Send TgInitAsTarget command to PN532 (ELEHOUSE module)，get ACK frame back, but lost the normal information frame

Question

I am getting started with a PN532 NFC module recently. I can successfully read/write M1 and S50 cards.

Now I am trying to learn how to use P2P communication. However, when I send a TgInitAsTarget command to the PN532 (ELEHOUSE module), I receive an ACK frame, but I never receive the normal information frame that should follow afterwards.

Here are my steps:

Get PN532 into target mode by sending TgInitAsTarget command:

TgInitAsTarget:
{ 00 00 ff 0x27 0xd9
  d4 8c 04
     08 00 12 34 56 40
     01 fe a2 a3 a4 a5 a6 a7   c0 c1 c2 c3 c4 c5 c6 c7   ff ff
     aa 99 88 77 66 55 44 33 22 11
     00
     00
  fd 00 }

Get a second PN532 into initiator mode by sending InJumpForDEP command:

InJumpForDEP:
{ 00 00 ff 0a f6
  d4 56 01 02
     01   00 ff ff 00 00
  d4 00 }

Put the initiator above the target.
When I read the information received from the target through UART, I get the following:
```
target->pc:
{ 01
  00 00 ff 00 ff 00 }
```
This seems to be an ACK frame indicating that the TgInitAsTarget command was processed correctly. But afterwards the PN532 does not send the normal information frame containing the result of the TgInitAsTarget command and the target is always in busy state.

What is going wrong here?

Michael Roland · Answer 1 · 2016-03-13T09:22:41.480

Several things seem to be wrong with your commands.

First of all, the InJumpForDEP command seems to be malformed. That command decodes to the following:
```
d4 56   InJumpForDEP
   01   ActPass = Active Mode
   02   Baud Rate = 424 kbps
   01   Next = NFCID3i
   00 ff ff 00 00  NFCID3i ? (HERE is the problem)
```
The NFCID3i field of that command is not valid. An NFCID3i must consist of 10 bytes (e.g. 11 22 33 44 55 66 77 88 99 AA). The easiest way would be to let the PN532 automatically generate a random NFCID3i by not specifying an NFCID3i field at all:
```
d4 56   InJumpForDEP
   01   ActPass = Active Mode
   02   Baud Rate = 424 kbps
   00   Next = none
```
Note that length field and checksum of the command frame need to be adapted accordingly.
The initiator is polling in active mode at baud rate 424 kbps. However, with your TgInitAsTarget command, you instruct the target to listen in PICC mode only:
```
d4 8c   TgInitAsTarget
   04   Mode = PICC only ! (HERE is the problem)
   08 00 12 34 56 40   MifareParams
   01 fe a2 a3 a4 a5 a6 a7   c0 c1 c2 c3 c4 c5 c6 c7   ff ff   FelicaParams
   aa 99 88 77 66 55 44 33 22 11   NFCID3t
   00   no Gt
   00   no Tk
```
Consequently, the target will only operate as ISO/IEC 14443-4 PICC (which is similar to passive mode at 106 kbps). Therefore, the initiator and the target are configured to speak two completely different protocols and, hence, do not understand each other. As a result, the PN532 in target mode will never be invoked by the PN532 in initiator mode and will, consequently, never return from the TgInitAsTarget command.

In order to configure the target in a way that is compatible to your initiator configuration, you could use this:
```
d4 8c   TgInitAsTarget
   02   Mode = DEP only
   08 00 12 34 56 40   MifareParams (not used in active mode)
   01 fe a2 a3 a4 a5 a6 a7   c0 c1 c2 c3 c4 c5 c6 c7   ff ff   FelicaParams (not used in active mode)
   aa 99 88 77 66 55 44 33 22 11   NFCID3t
   00   no Gt
   00   no Tk (not used in active mode)
```

thanks for your advice,I have try it ,but it doesn't work .I send command TgInitAsTarget : {00, 00, 0xff, 0x27, 0xd9, 0xd4, 0x8c, 0x02, (I have try set mode 0x00,and put NFC phone on target with NFC app ,however,never return from the TagInitAsTarget command. ) 0x08, 0x00, 0x12, 0x34, 0x56,0x40, 0x01,0xfe,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7, 0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,0xff,0xff, 0xaa,0x99,0x88,0x77,0x66,0x55,0x44,0x33,0x22,0x11, 0x00,0x00, 0x1f,0x00,};Is there any setting of PN532 before use the TgInitAsTarget command? @Michael Roland — Allen, Mar 10 '16 at 08:55
@Allen Do you receive any error code on the initiator side? And do you set any configuration parameters (registers, RF parameters, etc.) before starting initiator/tagret mode? — Michael Roland, Mar 10 '16 at 20:55
There is no error code after sending TgInitAsTarget command,but ACK frame. both of target and initiator have no any error code ,and two PN532 are always in busy state.I have try your anwser of this question link but didn't work still.@Michael Roland — Allen, Mar 14 '16 at 04:36

score 1 · Answer 2 · answered Mar 18 '16 at 08:58

1

Finally,I solved the problem, it is a hardware problem ,and i buy new PN532 module. The normal information frame return successfully。 Thanks anyway @Michael Roland .

answered Mar 18 '16 at 08:58

Allen

21
3

Can you tell me which one did you buy? There are a lot of PN532 modules, each has different specs. – Srneczek Jun 30 '20 at 14:40

Send TgInitAsTarget command to PN532 (ELEHOUSE module)，get ACK frame back, but lost the normal information frame

2 Answers2