| all | frequencies |
|
|
|
|
|
exhibits | applications |
|---|---|---|---|---|---|---|---|---|
| manual | photos | labels | ||||||
| app s | submitted / available | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 |
|
Users Manual | Users Manual | 845.64 KiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
Internal Photos | Internal Photos | 1.05 MiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
External Photos | External Photos | 1.15 MiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
ID Label | ID Label/Location Info | 61.28 KiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
Label Location | ID Label/Location Info | 60.54 KiB | August 23 2022 / August 26 2022 | |||
| 1 | Block Diagram | Block Diagram | August 23 2022 | confidential | ||||
| 1 | Block Diagram RF | Block Diagram | August 23 2022 | confidential | ||||
| 1 |
|
Confidentiality | Cover Letter(s) | 13.04 KiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
Declaration of authorization | Cover Letter(s) | 84.21 KiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
MPE | RF Exposure Info | 84.79 KiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
Modular Approval Request | Cover Letter(s) | 15.10 KiB | August 23 2022 / August 26 2022 | |||
| 1 | Operational Description | Operational Description | August 23 2022 | confidential | ||||
| 1 | Part List | Parts List/Tune Up Info | August 23 2022 | confidential | ||||
| 1 | Schematics | Schematics | August 23 2022 | confidential | ||||
| 1 |
|
Test Report | Test Report | 1.93 MiB | August 23 2022 / August 26 2022 | |||
| 1 |
|
Test Setup Photos | Test Setup Photos | 560.81 KiB | August 23 2022 / August 26 2022 |
| 1 | Users Manual | Users Manual | 845.64 KiB | August 23 2022 / August 26 2022 |
FCC / ISED, PSE, CE approved
RS485 RFID reader
Eccel part: 000537
User manual
Manual version: v1.1
04/08/2022
1 | P a g e
www.eccel.co.uk
Table of contents
1.
2.
3.
4.
Introduction .......................................................................................................................................................... 5
Electrical specification ........................................................................................................................................... 6
2.1 ABSOLUTE MAXIMUM RATINGS .................................................................................................................................... 6
2.2 OPERATING CONDITIONS ............................................................................................................................................. 6
2.3 DC CHARACTERISTICS (VDD = 5 V, TS = 25 °C) ................................................................................................................ 6
2.4 CURRENT CONSUMPTION (5V INPUT) ............................................................................................................................ 6
Installation ............................................................................................................................................................ 7
Communication interface ...................................................................................................................................... 8
4.1 OVERVIEW ............................................................................................................................................................... 8
4.2 FRAME STRUCTURE .................................................................................................................................................... 8
4.3 CRC CALCULATION .................................................................................................................................................... 9
4.4 AUTOMATIC ADDRESSING .......................................................................................................................................... 11
5.
Commands list ..................................................................................................................................................... 12
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.14
5.1.15
5.1.16
5.1 GENERIC COMMANDS ............................................................................................................................................... 12
Acknowledge frame (0x00) ................................................................................................................ 12
Error response (0xFF) ......................................................................................................................... 12
Dummy command (0x01) ................................................................................................................... 13
Get tag count (0x02) .......................................................................................................................... 14
Get tag UID (0x03) ............................................................................................................................. 14
Activate TAG (0x04) ........................................................................................................................... 15
Halt (0x05) ......................................................................................................................................... 16
Set key (0x06) ..................................................................................................................................... 16
Save keys (0x07) ................................................................................................................................. 17
Reboot (0x08) ..................................................................................................................................... 17
Get version (0x09) .............................................................................................................................. 17
Get hardware version (0x0A) ............................................................................................................. 18
Set communication settings (0x0B).................................................................................................... 18
Get communication settings (0x0C) ................................................................................................... 19
Reset to factory defaults (0x0D) ........................................................................................................ 20
Set LED (0x0E) .................................................................................................................................... 20
5.2 FIRMWARE COMMANDS ............................................................................................................................................ 21
Jump to bootloader (0xF1) ................................................................................................................. 21
Firmware start frame (0xF2) .............................................................................................................. 21
Firmware frame (0xF4) ...................................................................................................................... 22
Firmware finish frame (0xF4) ............................................................................................................. 22
5.3 MIFARE CLASSICS COMMANDS ................................................................................................................................. 23
Read block (0x20) ............................................................................................................................... 23
Write block (0x21) .............................................................................................................................. 23
Read value (0x22) .............................................................................................................................. 24
Write value (0x23).............................................................................................................................. 25
Increment/decrement value (0x24) ................................................................................................... 25
Transfer value (0x25) ......................................................................................................................... 26
Restore value (0x26) .......................................................................................................................... 27
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.2.1
5.2.2
5.2.3
5.2.4
2 | P a g e
www.eccel.co.uk
5.3.8
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8
5.4.9
5.4.10
5.4.11
Transfer-Restore value (0x27) ............................................................................................................ 27
5.4 MIFARE ULTRALIGHT COMMANDS ............................................................................................................................. 29
Read page (0x40) ............................................................................................................................... 29
Write page (0x41) .............................................................................................................................. 29
Get version (0x42) .............................................................................................................................. 30
Read signature (0x43) ........................................................................................................................ 30
Write signature (0x44) ....................................................................................................................... 31
Lock signature (0x45) ......................................................................................................................... 31
Read counter (0x46) ........................................................................................................................... 31
Increment counter (0x47) .................................................................................................................. 32
Password auth (0x48) ........................................................................................................................ 32
Ultralight-C authenticate (0x49) ........................................................................................................ 33
Check Tearing Event (0x4A) ............................................................................................................... 33
5.5 MIFARE DESFIRE COMMANDS ................................................................................................................................. 35
Get version (0x60) .............................................................................................................................. 35
5.5.1
Select application (0x61) .................................................................................................................... 35
5.5.2
List application IDs (0x62) .................................................................................................................. 36
5.5.3
List files IDs (0x63) ............................................................................................................................. 36
5.5.4
Authenticate (0x64) ........................................................................................................................... 37
5.5.5
Authenticate ISO (0x65) ..................................................................................................................... 37
5.5.6
Authenticate AES (0x66) .................................................................................................................... 38
5.5.7
Create application (0x67) ................................................................................................................... 38
5.5.8
Delete application (0x68) ................................................................................................................... 39
5.5.9
Change key (0x69) .............................................................................................................................. 39
5.5.10
Get key settings (0x6A) ...................................................................................................................... 40
5.5.11
Change key settings (0x6B) ................................................................................................................ 40
5.5.12
5.5.13
Create standard or backup data file (0x6C) ....................................................................................... 40
5.5.14 Write data (0x6D) .............................................................................................................................. 41
Read data (0x6E) ................................................................................................................................ 41
5.5.15
Create value file (0x6F) ...................................................................................................................... 42
5.5.16
Get value (0x70) ................................................................................................................................. 43
5.5.17
Credit file (0x71) ................................................................................................................................. 43
5.5.18
Credit file (0x72) ................................................................................................................................. 43
5.5.19
Debit file (0x73) .................................................................................................................................. 44
5.5.20
Create record file (0x74) .................................................................................................................... 44
5.5.21
5.5.22 Write record (0x75) ............................................................................................................................ 45
Read record (0x76) ............................................................................................................................. 45
5.5.23
Clear records (0x77) ........................................................................................................................... 46
5.5.24
Delete file (0x78) ................................................................................................................................ 46
5.5.25
Get free memory (0x79) ..................................................................................................................... 47
5.5.26
Format memory (0x7A) ...................................................................................................................... 47
5.5.27
Commit transaction (0x7B) ................................................................................................................ 47
5.5.28
Abort transaction (0x7C) .................................................................................................................... 48
5.5.29
5.6 ICODE (ISO15693) COMMANDS .............................................................................................................................. 49
Inventory start (0x90) ........................................................................................................................ 49
Inventory next (0x91) ......................................................................................................................... 49
Stay quiet (0x92) ................................................................................................................................ 50
Read block (0x93) ............................................................................................................................... 50
Write block (0x94) .............................................................................................................................. 51
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
3 | P a g e
www.eccel.co.uk
Lock block (0x95) ................................................................................................................................ 51
5.6.6
Write AFI (0x96) ................................................................................................................................. 52
5.6.7
Lock AFI (0x97) ................................................................................................................................... 52
5.6.8
Write DSFID (0x98) ............................................................................................................................. 53
5.6.9
Lock DSFID (0x99)............................................................................................................................... 53
5.6.10
Get System Information (0x9A) .......................................................................................................... 53
5.6.11
Get multiple BSS (0x9B) ..................................................................................................................... 54
5.6.12
Password protect AFI (0x9C) .............................................................................................................. 54
5.6.13
Read EPC (0x9D) ................................................................................................................................. 55
5.6.14
Get NXP System Information (0x9E) .................................................................................................. 55
5.6.15
Get random number (0x9F) ................................................................................................................ 56
5.6.16
5.6.17
Set password (0xA0) .......................................................................................................................... 56
5.6.18 Write password (0xA1) ...................................................................................................................... 57
Lock password (0xA2) ........................................................................................................................ 57
5.6.19
Protect page (0xA3) ........................................................................................................................... 58
5.6.20
Lock page protection (0xA4) .............................................................................................................. 59
5.6.21
Get multiple block protection status (0xA5) ...................................................................................... 59
5.6.22
Destroy (0xA6) ................................................................................................................................... 60
5.6.23
Enable privacy (0xA7) ........................................................................................................................ 60
5.6.24
Enable 64-bit password (0xA8) .......................................................................................................... 60
5.6.25
Read signature (0xA9) ........................................................................................................................ 61
5.6.26
5.6.27
Read config (0xAA) ............................................................................................................................. 61
5.6.28 Write config (0xAB) ............................................................................................................................ 62
Pick random ID (0xAC) ....................................................................................................................... 62
5.6.29
6.
7.
Compliance .......................................................................................................................................................... 64
Labelling .............................................................................................................................................................. 65
8. Mechanical dimensions ....................................................................................................................................... 66
4 | P a g e
www.eccel.co.uk
1. Introduction
Features
Low cost RFID Reader with MIFARE®
Classic® in 1K, 4K memory, ICODE,
MIFARE Ultralight®, MIFARE DESFire®
EV1/EV2, MIFARE Plus® support
Over-the-Air lifetime updates
Command interface via RS485
Baud rate up to 115200 bps
High transponder read and write
speed
-25°C to 85°C operating range
Multiple internal reference voltages
RoHS compliant
CE
PSE
FCC / ISED Full modular approval
Applications
Access control
Monitoring goods
Approval and monitoring
consumables
Pre-payment systems
Managing resources
Contact-less data storage systems
Evaluation and development of
RFID systems
Description
This RS485 FCC/ISED/PSE/RED approved reader is CE compliant
and has full modular approval from the FCC and ISED for use in
equipment supplied and fitted in the USA and Canada. Eccel
provides free lifetime updates via a firmware file download from
our website and programming of the unit via our free PC app using
the RS485 communication port.
in noisy environments and/or where
RS485 communications make the device suitable for industrial
applications
long
It provides multi-unit
communication
configurable addressing and integrated end of line termination
impedance selection.
lines are required.
RS485 in and out ports are provided using Molex, Pico-Clasp family
connectors.
The device provides “out of the box” RFID capability for integrating
into customer equipment. A powerful dual-core, 32-bit processor
enables easy host communication to a wide range of NFC
transponders with simple host commands and also powerful
autonomous stand-alone capability.
5 | P a g e
www.eccel.co.uk
2. Electrical specification
2.1 Absolute maximum ratings
Stresses beyond the absolute maximum ratings listed in the table below may cause permanent damage to the
device. These are stress ratings only, and do not refer to the functional operation of the device that should
follow the recommended operating conditions.
Symbol
TS
TA
VDDMAX
Parameter
Storage temperature
Ambient temperature
Supply voltage
Min
-40
-40
4.5
Table 2-1. Absolute maximum ratings
Max
+125
+85
5.5
Unit
°C
°C
V
2.2 Operating conditions
Symbol
TS
H
VDD
Parameter
Operating temperature
Humidity
Supply voltage
Table 2-2. Operating conditions
Min
-25
5
4.75
Typ
25
60
5
Max
+85
95
5.25
Unit
°C
%
V
2.3 DC characteristics (VDD = 5 V, TS = 25 °C)
Symbol
VORS485
VIRS485
Parameter
V output RS485 (RS485_TX pin)
V input RS485 (RS485_RX pin)
Min
-
-7
Typ
5
-
Max
-
+12
Unit
V
V
Table 2-3. DC characteristics
2.4 Current consumption (5V input)
Symbol
IPN_RFOFF
IPN_RFON
Parameter
RF field off
RF field on
Table 2-4. Current consumption
Typ
20
601
Max
2502
Unit
mA
mA
1 Dedicated NTag216 tag may increase current consumption up to 90mA and value depends on distance and
location between tag and antenna (higher consumption is when tag is closer to the antenna).
2 Any metal object located in electromagnetic flux will increase current consumption.
6 | P a g e
www.eccel.co.uk
3. Installation
The RS485 RFID Reader must be connected to the RS485 bus using a dedicated cable. Pinout of the connectors
is described below. The connector used on the Reader is 10 pin MOLEX 5015681007.
Devices can be connected in a chain, so one device can be connected to another one.
The maximum number of devices in a chain is four.
Figure 3-1. Connectors pinout.
GPIO_XX corresponds to GPIO33 on the MCU
GPIO_YY corresponds to GPIO21 on the MCU.
Both GPIO’s can be configured by the user as an INPUT or an OUTPUT using the RS485 interface commands
contained later in this User Manual..
Note that connectors are described as INPUT and OUTPUT but they can be used interchangeably.
The mating Molex receptacle and terminal are Molex part numbers 5013301000 and 5013340100.
7 | P a g e
www.eccel.co.uk
4. Communication interface
4.1 Overview
The RS485 RFID Reader can be controlled using a simple binary protocol available over RS485. This binary
protocol was designed to be as simple as possible to implement on the host side whilst still providing robust
communication.
The default baud rate is 115200 bps, and can be changed from 9600 up to 115200.
Other protocol settings are:
data bits: 8,
parity: None,
Stop bits: 1,
flow control: None.
4.2 Frame structure
Communication with the module is symmetric. So, frames sent to and received from the module are coded in
the same way. All frames contain fields as described in the table below. The reader should answer only to
commands with an address byte equal to its own device address.
The length of the command is the sum of the Address byte + Command body + 2 bytes CRC.
