Contact IC card reading and writing experiment

Understand the knowledge of contact IC card and learn how to write utility programs according to the timing logic diagram.
II. Experimental equipment and devices
One IBM PC One
DP-51PROC single-chip integrated simulation experiment instrument III
. Experimental content
Write a program according to the read and write timing diagram of the IC card to realize the reading and writing of the IC card (SLE4442).
IV. Experimental requirements
Write a 51 single-chip program read and write logic encryption IC card (SLE4442) read and write program according to the timing diagram of the IC card.
V. Experimental circuit and experimental principle
The contact definition of the contact IC card follows the ISO7816 regulations. The distribution position of the 8 contacts of the IC card
is shown in Figure 3.23, which corresponds to the lead above the IC card holder in the "D8IC card" area of ​​the DP-51PROC single-chip integrated simulation experiment instrument.
This experiment uses the SLE4442 card.  The contact arrangement of the SLE4442  is shown in Figure 3.24.

Figure 3.24 IC card contact distribution diagram Figure 3.25 SLE4442 contact arrangement
The connection relationship between the SLE4442 card and the microcontroller pins in this experiment is shown in Table 3.4.
Table 3.4 Connection between SLE4442 and microcontroller pins The
corresponding pins on the microcontroller experimental instrument board SLE4442 pins
P1.0 TP1 I/O
P1.1 TP4 CLK
P1.2 TP3 RST
The following introduces the relevant knowledge of SLE4442.
5.1 Overview
SLE4442 is a logical encryption storage card designed by Siemens (SIMENS) of Germany. It has a storage
capacity of 2K bits and a completely independent programmable code memory (PSC). The internal voltage boost circuit ensures that the chip can be
powered by a single +5V voltage, and the large storage capacity can meet various needs in general application fields. Therefore, it is currently a widely used IC card chip in China. The chip adopts a multi-memory structure, a 2-wire connection protocol (the serial interface meets the ISO7816 synchronous transmission
protocol), and NMOS process technology. The erase/write programming time for each byte is 2.5ms. The memory has at least 10,000
erase and write cycles, and the data retention time is at least 10 years.
The SLE4442 IC card mainly includes three memories:
(1) 256x8-bit EEPROM type main memory. Address 0~31 is the protected data area. The data read out of this area is not
restricted, and the write is restricted by the internal data state of the protected storage. When the Nth bit (N=0~31) in the protected memory is 1, the
corresponding Nth byte in the main memory is allowed to be erased and written. The 223 bytes after address 32~255 are the application
data area. The data read out is not restricted, and the erase and write are affected by the data verification results of the encrypted memory. This encryption verification
control is implemented on the entire main memory (that is, including the protected data area and the application data area).
(2) 32x1-bit PROM type protection memory. One-time programming to protect the main memory protection data area to prevent
some fixed identification parameters from being changed. The protection memory is also affected by the data verification results of the encryption memory.
(3) 4x8-bit EEPROM type encryption memory. Byte 0 is the password input error counter (EC).
The valid bits of EC are the lower three bits, which are set to "111" when the chip is initialized. This byte is readable. Bytes 1, 2, and 3 of EC
are the reference word storage area. The content of these 3 bytes as a whole is called the programmable encryption code (PSC). Its reading,
writing, and erasing are all controlled by the results of its own "comparison" operation.

Figure 3.26 Internal structure of the SLE4442 card Figure
5.2 Transmission protocol
(1) Reset and reset response

Figure 3.27 Reset timing diagram
Reset and reset response are performed according to ISO7816-3 standard. Reset can be performed at any time during operation
. Initially, the address counter is set to zero with a clock pulse. When the RST line is set from high state (H) to low state
(L), the content of the first data bit (LSB) is sent to the I/O. If 32 clock pulses are input continuously,
the content of the first four byte units in the main memory is read out. At the falling edge of the 33rd pulse, the I/O line is set to high state and closed.
(2) Command mode
After the reset response, the chip waits for commands. Each command starts with a "start state". The entire command consists of
3 bytes. It is followed by an additional pulse and ends the operation with a "stop state".
Start state: When I/O is at a falling edge while CLK is in a high state (H state), it is a start state.
Stop state: When I/O is at a rising edge while CLK is in a high state (H state), it is a stop state.
After receiving a command, there are two possible modes: output data mode (i.e. read data) and process data mode.

Figure 3.28 Timing diagram of command mode
(3) Output data mode
This mode is an operation to transfer data in the IC card chip to the external device interface (IFD).

Figure 3.29 Timing diagram of output data mode
After the falling edge of the first CLK pulse, the first bit of data on the I/O line becomes valid. Then, with each additional
clock pulse, one bit of data inside the chip is sent to the I/O line. Data transmission
starts from the least significant bit (LSB) of each byte. After the last required data is sent out, an additional clock pulse is required to set the I/O to a high state
in order to accept new commands. During the data output period, any "start state" and "stop state" are masked.

