NXP Reader Library  v17.1.0.2535
Modules | Functions
S_Mode
Hardware Abstraction Layer » Component : SAM » Command Interface » 09_MIFARE_Plus

Implementation of SAM commands used for MIFARE Plus communication in S-Mode. More...

Collaboration diagram for S_Mode:

Modules

 Defines
 Definitions for SAM commands used for MIFARE Plus communication in S-Mode.
 

Functions

phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticateMFP_Part1 (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bOption, uint8_t bKeyNo, uint8_t bKeyVer, uint8_t *pPDChal, uint8_t bPDChalLen, uint8_t *pDivInput, uint8_t bDivInputLen, uint8_t **ppPCDChalResp, uint16_t *pPCDChalRespLen)
 Perform a MFP Authenticate command part1. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticateMFP_Part2 (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bPiccErrCode, uint8_t *pPDResp, uint8_t bPDRespLen, uint8_t **ppPDCap2, uint8_t **ppPCDCap2, uint8_t *pPiccReturnCode)
 Perform a MFP Authenticate command part2. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_AuthSectorSwitchMFP_Part1 (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bOption, uint8_t *pPDChal, uint8_t bPDChalLen, uint16_t wSSKeyBNr, uint8_t bSSKeyNo, uint8_t bSSKeyVer, uint8_t bMSKeyNo, uint8_t bMSKeyVer, uint8_t bSectorCount, uint8_t *pKeyBlocks, uint8_t bKeyBlocksLen, uint8_t *pDivInput, uint8_t bDivInputLen, uint8_t **ppPCDChalResp, uint16_t *pPCDChalRespLen)
 Perform a MFP Sector Switch Authenticate command part1. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_AuthSectorSwitchMFP_Part2 (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bPiccErrCode, uint8_t *pPDResp, uint8_t bPDRespLen, uint8_t *pPiccReturnCode)
 Perform a MFP Sector Switch Authenticate Authenticate command part2. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticatePDC_Part1 (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bOption, uint8_t bKeyNo, uint8_t bKeyVer, uint8_t *pPDChal, uint8_t bPDChalLen, uint8_t *pUpgradeInfo, uint8_t bLen, uint8_t *pDivInput, uint8_t bDivInputLen, uint8_t **ppPCDChalResp, uint16_t *pPCDChalRespLen)
 Perform a Post delivery configuration Authenticate command part1. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticatePDC_Part2 (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bPiccErrCode, uint8_t *pPDResp, uint8_t bPDRespLen, uint8_t *pPiccReturnCode)
 Perform a Post delivery configuration Authenticate command part2. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_CombinedReadMFP (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bLFI, uint16_t wOption, uint8_t *pData, uint8_t bDataLen, uint8_t **ppOutput, uint16_t *pOutputLen, uint8_t *pPiccReturnCode)
 Perform a MIFARE Plus Combined Read command. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_CombinedWriteMFP (phhalHw_Sam_DataParams_t *pDataParams, uint16_t wOption, uint8_t *pData, uint8_t bDataLen, uint8_t **ppOutput, uint16_t *pOutputLen, uint8_t *pPiccReturnCode)
 Perform a MFP CombinedWrite command. More...
 
phStatus_t phhalHw_Sam_Cmd_SAM_ChangeKeyMFP (phhalHw_Sam_DataParams_t *pDataParams, uint8_t bOption, uint8_t *pData, uint8_t bDataLen, uint8_t **ppProtectedData, uint16_t *pProtectedDataLen, uint8_t *pPiccReturnCode)
 Prepare the MFP Change Key command. More...
 

Detailed Description

Implementation of SAM commands used for MIFARE Plus communication in S-Mode.

Function Documentation

◆ phhalHw_Sam_Cmd_SAM_AuthenticateMFP_Part1()

phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticateMFP_Part1 ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bOption,
uint8_t  bKeyNo,
uint8_t  bKeyVer,
uint8_t pPDChal,
uint8_t  bPDChalLen,
uint8_t pDivInput,
uint8_t  bDivInputLen,
uint8_t **  ppPCDChalResp,
uint16_t pPCDChalRespLen 
)

Perform a MFP Authenticate command part1.

This command will generate a 16 byte random number with the one received from PICC and return an 32 byte encrypted data which will be sent to PICC.