Frame STX
1-byte
0xF5
Command
length
2-bytes
Command
body length,
maximum
value 1024,
LSB
Command length
XOR
2-bytes
Address
byte
1-byte
Command body
1-byte
n-bytes
XOR with 0xFFFF
of command
length bytes, LSB
Address
byte
Command
Command
parameters
CRC16
2-bytes
Address +
Command
body CRC,
LSB
8 | P a g e
www.eccel.co.uk
4.3 CRC calculation
CRC is a 16-bit CRC-CCITT with a polynomial equal to 0x1021. The initial value is set to 0xFFFF, the input data
and the output CRC is not negated. In addition, no XOR is performed on the output value. Example C code is
shown below.
static const uint16_t CCITTCRCTable [256] = {
0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50a5,
0x60c6, 0x70e7, 0x8108, 0x9129, 0xa14a, 0xb16b,
0xc18c, 0xd1ad, 0xe1ce, 0xf1ef, 0x1231, 0x0210,
0x3273, 0x2252, 0x52b5, 0x4294, 0x72f7, 0x62d6,
0x9339, 0x8318, 0xb37b, 0xa35a, 0xd3bd, 0xc39c,
0xf3ff, 0xe3de, 0x2462, 0x3443, 0x0420, 0x1401,
0x64e6, 0x74c7, 0x44a4, 0x5485, 0xa56a, 0xb54b,
0x8528, 0x9509, 0xe5ee, 0xf5cf, 0xc5ac, 0xd58d,
0x3653, 0x2672, 0x1611, 0x0630, 0x76d7, 0x66f6,
0x5695, 0x46b4, 0xb75b, 0xa77a, 0x9719, 0x8738,
0xf7df, 0xe7fe, 0xd79d, 0xc7bc, 0x48c4, 0x58e5,
0x6886, 0x78a7, 0x0840, 0x1861, 0x2802, 0x3823,
0xc9cc, 0xd9ed, 0xe98e, 0xf9af, 0x8948, 0x9969,
0xa90a, 0xb92b, 0x5af5, 0x4ad4, 0x7ab7, 0x6a96,
0x1a71, 0x0a50, 0x3a33, 0x2a12, 0xdbfd, 0xcbdc,
0xfbbf, 0xeb9e, 0x9b79, 0x8b58, 0xbb3b, 0xab1a,
0x6ca6, 0x7c87, 0x4ce4, 0x5cc5, 0x2c22, 0x3c03,
0x0c60, 0x1c41, 0xedae, 0xfd8f, 0xcdec, 0xddcd,
0xad2a, 0xbd0b, 0x8d68, 0x9d49, 0x7e97, 0x6eb6,
0x5ed5, 0x4ef4, 0x3e13, 0x2e32, 0x1e51, 0x0e70,
0xff9f, 0xefbe, 0xdfdd, 0xcffc, 0xbf1b, 0xaf3a,
0x9f59, 0x8f78, 0x9188, 0x81a9, 0xb1ca, 0xa1eb,
0xd10c, 0xc12d, 0xf14e, 0xe16f, 0x1080, 0x00a1,
0x30c2, 0x20e3, 0x5004, 0x4025, 0x7046, 0x6067,
0x83b9, 0x9398, 0xa3fb, 0xb3da, 0xc33d, 0xd31c,
0xe37f, 0xf35e, 0x02b1, 0x1290, 0x22f3, 0x32d2,
0x4235, 0x5214, 0x6277, 0x7256, 0xb5ea, 0xa5cb,
0x95a8, 0x8589, 0xf56e, 0xe54f, 0xd52c, 0xc50d,
0x34e2, 0x24c3, 0x14a0, 0x0481, 0x7466, 0x6447,
0x5424, 0x4405, 0xa7db, 0xb7fa, 0x8799, 0x97b8,
0xe75f, 0xf77e, 0xc71d, 0xd73c, 0x26d3, 0x36f2,
9 | P a g e
www.eccel.co.uk
0x0691, 0x16b0, 0x6657, 0x7676, 0x4615, 0x5634,
0xd94c, 0xc96d, 0xf90e, 0xe92f, 0x99c8, 0x89e9,
0xb98a, 0xa9ab, 0x5844, 0x4865, 0x7806, 0x6827,
0x18c0, 0x08e1, 0x3882, 0x28a3, 0xcb7d, 0xdb5c,
0xeb3f, 0xfb1e, 0x8bf9, 0x9bd8, 0xabbb, 0xbb9a,
0x4a75, 0x5a54, 0x6a37, 0x7a16, 0x0af1, 0x1ad0,
0x2ab3, 0x3a92, 0xfd2e, 0xed0f, 0xdd6c, 0xcd4d,
0xbdaa, 0xad8b, 0x9de8, 0x8dc9, 0x7c26, 0x6c07,
0x5c64, 0x4c45, 0x3ca2, 0x2c83, 0x1ce0, 0x0cc1,
0xef1f, 0xff3e, 0xcf5d, 0xdf7c, 0xaf9b, 0xbfba,
0x8fd9, 0x9ff8, 0x6e17, 0x7e36, 0x4e55, 0x5e74,
0x2e93, 0x3eb2, 0x0ed1, 0x1ef0 };
static uint16_t GetCCITTCRC(const uint8_t* Data, uint32_t Size) {
uint16_t CRC;
uint16_t Temp;
uint32_t Index;
if (Size == 0) {
return 0;
}
CRC = 0xFFFF;
for (Index = 0; Index < Size; Index++){
Temp = (uint16_t)( (CRC >> 8) ^ Data[Index] ) & 0x00FF;
CRC = CCITTCRCTable[Temp] ^ (CRC << 8);
}
return CRC;
}
10 | P a g e
www.eccel.co.uk
4.4 Automatic addressing
The device provides automatic addressing for boards connected together in the chain.
The procedure requires modified tags with information containing the address and RS485 line termination
information.
It’s recommended to enable termination on the last reader in the chain.
The procedure is as below:
1. At power up, the Reader discovers nearby tags.
2. The Reader should read (header size) bytes from each discovered tag until it finds an address tag. Verify
3.
4.
5.
the header CRC.
If any address tags are discovered containing valid configuration data (address and termination) in its
payload, the Reader will store that configuration in NVM (non-volatile memory) and blink the status LED
green.
If after 2 seconds no nearby address tags containing valid configuration payloads are discovered, load
configuration data from non-volatile memory (NVM) if such data exists, and blink the LED white.
If no configuration data exists in NVM, The Reader will load the default configuration (address: 0x80,
termination: ON) and blink the LED red.
11 | P a g e
www.eccel.co.uk
5. Commands list
Commands are exchanged with the module using the protocol described above. All frames contain a command
byte and command arguments. Depending upon the command, arguments can be optional, so a command
length can be in the range from 1-1024 bytes.
5.1 Generic commands
5.1.1 Acknowledge frame (0x00)
This is the response message from the module to the host. This frame always contains 1-byte with command
ID and optional arguments.
Command description
Argument
Command ID
Related command ID
Other parameters
Size
1
1
n
Example:
Value Description
0x00
X
Related command code
Depending on the requested command this parameter is n-bytes
long and contains parameters
X
HOST=>READER: 0x02 – GET_TAG_COUNT command
READER=>HOST: 0x00 - ACK byte
0x02 - related command code GET_TAG_COUNT
0x01 – argument for GET_TAG_COUNT – 0x01 – one tag
detected
5.1.2 Error response (0xFF)
In case of any problems with executing the command, the device can send back ERROR response with error
number returned by the RFID chip. The most common errors are described below.
If the host sends an Error frame without argument to the reader, then repeat last frame.
Argument
ACK
Command ID
(optional)
Example:
Command description
Size
1
1
Value Description
0x00
0x01
DUMMY_COMMAND
HOST=>READER: 0xFF – Error byte
READER=>HOST: XX XX XX … - last command send to the host
Example:
READER=>HOST: 0xFF – Error byte
0x01 - related command code DUMMY_COMMAND
0x02 – layer byte
0x01 – Error number
12 | P a g e
www.eccel.co.uk
Error list:
0x01 - No reply received, e.g. PICC removal
0x02 - Wrong CRC or parity detected
0x03 - A collision occurred
0x04 - Attempt to write beyond buffer size
0x05 - Invalid frame format
0x06 - Received response violates protocol
0x07 - Authentication error
0x08 - A Read or Write error occurred in RAM/ROM or Flash
0x09 - The RC sensors signal over heating
0x0A - Error due to RF.
0x0B - An error occurred in RC communication
0x0C - A length error occurred
0x0D - An resource error
0x0E - TX Rejected sanely by the counterpart
0x0F - RX request Rejected sanely by the counterpart
0x10 - Error due to External RF
0x11 - EMVCo EMD Noise Error
0x12 - Used when HAL ShutDown is called
0x20 - Invalid data parameters supplied (layer id check failed)
0x21 - Invalid parameter supplied
0x22 - Reading/Writing a parameter would produce an overflow
0x23 - Parameter not supported
0x24 - Command not supported
0x25 - Condition of use not satisfied
0x26 - key error occurred
0x7F - An internal error occurred
5.1.3 Dummy command (0x01)
This command takes no arguments. It is used to check that the module alive. The module replies to this
command with an ACK response and no optional parameters.
Argument
Command ID
Size
1
Value Description
0x01 DUMMY_COMMAND
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x01 DUMMY_COMMAND
HOST=>READER: 0x01 –DUMMY_COMMAND
READER=>HOST: 0x00 - ACK byte
0x01 - related command code DUMMY_COMMAND
13 | P a g e
www.eccel.co.uk
5.1.4 Get tag count (0x02)
The command send to the module to read how many TAGS are in range of the antenna no matter which
technology of tag, so it returns the total amount present of all supported tag types. The maximum number
for this standard discovery loop is 5. If you want to perform a full inventory command for ICODE tag types
please refer to ICODE_INVENTORY_xxx commands.
After this command, the module holds all UID’s and basic information about TAGs present in volatile memory
and the user can read it using the GET_TAG_UID command.
Argument
Command ID
Size
1
Value Description
0x02 GET_TAG_COUNT
Command description
ACK
Command ID
TAG count
Example:
Response description
0x00
0x02 GET_TAG_COUNT
X
Maximum discovered tags is 5
1
1
1
HOST=>READER: 0x02 – GET_TAG_COUNT
READER=>HOST: 0x00 - ACK byte
0x02 - related command code GET_TAG_COUNT
0x01 – number of tags in range
5.1.5 Get tag UID (0x03)
This command should be executed after GET_TAG_COUNT frame to read information about the tag.
Argument
Command ID
TAG idx
ACK
Command ID
Command description
Size
1
Value Description
0x03 GET_TAG_UID
1
1
1
X
TAG index in module memory, must me less than number of tags
reported by GET_TAG_COUNT command
Response description
0x00
0x03 GET_TAG_UID
TAG type
1
X
0x01 - MIFARE Ultralight
0x02 - MIFARE Ultralight-C
0x03 - MIFARE Classic
0x04 - MIFARE Classic 1k
0x05 - MIFARE Classic 4k
0x06 - MIFARE Plus
0x07 - MIFARE Plus 2k
0x08 - MIFARE Plus 4k
0x09 - MIFARE Plus 2k sl2
0x0A - MIFARE Plus 4k sl2
0x0B - MIFARE Plus 2k sl3
0x0C - MIFARE Plus 4k sl3
0x0D - MIFARE DESFire
14 | P a g e
www.eccel.co.uk
0x0F - JCOP
0x10 – MIFARE Mini
0x21 – ICODE Sli
0x22 – ICODE Sli-S
0x23 – ICODE Sli-L
0x24 – ICODE Slix
0x25 – ICODE Slix-S
0x26 – ICODE Slix-X
0x27 – ICODE Slix2
0x28 – ICODE DNA
SAK - byte for MIFARE family tags
DSFID - byte for ICODE family tags
UID bytes. Max length is 8.
TAG parameter
UID
Example:
1
N
X
X
HOST=>READER: 0x03 – GET_TAG_UID
0x00 – TAG idx
READER=>HOST: 0x00 - ACK byte
0x03 - related command code GET_TAG_UID
0x01 – MIFARE tag type
0x20 – tag parameter:
SAK byte for MIFARE family tags
DSFID byte for ICODE family tags
0x74 0x54 0x12 0x65 – tag UID bytes
5.1.6 Activate TAG (0x04)
The command activates a TAG after the discovery loop if more than one TAG is detected.
Command description
Value Description
0x04
ACTIVATE_TAG
TAG index in module memory, must me less than number of tags
reported by GET_TAG_COUNT command
Argument
Command ID
TAG idx
ACK
Command ID
Example:
Size
1
1
1
1
X
0x00
0x04
Response description
ACTIVATE_TAG
HOST=>READER: 0x04 – ACTIVATE_TAG
0x00 – TAG idx
READER=>HOST: 0x00 - ACK byte
0x04 - related command code ACTIVATE_TAG
15 | P a g e
www.eccel.co.uk
5.1.7 Halt (0x05)
The Halt command takes no arguments. It halts the tag and turns off the RF field. It must be executed at the
end of each operation on a tag to disable the antenna and reduce the power consumption.
Argument
Command ID
ACK
Command ID
Example:
Command description
Size
1
Value Description
0x05 HALT
Response description
1
1
0x00
0x05 HALT
HOST=>READER: 0x05 – HALT
READER=>HOST: 0x00 - ACK byte
0x05 - related command code HALT
5.1.8 Set key (0x06)
This command sets a KEY in Key Storage Memory on a selected slot. Set key can be used for all RFID functions
needing authorization like e.g. READ/WRITE memory on the TAG etc. This command changes a key in volatile
memory, so if the user wants to save it permanently and load automatically after boot-up, then the user should
use the CMD_SAVE_KEYS command.
Argument
Command ID
Key number
Size
1
1
Value
0x06
0-4
Key type
1
0 – 6
Key
12-32
X
Command description
Description
SET_KEY
Key number in Key Storage Memory.
0x00 - AES 128 Key. (length = 16 bytes)
0x01 - AES 192 Key. (length = 24 bytes)
0x02 - AES 256 Key. (length = 32 bytes)
0x03 - DES Single Key. (length = 16 bytes)
0x04 - 2 Key Triple Des. (length = 16 bytes)
0x05 - 3 Key Triple Des. (length = 24 bytes)
0x06 - MIFARE (R) Key. (length = 12 bytes, key A+B)
Key bytes. Length must match to the type.
Response description
ACK
Command ID
Example:
1
1
0x00
0x06
SET_KEY
HOST=>READER: 0x06 – SET_KEY
0x00 – Key number
0x06 – MIFARE key type
0x00 0x00 0x00 0x00 0x00 0x00
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF – Key bytes
READER=>HOST: 0x00 - ACK byte
0x06 - related command code SET_KEY
16 | P a g e
www.eccel.co.uk
5.1.9 Save keys (0x07)
This command should be called if the user wants to save keys changed using the SET_KEY command in the
module non-volatile memory. Saved keys will be automatically loaded after power up or reboot.
