Adding pn71xx NXP's NFC Controllers through Linux Libnfc-nci
(note I have only tested this does not break build etc. as I do not have a reader with this chipset)
Adding support for extended Magic cards:
- DirectWrite cards
- One Time Write cards
Direct Write cards support modification of B0 directly, without any unlock codes. When we are attempting to detect if a card is 'magic', we will attempt to modify B0 directly as an initial check.
One Time Write cards support modification of B0 directly, one time only. They do not respond to magic commands, but have a fixed UID coming out of the factory. We now detect this UID, and if so, deem the card 'magic'.
Adding support for "DirectWrite" Ultralight tags.
- The latest generation of "Magic" Ultralight tags support DirectWrite to B0.
- Several versions of these cards are bricked if the older 'unlock' command is issued to the card.
- To avoid this, when detecting if a card is magic, we attempt to modify B0 directly. If this fails, we proceed with an unlock command.
CC pn53x-tamashell.o
pn53x-tamashell.c:48:12: fatal error: 'readline/readline.h' file not found
# include <readline/readline.h>
^~~~~~~~~~~~~~~~~~~~~
1 error generated.
PN533 easily corrupts its USB descriptors. We know that and we
already try to detect and even repair them.
However there are situations where lower software layers get
confused before libnfc can help. On Windows, libusb may set
dev->config to NULL, but we can also have a non NULL dev->config
referencing corrupted data.
In order to get more robust, let us replace the Windows libusb
specific (dev->config == NULL) test by an inconditionnal use of
hardcoded descriptors when they are available.
The problem occurs in the following succession of events:
* Emit commands returning an answer larger than 16 bytes
* Re-enumerate USB devices without power cycle, e.g. a warm reboot of the PC
The bug can be reproduced for testing purposes with usbreset.c from
https://askubuntu.com/questions/645/how-do-you-reset-a-usb-device-from-the-command-line#661
$ lsusb|grep NFC
Bus 001 Device 010: ID 04e6:5591 SCM Microsystems, Inc. SCL3711-NFC&RW
$ sudo ./usbreset /dev/bus/usb/001/010
Resetting USB device /dev/bus/usb/001/010
Reset successful
$ echo -e "4a 01 00\n423000" |pn53x-tamashell
$ sudo ./usbreset /dev/bus/usb/001/010
Resetting USB device /dev/bus/usb/001/010
Error in ioctl: No such device
$ lsusb|grep NFC
... device disappeared
In the example above, reading 4 pages of a MFUL corrupted one single byte.
The entire buffer can be corrupted e.g. with fast-reading a MFUL EV1:
$ echo -e "4a 01 00\n423a0013"|pn53x-tamashell