Note
Return values
PH_ERR_SUCCESS_CHAININGOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpPDChal, pDivInput and pPCDChalRespLen are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bOption[In] Key diversification & authentication mode selection. Option to update the P1 information. The options can be combined by bitwise oring.
[in]bKeyNo[In] Key number to be used from SAM. One of the following,
  • NVM Key: 0x00 - 0x7F
  • RAM Key: 0xE0 - 0xE3
[in]bKeyVer[In] Key version to be used from SAM.
[in]pPDChal[In] Buffer containing the challange generated by the PICC. E(Kx,RndB) (16 bytes).
[in]bPDChalLen[In] Length of bytes available in pPDChal buffer.
[in]pDivInput[In] Diversification Input used to diversify the key.
  • If any of diversification option is set in bOption parameter, then
    • 8 (if AV1 key diversification with DES)
    • 16 (if AV1 key diversification with AES) bytes
    • 1 to 31 bytes (if AV2 key diversification) diversification input
  • NULL otherwise
[in]bDivInputLen[In] Length of bytes available in pDivInput buffer.
[out]ppPCDChalResp[Out] Buffer containing the PCD challenge response to be sent to PICC. Challenge response as E(Kx, RndA || RndB')
[out]pPCDChalRespLen[Out] Length of bytes available in ppPCDChalResp buffer.

◆ phhalHw_Sam_Cmd_SAM_AuthenticateMFP_Part2()

phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticateMFP_Part2 ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bPiccErrCode,
uint8_t pPDResp,
uint8_t  bPDRespLen,
uint8_t **  ppPDCap2,
uint8_t **  ppPCDCap2,
uint8_t pPiccReturnCode 
)

Perform a MFP Authenticate command part2.

This command will decrypt the response received from PICC and will return the PC capabilities and PCD capabilites.

Note
  • This interface should be called only if AuthenticateMFP Part1 returns Chaining Status.
  • This interface also support Cmd.SAM_AuthenticateMFPError internally. For this bPiccErrCode should utialized and pPiccReturnCode will have the PICC error code that is exchanged.
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PHHAL_HW_SAM_ERR_MIFARE_PLUS_GENIn case of PICC Error exchanged.
PH_ERR_INVALID_PARAMETERpPDResp and pPiccReturnCode are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bPiccErrCode[In] Error Code sent by the MIFARE Plus PICC. For success it should be 0x90.
[in]pPDResp[In] Buffer containing the input received from PICC.
[in]bPDRespLen[In] Length of bytes available in pPDResp buffer.
[out]ppPDCap2[Out] Buffer containing the Output PCD capabilities. This will be of 6 bytes.
[out]ppPCDCap2[Out] Buffer containing the Output PD capabilities. This will be of 6 bytes.
[out]pPiccReturnCode[Out] Error code returned by MIFARE Plus PICC. This will of 1 byte in length.

◆ phhalHw_Sam_Cmd_SAM_AuthSectorSwitchMFP_Part1()

phStatus_t phhalHw_Sam_Cmd_SAM_AuthSectorSwitchMFP_Part1 ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bOption,
uint8_t pPDChal,
uint8_t  bPDChalLen,
uint16_t  wSSKeyBNr,
uint8_t  bSSKeyNo,
uint8_t  bSSKeyVer,
uint8_t  bMSKeyNo,
uint8_t  bMSKeyVer,
uint8_t  bSectorCount,
uint8_t pKeyBlocks,
uint8_t  bKeyBlocksLen,
uint8_t pDivInput,
uint8_t  bDivInputLen,
uint8_t **  ppPCDChalResp,
uint16_t pPCDChalRespLen 
)

Perform a MFP Sector Switch Authenticate command part1.

This command will generate a 16 byte random number with the one received from PICC and return an 32 byte encrypted data which will be sent to PICC.