Argument
Command ID
ACK
Command ID
Example:
Command description
Size
1
Value Description
SAVE_KEYS
0x07
Response description
1
1
0x00
0x07
SAVE_KEYS
HOST=>READER: 0x07 – SAVE_KEYS
READER=>HOST: 0x00 - ACK byte
0x07 - related command code SAVE_KEYS
5.1.10 Reboot (0x08)
This command requests a software reboot for the reader. After this command the device will not accept any
protocol commands for 1 second.
Argument
Command ID
ACK
Command ID
Example:
Command description
Size
1
Value Description
0x08
REBOOT
Response description
1
1
0x00
0x08
REBOOT
HOST=>READER: 0x08 – REBOOT
READER=>HOST: 0x00 – ACK byte
0x08 – related command code REBOOT
5.1.11 Get version (0x09)
This command requests a version string from the device.
Argument
Command ID
Size
1
Value Description
0x09 GET_VERSION
Command description
ACK
Command ID
Version string
1
1
X
Response description
0x00
0x09 GET_VERSION
X
Version string, contains major and minor version and build data
and time e.g.: 1.1 Jan 18 2019 15:35:03
17 | P a g e
www.eccel.co.uk
Example:
HOST=>READER: 0x09 – GET_VERSION
READER=>HOST: 0x00 – ACK byte
0x09 – related command code GET_VERSION
0x31 0x2e 0x31 0x20 0x4a 0x61 0x6e 0x20
0x31 0x38 0x20 0x32 0x30 0x31 0x39 0x20
0x31 0x35 0x3a 0x33 0x35 0x3a 0x30 0x33 – version
string bytes
5.1.12 Get hardware version (0x0A)
This command requests a hardware version string from the device.
Argument
Command ID
Size
1
Value Description
0x0A GET_HW_VERSION
Command description
ACK
Command ID
Version string
Example:
1
1
X
Response description
0x00
0x0A GET_HW_VERSION
X
Version string, contains product name and major and minor
hardware revision e.g.: RS485_v1.0
HOST=>READER: 0x0A – GET_HW_VERSION
READER=>HOST: 0x00 – ACK byte
0x0A – related command code GET_HW_VERSION
0x42 0x69 0x6f 0x52 0x61 0x64 0x5f 0x52 0x53 0x34
0x35 0x5f 0x76 0x31 0x2e 0x30 – version string bytes
5.1.13 Set communication settings (0x0B)
This command sets the new communication settings of the RS485 bus. The reader sends an ACK using the old
settings, then sets the new RS485 communication parameters. The command also includes information about
bus termination. If the termination byte is set to 0x01, the reader must terminate the bus. The host application
should wait at least 500ms before sending another command. The new RS485 module own address is stored
in NVM.
Command description
Argument
Command ID
Size
1
Value Description
0x0B
Baudrate ID
1
X
SET_COMM_SETTINGS
0x00 – 4800kbps
0x01 – 9600kbps
0x02 - 19200 kbps
0x03 - 38400 kbps
0x04 - 57600 kbps
0x05 - 115200 kbps (factory default)
18 | P a g e
www.eccel.co.uk
Bus address
Termination
Short name
ACK
Command ID
Example:
1
1
4
1
1
X
X
X
Bus address byte. Default value is 0x80
0x00 – termination disabled
0x01 – termination enabled
Four ASCII bytes with device description
Response description
0x00
0x0B
SET_COMM_SETTINGS
HOST=>READER: 0x0B – SET_COMM_SETTINGS
0x05 – baudrate 115200
0x81 – new RS485 module own address
0x01 – termination
0x31 0x32 0x33 -x34 – Short name
READER=>HOST: 0x00 – ACK byte
0x0B – related command code SET_COMM_SETTINGS
5.1.14 Get communication settings (0x0C)
This command gets communication settings.
Argument
Command ID
ACK
Command ID
Baudrate ID
Bus address
Termination
Short name
Example:
Command description
Size
1
Value Description
0x0C GET_COMM_SETTINGS
Response description
1
1
1
1
1
4
X
0x00
0x0C GET_COMM_SETTINGS
0x00 – 4800kbps
0x01 – 9600kbps
0x02 - 19200 kbps
0x03 - 38400 kbps
0x04 - 57600 kbps
0x05 - 115200 kbps (factory default)
Bus address byte. Default value is 0x80
0x00 – termination disabled
0x01 – termination enabled
Four ASCII bytes with device description
X
X
X
HOST=>READER: 0x0C – GET_COMM_SETTINGS
READER=>HOST: 0x00 – ACK byte
0x0C – related command code GET_COMM_SETTINGS
0x05 – baudrate 115200
0x81 – bus address 0x81
0x01 – termination enabled
0x31 0x32 0x33 -x34 – Short name
19 | P a g e
www.eccel.co.uk
5.1.15 Reset to factory defaults (0x0D)
This command resets settings to factory default. The reader sends an ACK using the old settings, then reboots.
The host application should wait at least 1000ms before sending another command.
Argument
Command ID
Size
1
Value Description
0x0D FACTORY_RESET
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x0D FACTORY_RESET
HOST=>READER: 0x0D – FACTORY_RESET
READER=>HOST: 0x00 – ACK byte
0x0D – related command code FACTORY_RESET
5.1.16 Set LED (0x0E)
This command turns on/off the external LED. If the On/Off flag is set to 2, then the host must provide a timeout
for the LED (two bytes LSB). The device turns on the LED for the specified timeout and then turns it off.
Command description
Argument
Command ID
On/Off flag
On timeout
ACK
Command ID
Example:
Size
1
1
2
1
1
Value Description
0x0E
SET_LED
2 – turn on for specified timeout
1 – turn on LED
0 – turn off LED
Unsigned 16-bit timeout value (LSB first) in milliseconds
X
X
Response description
0x00
0x0E
SET_LED
HOST=>READER: 0x0E – SET_LED
0x01 – LED on
READER=>HOST: 0x00 - ACK byte
0x0E - related command code SET_LED
20 | P a g e
www.eccel.co.uk
5.2 Firmware commands
The reader supports firmware upgrades. To perform a firmware upgrade, the user must execute the following
commands.
5.2.1 Jump to bootloader (0xF1)
This command should be executed as the first frame in a firmware upgrade sequence. When the device
receives this command, it reboots and stays in the bootloader application. After this step, the device will not
be able to boot the main application until it is uploaded again to the device. The host application can execute
the next command after 500ms. It is good practise to send the GET_VERSION command after this one to verify
that the device is already in bootloader mode. The GET_VERSION string frame for the bootloader application
contains the standard version string with an extra string “BOOTLOADER”.
Argument
Command ID
ACK
Command ID
Example:
Command description
Size
1
Value Description
0xF1
JUMP_TO_BOOTLOADER
Response description
1
1
0x00
0xF1
JUMP_TO_BOOTLOADER
HOST=>READER: 0xF1 – JUMP_TO_BOOTLOADER
READER=>HOST: 0x00 – ACK byte
0xF1 – related command code JUMP_TO_BOOTLOADER
5.2.2 Firmware start frame (0xF2)
This command is only supported when the device is running the bootloader application. This command must
be executed to clear device flash before writing the new application firmware. The device responds with an
ACK frame when the command is finished, and usually it takes about 3seconds.
Argument
Command ID
Size
1
Value Description
0xF2
FIRMWARE_START
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0xF2
FIRMWARE_START
HOST=>READER: 0xF2 – FIRMWARE_START
READER=>HOST: 0x00 – ACK byte
0xF2 – related command code FIRMWARE_START
21 | P a g e
www.eccel.co.uk
5.2.3 Firmware frame (0xF4)
When the device is running the bootloader application and FIRMWARE START has already been executed, the
host application can upload binary firmware file in chunks that are 256 bytes long (the last frame can be
smaller).
Argument
Command ID
Firmware bytes
Size
1
Max.
256
Command description
Value Description
0xF3
FIRMWARE_FRAME
Firmware bytes in chunks 256bytes long.
ACK
Command ID
Example:
Response description
1
1
0x00
0xF3
FIRMWARE_FRAME
HOST=>READER: 0xF3 – FIRMWARE_FRAME
0x34 0x67 … 0x45 – firmware bytes
READER=>HOST: 0x00 – ACK byte
0xF3 – related command code FIRMWARE_START
5.2.4 Firmware finish frame (0xF4)
This command is only supported when the device is running the bootloader application. The command must
be executed after all firmware frames are written to the device. The bootloader application checks the
integrity of the application and runs it. The host application can execute the next command after 500ms. It is
good practise to send the GET_VERSION command after this one to verify that the new version is already
running on the device.
Argument
Command ID
Size
1
Value Description
0xF4
FIRMWARE_FINISH
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0xF4
FIRMWARE_FINISH
HOST=>READER: 0xF4 – FIRMWARE_FINISH
READER=>HOST: 0x00 – ACK byte
0xF4 – related command code FIRMWARE_FINISH
22 | P a g e
www.eccel.co.uk
5.3 MIFARE Classics commands
This set of commands should be performed on MIFARE Classics tags.
5.3.1 Read block (0x20)
The read block command should be used to read data from the tag. It takes as arguments the block number
of the first block to read, the number of blocks to read, the key A or B parameter, and the key number in key
storage. The returned ACK answer contains data read from the specified tag memory. The number of bytes of
this data is MIFARE Classic block size (16) multiplied by the number of blocks to be read.
Argument
Command ID
Block number
Number of blocks
Key A/B parameter
Key number
ACK
Command ID
Size
1
1
1
1
1
1
1
Command description
Value Description
0x20 MF_READ_BLOCK
X
Y
X
0-4
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Response description
0x00
0x20 MF_READ_BLOCK
Read data
Y*16
XXX
Bytes read from the tag. Number of bytes is number of requested
blocks multiplied by 16.
Example:
HOST=>READER: 0x20 – MF_READ_BLOCK
0x02 – block number 2
0x02 – two blocks to read
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
READER=>HOST: 0x00 – ACK byte
0x20 – related command code MF_READ_BLOCK
0x01 0x2e 0x41 0x22 0x43 0x11 0x8e 0x20
0x31 0x38 0x20 0x32 0x30 0x31 0x39 0x41
0x81 0x23 0x42 0x28 0x33 0x01 0x8e 0x72
0x31 0x35 0x3a 0x33 0x35 0x3a 0x30 0x33 – 32 bytes
result
5.3.2 Write block (0x21)
The write block command should be used to write data to the tag. It takes as arguments the block number of
the first block to write, the number of blocks to write, the key A or B parameter, the key number in key storage,
and the bytes to be written. The number of bytes to be written must be exactly the number of blocks to write
multiplied by 16. If the host receives an ACK without any errors means the write process was successful and
the data was read back and verified as correct by the reader.
23 | P a g e
www.eccel.co.uk
Command description
Value Description
0x21 MF_WRITE_BLOCK
Argument
Command ID
Block number
Number of blocks
Key A/B parameter
Key number
Size
1
1
1
1
1
X
Y
X
0-4
Bytes to write
Y*16
XXX
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Bytes to write. Number of this bytes must be number of requested
blocks multiplied by 16.
Response description
ACK
Command ID
Example:
1
1
0x00
0x21 MF_WRITE_BLOCK
HOST=>READER: 0x21 – MF_WRITE_BLOCK
0x02 – block number 2
0x02 – two blocks to write
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
0x01 0x2e 0x41 0x22 0x43 0x11 0x8e 0x20
0x31 0x38 0x20 0x32 0x30 0x31 0x39 0x41
0x81 0x23 0x42 0x28 0x33 0x01 0x8e 0x72
0x31 0x35 0x3a 0x33 0x35 0x3a 0x30 0x33 – 32 bytes to
write
READER=>HOST: 0x00 – ACK byte
0x21 – related command code MF_WRITE_BLOCK
5.3.3 Read value (0x22)
This command should be used to read a value from the tag. It takes as arguments the block number where the
value is stored, the key A or B parameter, and the key number in key storage. The returned ACK response
contains a value as a signed 32-bit value (LSB first) and an address byte as an unsigned 8bit value.
Size
1
1
1
1
1
1
4
1
Argument
Command ID
Block number
Key A/B parameter
Key number
ACK
Command ID
Value
Address
24 | P a g e
Command description
Value Description
0x22 MF_READ_VALUE
X
X
0-4
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Response description
0x00
0x22 MF_READ_VALUE
X
X
Signed 32-bit value (LSB first)
Address byte
www.eccel.co.uk
Example:
HOST=>READER: 0x22 – MF_READ_VALUE
0x02 – block number 2
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
READER=>HOST: 0x00 – ACK byte
0x22 – related command code MF_READ_BLOCK
0x00 0x00 0x00 0x01 – value
0x01 – address byte
5.3.4 Write value (0x23)
This command should be used to write a value to the tag. It takes as arguments the block number where the
value should be stored, the key A or B parameter, the key number in key storage, a value (signed 32-bit LSB
first) as 4 bytes, and an address byte (unsigned 8-bit value).
Argument
Command ID
Block number
Key A/B parameter
Key number
Value
Address
ACK
Command ID
Example:
Size
1
1
1
1
4
1
1
1
Command description
Value Description
0x23 MF_WRITE_VALUE
X
X
0-4
X
X
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Signed 32-bit value (LSB first)
Address byte
Response description
0x00
0x23 MF_WRITE_VALUE
HOST=>READER: 0x23 – MF_WRITE_VALUE
0x02 – block number 2
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
0x00 0x00 0x00 0x01 – value
0x01 – address byte
READER=>HOST: 0x00 – ACK byte
0x23 – related command code MF_WRITE_BLOCK
5.3.5 Increment/decrement value (0x24)
This command should be used to increment or decrement a value stored in the tag memory. It takes as
arguments the block number where the value is stored, the key A or B parameter, the key number in key
storage, value (signed 32-bit LSB first) as 4 bytes to increment or decrement, and the increment/decrement
flag.
