FeliCa: Handle non-hardware Polling commands

dogtopus · dogtopus · commit ee3caefdb41d · 2025-04-25T02:25:22.000+09:00
NFC TagInfo and possibly other readers rely on Polling commands with Request Code of 1 (default System Code request) or non-FFFF System Code to detect card type. Since the NFC controller doesn't seem to handle them in hardware and simply bubbles them up, and then the Flipper firmware will just ignore them and refuse to respond afterwards, this causes the reading operation to fail.

This commit adds a simple handler for such Polling commands so that readers behaving like NFC TagInfo could read the emulated card without failing.
diff --git a/lib/nfc/protocols/felica/felica.h b/lib/nfc/protocols/felica/felica.h
@@ -58,6 +58,7 @@ typedef enum {
     FelicaErrorWrongCrc,
     FelicaErrorProtocol,
     FelicaErrorTimeout,
+    FelicaErrorIgnoreRequest,
 } FelicaError;
 
 typedef struct {
diff --git a/lib/nfc/protocols/felica/felica_listener.c b/lib/nfc/protocols/felica/felica_listener.c
@@ -5,9 +5,17 @@
 #include <furi_hal_nfc.h>
 
 #define FELICA_LISTENER_MAX_BUFFER_SIZE     (128)
+#define FELICA_CMD_POLLING                  (0x00U)
+#define FELICA_LISTENER_RESPONSE_POLLING    (FELICA_CMD_POLLING | 1U)
 #define FELICA_LISTENER_RESPONSE_CODE_READ  (0x07)
 #define FELICA_LISTENER_RESPONSE_CODE_WRITE (0x09)
 
+#define FELICA_POLLING_REQUEST_NONE        (0x00U)
+#define FELICA_POLLING_REQUEST_SYSTEM_CODE (0x01U)
+#define FELICA_POLLING_REQUEST_PERFORMANCE (0x02U)
+
+#define FELICA_SYSTEM_CODE_LITES (0xB488U)
+
 #define TAG "FelicaListener"
 
 FelicaListener* felica_listener_alloc(Nfc* nfc, FelicaData* data) {
@@ -136,6 +144,45 @@ static FelicaError felica_listener_command_handler_write(
     return felica_listener_frame_exchange(instance, instance->tx_buffer);
 }
 
+static FelicaError felica_listener_user_polling_handler(
+    FelicaListener* instance,
+    const FelicaListenerGenericRequest* generic_request) {
+    switch(generic_request->polling.request_code) {
+    case FELICA_POLLING_REQUEST_NONE: {
+        if(generic_request->polling.system_code != FELICA_SYSTEM_CODE_CODE) {
+            return FelicaErrorIgnoreRequest;
+        } else {
+            FURI_LOG_E(
+                TAG,
+                "NFC controller should have handled this Polling request. Please report this issue.");
+            return FelicaErrorNotPresent;
+        }
+        break;
+    }
+    case FELICA_POLLING_REQUEST_SYSTEM_CODE: {
+        FelicaPollingResponseWithRequest* resp = malloc(sizeof(FelicaPollingResponseWithRequest));
+        resp->base.length = sizeof(FelicaPollingResponseWithRequest);
+        resp->base.response_code = FELICA_LISTENER_RESPONSE_POLLING;
+        resp->base.idm = instance->data->idm;
+        resp->base.pmm = instance->data->pmm;
+        resp->request_data = FELICA_SYSTEM_CODE_LITES;
+
+        bit_buffer_reset(instance->tx_buffer);
+        bit_buffer_append_bytes(instance->tx_buffer, (uint8_t*)resp, resp->base.length);
+
+        free(resp);
+        break;
+    }
+    default:
+        FURI_LOG_E(
+            TAG,
+            "FeliCa unhandled polling request code %02X",
+            generic_request->polling.request_code);
+        return FelicaErrorNotPresent;
+    }
+    return felica_listener_frame_exchange(instance, instance->tx_buffer);
+}
+
 static FelicaError felica_listener_process_request(
     FelicaListener* instance,
     const FelicaListenerGenericRequest* generic_request) {
@@ -187,7 +234,16 @@ NfcCommand felica_listener_run(NfcGenericEvent event, void* context) {
                 break;
             }
 
-            if(!felica_listener_check_idm(instance, &request->header.idm)) {
+            if(request->header.code == FELICA_CMD_POLLING) {
+                // Catch any Request Code requests that were not handled in hardware.
+                FelicaError error = felica_listener_user_polling_handler(instance, request);
+                if(error == FelicaErrorIgnoreRequest) {
+                    command = NfcCommandReset;
+                } else if(error != FelicaErrorNone) {
+                    FURI_LOG_E(TAG, "User polling handler error: %2X", error);
+                }
+                break;
+            } else if(!felica_listener_check_idm(instance, &request->header.idm)) {
                 FURI_LOG_E(TAG, "Wrong IDm");
                 break;
             }
diff --git a/lib/nfc/protocols/felica/felica_listener_i.h b/lib/nfc/protocols/felica/felica_listener_i.h
@@ -12,10 +12,36 @@ typedef enum {
     Felica_ListenerStateActivated,
 } FelicaListenerState;
 
+#pragma pack(push, 1)
+typedef struct {
+    uint8_t code;
+    uint16_t system_code;
+    uint8_t request_code;
+    uint8_t time_slot;
+} FelicaListenerPollingHeader;
+#pragma pack(pop)
+
+typedef struct {
+    uint8_t length;
+    uint8_t response_code;
+    FelicaIDm idm;
+    FelicaPMm pmm;
+} FelicaListenerPollingResponse;
+
+#pragma pack(push, 1)
+typedef struct {
+    FelicaListenerPollingResponse base;
+    uint16_t request_data;
+} FelicaPollingResponseWithRequest;
+#pragma pack(pop)
+
 /** Generic Felica request same for both read and write operations. */
 typedef struct {
     uint8_t length;
-    FelicaCommandHeader header;
+    union {
+        FelicaCommandHeader header;
+        FelicaListenerPollingHeader polling;
+    };
 } FelicaListenerGenericRequest;
 
 /** Generic request but with list of requested elements. */