Note
Return values
PH_ERR_SUCCESS_CHAININGOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpPDChal, pDivInput and pPCDChalRespLen are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bOption[In] Key diversification selection. Option to update the P1 information. The options can be combined by bitwise oring.
[in]pPDChal[In] Buffer containing the challange generated by the PICC. PICC challenge as E ( Kn , ..., E ( K_1 , E ( Kss , RndB))...)
[in]bPDChalLen[In] Length of bytes available in pPDChal buffer.
[in]wSSKeyBNr[In] PICC Sector Switch key block number to be used for authentication.
[in]bSSKeyNo[In] Sector Switch Key number to be used from SAM (that is: Kss selection). One of the following,
  • NVM Key: 0x00 - 0x7F
  • RAM Key: 0xE0 - 0xE3
[in]bSSKeyVer[In] Sector Switch Key version to be used from SAM (that is: Kss selection)
[in]bMSKeyNo[In] Master Key number to be used from SAM One of the following,
  • NVM Key: 0x00 - 0x7F
  • RAM Key: 0xE0 - 0xE3
[in]bMSKeyVer[In] Master Key version to be used from SAM.
[in]bSectorCount[In] Number of sectors to be switched inside the PICC.
[in]pKeyBlocks[In] Buffer containing the PICC KeyB block number and reference key number and version to be used form SAM. Should contain the following,
  • KeyBxBNr: 2 byte Key Block sector number on the PICC (encoded MSB first)
  • KeyNo: If No sector number key diversification, SAM Key Number of the block sector key (that is: Kn selection).
    • NVM Key: 0x00 - 0x7F
    • RAM Key: 0xE0 - 0xE3
  • KeyVer: If No sector number key diversification, SAM Key Version of the block sector key (that is: Kn selection).
  • The format of the buffer should be, KeyBxBNr_1 || [KeyNo_1] || [KeyVer_1] || KeyBxBNr_2 || [KeyNo_2] || [KeyVer_2] || ... || KeyBxBNr_N || [KeyNo_N] || [KeyVer_N], Where N equal to the bSectorCount information.
[in]bKeyBlocksLen[In] Length of bytes available in pKeyBlocks buffer. It should be equal to (KeyBxBNr + [KeyNo] + [KeyVer]) * bSectorCount
[in]pDivInput[In] Buffer containing the diversification inputs to be used for diversifying the key.
  • SSKeyDivLen: Optional, present if Sector Switch Diversification is enabled, Length of the Sector Switch Key DivInput (and of Sector Keys DivInput if using same)
  • SSKeyDivInput: Optional, present if Sector Switch Diversification is enabled, 1 to 31 bytes diversification input for Sector Switch Key (and for Sector Keys if using same)
  • KeyBxDivLen: Optional, present if Sector Diversification is enabled. One of the following,
    • Using same DivInput for Sector Switch Key and Sector Keys: 0x00
    • Using different DivInput for Sector keys: 0x01 - 0x1F
  • KeyBxDivInput: Optional, present if Sector Diversification is enabled and KeyBxDivLen != 0x00. 1 to 31 bytes diversification input for Sector Keys
  • The format of the buffer should be, [[SSKeyDivLen] || [SSKeyDivInput]] || [[KeyBxDivLen] || [KeyBxDivInput]]
[in]bDivInputLen[In] Length of bytes available in pDivInput buffer.
[out]ppPCDChalResp[Out] Buffer containing the PCD challenge response to be sent to PICC. Challenge response as E ( K_n , ..., E ( K_1 , E ( Kss, RndA || RndB'))...)
[out]pPCDChalRespLen[Out] Length of bytes available in ppPCDChalResp buffer.

◆ phhalHw_Sam_Cmd_SAM_AuthSectorSwitchMFP_Part2()

phStatus_t phhalHw_Sam_Cmd_SAM_AuthSectorSwitchMFP_Part2 ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bPiccErrCode,
uint8_t pPDResp,
uint8_t  bPDRespLen,
uint8_t pPiccReturnCode 
)

Perform a MFP Sector Switch Authenticate Authenticate command part2.

This command will decrypt the response received from PICC and will return success status if the challanges matches.

Note
This interface should be called only if AuthSectorSwitchMFP Part1 returns Chaining Status.
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpPDResp and pPiccReturnCode are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bPiccErrCode[In] Error Code sent by the MFP PICC. For success it should be 0x90.
[in]pPDResp[In] Buffer containing the input received from PICC. PICC challenge response as E(Kn, ..., E(K1, E(Kss, RndA'))...)
[in]bPDRespLen[In] Length of bytes available in pPDResp buffer.
[out]pPiccReturnCode[Out] Error code returned by MIFARE Plus PICC. This will of 1 byte in length.

◆ phhalHw_Sam_Cmd_SAM_AuthenticatePDC_Part1()

phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticatePDC_Part1 ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bOption,
uint8_t  bKeyNo,
uint8_t  bKeyVer,
uint8_t pPDChal,
uint8_t  bPDChalLen,
uint8_t pUpgradeInfo,
uint8_t  bLen,
uint8_t pDivInput,
uint8_t  bDivInputLen,
uint8_t **  ppPCDChalResp,
uint16_t pPCDChalRespLen 
)

Perform a Post delivery configuration Authenticate command part1.

This command will generate a 16 byte random number with the one received from PICC and return an 32 byte encrypted data which will be sent to PICC.