25 | P a g e
www.eccel.co.uk
Argument
Command ID
Block number
Key A/B parameter
Key number
Delta value
Increment/Decrement
ACK
Command ID
Example:
Size
1
1
1
1
4
1
1
1
Command description
Value Description
0x24 MF_INCREMENT_VALUE
X
X
0-4
X
X
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Signed 32-bit value (LSB first)
0x00 – Decrement by delta value
0x01 – Increment by delta value
Response description
0x00
0x24 MF_INCREMENT_VALUE
HOST=>READER: 0x24 – MF_INCREMENT_VALUE
0x02 – block number 2
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
0x00 0x00 0x00 0x01 – delta value
0x01 – increment flag
READER=>HOST: 0x00 – ACK byte
0x24 – related command code MF_INCREMENT_BLOCK
5.3.6 Transfer value (0x25)
This command should be used to transfer a value from a volatile register on the tag to the block being
addressed. It takes as arguments the block number where the value should be stored, the key A or B
parameter, the key number in key storage.
Argument
Command ID
Block number
Key A/B parameter
Key number
ACK
Command ID
Example:
Size
1
1
1
1
1
1
Command description
Value Description
0x25 MF_TRANSFER_VALUE
X
X
0-4
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Response description
0x00
0x25 MF_TRANSFER_VALUE
HOST=>READER: 0x25 – MF_TRANSFER_VALUE
0x02 – block number 2
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
READER=>HOST: 0x00 – ACK byte
0x25 – related command code MF_TRANSFER_BLOCK
26 | P a g e
www.eccel.co.uk
5.3.7 Restore value (0x26)
This command should be used to restore a value to a volatile register on the tag from the block being
addressed. It takes as arguments the block number where the value is stored, the key A or B parameter, key
number in key storage.
Argument
Command ID
Block number
Key A/B parameter
Key number
ACK
Command ID
Example:
Size
1
1
1
1
1
1
Command description
Value Description
0x26 MF_RESTORE_VALUE
X
X
0-4
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Response description
0x00
0x26 MF_ RESTORE _VALUE
HOST=>READER: 0x26 – MF_RESTORE_VALUE
0x02 – block number 2
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
READER=>HOST: 0x00 – ACK byte
0x26 – related command code MF_RESTORE_BLOCK
5.3.8 Transfer-Restore value (0x27)
This command performs a Restore-Transfer command sequence on the tag. It takes as arguments the block
number to be decremented, the block number to be transferred to, the key A or B parameter, the key number
in key storage. This command has the same functionality as the read value command, except that it can be
used on a block which is corrupted – it tries to recover data from a corrupted block. The format of a value-
type block allows for some bits to be corrupted and it still be possible to read and recover the proper value
Argument
Command ID
Source block number
Destination block
number
Key A/B parameter
Key number
ACK
Command ID
Command description
Size
1
1
Value Description
0x27 MF_TRANSFER_RESTORE_VALUE
Block number to be decremented
X
1
1
1
1
1
X
X
0-4
Block number to be transferred to
0x0A – Key A should be selected from key storage
0x0B – Key B should be selected from key storage
Key number in key storage
Response description
0x00
0x27 MF_ TRANSFER_RESTORE _VALUE
27 | P a g e
www.eccel.co.uk
Example:
HOST=>READER: 0x27 – MF_TRANSFER_RESTORE_VALUE
0x02 – source block number 2
0x03 – destination block number 3
0x0A – key A should be selected from key storage
0x00 – first key should be selected from key storage
READER=>HOST: 0x00 – ACK byte
0x27 – related command code MF_TRANSFER_RESTORE_BLOCK
28 | P a g e
www.eccel.co.uk
5.4 MIFARE Ultralight commands
This set of commands should be performed on MIFARE Ultralight tags.
5.4.1 Read page (0x40)
The read page command should be used to read data stored in tag pages. It takes as arguments the page
number of the first page to be read, and the number of pages to be read. The returned ACK answer contains
data read from the specified tag memory. The number of bytes of this data is MIFARE Ultralight page size (4)
multiplied by the number of pages to be read.
Argument
Command ID
Page number
Number of pages
Size
1
1
1
Command description
Value Description
0x40 MFU_READ_PAGE
X
Y
ACK
Command ID
Read data
Example:
Response description
1
1
0x00
0x40 MFU_READ_PAGE
Y*4
XXX
Bytes read from the tag. Number of bytes is number of requested
pages multiplied by 4.
HOST=>READER: 0x40 – MFU_READ_PAGE
0x02 – page number 2
0x02 – two pages to read
READER=>HOST: 0x00 – ACK byte
0x40 – related command code MFU_READ_PAGE
0x31 0x35 0x3a 0x33 0x35 0x3a 0x30 0x33 – 8 bytes result
5.4.2 Write page (0x41)
The write page command should be used to write data to the tag. It takes as arguments the page number of
the first page to write, the number of pages to write, and the bytes to be written. The number of bytes to be
written must be exactly the number of pages to write multiplied by 4. If the host receives an ACK without any
errors means the write process was successful and the data was read back and verified as correct by the reader.
Argument
Command ID
Page number
Number of pages
Bytes to write
Size
1
1
1
Y*4
Command description
Value Description
0x41 MFU_WRITE_PAGE
X
Y
XXX
Bytes to write. Number of this bytes must be number of requested
pages multiplied by 4.
Response description
1
1
0x00
0x41 MFU_WRITE_PAGE
ACK
Command ID
Example:
29 | P a g e
www.eccel.co.uk
HOST=>READER: 0x41 – MFU_WRITE_PAGE
0x02 – page number 2
0x02 – two pages to write
0x31 0x35 0x3a 0x33 0x35 0x3a 0x30 0x33 – 32 bytes to write
READER=>HOST: 0x00 – ACK byte
0x41 – related command code MFU_WRITE_PAGE
5.4.3 Get version (0x42)
This command requests a version string from the TAG. The returned ACK answer consists of 8-bytes containing
the version information defined by the NXP standard. Please refer to the NXP documentation for more
information.
Argument
Command ID
Size
1
Value Description
0x42 MFU_GET_VERSION
Command description
ACK
Command ID
Version bytes
Example:
Response description
1
1
8
0x00
0x42 MFU_GET_VERSION
X
Version bytes from the TAG
HOST=>READER: 0x42 – MFU_GET_VERSION
READER=>HOST: 0x00 – ACK byte
0x42 – related command code MFU_GET_VERSION
0x31 0x35 0x3a 0x33 0x35 0x3a 0x30 0x33 – version bytes
5.4.4 Read signature (0x43)
This command requests a version string from the device. The returned ACK answer contains 32-bytes with ECC
signature defined by the NXP standard. Please refer to the NXP documentation for more information.
Argument
Command ID
ACK
Command ID
Version bytes
Example:
Command description
Value Description
0x43 MFU_READ_SIGNATURE
Response description
0x00
0x43 MFU_READ_SIGNATURE
X
Signature bytes from the TAG
Size
1
1
1
32
HOST=>READER: 0x43 – MFU_READ_SIGNATURE
READER=>HOST: 0x00 – ACK byte
0x43 – related command code MFU_READ_SIGNATURE
0x01 0x2e 0x41 0x22 0x43 0x11 0x8e 0x20
0x31 0x38 0x20 0x32 0x30 0x31 0x39 0x41
0x81 0x23 0x42 0x28 0x33 0x01 0x8e 0x72
0x31 0x35 0x3a 0x33 0x35 0x3a 0x30 0x33 – signature bytes
30 | P a g e
www.eccel.co.uk
5.4.5 Write signature (0x44)
This command writes the signature information to the MIFARE Ultralight Nano TAG. It takes as arguments
relative page location of the signature part to be written and four bytes of signature value to be written.
Argument
Command ID
Relative page
address
Bytes to write
ACK
Command ID
Example:
Command description
Size
1
Value Description
0x44 MFU_WRITE_SIGNATURE
1
4
1
1
X
XXX
Relative page location of the signature part to be written
Bytes of signature value to be written to the specified relative
page address
Response description
0x00
0x44 MFU_WRITE_ SIGNATURE
HOST=>READER: 0x44 – MFU_WRITE_SIGNATURE
0x00 – relative page number 0
0x35 0x3a 0x30 0x33 – 4 bytes to write
READER=>HOST: 0x00 – ACK byte
0x44 – related command code MFU_WRITE_SIGNATURE
5.4.6 Lock signature (0x45)
This command locks the signature temporarily or permanently based on the information provided in the API.
The locking and unlocking of the signature can be performed using this command if the signature is not locked
or temporary locked. If the signature is permanently locked, then unlocking can’t be done.
Argument
Command ID
Lock mode
ACK
Command ID
Example:
Command description
Value Description
0x45 MFU_LOCK_SIGNATURE
0x00 – Unlock
0x01 – Lock
0x02 – Permanent lock
Response description
X
0x00
0x45 MFU_LOCK_SIGNATURE
Size
1
1
1
1
HOST=>READER: 0x45 – MFU_LOCK_SIGNATURE
0x02 – permanent lock
READER=>HOST: 0x00 – ACK byte
0x45 – related command code MFU_LOCK_SIGNATURE
5.4.7 Read counter (0x46)
This command should be used to read a counter from the TAG. It takes as arguments the counter number. The
returned ACK response contains a value as a signed 24-bit value (LSB first).
31 | P a g e
www.eccel.co.uk
Argument
Command ID
Counter number
Size
1
1
Value Description
0x46 MFU_READ_COUNTER
Counter number
0-2
Command description
ACK
Command ID
Counter value
Example:
Response description
0x00
0x46 MFU_READ_COUNTER
X
Unsigned 24-bit value, LSB first
1
1
3
HOST=>READER: 0x46 – MFU_READ_COUNTER
0x01 – counter number
READER=>HOST: 0x00 – ACK byte
0x46 – related command code MFU_READ_COUNTER
0x00 0x00 0x01 – value
5.4.8 Increment counter (0x47)
This command should be used to increment a counter stored in the tag memory. It takes as arguments the
counter number and increment value (24-bit value LSB first) as 3 bytes.
Argument
Command ID
Counter number
Increment value
ACK
Command ID
Example:
Command description
Size
1
1
3
Value Description
0x47 MFU_INCREMENT_COUNTER
0-2
X
Counter number
Unsigned 24-bit value (LSB first)
Response description
1
1
0x00
0x47 MFU_INCREMENT_COUNTER
HOST=>READER: 0x47 – MFU_INCREMENT_COUNTER
0x02 – block number 2
0x00 0x00 0x01 – increment value
READER=>HOST: 0x00 – ACK byte
0x47 – related command code MFU_INCREMENT_COUNTER
5.4.9 Password auth (0x48)
This command tries to authenticate the tag using the chosen password. It takes as an argument a password as
four bytes. The returned ACK response contains two bytes of password acknowledge (PACK).
Command description
Argument
Command ID
Counter number
Size
1
4
Value Description
0x48 MFU_PASSWORD_AUTH
4-bytes password
X
Response description
32 | P a g e
www.eccel.co.uk
ACK
Command ID
PACK
Example:
1
1
2
0x00
0x48 MFU_PASSWORD_AUTH
X
Password acknowledge bytes
HOST=>READER: 0x48 – MFU_PASSWORD_AUTH
0x00 0x00 0x00 0x00 – password
READER=>HOST: 0x00 – ACK byte
0x48 – related command code MFU_PASSWORD_AUTH
0x00 0x00 – password acknowledge bytes
5.4.10 Ultralight-C authenticate (0x49)
This command tries to authenticate the MIFARE Ultralight-C tag using the password stored in the key storage.
It takes as an argument one byte with the key number in the key storage.
Argument
Command ID
Key number
ACK
Command ID
Example:
Command description
Size
1
1
Value Description
0x49 MFUC_AUTHENTICATE
0-4
Key number in key storage
Response description
1
1
0x00
0x49 MFUC_AUTHENTICATE
HOST=>READER: 0x49 – MFUC_AUTHENTICATE
0x00 – key number
READER=>HOST: 0x00 – ACK byte
0x49 – related command code MFUC_AUTHENTICATE
5.4.11 Check Tearing Event (0x4A)
The Check Tearing Event command takes as arguments one byte with the counter number. This command
checks whether there was a tearing event in the counter. The returned ACK response contains result byte. The
value ‘0x00’ is returned if there has been no tearing event, and ‘0x01’ is returned if a tearing event occurred.
Please refer to the NXP documentation for more information.
Argument
Command ID
Key number
ACK
Command ID
Example:
Command description
Size
1
1
Value Description
0x4A MFU_CHECKEVENT
0-4
Key number in key storage
Response description
1
1
0x00
0x4A MFU_CHECKEVENT
HOST=>READER: 0x4A – MFU_CHECKEVENT
0x00 – counter number
READER=>HOST: 0x00 – ACK byte
33 | P a g e
www.eccel.co.uk
0x4A – related command code MFU_CHECKEVENT
0x01 – tearing event occurred
34 | P a g e
www.eccel.co.uk
5.5 MIFARE DESFire commands
This set of commands should be performed on MIFARE DESFire tags.
5.5.1 Get version (0x60)
This command requests version information from the tag. The returned ACK answer contains 28-bytes with
version information.
Argument
Command ID
Size
1
Value Description
0x60 MFDF_GET_VERSION
Command description
ACK
Command ID
Read data
Example:
Response description
1
1
28
0x00
0x60 MFDF_GET_VERSION
XXX
Version bytes read from the tag
HOST=>READER:
0x60 – MFDF_GET_VERSION
READER=>HOST:
0x60 – related command code MFDF_GET_VERSION
0x00 – ACK byte
0x01 0x2e 0x41 0x22 0x43 0x11 0x8e 0x20
0x31 0x38 0x20 0x32 0x30 0x31 0x39 0x41
0x81 0x23 0x42 0x28 0x33 0x01 0x8e 0x72
0x31 0x35 0x3a 0x33 – 28 bytes result
5.5.2 Select application (0x61)
This command requests select application operation on the tag. Takes as argument 3-byes containing AID.
Argument
Command ID
AID
ACK
Command ID
Example:
Command description
Size
1
3
Value Description
0x61 MFDF_GET_VERSION
Application ID
X
Response description
1
1
0x00
0x61 MFDF_GET_VERSION
HOST=>READER: 0x61 – MFDF_SELECT_APP
0x01 0x02 0x03 – 3 bytes AID
READER=>HOST: 0x00 – ACK byte
0x61 – related command code MFDF_SELECT_APP
35 | P a g e
www.eccel.co.uk
5.5.3 List application IDs (0x62)
This command requests lists application IDs from the TAG. The returned ACK answer contains the bytes with
application IDs. Every ID is 3-bytes long.
Argument
Command ID
Size
1
Value Description
0x62 MFDF_LIST_APP_IDS
Command description
ACK
Command ID
Application IDs
Example:
Response description
1
1
X*3
0x00
0x62 MFDF_LIST_APP_IDS
X
Bytes with applications IDs
HOST=>READER: 0x62 – MFDF_LIST_APP_IDS
READER=>HOST: 0x00 – ACK byte
0x62 – related command code MFDF_LIST_APP_IDS
0x00 0x00 0x01 – first AID
0xAA 0xBB 0xCC – second AID
0x55 0x55 0x55 – third AID
...
