ST25TB / SRx NFC Emulator / Initiator based on TI TRF7970A with MSP430
This is the support project of ST25TB series NFC tags for fun in French public transports
(ST25TB_transport.pdf)
st25tb_kiemul
project is ready for Texas Intruments Code Composer Studio (CCS) IDE 12+, https://www.ti.com/tool/CCSTUDIO
You can use the local IDE or the online one (CCS Cloud). When using online IDE, do not forget to delete additionnal .cmd
at the root of the project after the initial import ; they are conflicting with specific embeded ones in the project.
You can reduce the code base but, at this time, the full project (emulator/writer/learner with led animations) needs (only) < 6 kilobytes for program and < 700 bytes of memory.
MSP-EXP430F5529LP
+DLP-7970ABP
with configurationRelease - lp-msp430f5529
- MSP @ 25 MHz, external battery neededLP-MSP430FR2476
+DLP-7970ABP
with configurationRelease - lp-msp430fr2476
- MSP @ 16 MHz, CR2032 battery compatible!*MSP430*
+DLP-7970ABP
with new configuration to create (feel free to adapt :))
You can program your board from the IDE itself, but .hex
files produced/downloaded can also be used with MSP430Flasher
(https://www.ti.com/tool/MSP430-FLASHER) or UniFlash
(https://www.ti.com/tool/UNIFLASH).
No MSP-FET
required when using LaunchPad cards, as they embed an eZ-FET lite
emulator.
MSP430Flasher -i TIUSB -n MSP430FR2476 -z [VCC,RESET] -e ERASE_ALL -v -w st25tb_kiemul-MSP430FR2476.hex
MSP430Flasher -i TIUSB -n MSP430F5529 -z [VCC,RESET] -e ERASE_ALL -v -w st25tb_kiemul-MSP430F5529.hex
- replace
-i TIUSB
by-i COMnumber
when dealing with multiple boards connected at the same time ; - do not hesitate to make another reset by the button after flashing.
basics
At startup/reset, the content of the emulator card is loaded from the flash memory. If no cards were previously learned, a default one with the UID: d00233aabbccddee
is loaded.
Left and Right buttons are used to cycle between modes (Emulator -> Writer -> Learn)
GREEN led only
In this mode, it reacts like a normal ST25TB-AT cards, with few differences:
- Sectors
0x05
and0x06
are not limited to decrement ; - Sector
0xff
(system area / internal is0x80
) is not used to lock sectors/OTP ; - Sectors
0x81
and0x82
can be used to read and write UID ; - Any writing operation to sector
0xfe
will write current emulated card into flash memory.
basically, it reacts like a memory card without limitation
RED led only
In this mode, it will try to write the emulator content back to the original card.
Leds on the DLP-7970ABP
board are used for status:
- 🔵 & 🟢 Card successfully writed (and confirmed)
- 🔴 An error occured (not the good UID or write then read error)
GREEN & RED led
In this mode, it will read an original card into emulator, then save it to the flash memory.
Leds on the DLP-7970ABP
board are used for status:
- 🔵 Card successfully readed (and confirmed)
- 🔴 An error occured (try to move the card, no need to stick it to the antenna)
- 🟢 Card successfully writed to the flash memory
- Yep, I recreated a ~1%
Chameleon
like stuff :') - Yep, I'm happy with it: I do it for myself to learn (& for fun)
- No, I'm not confident to be able to help to add 14B(') to https://github.com/emsec/ChameleonMini/tree/master/Firmware/Chameleon-Mini/Codec
- otherwise I would have done it
No, I will not create a single board with battery from available schematics of MSP430 LaunchPad & TRF7970A BoosterPackwell, maybe?- well, I did: https://oshwlab.com/gentilkiwi/st25tb_kiemul
- Yes, you can use other (better) MCU with the
TRF7970A
, even with the originalDLP-7970ABP
board- think aout STM32, Raspberry PI Pico or your prefered one with
SPI
support, really
- think aout STM32, Raspberry PI Pico or your prefered one with
MSP-EXP430F5529LP
- https://www.mouser.com/ProductDetail/595-MSPEXP430F5529LPLP-MSP430FR2476
- https://www.mouser.com/ProductDetail/595-LP-MSP430FR2476DLP-7970ABP
- https://www.mouser.com/ProductDetail/595-DLP-7970ABP
To practice, for POC, and for the lulz, a mini-board is also available: https://oshwlab.com/gentilkiwi/st25tb_kiemul
Benjamin DELPY gentilkiwi
, you can contact me on Twitter ( @gentilkiwi ) or by mail ( benjamin [at] gentilkiwi.com )
This is a personal development, please respect its philosophy and don't use it for bad things!
CC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/