(4) Data processing mode
This mode performs internal processing on the IC chip.

Figure 3.30 Timing diagram of processing mode
The chip pulls the I/O line from high state to low state at the falling edge of the first pulse and starts processing. After that, the chip
continuously counts internally until the I/O line is set high again at the falling edge of an additional clock pulse after n low clock pulses,
completing the chip processing process. During the entire processing process, the I/O line is locked in a low state.
5.3 Application of SLE4442 card
1. Chip reset method
(1) External reset: SLE4442 is based on the transmission protocol of synchronous reset response. The reset timing of the chip is as mentioned above.
(2) Power-on reset: After connecting the operating voltage to the Vcc segment, the chip performs a reset operation internally. The I/O line is
set to a high state. Data exchange can only be performed after a read operation is performed on any address or a reset response operation is performed
.
(3) Abort: If RST is set to a high state during the low state of CLK, any operation is invalid. The I/O line
is locked to a high state. A minimum holding time of tres = 5Us is required before the chip can accept a new reset.
The timing relationship of the suspend state is shown in Figure 3.31. After the suspend state, the chip is ready for the next operation.

Figure 3.31 Abort timing diagram
Chip operation
commands Command format:
(1) Each command contains three bytes, which are arranged in the following order:
Table 3.5 Command format

(2) The SLE4442 chip has seven commands, and their formats and functions are shown in Table 3.6.

Note: Each byte is always read out starting from the lowest LSB. When writing, the first thing transmitted is also the lowest
LSB of the byte. When modifying the protection memory, the input data must be equal to the original data to be correctly protected.
The comparison and verification data process is as follows.

Figure 3.32 Flowchart of program for comparing and verifying data
Six experimental steps 1. Connect the IC card and
the single-chip microcomputer between the A2 area and the D6 area according to Table 3.4 (SLE4442 and single-chip microcomputer pin connection) on the DP- 51PROC single-chip microcomputer comprehensive simulation experiment instrument. 2. Insert the SLE4442 card into the IC card holder with the contacts facing down. 3. Run the "SLE4442 experimental program" (experimental program 1). 4. Run the C51 development environment to observe the program running results.

Experimental procedure 1. Read 8 bytes from address 0 of the main storage area
ORG 8000H
AJMP MAIN
ORG 8100H
MAIN:
MOV SP,#60H ; Set the bottom of the stack
Read_Insert_Card:
MOV ByteNum, #08H
MOV StartAdr, #00H ; Read 8 bytes from address 0 of the main storage area
LCALL ReadCard
JMP Read_Insert_Card
$INCLUDE(SLE4442.INC) ; Include SLE4442 driver program
;
END
Set a breakpoint at JMP Read_Insert_Card and observe the content of RecBuf. The definition of RecBuf can be found in
the SLE4442.INC file. For the source code and comments of LE4442.INC, please see the SLE4442.INC file.
Experimental procedure 2: Write 2 data 0x55 and 0x66 from address 0x20, and then read them out. Since
SLE4442 needs to verify the password when writing to the main memory, please make sure the password of your SLE4442 card is correct when executing the following program
. If the key is wrong, your SLE4442 will be locked and scrapped after three verifications.
ORG 8000H
AJMP MAIN
ORG 8100H
MAIN:
MOV SP,#60H ;Set the stack bottom
Write_Read_Card:
MOV R0,#PSWD ;Password buffer first address
MOV @R0,#0x11
INC R0
MOV @R0,#0x22
INC R0
MOV @R0,#0x33 ;Enter password: fill password buffer
LCALL CheckPassword ;Check password
JNZ WRExit ;If the check fails, exit
; Password check succeeds, enter the card writing program
MOV R0,#WriteBuf ;WriteBuf is the card writing buffer first address
MOV @R0,#0x55
INC R0;
MOV @R0,#0x66 ;Fill the write buffer
MOV ByteNum,#0x02
MOV StartAdr,#0x20
LCALL WriteCard ;Call the card writing subroutine
JNZ WRExit ;If writing is unsuccessful, exit
MOV ByteNum, #0x02 ;Then read out the data just written

MOV StartAdr,#0x20
LCALL ReadCard
;If the read is successful, this loop can be executed. Set a breakpoint here.
JZ Write_Read_Card
;Observe the contents of the read buffer
WRExit:
MOV A,#00H ;Set a breakpoint here
$INCLUDE(SLE4442.INC) ;Include the SLE4442 driver
;
END
Please set a breakpoint at the JZ Write_Read_Card statement. When the read is successful, you can observe the data in the read buffer
. Set a breakpoint at the MOV A, #00H statement so that the program will not run wild when an error occurs.
VII. Experimental Questions
(1) If the crystal oscillator frequency of the microcontroller is 24MHz, what modifications should be made to the program to correctly read and write
the SLE4442 card.
(2) Write a program. Use C language to write a read and write program based on the timing diagram of the SLE4442.