5.5.4 List files IDs (0x63)
This command returns the file IDs of all active files within the currently selected application. The returned ACK
answer contains the bytes with file IDs. Every file ID is 3-bytes long.
Argument
Command ID
Size
1
Value Description
0x63 MFDF_LIST_FILE_IDS
Command description
ACK
Command ID
Application IDs
Example:
Response description
1
1
X*3
0x00
0x63 MFDF_LIST_FILE_IDS
X
Bytes with files IDs
HOST=>READER: 0x63 – MFDF_LIST_FILE_IDS
READER=>HOST: 0x00 – ACK byte
0x63 – related command code MFDF_LIST_FILE_IDS
0x00 0x00 0x01 – first file ID
0xAA 0xBB 0xCC – second file ID
0x55 0x55 0x55 – third file ID
...
36 | P a g e
www.eccel.co.uk
5.5.5 Authenticate (0x64)
This command tries to authenticate the MIFARE DESFire using the password stored in the key storage. It takes
as an argument one byte with the key number in the key storage, and one byte with the key number on the
card. This command can be used with DES and 2K3DES keys.
Argument
Command ID
Key number in
storage
Key number on card
ACK
Command ID
Example:
Command description
Value Description
0x64 MFDF_AUTHENTICATE
0-4
Key number in key storage
x
Key number on card
Response description
0x00
0x64 MFDF_AUTHENTICATE
Size
1
1
1
1
1
HOST=>READER: 0x64 – MFDF_AUTHENTICATE
0x00 – key number
READER=>HOST: 0x00 – ACK byte
0x64 – related command code MFDF_AUTHENTICATE
5.5.6 Authenticate ISO (0x65)
This command tries to authenticate the MIFARE DESFire tag in ISO CBS send mode using the key stored in the
key storage. It takes as an argument one byte with the key number in the key storage, and one byte with the
key number on the card. This command can be used with DES, 3DES and 3K3DES keys.
Command description
Argument
Command ID
Key number
Key number on card
Size
1
1
1
Value Description
0x65 MFDF_AUTHENTICATE_ISO
Key number in key storage
0-4
Key number on card
X
ACK
Command ID
Example:
Response description
1
1
0x00
0x65 MFDF_AUTHENTICATE_ISO
HOST=>READER: 0x65 – MFDF_AUTHENTICATE_ISO
0x00 – key number
READER=>HOST: 0x00 – ACK byte
0x65 – related command code MFDF_AUTHENTICATE_ISO
37 | P a g e
www.eccel.co.uk
5.5.7 Authenticate AES (0x66)
This command tries to authenticate the MIFARE DESFire using the key stored in the key storage, and one byte
with the key number on the card. It takes as an argument one byte with the key number in the key storage.
This command can be used with AES128 keys.
Argument
Command ID
Key number
ACK
Command ID
Example:
Command description
Size
1
1
Value Description
0x66 MFDF_AUTHENTICATE_ISO
Key number in key storage
0-4
Response description
1
1
0x00
0x66 MFDF_AUTHENTICATE_ISO
HOST=>READER: 0x66 – MFDF_AUTHENTICATE_AES
0x00 – key number
READER=>HOST: 0x00 – ACK byte
0x66 – related command code MFDF_AUTHENTICATE_AES
5.5.8 Create application (0x67)
This command tries to create application on the tag. It takes three arguments: 3-bytes of application ID, the
keySettings1 byte and the keySettings2 byte. Please refer to the NXP documentation for more information
about key settings bytes.
Argument
Command ID
Application ID
Key settings 1
Key settings 2
ACK
Command ID
Example:
Command description
Size
1
3
1
1
Value Description
0x67 MFDF_CREATE_APP
Application ID bytes
Please refer to the NXP documentation for more information
Please refer to the NXP documentation for more information
X
X
X
Response description
1
1
0x00
0x67 MFDF_CREATE_APP
HOST=>READER: 0x67 – MFDF_CREATE_APP
0x00 – key number
0x01 0x02 0x03 – application ID
0xED 0x84 – key settings bytes
READER=>HOST: 0x00 – ACK byte
0x67 – related command code MFDF_CREATE_APP
38 | P a g e
www.eccel.co.uk
5.5.9 Delete application (0x68)
This command tries to delete an application from the tag. It takes one argument with the application ID.
Argument
Command ID
Application ID
ACK
Command ID
Example:
Command description
Size
1
3
Value Description
0x68 MFDF_DELETE_APP
Application ID bytes
X
Response description
1
1
0x00
0x68 MFDF_DELETE_APP
HOST=>READER: 0x68 – MFDF_DELETE_APP
0x01 0x02 0x03 – application ID
READER=>HOST: 0x00 – ACK byte
0x68 – related command code MFDF_DELETE_APP
5.5.10 Change key (0x69)
This command tries to change the key for the selected application. It takes three arguments: the old key
number from key storage, the new key number in the key storage and the key number on the card. The key
type of the application keys cannot be changed.
Argument
Command ID
Old key number
New key number
Key number on card
Size
1
1
1
1
Command description
Value Description
0x69 MFDF_CHANGE_KEY
0-4
0-4
X
Key number in key storage
Key number in key storage
Key number on the card
Response description
ACK
Command ID
Example:
1
1
0x00
0x69 MFDF_CHANGE_KEY
HOST=>READER: 0x69 – MFDF_CHANGE_APP
0x00 – old key number
0x01 – new key number
0x00 – key number
READER=>HOST: 0x00 – ACK byte
0x69 – related command code MFDF_CHANGE_APP
39 | P a g e
www.eccel.co.uk
5.5.11 Get key settings (0x6A)
This command gets the key settings bytes from the tag. This command does not require any arguments but an
application must be selected and authorized.
Argument
Command ID
Size
1
Value Description
0x6A MFDF_GET_KEY_SETTINGS
Command description
ACK
Command ID
Key settings
Example:
Response description
1
1
2
0x00
0x6A MFDF_GET_KEY_SETTINGS
Key settings bytes
X
HOST=>READER: 0x6A – MFDF_GET_KEY_SETTINGS
READER=>HOST: 0x00 – ACK byte
0x6A – related command code MFDF_GET_KEY_SETTINGS
0x01 0x02 – key settings bytes
5.5.12 Change key settings (0x6B)
This command changes the key settings bytes for the selected and authorized application. It takes one
argument, 2-byes long with key settings.
Argument
Command ID
New key settings
Size
1
2
Command description
Value Description
0x6B MFDF_CHANGE_KEY_SETTINGS
X
Key settings bytes
Response description
ACK
Command ID
Example:
1
1
0x00
0x6B MFDF_CHANGE_KEY_SETTINGS
HOST=>READER: 0x6B – MFDF_GET_KEY_SETTINGS
0x01 0x02 – key settings bytes
READER=>HOST: 0x00 – ACK byte
0x6B – related command code MFDF_GET_KEY_SETTINGS
5.5.13 Create standard or backup data file (0x6C)
This command creates a file for the storage of plain unformatted user data within the selected application. It
takes four arguments listed in the table below.
Command description
Size
1
1
Value Description
0x6C MFDF_CREATE_DATA_FILE
X
File number inside application
Argument
Command ID
File number
40 | P a g e
www.eccel.co.uk
Access rights
File size
Backup file
ACK
Command ID
Example:
2
3
1
1
1
X
X
X
Please refer to the NXP documentation for more information
file size, LSB first
0x00 – Standard file
0x01 – Backup file
Response description
0x00
0x6C MFDF_CREATE_DATA_FILE
HOST=>READER: 0x6C – MFDF_CREATE_DATA_FILE
0x01 – file number
0xEE 0xEE – access rights
0x40 0x00 0x00 – file 64-bytes long
0x01 – backup file
READER=>HOST: 0x00 – ACK byte
0x6C – related command code MFDF_CREATE_DATA_FILE
5.5.14 Write data (0x6D)
This command writes data to standard data files or backup data files. It takes three arguments: the file number,
the offset in the file where data should be stored, and the data bytes to be written. To store data on the TAG,
a commit transaction command is required.
Argument
Command ID
File number
File offset
Data
ACK
Command ID
Example:
Size
1
1
3
N
Command description
Value Description
0x6D MFDF_WRITE_DATA
X
X
X
File number inside application
file offset, 3-bytes LSB value
Data bytes to write
Response description
1
1
0x00
0x6D MFDF_WRITE_DATA
HOST=>READER: 0x6D – MFDF_WRITE_DATA
0x01 – file number
0x00 0x00 0x00 – zero offset
0x01 0x02 0x03 0x04 0x05 0x06 0x07 - data
READER=>HOST: 0x00 – ACK byte
0x6D – related command code MFDF_WRITE_DATA
5.5.15 Read data (0x6E)
This command reads data from standard data files or backup data files. It takes three arguments: the file
number, the offset in the file where data is stored, and the number of bytes to be read. The returned ACK
response contains the data that has been read.
41 | P a g e
www.eccel.co.uk
Argument
Command ID
File number
File offset
Data length
ACK
Command ID
Example:
Size
1
1
3
3
Command description
Value Description
0x6E MFDF_READ_DATA
X
X
X
File number inside application
file offset, 3-bytes LSB value
Read data length, 3-bytes LSB value
Response description
1
1
0x00
0x6E MFDF_READ_DATA
HOST=>READER: 0x6E – MFDF_READ_DATA
0x01 – file number
0x00 0x00 0x00 – zero offset
0x07 0x00 0x00 – seven bytes to read
READER=>HOST: 0x00 – ACK byte
0x6E – related command code MFDF_READ_DATA
0x01 0x02 0x03 0x04 0x05 0x06 0x07 - data
5.5.16 Create value file (0x6F)
This command creates files for the storage and manipulation of 32bit signed integer values within an existing
application on the TAG. It takes seven arguments listed in the table below.
Argument
Command ID
File number
Access rights
Low limit
Up limit
Initial value
Get free enabled
Limit credited
ACK
Command ID
Example:
Command description
Value Description
0x6F MFDF_CREATE_VALUE_FILE
X
X
X
X
X
X
X
File number inside application
Please refer to the NXP documentation for more information
Low limit as 4-bytes signed value, LSB first
Up limit as 4-bytes signed value, LSB first
Initial value as 4-bytes signed value, LSB first
Please refer to the NXP documentation for more information
Please refer to the NXP documentation for more information
Size
1
1
2
4
4
4
1
1
Response description
1
1
0x00
0x6F MFDF_CREATE_VALUE_FILE
HOST=>READER: 0x6F – MFDF_CREATE_VALUE_FILE
0x02 – file number
0xEE 0xEE – access rights
0x00 0x00 0x00 0x00 – low limit
0x80 0x00 0x00 0x00 – up limit
0x00 0x00 0x00 0x00 – initial value
0x01 – get free enabled
0x01 – limited credit
READER=>HOST: 0x00 – ACK byte
0x6F – related command code MFDF_CREATE_VALUE_FILE
42 | P a g e
www.eccel.co.uk
5.5.17 Get value (0x70)
This command returns the value stored in a value file on the TAG. The returned ACK response contains 4 bytes
of signed value, LSB-first.
Argument
Command ID
File number
ACK
Command ID
Value
Example:
Command description
Value Description
0x70 MFDF_GET_VALUE
X
File number inside application
Response description
0x00
0x70 MFDF_GET_VALUE
X
4 bytes signed value, LSB first
Size
1
1
1
1
4
HOST=>READER: 0x70 – MFDF_GET_VALUE
0x02 – file number
READER=>HOST: 0x00 – ACK byte
0x70 – related command code MFDF_GET_VALUE
0x05 0x00 0x00 0x00 – 4 bytes signed value, LSB
first
5.5.18 Credit file (0x71)
This command increases a value stored in a value file on the TAG.
Argument
Command ID
File number
Credit value
ACK
Command ID
Example:
Size
1
1
4
Command description
Value Description
0x71 MFDF_CREDIT
X
X
File number inside application
4 bytes signed value, LSB first
Response description
1
1
0x00
0x71 MFDF_CREDIT
HOST=>READER: 0x71 – MFDF_CREDIT
0x02 – file number
0x05 0x00 0x00 0x00 – 4 bytes signed value, LSB
first
READER=>HOST: 0x00 – ACK byte
0x71 – related command code MFDF_CREDIT
5.5.19 Credit file (0x72)
This command allows a limited increase of a value stored in a value file without having full credit permissions
to the file. Please refer to the NXP documentation for more information.
43 | P a g e
www.eccel.co.uk
Argument
Command ID
File number
Credit value
ACK
Command ID
Example:
Size
1
1
4
Command description
Value Description
0x72 MFDF_LIMITED_CREDIT
X
X
File number inside application
4 bytes signed value, LSB first
Response description
1
1
0x00
0x72 MFDF_ LIMITED_CREDIT
HOST=>READER: 0x72 – MFDF_ LIMITED_CREDIT
0x02 – file number
0x05 0x00 0x00 0x00 – 4 bytes signed value, LSB
first
READER=>HOST: 0x00 – ACK byte
0x72 – related command code MFDF_ LIMITED_CREDIT
5.5.20 Debit file (0x73)
This command decreases a value stored in a value file on the TAG.
Size
1
1
4
Command description
Value Description
0x73 MFDF_DEBIT
X
X
File number inside application
4 bytes signed value, LSB first
Response description
1
1
0x00
0x73 MFDF_DEBIT
Argument
Command ID
File number
Credit value
ACK
Command ID
Example:
HOST=>READER: 0x73 – MFDF_DEBIT
0x02 – file number
0x05 0x00 0x00 0x00 – 4 bytes signed value, LSB
first
READER=>HOST: 0x00 – ACK byte
0x73 – related command code MFDF_DEBIT
5.5.21 Create record file (0x74)
This command creates files for multiple storage of structurally similar data within an existing application. If the
cyclic flag is 0x00, then further writing is not possible unless it is cleared. If the cyclic flag is set to 0x01, then
the new record overwrites the oldest record.
