higher ...

Page 63: ... steps to update the firmware Power up the reader Ensure that the reader runs at 9600 bps Start the application WinFlash exe you should see the following window Select the appropriate Communication Port e g COM1 Select Nano Module Multi ISO from Product Select the Flash Image Click button Program Wait while the programming process is in progress ...

Page 64: ... 03 Improved communication parameters for PicoPass ICLASS support V1 04 SAM support V1 05 Mifare PLUS support AES crypto command implemented Improved communication parameters for 115200 baud V1 06 Display additional tag info V1 15 Tag type ISO14443B implemented Improved Mifare Login No select tag before sector change required any more Binary protocol implemented EM4034 support Late RATS RATS is pe...

Page 65: ...Elatec GmbH Page 65 of 65 13 Trademarks All referenced brands product names service names and trademarks mentioned in this document are the property of their respective owners ...

Reviews:

No comments

Related manuals for Nano Module Multi ISO

Brand: ZKTeco Pages: 56

Brand: Fender Pages: 51

Brand: JAMO Pages: 18

WALLACE & TIERNAN SFC SC

Brand: Evoqua Pages: 82

Brand: Thiele Pages: 5

Brand: GRS Pages: 4

Brand: MAHLE Pages: 20

Brand: Grundig Pages: 85

TOP LIFT TSK 12000 DJ

Brand: Nussbaum Pages: 56

Brand: LENCO Pages: 66

Brand: ICP DAS USA Pages: 8

Brand: Looperlative Pages: 29

Brand: Suzuki Pages: 150

DOCK products ED

Brand: stertil Pages: 157

Brand: Panasonic Pages: 12

Brand: Panasonic Pages: 11

Brand: Panasonic Pages: 8

Brand: Panasonic Pages: 20

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands