the APDU commands I am sniffing do not match with any APDU I've ever seen while the anti-collision part seems to be showing the right commands.
I've been trying to sniff a tag-reader communication for a while, using PM3. I know the reader has an Atmel chip that is designed for 14443-B protocol communication (88RF1354). but the tag is unknown and no reader emulator(PM3, hydraNFC, iCopy, ASC, ...) was able to read it. only the original reader detects the tag and communicates. My Problem is, the sniffed data doesn't seem to be meaningful except for the anti-collision commands.
APDU commands : REQB - ATQB - ATTRB - answer to ATTRB are based on ISO-14443 standard but the rest I can not find any reference for in PC/SC or ISO-7816, as for what is written in those documents, the APDU first byte shall be the CLA and no CLA starts with these numbers I am receiving.
any Idea how to interpret this data?
like, what could this lines refer to as a command? do we have any APDU command hat strts with such classes as "11, 12, 18, 16 , .."?
Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------
Rdr |11 01 87 92 | ok | ?
Rdr |12 00 00 0f fe fe | ok | ?
Rdr |12 00 10 0f 6f 6b | ok | ?
Tag |12 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | |
|00 3a 2b
I found the answer. the Tag type was cryptoRF. the communication commands start with its CID, and since my tag was being assigned with CID 1, all the sniffed data after anti-collision would go with 11, 12, 13, 14, 16, 18. each having their own meaning based on data sheet.