44 | P a g e
www.eccel.co.uk
Argument
Command ID
File number
Access rights
Record size
Number of records
Cyclic flag
ACK
Command ID
Example:
Size
1
1
2
2
2
1
1
1
Command description
X
X
X
X
Value Description
0x74 MFDF_CREATE_RECORD_FILE
File number inside application
Please refer to the NXP documentation for more information
Record size, 16-bits LSB value
Number of records, 16-bits LSB value
If cyclic file is full:
0x00 - further writing is not possible unless it is cleared
0x01 - the new record overwrites oldest record
X
Response description
0x00
0x74 MFDF_CREATE_RECORD_FILE
HOST=>READER: 0x74 – MFDF_CREATE_RECORD_FILE
0x03 – file number
0xEE 0xEE – access rights
0x08 0x00 – 8-bytes for every record
0x40 0x00 – 64 records
0x01 – cyclic flag
READER=>HOST: 0x00 – ACK byte
0x74 – related command code MFDF_CREATE_VALUE_FILE
5.5.22 Write record (0x75)
This command writes data to a record file. It takes two arguments: the file number and the data bytes to be
written. To store data on the TAG, a commit transaction command is required.
Argument
Command ID
File number
Data
ACK
Command ID
Example:
Command description
Size
1
1
N
Value Description
0x75 MFDF_WRITE_RECORD_DATA
File number inside application
Data bytes to write
X
X
Response description
1
1
0x00
0x75 MFDF_WRITE_DATA
HOST=>READER: 0x75 – MFDF_WRITE_DATA
0x01 – file number
0x01 0x02 0x03 0x04 0x05 0x06 0x07 - data
READER=>HOST: 0x00 – ACK byte
0x75 – related command code MFDF_WRITE_RECORD_DATA
5.5.23 Read record (0x76)
This command reads data from a record file. It takes three arguments: the file number, the record number,
and the number of bytes to be read. The returned ACK response contains the data that has been read.
45 | P a g e
www.eccel.co.uk
Argument
Command ID
File number
Record number
Data length
ACK
Command ID
Example:
Size
1
1
2
2
Command description
Value Description
0x76 MFDF_READ_RECORD
X
X
X
File number inside application
Record number, 2-bytes LSB value
Read data length, 2-bytes LSB value
Response description
1
1
0x00
0x76 MFDF_READ_RECORD
HOST=>READER: 0x76 – MFDF_READ_RECORD
0x01 – file number
0x00 0x01 – record number
0x08 0x00 – eighth bytes to read
READER=>HOST: 0x00 – ACK byte
0x76 – related command code MFDF_READ_RECORD
0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 - data
5.5.24 Clear records (0x77)
This command resets cyclic or lineal record files. It takes as an argument the file number.
Argument
Command ID
File number
ACK
Command ID
Example:
Size
1
1
Command description
Value Description
0x77 MFDF_CLEAR_RECORDS
X
File number inside application
Response description
1
1
0x00
0x77 MFDF_CLEAR_RECORDS
HOST=>READER: 0x77 – MFDF_CLEAR_RECORDS
0x01 – file number
READER=>HOST: 0x00 – ACK byte
0x77 – related command code MFDF_CLEAR_RECORDS
5.5.25 Delete file (0x78)
This command permanently deactivates a file within the file directory of the currently selected application. It
takes as an argument the file number.
Size
1
1
Command description
Value Description
0x78 MFDF_DELETE_FILE
X
File number inside application
Response description
1
1
0x00
0x78 MFDF_DELETE_FILE
Argument
Command ID
File number
ACK
Command ID
46 | P a g e
www.eccel.co.uk
Example:
HOST=>READER: 0x78 – MFDF_DELETE_FILE
0x01 – file number
READER=>HOST: 0x00 – ACK byte
0x78 – related command code MFDF_DELETE_FILE
5.5.26 Get free memory (0x79)
This command returns a value corresponding to the amount of free memory available on the TAG. No
arguments are required. The available memory is returned as a 4 byte unsigned LSB value.
Argument
Command ID
ACK
Command ID
Free memory
Example:
Command description
Value Description
0x79 MFDF_GET_FREE_MEM
Response description
0x00
0x79 MFDF_GET_FREE_MEM
X
Free memory, 4-bytes, LSB first
Size
1
1
1
4
HOST=>READER: 0x79 – MFDF_GET_FREE_MEM
READER=>HOST: 0x00 – ACK byte
0x79 – related command code MFDF_GET_FREE_MEM
0x00 0x08 0x00 0x00 – free memory
5.5.27 Format memory (0x7A)
This command releases user memory in the TAG. No arguments are required.
Argument
Command ID
Size
1
Value Description
0x7A MFDF_FORMAT
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x7A MFDF_FORMAT
HOST=>READER: 0x7A – MFDF_FORMAT
READER=>HOST: 0x00 – ACK byte
0x7A – related command code MFDF_FORMAT
5.5.28 Commit transaction (0x7B)
This command validates all previous write access on backup data files, value files and record files within one
application. No arguments are required.
47 | P a g e
www.eccel.co.uk
Argument
Command ID
Size
1
Value Description
0x7B MFDF_COMMIT_TRANSACTION
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x7B MFDF_COMMIT_TRANSACTION
HOST=>READER: 0x7B – MFDF_COMMIT_TRANSACTION
READER=>HOST: 0x00 – ACK byte
0x7B – related command code MFDF_COMMIT_TRANSACTION
5.5.29 Abort transaction (0x7C)
This command invalidates all previous write access on backup data files, value files and record files within one
application. No arguments are required.
Argument
Command ID
Size
1
Value Description
0x7C MFDF_ABORT_TRANSACTION
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x7C MFDF_ABORT_TRANSACTION
HOST=>READER: 0x7C – MFDF_ABORT_TRANSACTION
READER=>HOST: 0x00 – ACK byte
0x7C – related command code MFDF_ABORT_TRANSACTION
48 | P a g e
www.eccel.co.uk
5.6 ICODE (ISO15693) commands
This set of commands should be performed on ICODE (ISO15693) TAGs.
5.6.1 Inventory start (0x90)
This command starts the inventory procedure on ISO 15693 TAGs. It activates the first TAG detected during
collision resolution. If no TAGs are detected, then an error with a timeout flag is returned. This command
takes one argument AFI - Application Family Identifier. Please refer to the NXP documentation for more
information.
If any TAG(s) is/are detected, then the command returns an ACK message containing the UID (8-bytes), a DSFID
byte, and 1-byte which contains information about any other tags detected in the field that are available to
be read.
Because GET_TAG_COUNT
ICODE_INVENTORY_NEXT commands should be used to detect all ICODE tags within range of the antenna.
ICODE_INVENTORY_START/
tags only,
command
limited
to 5
is
Argument
Command ID
AFI
ACK
Command ID
UID
DSFID
More cards flag
Example:
Command description
Size
1
1
Value Description
0x90
X
ICODE_INVENTORY_START
Application Family Identifier
Response description
1
1
8
1
1
0x00
0x90
XXX
X
X
ICODE_INVENTORY_START
Unique identifier
Data Storage Format Identifier
0x00 – no more cards in range of antenna
0x01 – more cards in range of antenna
HOST=>READER: 0x90 – ICODE_INVENTORY_START
0x00 – Application Family Identifier
READER=>HOST: 0x00 – ACK byte
0x90 – related command code ICODE_INVENTORY_START
0x04 0x8F 0x7F 0x0A 0x01 0x24 0x16 0xE0 – UID
0x00 – DSFID
0x01 – more cards in range of antenna
5.6.2 Inventory next (0x91)
This command should be used to continue the inventory procedure on ISO 15693 TAGs. It activates the next
TAG that was detected during the collision resolution. It takes one argument, AFI - Application Family
Identifier. Please refer to the NXP documentation for more information. If a TAG or multiple tags is/are
detected, then this command returns an ACK message containing the UID (8-bytes), a DSFID byte, and 1-byte
which contains information about any other tags detected in the field that are available to be read.
49 | P a g e
www.eccel.co.uk
Argument
Command ID
AFI
ACK
Command ID
UID
DSFID
More cards flag
Example:
Command description
Size
1
1
Value Description
0x91
X
ICODE_INVENTORY_NEXT
Application Family Identifier
Response description
1
1
8
1
1
0x00
0x91
XXX
X
X
ICODE_INVENTORY_NEXT
Unique identifier
Data Storage Format Identifier
0x00 – no more cards in range of antenna
0x01 – more cards in range of antenna
HOST=>READER: 0x91 – ICODE_INVENTORY_NEXT
0x00 – Application Family Identifier
READER=>HOST: 0x00 – ACK byte
0x91 – related command code ICODE_INVENTORY_NEXT
0x04 0x8F 0x7F 0x0A 0x01 0x24 0x16 0xE0 – UID
0x00 – DSFID
0x00 – no more cards available for reading
5.6.3 Stay quiet (0x92)
This command performs an ISO15693 Stay Quiet command to the selected TAG. When the tag receives the
Stay quiet command, it enters the quiet state and will not send back a response. The TAG exits the quiet state
upon the execution of a reset (power off) or the command ICODE_INVENTORY_START . Please refer to the
NXP documentation for more information.
Argument
Command ID
Size
1
Value Description
0x92
ICODE_STAY_QUIET
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x92
ICODE_STAY_QUIET
HOST=>READER: 0x92 – ICODE_STAY_QUIET
READER=>HOST: 0x00 – ACK byte
0x92 – related command code ICODE_STAY_QUIET
5.6.4 Read block (0x93)
The read block command should be used to read data stored in TAG blocks. It takes as arguments the block
number of the first block to be read, and the number of blocks to be read. The returned ACK answer contains
data read from the specified tag memory. The number of bytes of this data is ICODE block size (4) multiplied
by the number of blocks to be read.
50 | P a g e
www.eccel.co.uk
Argument
Command ID
Block number
Block count
ACK
Command ID
Read data
Example:
Size
1
1
1
1
1
4*N
Command description
ICODE_READ_BLOCK
Value Description
0x93
X
N
Number of block to read
Response description
0x00
0x93
XXX
ICODE_READ_BLOCK
Bytes read from the tag.
HOST=>READER: 0x93 – ICODE_READ_BLOCK
0x02 – block number 2
0x01 – 1 block to read
READER=>HOST: 0x00 – ACK byte
0x93 – related command code ICODE_READ_BLOCK
0x35 0x3a 0x30 0x33 – 4 bytes block data
5.6.5 Write block (0x94)
The write block command should be used to write data to the tag. It takes as arguments the block number of
the first block to write, the number of blocks to write, and the bytes to be written. The number of bytes to be
written must be exactly the number of blocks to write multiplied by 4.
Command description
Argument
Command ID
Block number
Block count
Data to write
ACK
Command ID
Example:
ICODE_WRITE_BLOCK
Size
1
1
1
4*N
Value Description
0x94
X
N
X
4-bytes data to write
Response description
1
1
0x00
0x94
ICODE_WRITE_BLOCK
HOST=>READER: 0x94 – ICODE_WRITE_BLOCK
0x02 – block number 2
0x01 – block count 1
0x35 0x3a 0x30 0x33 – 4 bytes to write
READER=>HOST: 0x00 – ACK byte
0x94 – related command code ICODE_WRITE_BLOCK
5.6.6 Lock block (0x95)
This command performs a lock block command. Once it receives the lock block command, the TAG
permanently locks the requested block. The command takes a one-byte argument representing the block
number to be locked.
51 | P a g e
www.eccel.co.uk
Argument
Command ID
Block number
ACK
Command ID
Example:
Command description
Size
1
1
Value Description
0x95
X
ICODE_LOCK_BLOCK
Response description
1
1
0x00
0x95
ICODE_LOCK_BLOCK
HOST=>READER: 0x95 – ICODE_LOCK_BLOCK
0x02 – block number 2
READER=>HOST: 0x00 – ACK byte
0x95 – related command code ICODE_LOCK_BLOCK
5.6.7 Write AFI (0x96)
This command performs a write to Application Family Identifier value inside the TAG memory. The command
takes a one-byte argument representing the AFI value.
Argument
Command ID
AFI value
ACK
Command ID
Example:
Command description
Size
1
1
Value Description
0x96
X
ICODE_WRITE_AFI
Response description
1
1
0x00
0x96
ICODE_WRITE_AFI
HOST=>READER: 0x96 – ICODE_WRITE_AFI
0xAA – new Application Family Identifier value
READER=>HOST: 0x00 – ACK byte
0x96 – related command code ICODE_WRITE_AFI
5.6.8 Lock AFI (0x97)
This command performs a Lock AFI command on the TAG. When it receives the lock AFI request, the TAG
locks the AFI value permanently into its memory.
Argument
Command ID
ACK
Command ID
Command description
Size
1
Value Description
0x97
ICODE_LOCK_AFI
Response description
1
1
0x00
0x97
ICODE_LOCK_AFI
52 | P a g e
www.eccel.co.uk
Example:
HOST=>READER: 0x96 – ICODE_LOCK_AFI
READER=>HOST: 0x00 – ACK byte
0x96 – related command code ICODE_LOCK_AFI
5.6.9 Write DSFID (0x98)
This command performs a write to Data Storage Format Identifier value inside the TAG memory. This
command takes a one-byte argument representing the DSFID value.
Argument
Command ID
DSFID value
ACK
Command ID
Example:
Command description
Size
1
1
Value Description
0x98
X
ICODE_WRITE_DSFID
Response description
1
1
0x00
0x98
ICODE_WRITE_DSFID
HOST=>READER: 0x98 – ICODE_WRITE_DSFID
0xAA – new Data Storage Format Identifier value
READER=>HOST: 0x00 – ACK byte
0x98 – related command code ICODE_WRITE_DSFID
5.6.10 Lock DSFID (0x99)
This command performs a Lock DSIFD command on the TAG. When it receives the lock DSFID request, the
TAG locks the DSFID value permanently into its memory.
Argument
Command ID
Size
1
Value Description
0x99
ICODE_LOCK_DSFID
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x99
ICODE_LOCK_DSFID
HOST=>READER: 0x99 – ICODE_LOCK_DSFID
READER=>HOST: 0x00 – ACK byte
0x99 – related command code ICODE_LOCK_DSFID
5.6.11 Get System Information (0x9A)
This command performs get system information command on the TAG. No arguments are required. The ACK
response contains bytes with system information. Please refer to the NXP documentation for more
information.
53 | P a g e
www.eccel.co.uk
Argument
Command ID
ACK
Command ID
System information
Example:
Command description
Size
1
1
1
X
Value Description
0x9A ICODE_GET_SYSTEM_INFORMATION
Response description
0x00
0x9A ICODE_GET_SYSTEM_INFORMATION
XXX
System information bytes
HOST=>READER: 0x9A – ICODE_GET_SYSTEM_INFORMATION
0x00 – ACK byte
READER=>HOST:
0x9A – related command code ICODE_GET_SYSTEM_INFORMATION
0x0F 0x04 0x8F 0x7F 0x0A 0x01 0x24
0x16 0xE0 0x00 0x00 0x33 0x03 0x02 – result bytes
5.6.12 Get multiple BSS (0x9B)
This command performs get multiple block security status command on the TAG. It takes as arguments the
block number for which the status should be returned and the number of blocks to be used for returning the
status. The ACK response contains bytes with block security status information. Please refer to the NXP
documentation for more information.
