Rfid thingmagic m5e compact

Posted on 2016-07-21 15:44:54 in blog • 721 words • 4 minute read

Tags: C, avr, code, embedded, howto, rfid, thingmagic, tips

Example session with the Thing Magic M5E-C Rfid device

I’m developing an AVR firmware which has to interact with the Thing Magic M5E-C rfid reader. Reading the datasheet may not be enough to get all the info someone need to get right to the point. At least it took me a couple of days to sort all these things out, mostly to access a protected tag.

I wrote is a python3 code to interact easily with the device. The program wait for a command in hex, send it to the device, echo it to the console, wait 10 seconds for the acknowledge/answer and print it. No need to write the header before the command or the CRC, these fields are added automatically by the software.

For example to send the command ff00041d0b, you just write 04 .

Note: It default to the /dev/ttyUSB0 serial port.

$ ./m5_crc.py -h
usage: m5_crc.py [-h] [device]

Thing Magic m5e-C CLI.

positional arguments:
  device      ex. /dev/ttyUSB0 or /dev/ttyS0

optional arguments:
  -h, --help  show this help message and exit

Boot the firmware

The 1st command you have to send is to boot the firmware of the device, note that you cannot send it twice, the second time you will have and error (status = 0101).

> 04
ff00041d0b
ff1404000007102300010000032014100701070209000000105251

resend example (firmware already started, command 04 no longer valid):

> 04
ff00041d0b
ff00040101c545

Get Version

> 03
ff00031d0c
ff1403000007102300010000032014100701070209000000105bd1

Set the Region (EU=0x02)

Region setting control different aspect of the analog part. Set it to Europe.

> 9702
ff0197024bbf
ff00970000779e

Get the tag protocol

Check the working tag protocol (not GEN2 in this case).

> 63
ff00631d6c
ff0263000000002143

Set Tag Protocol (GEN2 0x0005)

> 930005
ff02930005517d
ff00930000371a

and re-check it with the command 0x63.

> 63
ff00631d6c
ff0263000000052146

Get the Read TX Power

Normally the default is max power, we can lower it mostly to reduce the heat generated by the device. But first let’s operate at maximum power to be sure to be able to read a tag.

> 6201
ff016201bebc
ff076200000108fc08fc03e87ac9

In the answer there are the limits (max, min) at which you can set the power later ([08fc] [03e8]). See datasheet for more info.

Get Antenna config

The M5E-C has only one antenna.

> 6101
ff016101bdbc
ff03610000010100215b

Read a tag (simple)

This command does not take singulation in account nor password protected tags.

> 2103e8
ff022103e8d509
ff0e210000e200322fe20df9311328b7e3d100aad0

do it again keeping the tag away to be sure you have the error (tag not found) in return.

> 2103e8
ff022103e8d509
ff00210400b483

Get the power mode

to read a single tag sometime, it can be useful to put the device in low-power consumption, it will slow down a little the read-operation, but it will cool down the device and also it consume a lot less.

> 68
ff00681d67
ff0168000000a4bf

and set it to min, it is off.

> 9803
ff01980344be
ff009800008671

and check it again

> 68
ff00681d67
ff0168000003a4bc

Note that the tx power is still the same.

> 6201
ff016201bebc
ff076200000108fc08fc03e87ac9

set the tx (read) power to the minimum (03e8 from above)

> 9203e8
ff029203e842b1
ff00920000273b

and check it

> 6201
ff016201bebc
ff076200000103e808fc03e8fb75

read the tag (with min tx pwr and min consumption) (10cm)

Recheck that with the new lowered power, it is still able to read a tag.

> 2103e8
ff022103e8d509
ff0e210000e200322fe20df9311328b7e3d100aad0

Read the EPC

Same as above but (in theory) it should force the EPC read, which by default is what is returned before.

> 21 03e8 00
ff032103e800a5e8
ff0f21000000e200322fe20df9311328b7e3d100a542

Get the Reader config to check the max epc lenght.

If you try to read a >96bit tag EPC there will be an error.

> 6a0102
ff026a01002e4e
ff036a00000100003e44

Set the Reader config max epc lenght to 496 bits

> 9a010201
ff039a010201ad5c
ff009a0000a633

Read the EPC of a locked TAG

Complete the command with the password and the singulation field you have.

cmd:                28 (read memory)
Time out:           03e8
Singulation Option: 02 (select singulation on TID)
Read Membank:       01 (EPC)
Read Address:       00000002 (starting from 2 word inside the EPC memory)
Word count:         08 (16 Byte EPC lenght)
Access code:        xxxxxxxx (to be chenaged!)
Singulation addr:   00000000 (TID starting address)
Signulation lenght: 08 bit (1 byte to match to select the tag)
Singulation data:   e2 (select the tag with TID starting with e2)

> 28 03e8 02 01 00000002 08 xxxxxxxx 00000000 01 e2

enricorossi.org

Enrico Rossi