Skip to content

FeliCa Emulation: Handle certain Polling commands in firmware #4204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Sep 24, 2025
Merged

FeliCa Emulation: Handle certain Polling commands in firmware #4204

merged 13 commits into from
Sep 24, 2025

Conversation

dogtopus
Copy link
Contributor

@dogtopus dogtopus commented Apr 25, 2025
edited by hedger
Loading

What's new

This is a continuation of #4202.

NFC TagInfo, probably all NDEF Type 3 readers, and possibly other readers rely on Polling commands with Request Code of 1 (default System Code request) and non-FFFF System Code to detect card type. The NFC controller doesn't seem to handle the latter case in hardware and simply bubbles those commands up to the firmware layer. The firmware in its current form then gets confused and interrupts the transaction, resulting in failed reading attempts.

This PR adds a handler for when a Polling command with non-FFFF System Code is seen on the firmware side, so that readers behaving like NFC TagInfo could read the emulated card without failing.

Verification

  • Use the .nfc file provided here: F.zip
  • Scan with NFC TagInfo. It should read the entire contents of the emulated card, including having the correct decoding on the NDEF tab.
  • Scan with no reader app. It should open https://example.com
  • Use Proxmark3 to send polling commands to the emulated card. It should return something similar to below:
[usb] pm3 --> hf felica raw -c 060088b40000
[+] Data: 06 00 88 B4 00 00 F7 25 
[+] (22) B2 4D 12 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 D8 9F 
[usb] pm3 --> hf felica raw -c 060088b40100
[+] Data: 06 00 88 B4 01 00 C4 14 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 88 B4 26 1C 
[usb] pm3 --> hf felica raw -c 060088b40200
[+] Data: 06 00 88 B4 02 00 91 47 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 00 83 F2 99 
[usb] pm3 --> hf felica raw -c 060012fc0000
[+] Data: 06 00 12 FC 00 00 ED 1D 
[+] (22) B2 4D 12 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 D8 9F 
[usb] pm3 --> hf felica raw -c 060012fc0100
[+] Data: 06 00 12 FC 01 00 DE 2C 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 12 FC 18 F0 
[usb] pm3 --> hf felica raw -c 060012fc0200
[+] Data: 06 00 12 FC 02 00 8B 7F 
[+] (24) B2 4D 14 01 01 2E 46 65 6C 69 43 61 00 F1 00 00 00 01 43 00 00 83 F2 99

Checklist (For Reviewer)

  • PR has description of feature/bug or link to Confluence/Jira task
  • Description contains actions to verify feature/bugfix
  • I've built this code, uploaded it to the device and verified feature/bugfix

dogtopus added 7 commits April 25, 2025 02:25
@dogtopus
FeliCa: Handle non-hardware Polling commands
ee3caef 
NFC TagInfo and possibly other readers rely on Polling commands with Request Code of 1 (default System Code request) or non-FFFF System Code to detect card type. Since the NFC controller doesn't seem to handle them in hardware and simply bubbles them up, and then the Flipper firmware will just ignore them and refuse to respond afterwards, this causes the reading operation to fail.

This commit adds a simple handler for such Polling commands so that readers behaving like NFC TagInfo could read the emulated card without failing.
@dogtopus
Only handle cases when System Code is not FFFF
7579269 
The NFC controller should handle Polling commands with the System Code set to FFFF, so it's not necessary for the firmware to handle it.
@dogtopus
Remove system code logging
09b052d
@dogtopus
More cleanups
8d1f007
@dogtopus
Remove the claim that we need a poller change
7472167 
We already have enough information to determine whether or not the card supports NDEF since SYS_OP register value is included in all current Lite-S card dumps.
@dogtopus
Respond to 12FC polling command when needed
9329ef6
@dogtopus
Handle Polling with NDEF and Lite-S Service Code
444068a 
This allows the reader to specifically select the service by naming the Service Code.
@hedger hedger added the NFC NFC-related label Apr 26, 2025
@dogtopus
Introduce API for manual handling of Polling commands
4bb0e36 
Introduce nfc_felica_listener_timer_anticol_start() and nfc_felica_listener_timer_anticol_stop(). These are for now just wrappers around the block_tx timer that can be used to delay the response until the desired Time Slot. Thanks to the loose timing constraints of FeliCa collision resolution protocol, no compensation seems to be necessary. Also enabled the block_tx timer for FeliCa listener, but with both compensation and fdt set to 0 to keep the original behavior of not using the timer during normal data exchange.

This API is now being used for handling Polling commands that are not handled by the NFC controller on the hardware side.
@dogtopus dogtopus requested a review from nminaylov as a code owner April 29, 2025 14:02
@dogtopus dogtopus changed the title FeliCa Emulation: Handle non-hardware Polling commands FeliCa Emulation: Handle certain Polling commands in firmware Apr 29, 2025
@dogtopus
Copy link
Contributor Author

dogtopus commented May 5, 2025

I fixed the HACK part and this should be ready for review again.

RebornedBrain
RebornedBrain reviewed May 12, 2025
View reviewed changes
Copy link
Contributor

@RebornedBrain RebornedBrain left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your work on this PR, NDEF and system codes for Felica are great! But there are some parts of code which would be better to adjust a little bit. I described my idea in review comments. And also here is a complete patch felica_polling.patch, which implements it.
Would you please apply it, validate that it works and update your PR?
Thanks in advance! 🐱

@dogtopus
Copy link
Contributor Author

Any progress on the review? @RebornedBrain

@RebornedBrain
Copy link
Contributor

Hi @dogtopus, sorry didn't see message. Everything looks fine to me! @hedger could you please approve and merge

@dogtopus
Copy link
Contributor Author

It's been 3 months and this PR still isn't merged. Is there a problem with the code?

@hedger hedger added the New Feature Contains an IMPLEMENTATION of a new feature label Sep 24, 2025
@hedger
Copy link
Member

hedger commented Sep 24, 2025

@dogtopus sorry for the delay

@hedger hedger merged commit dfd7537 into flipperdevices:dev Sep 24, 2025
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hedger hedger hedger approved these changes

@DrZlo13 DrZlo13 Awaiting requested review from DrZlo13 DrZlo13 is a code owner

@gsurkov gsurkov Awaiting requested review from gsurkov gsurkov is a code owner

@gornekich gornekich Awaiting requested review from gornekich gornekich is a code owner

@nminaylov nminaylov Awaiting requested review from nminaylov nminaylov is a code owner

+1 more reviewer

@RebornedBrain RebornedBrain RebornedBrain left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
New Feature Contains an IMPLEMENTATION of a new feature NFC NFC-related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dogtopus @RebornedBrain @hedger