Fix for ACR122U Time Extension

Hi all,

I’ve been doing a fair bit of work with smartcard readers for a long time, and I’ve butted heads with the ACR122U reader multiple times. It just doesn’t support key generation - the reader decides the chip has taken too long (and doesn’t listen to time extension requests) and resets - this is a major issue in development of apps (I ended up buying a Feitian R502-CL in frustration). I’ve actually discovered a solution to this and I’m posting in the hopes others will be able to avoid my frustrations (these are the cheapest CCID compatible contactless reader around). if you send APDU 0xFF0041FF00h via GlobalPlatformPro (or your preferred APDU send method) with a chip on the reader, the reader will intercept this command and set the timeout to wait for a smartcard to reply. I’ve tested this and it’s not persistent across unplugs of the reader, but it will survive a card reset.

7 Likes

I like your topic. It’s very useful for me

1 Like

Thanks for that! That’ll spare me a lot of headaches when I start coding stuff from the NTAG413 in a few days/weeks.

How would you compare the Feitian R502-CL with the ACR122U in terms of read range (or maybe I should say, in terms of ease of detection/reading) with implants? I’m tempted to order one based on your feedback.

1 Like

Read range is similar, the Feitian is just far, far more reliable for APDU-based comms (usually only an issue on smartcards though). Basically, if you’re doing a long-running crypto or initialisation operation on a ACR122U, it can interpret it as a card reset if it goes over 2 or 3 seconds without this fix.

Unfortunately I lost my Feitian for the time being :expressionless:

1 Like

Okay. Well at EUR 31, I’ll order a couple. Even if it sucks, it won’t kill me. Thanks!

I have two, I’ll send you one in the next care package. Both of them for some reason have issues on my computer though… it’ll be interesting to see if the one I send also has problems on yours.

So which feitian reader are people using?

https://www.ftsafe.com/Products/Card_Reader/Contactless

Would this work ?

That’s the one.

1 Like

thanks @fraggersparks - it should arrive in the mail shortly.

Well, I got my two Feitian R502-CL in the mail today, and they’ll be going straight into my collection of readers that I’ll never use. Their performances are really kind of shit. They read my implants, but barely.

They do make pretty good contact card readers though :slight_smile:

EDIT: nevermind, it seems the retailer sent me R502 readers (not -CL). I’ll be returning those I guess…

1 Like

@fraggersparks, your APDU command seems to have a typo (note the trailing “h”). Also, I’ll note the following two projects seem to be better for people just wanting to send an APDU command:


I attempted the APDU command, 0xFF0041FF00 against my Feitan R502-CL reader with my Vivokey Flex One. This reader, even before the APDU command, read Yubikeys over NFC with no issues. This reader, (both before and) after running the above command, gives me the following when attempting to run gpg operations:

➜ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

One final point of clarification: my Vivokey Flex One is readable on a phone using OpenKeychain, given that the PGP applet is installed via Fidesmo.

The light on the reader is blue, indicating a source that is readable is currently in range and reading.

'Anyone got any ideas? I’m pretty frustrated with these readers. This is, I believe the fourth one I bought that “should” work.

You don’t need this for a Feitian reader. The h isn’t a typo, just to refer to it as hex.

I’ve had no issues at all with GPG on Fidesmo, actually.

@fraggersparks, do you mean that you can successfully perform gpg operations from a computer onto a Vivokey Flex One equivalent using the Feitian R502-CL?

If so, on Linux? What could be wrong with my environment where it doesn’t work for me?

I created the VivoKey version of the gpg app (forked from smartpgp), and generally use the R502 (except for right now, I lost it).

If it’s working on mobile, the applet itself is responding fine. The only thing I can think of is the Fidesmo app being the wrong AID.

Can you run GPG as sudo? Just to see if it’s a permissions issue for the reader.

@fraggersparks, sure. If you’re able, I can take this conversation to a more-immediate format. I’m @singlerider on matrix, for example. Trying sudo gpg ... now.

Using sudo did not affect the results. Yubikeys still get read just fine. The Vivokey Flex One still provides the same message from above. Regarding the “AID” of the Fidesmo app on the device, I have PGP and Authenticator loaded. Authenticator works great via mobile.

Can you use global platform pro by Martin paljak to run this apdu:
00a4040006D2760001240100

I couldn’t figure out how to “run” commands with that app. The docs don’t have verbiage that matches “send a command,” etc.

I used APDU4J (linked above, made by the same guy):

The command exited with status 0 and had no output. Same results on the Vivokey Flex One as before.