3

With an ACR122U I know you can transmit direct messages to the NFC controller (PN532) by using the direct transmit command: 0xff 0x00 0x00 0x00....

When I read the manual of the ACR1251U it say: The reader's peripherals control commands are implemented by using the PC_to_RDR_Escape.

What does this exacly mean? Does this mean it isn't possible to send direct messages to the NFC controller? If it is possible, where can you find which NFC controller it use?

Any information is welcome!

Thanks in advance.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
S.Pols
  • 3,414
  • 2
  • 21
  • 42

1 Answers1

4

The "direct transmit command" is an APDU format that permits you to send native commands to the PN532 NFC controller embedded in the ACR122U reader device. So this basically defines the wrapping to fit native commands into the APDU-based protocol that you talk to the reader over PC/SC (& CCID):

 0xFF 0x00 0x00 0x00 <Lc> <DATA>

where <DATA> is actually a command for the PN532.

PC_to_RDR_Escape is the CCID message (device class/protocol that is spoken over USB) that is invoked by the PC/SC stack when you send an escape command. For instance, if you use the Java SmartcardIO API's Card.transmitControlCommand() method, the PC/SC stack will send a PC_to_RDR_Escape message over USB. THe reader answers this message with a RDR_to_PC_Escape response.

Similarly if you use the method CardChannel.transmit() method, this cause the PS/SC stack to issue one (or more?) PC_to_RDR_XfrBlock messages over USB.

As you found out in this answer, it seems as if you would use the APDU format of the "direct transmit command" for both command exchange methods.

Whether you need to use the escape command or the transmit command seems to depend on the firmware version of the reader. For instance, for firmware version 101, 102 (and 103?) you would typically only need the transmit command, but the next generation versions (2xx) seem to prefer/require (if they don't emulate an ATR) the escape command approach.

Community
  • 1
  • 1
Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • 2
    No, `Card.transmitControlCommand()` (or `SCardControl` in C) **uses** `PC_to_RDR_Escape` to talk to the PC/SC reader device. The "direct transmit command" APDU structure is just one frame format to use across that link (for the ACR122U, not sure if that command exists for the ACR1251U). So if you want to send any of the peripheral control commands defined for the ACR1251U, you would use `Card.transmitControlCommand()` (with `IOCTL_..._ESCAPE_COMMAND`) to send that. – Michael Roland Aug 01 '14 at 18:22
  • I'm sorry, i was rewriting my comment but you were answering to fast! Thanks, this command is helpfull to. – S.Pols Aug 01 '14 at 18:31
  • So if i understand this well: The ACR1251U manual say you can use `E0 00 00 18 00` to get the firmware version. If i use this with `Card.transmitControlCommand()` it will talk with `PC_to_RDR_Escape`. So this 'escape approuch' have the same effect as the `0xFF 0x00 0x00 0x00 ` approuch of the ACR122U? So far i see the ACR1251 does not have a 'direct transmit command'. Does this have something to do with the fact that the ACR122U has one interface (ACR122U PCSC Interface) while the ACR1251U has two (ACR1251 PCSC SAM Interface and ACR1251 PCSC PICC Interface)? – S.Pols Aug 01 '14 at 18:32
  • Is it also true that if i want to send for example the `TgInitAsTarget` command i first need to know which NFC controller chip is inside the ACR1251U? – S.Pols Aug 01 '14 at 18:41
  • 1
    You can think of `FF 00 00 00 ` to be yet just another command like `E0 00 00 18 00`. – Michael Roland Aug 01 '14 at 18:55
  • 1
    If you want to send something like the `TgInitAsTarget` command (that's a command specific to the PN53x chips), you need to find out if you can directly send commands to the ACR1251U's NFC chip and you need to find out what chip they used in it (and, of course, that chip needs to support something equivalent). – Michael Roland Aug 01 '14 at 18:58