Argument
Command ID
First block number
Number of blocks
ACK
Command ID
BSS information
Example:
Command description
ICODE_GET_MULTIPLE_BSS
Value Description
0x9B
X
N
Response description
0x00
0x9B
X
ICODE_GET_MULTIPLE_BSS
Blocks security status information
Size
1
1
1
1
1
N
HOST=>READER:
0x9B – ICODE_GET_MULTIPLE_BSS
0x00 – starting block number
0x08 – number of BSS to read
READER=>HOST: 0x00 – ACK byte
0x9B – related command code ICODE_GET_MULTIPLE_BSS
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 – result bytes
5.6.13 Password protect AFI (0x9C)
This command enables the password protection for AFI. The AFI password has to be transmitted before with
ICODE_SET_PASSWORD command.
54 | P a g e
www.eccel.co.uk
Argument
Command ID
Size
1
Value Description
0x9C
ICODE_PASSWORD_PROTECT_AFI
Command description
ACK
Command ID
Example:
Response description
1
1
0x00
0x9C
ICODE_PASSWORD_PROTECT_AFI
HOST=>READER: 0x9C – ICODE_PASSWORD_PROTECT_AFI
READER=>HOST: 0x00 – ACK byte
0x9C – related command code ICODE_PASSWORD_PROTECT_AFI
5.6.14 Read EPC (0x9D)
This command reads EPC data from the TAG. The ACK response contains 12-bytes of EPC data. Please refer to
the NXP documentation for more information.
Argument
Command ID
Size
1
Value Description
0x9D ICODE_READ_EPC
Command description
ACK
Command ID
EPC information
Example:
1
1
12
Response description
0x00
0x9D ICODE_READ_EPC
X
Please refer to the NXP documentation for more information.
HOST=>READER: 0x9D – ICODE_READ_EPC
READER=>HOST: 0x00 – ACK byte
0x9D – related command code ICODE_READ_EPC
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 – result
bytes
5.6.15 Get NXP System Information (0x9E)
This command retrieves the NXP system information value from the TAG. No arguments are required. The ACK
response contains bytes with the NXP system information. Please refer to the NXP documentation for more
information.
Argument
Command ID
ACK
Command ID
System information
Size
1
1
1
X
Command description
Value Description
0x9E
ICODE_GET_NXP_SYSTEM_INFORMATION
Response description
0x00
0x9E
XXX
ICODE_GET_NXP_SYSTEM_INFORMATION
System information bytes
55 | P a g e
www.eccel.co.uk
Example:
HOST=>READER: 0x9E – ICODE_GET_NXP_SYSTEM_INFORMATION
READER=>HOST: 0x00 – ACK byte
0x9E – related command code
ICODE_GET_NXP_SYSTEM_INFORMATION
0x0F 0x04 0x8F 0x7F 0x0A 0x01 0x24
0x16 0xE0 0x00 0x00 0x33 0x03 0x02 – result bytes
5.6.16 Get random number (0x9F)
This command requests a random number from the ICODE TAG. No arguments are required. The ACK response
contains a 16-bit random number. This value should be used with ICODE_SET_PASSWORD command.
Argument
Command ID
Size
1
Value Description
0x9F
ICODE_GET_RANDOM_NUMBER
Command description
ACK
Command ID
Random number
Example:
Response description
1
1
2
0x00
0x9F
XXX
ICODE_GET_RANDOM_NUMBER
16-bits random number
HOST=>READER: 0x9F – ICODE_GET_RANDOM_NUMBER
READER=>HOST: 0x00 – ACK byte
0x9F – related command code ICODE_GET_RANDOM_NUMBER
0x7F 0x14 – result bytes
5.6.17 Set password (0xA0)
This command sets the password for the selected identifier. This command has to be executed just once for
the related passwords if the TAG is powered. The password is calculated as XOR with the random number
returned by the previously executed command ICODE_GET_RANDOM_NUMBER.
Here is an example how to calculate XOR password:
xorPassword[0] = password[0] ^ rnd[0];
xorPassword[1] = password[1] ^ rnd[1];
xorPassword[2] = password[2] ^ rnd[0];
xorPassword[3] = password[3] ^ rnd[1];
Command description
Argument
Command ID
Size
1
Value Description
0xA0
Password Identifier
1
X
ICODE_SET_PASSWORD
0x01 – Read password
0x02 – Write password
0x04 – Privacy password
0x08 – Destroy password
56 | P a g e
www.eccel.co.uk
XOR Password
ACK
Command ID
Example:
4
1
1
X
0x00
0xA0
Response description
ICODE_SET_PASSWORD
HOST=>READER: 0xA0 – ICODE_SET_PASSWORD
0x02 – write password
0x34 0x76 0x39 0x64 – calculated XOR password
READER=>HOST: 0x00 – ACK byte
0xA0 – related command code ICODE_SET_PASSWORD
5.6.18 Write password (0xA1)
This command writes a new password to a selected identifier. With this command, a new password is written
into the related memory. Note that the old password has to be transmitted before with
ICODE_SET_PASSWORD. The new password takes effect immediately which means that the new password has
to be transmitted with ICODE_SET_PASSWORD to get access to the protected blocks/pages. It takes as
arguments the password identifier byte and the plain password 4-bytes long.
Command description
Argument
Command ID
Size
1
Password Identifier
1
Password
ACK
Command ID
Example:
4
1
1
Value Description
0xA1
ICODE_WRITE_PASSWORD
0x01 – Read password
0x02 – Write password
0x04 – Privacy password
0x08 – Destroy password
Plain password
Response description
ICODE_WRITE_PASSWORD
X
X
0x00
0xA1
HOST=>READER: 0xA1 – ICODE_WRITE_PASSWORD
0x02 – write password
0x34 0x76 0x39 0x64 – Plain password
READER=>HOST: 0x00 – ACK byte
0xA1 – related command code ICODE_WRITE_PASSWORD
5.6.19 Lock password (0xA2)
This command locks the addressed password. Note that the addressed password has to be transmitted before
with ICODE_SET_PASSWORD. A locked password can no longer be changed.
Argument
Command ID
Size
1
Value Description
0xA2
ICODE_LOCK_PASSWORD
Command description
57 | P a g e
www.eccel.co.uk
Password Identifier
1
X
0x01 – Read password
0x02 – Write password
0x04 – Privacy password
0x08 – Destroy password
Response description
ACK
Command ID
Example:
1
1
0x00
0xA2
ICODE_LOCK_PASSWORD
HOST=>READER: 0xA2 – ICODE_LOCK_PASSWORD
0x02 – write password
READER=>HOST: 0x00 – ACK byte
0xA2 – related command code ICODE_LOCK_PASSWORD
5.6.20 Protect page (0xA3)
This command changes the protection status of a page. Note that the related passwords have to be
transmitted before with ICODE_SET_PASSWORD if the page is not public. Please refer to the NXP
documentation for more information.
Command description
Argument
Command ID
Size
1
Value Description
0xA3
ICODE_PAGE_PROTECT
Page number to be protected in case of products that do not have
Page address
1
X
pages characterized as high and Low.
Block number to be protected in case of products that have pages
Protection status
1
X
characterized as high and Low.
Protection status options for the products that do not have pages
characterized as high and Low:
0x00: ICODE_PROTECT_PAGE_PUBLIC
0x01: ICODE_PROTECT_PAGE_READ_WRITE_READ_PASSWORD
0x10: ICODE_PROTECT_PAGE_WRITE_PASSWORD
0x11: ICODE_PROTECT_PAGE_READ_WRITE_PASSWORD_SEPERATE
Extended Protection status options for the products that have
pages characterized as high and Low:
0x01: ICODE_PROTECT_PAGE_READ_LOW
0x02: ICODE_PROTECT_PAGE_WRITE_LOW
0x10: ICODE_PROTECT_PAGE_READ_HIGH
0x20: ICODE_PROTECT_PAGE_WRITE_HIGH
Response description
ACK
Command ID
Example:
1
1
0x00
0xA2
ICODE_PAGE_PROTECT
HOST=>READER: 0xA3 – ICODE_PAGE_PROTECT
0x02 – second block selected
0x01 - ICODE_PROTECT_PAGE_READ_LOW flag selected
58 | P a g e
www.eccel.co.uk
READER=>HOST: 0x00 – ACK byte
0xA3 – related command code ICODE_PAGE_PROTECT
5.6.21 Lock page protection (0xA4)
This command permanently locks the protection status of a page. Note that the related passwords have to be
transmitted before with ref ICODE_SET_PASSWORD if the page is not public.
Argument
Command ID
Page number
ACK
Command ID
Example:
Command description
Size
1
1
Value Description
0xA4
X
ICODE_LOCK_PAGE_PROTECTION
Response description
1
1
0x00
0xA4
ICODE_LOCK_PAGE_PROTECTION
HOST=>READER: 0xA4 – ICODE_LOCK_PAGE_PROTECTION
0x02 – page number
READER=>HOST: 0x00 – ACK byte
ICODE_LOCK_PAGE_PROTECTION
0xA4 – related command code
5.6.22 Get multiple block protection status (0xA5)
This instructs the label to return the block protection status of the requested blocks. It takes as arguments the
first block number to get the block protection status and the number of blocks.
Argument
Command ID
First block number
Number of blocks
ACK
Command ID
BSS information
Example:
Size
1
1
1
1
1
N
Command description
ICODE_GET_MULTIPLE_BPS
Value Description
0xA5
X
N
Response description
0x00
0xA5
X
ICODE_GET_MULTIPLE_BPS
Blocks protection status information
HOST=>READER: 0xA5 – ICODE_GET_MULTIPLE_BPS
0x00 – starting block number
0x08 – number of BSS to read
READER=>HOST: 0x00 – ACK byte
0xA5 – related command code ICODE_GET_MULTIPLE_BPS
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 – result
bytes
59 | P a g e
www.eccel.co.uk
5.6.23 Destroy (0xA6)
This command permanently destroys the label (tag). The destroy password hasto be transmitted before with
ICODE_SET_PASSWORD. This command is irreversible and the label will never respond to any command again.
This command can take the XOR password argument for the ICODE products that requires this argument. The
XOR password calculation method is described in the ICODE_SET_PASSWORD description.
Argument
Command ID
XOR password
ACK
Command ID
Example:
Size
1
4
Command description
Value Description
0xA6
X
ICODE_DESTROY
Optional XOR password
Response description
1
1
0x00
0xA6
ICODE_DESTROY
HOST=>READER: 0xA6 – ICODE_DESTROY
READER=>HOST: 0x00 – ACK byte
0xA6 – related command code ICODE_DESTROY
5.6.24 Enable privacy (0xA7)
This command instructs the label to enter privacy mode. In privacy mode, the label will only respond to
ICODE_GET_RANDOM_NUMBER and ICODE_SET_PASSWORD commands. To get out of the privacy mode, the
Privacy password has to be transmitted before with ICODE_SET_PASSWORD.
Argument
Command ID
XOR password
ACK
Command ID
Example:
Size
1
4
Command description
Value Description
0xA7
X
ICODE_ENABLE_PRIVACY
Optional XOR password
Response description
1
1
0x00
0xA7
ICODE_ENABLE_PRIVACY
HOST=>READER: 0xA7 – ICODE_ENABLE_PRIVACY
READER=>HOST: 0x00 – ACK byte
0xA7 – related command code ICODE_ENABLE_PRIVACY
5.6.25 Enable 64-bit password (0xA8)
This instructs the label that both Read and Write passwords are required for protected access. Note that both
the Read and Write passwords have to be transmitted before with ICODE_SET_PASSWORD.
Argument
Command ID
Size
1
Value Description
0xA8
ICODE_ENABLE_64BIT_PASSWORD
Command description
60 | P a g e
www.eccel.co.uk
ACK
Command ID
Example:
Response description
1
1
0x00
0xA8
ICODE_ENABLE_64BIT_PASSWORD
HOST=>READER: 0xA8 – ICODE_ENABLE_64BIT_PASSWORD
READER=>HOST: 0x00 – ACK byte
ICODE_ENABLE_64BIT_PASSWORD
0xA8 – related command code
5.6.26 Read signature (0xA9)
This command reads the signature bytes from the TAG. No arguments are required. The ACK response contains
bytes containing the signature bytes. Please refer to the NXP documentation for more information.
Argument
Command ID
ACK
Command ID
Signature bytes
Example:
Command description
Value Description
0xA9
ICODE_READ_SIGNATURE
Response description
0x00
0xA9
XXX
ICODE_READ_SIGNATURE
Signature bytes
Size
1
1
1
X
HOST=>READER: 0xA9 – ICODE_READ_SIGNATURE
READER=>HOST: 0x00 – ACK byte
0xA9 – related command code ICODE_READ_SIGNATURE
0x0F 0x04 0x8F 0x7F 0x0A 0x01 0x24
0x16 0xE0 0x00 0x00 0x33 0x03 0x02 – result bytes
5.6.27 Read config (0xAA)
This command reads multiple 4-byte data chunks from the selected configuration block address. It takes two
arguments, the first block number and the number of blocks to read the configuration data.
Argument
Command ID
First block number
Number of blocks
ACK
Command ID
Configuration bytes
Size
1
1
1
1
1
N*4
Command description
Value Description
0xAA ICODE_READ_CONFIG
X
N
Response description
0x00
0xAA ICODE_READ_CONFIG
X
61 | P a g e
www.eccel.co.uk
Example:
HOST=>READER: 0xAA – ICODE_READ_CONFIG
0x00 – starting block number
0x02 – number of blocks to read
READER=>HOST: 0x00 – ACK byte
0xAA – related command code ICODE_READ_CONFIG
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 – result bytes
5.6.28 Write config (0xAB)
This command writes configuration bytes to addressed block data from the selected configuration block
address. It takes three arguments: the option byte, the block number and the configuration bytes. Please refer
to the NXP documentation for more information.
Command description
Argument
Command ID
Option byte
Block number
Configuration bytes
ACK
Command ID
Example:
Size
1
1
1
4
1
1
X
X
X
0x00
0xAB
Value Description
0xAB
ICODE_WRITE_CONFIG
0x01 – Enable option
0x00 – Disable option
Response description
ICODE_WRITE_CONFIG
HOST=>READER: 0xAB – ICODE_WRITE_CONFIG
0x01 – option byte
0x00 – block number
0x00 0x00 0x00 0x00 – config bytes
READER=>HOST: 0x00 – ACK byte
0xAB – related command code ICODE_WRITE_CONFIG
5.6.29 Pick random ID (0xAC)
This command enables the random ID generation in the tag. This interface is used to instruct the tag to
generate a random number in privacy mode. Please refer to the NXP documentation for more information.