Note
Return values
PH_ERR_SUCCESS_CHAININGOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpPDChal, pUpgradeInfo, pDivInput and pPCDChalRespLen are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bOption[In] Key diversification selection. Option to set the P1 information byte.
  • No derivation
  • Derive UpgradeKey from targeted ICUpgradeKey given UpgradeInfo
  • Diversify the targeted YearUpgradeKey with the given DivInput and then derive the actual UpgradeKey with UpgradeInfo
[in]bKeyNo[In] Key number to be used from SAM. One of the following,
  • NVM Key: 0x00 - 0x7F
  • RAM Key: 0xE0 - 0xE3
[in]bKeyVer[In] Key version to be used from SAM.
[in]pPDChal[In] Buffer containing the challange generated by the PICC. Authentication message from the PICC as E ( DivKey (Kx), RndB)
[in]bPDChalLen[In] Length of bytes available in pPDChal buffer.
[in]pUpgradeInfo[In] Upgrade information of the target product state.
[in]bLen[In] Length of bytes available in pUpgradeInfo buffer.
  • 0x00: No key derivation
  • 0x01 - 0x08: Key derivation involving UpgradeInfo
[in]pDivInput[In] Diversification input for generating KeyID.ICUpgrade Key , ie.: VCUID.
[in]bDivInputLen[In] Length of bytes available in pDivInput buffer.
[out]ppPCDChalResp[Out] Buffer containing the PCD challenge response to be sent to PICC. Challenge response as E ( DivKey (Kx), RndA || RndB')
[out]pPCDChalRespLen[Out] Length of bytes available in ppPCDChalResp buffer.

◆ phhalHw_Sam_Cmd_SAM_AuthenticatePDC_Part2()

phStatus_t phhalHw_Sam_Cmd_SAM_AuthenticatePDC_Part2 ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bPiccErrCode,
uint8_t pPDResp,
uint8_t  bPDRespLen,
uint8_t pPiccReturnCode 
)

Perform a Post delivery configuration Authenticate command part2.

This command will decrypt the response received from PICC and will return success status if the challanges matches.

Note
This interface should be called only if SAM_AuthenticatePDC Part1 returns Chaining Status.
Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpPDResp and pPiccReturnCode are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bPiccErrCode[In] Error Code sent by the MIFARE Plus PICC. For success it should be 0x90.
[in]pPDResp[In] Buffer containing the input received from PICC. PICC authentication response as E ( DivKey (Kx), RndA')
[in]bPDRespLen[In] Length of bytes available in pPDResp buffer.
[out]pPiccReturnCode[Out] Error code returned by MIFARE Plus PICC. This will of 1 byte in length.

◆ phhalHw_Sam_Cmd_SAM_CombinedReadMFP()

phStatus_t phhalHw_Sam_Cmd_SAM_CombinedReadMFP ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bLFI,
uint16_t  wOption,
uint8_t pData,
uint8_t  bDataLen,
uint8_t **  ppOutput,
uint16_t pOutputLen,
uint8_t pPiccReturnCode 
)

Perform a MIFARE Plus Combined Read command.

This command is used to perform GetVersion, ReadSignature and all Read related operations.

Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpData, pOutputLen and pPiccReturnCode are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bLFI[In] Last Frame Indication (LFI). Option for updating the P2 information of Sam frame.
[in]wOption[In] Buffering options and Paload Type, for exchanging information to SAM. The options can be combined by bitwise oring.
[in]pData[In] The data to be sent to SAM. Should be one of the following.
  • For MFP Command:
    • For READxyz : Read Cmd (1byte) || BNR (2byte) || No.Of Blocks (1byte)
    • For GetV : GetVersion command (1byte)
    • For Read_Sign: Read_Sign Cmd (1byte) || Address (1btye)
  • For MFP Response:
    • 1 - 256 bytes received response from PICC (Maced / Encrypted data)
    • Error Code
  • For MFP Command + Response:
    • READxyU: Read Cmd (1byte) || BNR (2byte) || No.Of Blocks (1byte) || RC || Data (N bytes) [|| MAC (8 bytes)]
    • RC: Response Code
[in]bDataLen[In] Length of bytes available in pData buffer.
[out]ppOutput[Out] The complete information received from SAM. This will be information that will be exchagned with PICC. One of the following.
[out]pOutputLen[Out] Length bytes available in ppOutput buffer.
[out]pPiccReturnCode[Out] Error code returned by MIFARE Plus PICC. This will of 1 byte in length.

◆ phhalHw_Sam_Cmd_SAM_CombinedWriteMFP()

phStatus_t phhalHw_Sam_Cmd_SAM_CombinedWriteMFP ( phhalHw_Sam_DataParams_t pDataParams,
uint16_t  wOption,
uint8_t pData,
uint8_t  bDataLen,
uint8_t **  ppOutput,
uint16_t pOutputLen,
uint8_t pPiccReturnCode 
)

Perform a MFP CombinedWrite command.

This command is common for Write, WriteValue, Increment, Decrement, IncrementTransfer, DecrementTransfer, Transfer and Restore.

Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpData, pOutputLen and pPiccReturnCode are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]wOption[In] Buffering options and Paload Type, for exchanging information to SAM. The options can be combined by bitwise oring.
[in]pData[In] The data to be sent to SAM. Should be one of the following,
  • For MFP Command:
    • For WRITExy : Write Cmd (1byte) || BNR (2byte) || PlainData (N * 16 bytes)
    • For INCx : Inc Cmd (1byte) || BNR (2byte) || PlainData (4bytes)
    • For DECx : Dec Cmd (1byte) || BNR (2byte) || PlainData (4bytes)
    • For INCTx : Inc Transfer Cmd (1byte) || BNR (4byte) || PlainData (4bytes)
    • For DECTx : Dec Transfer Cmd (1byte) || BNR (4byte) || PlainData (4bytes)
    • For TRFx : Transfer Cmd (1byte) || BNR (2byte)
    • For RESx : Restore Cmd (1byte) || BNR (2byte)
  • For MFP Response:
    • RC (1byte)
    • RC (1byte) || MAC (8byte)
    • RC (1byte) || TMC (4byte) || TMV (8byte)
    • RC (1byte) || TMC (4byte) || TMV (8byte) || MAC (8byte)
[in]bDataLen[In] Length of bytes available in pData buffer.
[out]ppOutput[Out] The complete information received from SAM. This will be information that will be exchagned with PICC. One of the following.
  • MFP Command
    • MAC: 8 bytes
    • Data:
      • EncValue (16 byte) || MAC (8 byte)
      • EncData (N * 16 + 8 byte (with N = 1..15)) || MAC (8 byte
  • NULL for MFP Response
[out]pOutputLen[Out] Length bytes available in ppOutput buffer.
[out]pPiccReturnCode[Out] Error code returned by MIFARE Plus PICC. This will of 1 byte in length.

◆ phhalHw_Sam_Cmd_SAM_ChangeKeyMFP()

phStatus_t phhalHw_Sam_Cmd_SAM_ChangeKeyMFP ( phhalHw_Sam_DataParams_t pDataParams,
uint8_t  bOption,
uint8_t pData,
uint8_t  bDataLen,
uint8_t **  ppProtectedData,
uint16_t pProtectedDataLen,
uint8_t pPiccReturnCode 
)

Prepare the MFP Change Key command.

This command will return the protected data to be written to PICC.

Return values
PH_ERR_SUCCESSOperation successful.
PH_ERR_INVALID_DATA_PARAMSpDataParams is NULL.
PH_ERR_INVALID_PARAMETERpData, pProtectedDataLen and pPiccReturnCode are NULL.
OtherDepending on implementation and underlaying component.
Parameters
[in]pDataParams[In] Pointer to this layer's parameter structure.
[in]bOption[In] The below flags should be for updating the P1 information byte.
[in]pData[In] The information to be exchanged to Sam.
  • For MFP Command: MIFARE Plus command data. The buffer should contain,
    • CmdCode (1 byte): MIFARE Plus command code. Cmd.WRITEEy (0xA0, 0xA1)
    • KeyBNo (2 byte): MIFARE Plus Key Block number
      • 0x4000 ... 0x4FFF, 0x8000 ... 0xAFFF, 0xCXX0, 0xCXX1
      • With X any value in 0x0..0xF. Therefore the latter two values cover: 0xC000, 0xC001, 0xC010, 0xC011, 0xC020, 0xC021, ... till 0xCFF0, 0xCFF1
    • KeyNo (1 byte): Key number to be used from SAM. One of the following,
      • NVM Key: 0x00 - 0x7F
      • RAM Key: 0xE0 - 0xE3
    • KeyVer (1 byte): Key version to be used from SAM.
    • DivInput (1 - 31 bytes): Diversification Input. Present if bOption has Diversification Enabled.
  • For MFP Response: MIFARE Plus response data. The buffer should contain,
    • PICCReturnCode (1 byte): PICC response code
    • MAC (8 byte): PICC MAC response
[in]bDataLen[In] Length of bytes available in pData buffer.
[out]ppProtectedData[Out] The complete information received from SAM. This will be information that will be exchagned with PICC. One of the following.
  • MFP Command
    • Encrypted and MACed data
      • EncValue (16 byte) || MAC (8 byte)
      • EncData (N * 16 + 8 byte (with N = 1..15)) || MAC (8 byte)
  • NULL for MFP Response
[out]pProtectedDataLen[Out] Length of bytes available in ppProtectedData buffer.
[out]pPiccReturnCode[Out] Error code returned by MIFARE Plus PICC. This will of 1 byte in length.