Skip to content

FeliCa Emulation: Handle certain Polling commands in firmware #4204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: dev
Choose a base branch
from
Open

FeliCa Emulation: Handle certain Polling commands in firmware #4204

wants to merge 9 commits into from

Conversation

dogtopus
Copy link
Contributor

What's new

This is a continuation of #4202.

NFC TagInfo, probably all NDEF Type 3 readers, and possibly other readers rely on Polling commands with Request Code of 1 (default System Code request) and non-FFFF System Code to detect card type. The NFC controller doesn't seem to handle the latter case in hardware and simply bubbles those commands up to the firmware layer. The firmware in its current form then gets confused and interrupts the transaction, resulting in failed reading attempts.

This PR adds a handler for when a Polling command with non-FFFF System Code is seen on the firmware side, so that readers behaving like NFC TagInfo could read the emulated card without failing.

Verification

  • Use the .nfc file provided here: F.zip
  • Scan with NFC TagInfo. It should read the entire contents of the emulated card, including having the correct decoding on the NDEF tab.
  • Scan with no reader app. It should open https://example.com
  • Use Proxmark3 to send polling commands to the emulated card. It should return something similar to below:
[usb] pm3 --> hf felica raw -c 060088b40000
[+] Data: 06 00 88 B4 00 00 F7 25 
[+] (22) B2 4D 12 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 D8 9F 
[usb] pm3 --> hf felica raw -c 060088b40100
[+] Data: 06 00 88 B4 01 00 C4 14 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 88 B4 26 1C 
[usb] pm3 --> hf felica raw -c 060088b40200
[+] Data: 06 00 88 B4 02 00 91 47 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 00 83 F2 99 
[usb] pm3 --> hf felica raw -c 060012fc0000
[+] Data: 06 00 12 FC 00 00 ED 1D 
[+] (22) B2 4D 12 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 D8 9F 
[usb] pm3 --> hf felica raw -c 060012fc0100
[+] Data: 06 00 12 FC 01 00 DE 2C 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 12 FC 18 F0 
[usb] pm3 --> hf felica raw -c 060012fc0200
[+] Data: 06 00 12 FC 02 00 8B 7F 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 00 83 F2 99

Checklist (For Reviewer)

  • PR has description of feature/bug or link to Confluence/Jira task
  • Description contains actions to verify feature/bugfix
  • I've built this code, uploaded it to the device and verified feature/bugfix

dogtopus added 7 commits April 25, 2025 02:25
@dogtopus
FeliCa: Handle non-hardware Polling commands
ee3caef 
NFC TagInfo and possibly other readers rely on Polling commands with Request Code of 1 (default System Code request) or non-FFFF System Code to detect card type. Since the NFC controller doesn't seem to handle them in hardware and simply bubbles them up, and then the Flipper firmware will just ignore them and refuse to respond afterwards, this causes the reading operation to fail.

This commit adds a simple handler for such Polling commands so that readers behaving like NFC TagInfo could read the emulated card without failing.
@dogtopus
Only handle cases when System Code is not FFFF
7579269 
The NFC controller should handle Polling commands with the System Code set to FFFF, so it's not necessary for the firmware to handle it.
@dogtopus
Remove system code logging
09b052d
@dogtopus
More cleanups
8d1f007
@dogtopus
Remove the claim that we need a poller change
7472167 
We already have enough information to determine whether or not the card supports NDEF since SYS_OP register value is included in all current Lite-S card dumps.
@dogtopus
Respond to 12FC polling command when needed
9329ef6
@dogtopus
Handle Polling with NDEF and Lite-S Service Code
444068a 
This allows the reader to specifically select the service by naming the Service Code.
@hedger hedger added the NFC NFC-related label Apr 26, 2025
@dogtopus
Introduce API for manual handling of Polling commands
4bb0e36 
Introduce nfc_felica_listener_timer_anticol_start() and nfc_felica_listener_timer_anticol_stop(). These are for now just wrappers around the block_tx timer that can be used to delay the response until the desired Time Slot. Thanks to the loose timing constraints of FeliCa collision resolution protocol, no compensation seems to be necessary. Also enabled the block_tx timer for FeliCa listener, but with both compensation and fdt set to 0 to keep the original behavior of not using the timer during normal data exchange.

This API is now being used for handling Polling commands that are not handled by the NFC controller on the hardware side.
@dogtopus dogtopus requested a review from nminaylov as a code owner April 29, 2025 14:02
@dogtopus dogtopus changed the title FeliCa Emulation: Handle non-hardware Polling commands FeliCa Emulation: Handle certain Polling commands in firmware Apr 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DrZlo13 DrZlo13 Awaiting requested review from DrZlo13 DrZlo13 is a code owner

@hedger hedger Awaiting requested review from hedger hedger is a code owner

@gsurkov gsurkov Awaiting requested review from gsurkov gsurkov is a code owner

@gornekich gornekich Awaiting requested review from gornekich gornekich is a code owner

@nminaylov nminaylov Awaiting requested review from nminaylov nminaylov is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
NFC NFC-related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dogtopus @hedger