Argument
Command ID
ACK
Command ID
Command description
Size
1
Value Description
0xAC
ICODE_PICK_RANDOM_ID
Response description
1
1
0x00
0xAC
ICODE_PICK_RANDOM_ID
62 | P a g e
www.eccel.co.uk
Example:
HOST=>READER: 0xAB – ICODE_PICK_RANDOM_ID
READER=>HOST: 0x00 – ACK byte
0xAB – related command code ICODE_PICK_RANDOM_ID
63 | P a g e
www.eccel.co.uk
6. Compliance
A. This module has been tested in accordance with FCC rule part 15.225 and ISED RSS-210 using the
integrated coil antenna permanently fixed within the product.
B. The host product manufacturer is responsible for compliance to any other FCC rules or ISED standards
that apply to the host not covered by the modular transmitter certification. E.g. The final host
product should be fully tested to the requirements of 47 CFR 15B / ICES-003 where applicable,
including AC powerline conducted emissions test with the RFID reader module(s) in operation in the
host product if that host product connects to the AC powerline.
C. The Host device must be affixed with a permanent label that is clearly visible and states the
following: “Contains FCC ID: 2ALHY-000537”. Contains IC: 22592-000537”. Please see FCC KDB
784748 D01 Labelling Part 15 &18 Guidelines v08 section 8 and RSP-100 Issue 11 section 3.2 for
further details on labelling requirements.
D. RF exposure evaluation and exemption has been demonstrated and calculated within the filing for a
worst case distance of 5mm, and considers the use of 4 modules simultaneously.
L'évaluation et l'exemption de l'exposition RF ont été démontrées et calculées dans le dossier pour
une distance de 5 mm dans le pire des cas, et prennent en compte l'utilisation de 4 modules
simultanément.
E. Changes or modifications not expressly approved by Eccel Technology Ltd could void the user's
authority to operate the equipment.
Les changements ou modifications non expressément approuvés par Eccel Technology Ltd pourraient
annuler le droit de l'utilisateur à faire fonctionner l'équipement.
F. This device complies with Part 15 of the FCC Rules and Industry Canada licence exempt RSS
standard(s). Operation is subject to the following two conditions:
1. This device may not cause interference, and
2. This device must accept any interference, including interference that may cause undesired
operation of the device.
Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio
exempts de licence. L'exploitation est autorisée aux deux conditions suivantes:
1.
2.
l'appareil ne doit pas produire de brouillage, et
l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage
est susceptible d'en compromettre le fonctionnement.
64 | P a g e
www.eccel.co.uk
7. Labelling
1. The board will have silk screen printed on it at the top “10xGenomics RFID Reader v1.1”.
2. The label contains “FCC ID: 2ALHY-000537”, “IC: 22592-000537” and “HVIN: 1.1” text strings and FCC, PSE
and CE Mark logos.
3. The size of the label is 15mm x 15mm.
4. The label shall be placed as shown in Figure 7-1 below:
Figure 7-1. Reader top side
Figure 7-2. Label
65 | P a g e
www.eccel.co.uk
8. Mechanical dimensions
All dimensions in millimetres.
Figure 8-1. Mechanical dimensions
66 | P a g e
www.eccel.co.uk
MIFARE, MIFARE Ultralight, MIFARE Plus, MIFARE Classic, and MIFARE DESFire are trademarks of NXP B.V.
No responsibility is taken for the method of integration or final use of the RS485 RFID readers
More information about the RS485 RFID reader and other products can be found at the Internet site:
http://www.eccel.co.uk
or alternatively contact ECCEL Technology (IB Technology) by e-mail at:
sales@eccel.co.uk
67 | P a g e
www.eccel.co.uk
| 1 | Confidentiality | Cover Letter(s) | 13.04 KiB | August 23 2022 / August 26 2022 |
WARNING:pdfminer.pdfpage:The PDF <_io.BufferedReader name='/Volumes/Scratch/Incoming/eg-scratch/6073270.pdf'> contains a metadata field indicating that it should not allow text extraction. Ignoring this field and proceeding. Use the check_extractable if you want to raise an error in this case
FCC, Request for non-disclosure
RF_501, Issue 8
Date: 21-Nov-2018
Page 1 of 1
Company Name: Eccel Technology Limited
Address:
City:
Country:
198 Station Road, Glenfield
Leicester
United Kingdom
To: Telefication B.V., Dept. FCC TCB
Edisonstraat 12A
6902 PK ZEVENAAR
The Netherlands
Subject: Request for confidentiality FCC ID: 2ALHY-000537
Reference number:
Dear FCC TCB,
1. Long-Term Confidentiality
Pursuant to 47 CFR Section 0.459(a) & (b), we hereby requests non-disclosure and confidential treatment
of the following materials submitted in support of FCC certification application:
Bill(s) of Material
Block Diagrams
Operational Description
Schematic Diagrams
Tune-up Procedure
Above materials contain secrets, proprietary and technical information, which would customarily be
guarded from competitors under 47 CFR, section 0.457(d)(2). Disclosure or publication or any portion of
this company confidential material to other parties could cause substantial competitive harm and provide
unjustified benefits for competitors.
2. Short-Term Confidentiality (STC)
Pursuant to Public Notice DA 04-1705 of the Commission’s policy, in order to comply with the marketing
regulations in 47 CFR §2.803 and the importation rules in 47 CFR §2.1204, applicant hereby requests
Short-Term Confidential treatment of the following materials (See notes below):
Internal Photos
User’s Manual
Test Set-up Photos
External Photos
Justification:
Date: 4th August 2022
Name and signature of applicant: Daniel Sims (Agent)
Notes:
1) A document or type of document can only have ONE type of confidentiality!
2) Short-Term confidentiality is in principle for 45 days from date of grant; it can be extended max 3 times (total time 180 days max.)!
The planned date should stated in the RF731 application form.
3) FCC must be informed when marketing begins earlier.
4) Release takes place automatically thus extension must be requested in time. Telefication does not remind you of this!
5) Request for extension or for release must be received by Telefication at least 7 days before date of actual marketing or before
expiration of the STC period
| 1 | Declaration of authorization | Cover Letter(s) | 84.21 KiB | August 23 2022 / August 26 2022 |
WARNING:pdfminer.pdfpage:The PDF <_io.BufferedReader name='/Volumes/Scratch/Incoming/eg-scratch/6073269.pdf'> contains a metadata field indicating that it should not allow text extraction. Ignoring this field and proceeding. Use the check_extractable if you want to raise an error in this case
RF_160, Issue 04
Declaration of Authorization
We
Name:
Address:
City:
Country:
Declare that:
Eccel Technology Ltd
198 Station Road, Glenfield
Leicester, Leicestershire, LE3 8GT
United Kingdom
Name Representative of agent:
Agent Company name:
Address:
City:
Country
Daniel Sims (1)
RN Electronics Ltd
Arnolds Court, Arnolds Farm Lane
Mountnessing, Brentwood, Essex, CM13 1UT
United Kingdom
is authorized to apply for Certification of the following product(s):
Product description: 10xRS485 Reader
Type designation:
Trademark:
Validity/ expiry date: 21st April 2023
1.1
Eccel
on our behalf.
We certify that we are not subject to denial of federal benefits, that includes FCC benefits, pursuant to
Section 5301 of the Anti-Drug Abuse Act of 1988, 21 U.S.C. 862. Further, no party, as defined in 47
CFR 1.2002 (b), to the application is subject to denial of federal benefits, that includes FCC benefits.
We also declare that the information provided to the FCC is true and correct to the best of our
knowledge (47 CFR 2.911(d)) and we have been informed of the grantee responsibilities (47 CFR
2.909) with regard to certified equipment.
Date:
City:
Name:
27th July 2022
Leicester
Darren Turner (2)
Function:
Managing Director (CEO)
ECCEL TECHNOLOGY LTD, 198 Station Road, Glenfield, Leicestershire, LE3 8GT, UK
TELEPHONE +44 (0) 7950 456 097 - EMAIL sales@eccel.co.uk, www.eccel.co.uk - VAT No GB 928 2439 07 - Registered in England 5614911
Directors: D J Turner, S D Turner & L A Turner
RF_160, Issue 04
Signature:
Notes:
(1): Required for FCC application
(2): For FCC it must be the Grantee Code “owner” or the authorized agent.
ECCEL TECHNOLOGY LTD, 198 Station Road, Glenfield, Leicestershire, LE3 8GT, UK
TELEPHONE +44 (0) 7950 456 097 - EMAIL sales@eccel.co.uk, www.eccel.co.uk - VAT No GB 928 2439 07 - Registered in England 5614911
Directors: D J Turner, S D Turner & L A Turner
| 1 | Modular Approval Request | Cover Letter(s) | 15.10 KiB | August 23 2022 / August 26 2022 |
WARNING:pdfminer.pdfpage:The PDF <_io.BufferedReader name='/Volumes/Scratch/Incoming/eg-scratch/6073271.pdf'> contains a metadata field indicating that it should not allow text extraction. Ignoring this field and proceeding. Use the check_extractable if you want to raise an error in this case
Modular Approval Request FCC (KDB 996369 D01 & Part 15.212)
FCC ID: 2ALHY-000537
RF_734_03
26 March 2020
Items to be covered by Single modular transmitters.
1. The radio elements must have the radio frequency circuitry
shielded. Physical components and tuning capacitor(s) may be
located external to the shield, but must be on the module
assembly.
.
2. The module must have buffered modulation/data inputs to
ensure that the device will comply with Part 15 requirements
with any type of input signal.
3. The module must contain power supply regulation on the
module
4. The module must contain a permanently attached antenna, or
contain a unique antenna connector, and be marketed and
operated only with specific antenna(s), per §§ 15.203, 15.204(b),
15.204(c), 15.212(a), 2.929(b).
5.The module must demonstrate compliance in a stand-alone
configuration.
6.The module must be labeled with its permanently affixed FCC ID
label, or use an electronic display (see KDB Publication
784748).
.
7.The module must comply with all specific rules applicable to the
the
the conditions provided
in
transmitter,
including all
integration instructions by the grantee.
8.The module must comply with RF exposure requirements.
Answer from applicant
The module contains a metal shield
which covers all RF components
and circuitry. The shield is located
on the top of the board with Ground
connections on the pcb completing
the shield
Data to the modulation circuit is
buffered.
The module contains its own power
supply regulation. Please refer to
schematic filed with this application
The module is permanently
connected to the pcb coil trace
antenna integrated into the pcb.
The module has been tested
outside of a host controller device
on the supplied 30cm long leads, to
ensure the host controller during
testing did not influence the results.
AC power line conducted
emissions was also performed.
There is a label on the module as
shown in the labeling exhibit filed
with this application. Host specific
labeling instructions are shown in
the installation manual also filed
with this application
The module complies with FCC
Part 15C requirements.
Instructions to the OEM installer
are provided in the installation
manual filed with this application
The module meets Portable
exclusion levels as shown in the
RF exposure information filed with
this application
Name and surname of applicant (or authorized representative): Daniel Sims (Agent)
RN Electronics Ltd
Date: 2nd August 2022
Signature:
| frequency | equipment class | purpose | ||
|---|---|---|---|---|
| 1 | 2022-08-26 | 13.56 ~ 13.56 | DXX - Part 15 Low Power Communication Device Transmitter | Original Equipment |
| app s | Applicant Information | |||||
|---|---|---|---|---|---|---|
| 1 | Effective |
2022-08-26
|
||||
| 1 | Applicant's complete, legal business name |
Eccel Technology Ltd
|
||||
| 1 | FCC Registration Number (FRN) |
0026350066
|
||||
| 1 | Physical Address |
198 Station Road Glenfield
|
||||
| 1 |
198 Station Road
|
|||||
| 1 |
Leicester, N/A
|
|||||
| 1 |
United Kingdom
|
|||||
| app s | TCB Information | |||||
| 1 | TCB Application Email Address |
c******@telefication.com
|
||||
| 1 | TCB Scope |
A1: Low Power Transmitters below 1 GHz (except Spread Spectrum), Unintentional Radiators, EAS (Part 11) & Consumer ISM devices
|
||||
| app s | FCC ID | |||||
| 1 | Grantee Code |
2ALHY
|
||||
| 1 | Equipment Product Code |
000537
|
||||
| app s | Person at the applicant's address to receive grant or for contact | |||||
| 1 | Name |
D****** J******** T****
|
||||
| 1 | Title |
Mr
|
||||
| 1 | Telephone Number |
+44 1********
|
||||
| 1 | Fax Number |
+44 5********
|
||||
| 1 |
d******@eccel.co.uk
|
|||||
| app s | Technical Contact | |||||
| 1 | Firm Name |
Eccel Technology Ltd
|
||||
| 1 | Name |
L****** C********
|
||||
| 1 | Physical Address |
198 Station Road
|
||||
| 1 |
Leicester
|
|||||
| 1 |
United Kingdom
|
|||||
| 1 | Telephone Number |
44741********
|
||||
| 1 |
L******@eccel.co.uk
|
|||||
| app s | Non Technical Contact | |||||
| 1 | Firm Name |
Eccel Technology Ltd
|
||||
| 1 | Name |
D****** T********
|
||||
| 1 | Physical Address |
198 Station Road
|
||||
| 1 |
Leicester
|
|||||
| 1 |
United Kingdom
|
|||||
| 1 | Telephone Number |
44741********
|
||||
| 1 |
D******@eccel.co.uk
|
|||||
| app s | Confidentiality (long or short term) | |||||
| 1 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
| 1 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
| if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
| app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
| 1 | Is this application for software defined/cognitive radio authorization? | No | ||||
| 1 | Equipment Class | DXX - Part 15 Low Power Communication Device Transmitter | ||||
| 1 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | 10xRS485 Reader | ||||
| 1 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
| 1 | Modular Equipment Type | Single Modular Approval | ||||
| 1 | Purpose / Application is for | Original Equipment | ||||
| 1 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
| 1 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
| 1 | Is there an equipment authorization waiver associated with this application? | No | ||||
| 1 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
| app s | Test Firm Name and Contact Information | |||||
| 1 | Firm Name |
RN Electronics Ltd
|
||||
| 1 | Name |
C****** H******
|
||||
| 1 | Telephone Number |
44 12********
|
||||
| 1 |
c******@RNelectronics.com
|
|||||
| Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
| 1 | 1 | 15C | 13.56000000 | 13.56000000 | 0.0000010 | ||||||||||||||||||||||||||||||||||||
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC