The Packet Boundary Flag (PBF) in NFC Controller Interface (NCI) devices plays a crucial role in managing the transmission of fragmented data packets between the NFC controller and the host device. Here’s an overview of how the PBF works in NCI devices:

Overview of NCI, PBF and Extended APDUs

  • NCI is a standard interface that defines communication between an NFC controller and a host device (like a smartphone or a computer). NCI handles the data exchange for various NFC technologies and applications, such as peer-to-peer communication, card emulation, and reader/writer modes.
  • In the context of NCI, the PBF is used to indicate whether a particular data packet is the first, intermediate, or last fragment in a sequence of packets that together form a complete message. This ensures that the host can correctly reassemble the fragments into the original message.
  • Extended APDUs are handled entirely at the application level, where the data is treated as a single large unit. The NCI may still need to fragment the extended APDU into smaller packets for transmission, but this is handled transparently to the application.
  • When an extended APDU is sent, the NCI might still need to fragment this APDU into smaller packets to meet MTU constraints. The PBF could be used here, but it operates transparently to the application layer. The key difference is that the entire APDU is treated as a single logical unit by the application, and the NCI’s fragmentation is an implementation detail that the application layer does not manage directly.

How PBF Works in NCI Devices

  1. Fragmentation of Large Messages:
    • When a message or data frame is too large to be transmitted in a single NCI packet (due to size limitations), it is divided into smaller fragments.
    • Each fragment is then transmitted sequentially from the NFC controller to the host or vice versa.
  2. PBF Indication in Fragments:
    • The PBF is a bit in the packet header that indicates the relationship of the packet to the overall message:
      • First Fragment (PBF = 1): The first fragment of the message is marked with the PBF set to indicate the beginning of a fragmented sequence.
      • Intermediate Fragments (PBF = 1): Subsequent fragments are also marked with the PBF to indicate that more fragments are expected.
      • Last Fragment (PBF = 0): The final fragment in the sequence has the PBF cleared (set to 0) to indicate the end of the message. This signals to the receiver that it can now process the complete, reassembled message.
  3. Reassembly at the Receiver:
    • The receiver (either the NFC controller or the host) uses the PBF to correctly reassemble the fragments into the original message.
    • It waits until it receives a packet with the PBF set to 0 before processing the reassembled message. This ensures that the message is complete and no parts are missing.
  4. Error Handling:
    • If a fragment is lost or an error occurs, the PBF can help the receiver identify the issue and request retransmission or take other corrective actions.
    • For instance, if the expected last fragment (with PBF = 0) is not received, the receiver knows that the message is incomplete and can trigger error-handling routines.

Example Flow:

  • Sending a Large Message:
    • The message is divided into three parts: Fragment 1, Fragment 2, and Fragment 3.
    • Fragment 1 is sent with PBF = 1.
    • Fragment 2 is sent with PBF = 1.
    • Fragment 3 is sent with PBF = 0 (indicating the end of the message).
  • Receiving and Reassembling:
    • The receiver receives Fragment 1 and waits for more data since PBF = 1.
    • The receiver receives Fragment 2 and continues to wait.
    • The receiver receives Fragment 3 with PBF = 0, reassembles the fragments, and processes the complete message.

Can I Send Oversized Data Exchanges APDUs Without APDU Chaining nor Extended APDUs Techniques?

Using NCI fragments to transport long APDUs is technically feasible, but it comes with specific considerations and potential challenges that need to be addressed. Here’s a breakdown of how it could work and what you should keep in mind:

  1. NCI Fragmentation and Reassembly:
    • NCI supports fragmentation and reassembly of data packets using the PBF. This mechanism can be used to transport long APDUs by splitting them into smaller NCI packets, which are then transmitted sequentially.
    • The receiver (either the NFC controller or the host) reassembles these fragments based on the PBF to reconstruct the original long APDU.
  2. Layer Considerations:
    • Typically, APDUs are managed at the Application Layer, where the full APDU message (command or response) is constructed and interpreted.
    • The NCI protocol operates at the Data Link Layer, where it handles the transport of data packets between the NFC controller and the host. The NCI does not inherently understand the structure of APDUs, but it can transport them as payload data.
  3. Process of Transporting Long APDUs with NCI Fragments:
    • Fragmentation: The long APDU is split into smaller chunks that fit within the NCI packet size limitations. Each chunk is sent as a separate NCI fragment.
    • Use of PBF: The Packet Boundary Flag is used to indicate whether each fragment is the start, continuation, or end of the long APDU.
    • Reassembly: The receiving end uses the PBF to correctly reassemble the fragments into the original long APDU before passing it to the Application Layer for processing.
  4. Challenges and Considerations:
    • Increased Complexity: Transporting long APDUs using NCI fragments introduces additional complexity. The system must carefully manage the fragmentation and reassembly process, ensuring that no data is lost or misordered.
    • Error Handling: Any errors in transmission (e.g., lost or corrupted fragments) can complicate the reassembly of the long APDU. Robust error detection and correction mechanisms must be in place.
    • Performance Overhead: Fragmenting and reassembling long APDUs can introduce latency and processing overhead, which might affect the overall performance, especially in time-sensitive applications.
    • Protocol Compatibility: While the NCI protocol can transport fragmented APDUs, both the NFC controller and the host must correctly implement the reassembly logic and handle the full reassembled APDU at the Application Layer.
  5. Use Cases and Practicality:
    • Large Data Exchanges: This approach might be practical in scenarios where large data exchanges are required, and where the NFC controller and host both support extended APDUs or require an alternative method to handle large data.
    • Interoperability: Ensure that both ends (NFC controller and host) are compatible with handling such fragmented transmissions, as any mismatch could result in failed communication.

Examples

Let’s analyze this approach for NP71* families:

while (DataSize > 0) {
    uint8_t packet[MTU_SIZE + 3];  
    uint8_t segmentSize = (DataSize > MTU_SIZE) ? MTU_SIZE : DataSize;

    packet[0] = 0x00;  // Example header byte 0
    packet[1] = 0x00;  // Example header byte 1
    packet[2] = segmentSize;

    memcpy(&packet[3], &pData[offset], segmentSize);

    
    if (DataSize > MTU_SIZE) {
        packet[0] |= 0x10;  
    } else {
        packet[0] &= ~0x10;  
    }

    writeData(packet, segmentSize + 3);

    offset += segmentSize;
    DataSize -= segmentSize;
}

This code is an example of how to fragment and send a large block of data in segments using a PN71* NFC controller. The code leverages the concept of Packet Boundary Flag to manage the transmission of data in multiple packets, ensuring that the receiver can correctly reassemble the data.

Explanation of the Code:

  1. Looping Until All Data is Sent:
    • while (DataSize > 0) {
      • The while loop runs as long as there is data left to be sent (DataSize > 0). Each iteration of the loop processes a segment of the data.
  2. Packet Preparation:
    • uint8_t packet[MTU_SIZE + 3];
    • uint8_t segmentSize = (DataSize > MTU_SIZE) ? MTU_SIZE : DataSize;
      • A packet buffer (packet) is created with a size of MTU_SIZE + 3 bytes. Here, MTU_SIZE is the maximum transmission unit size, representing the maximum amount of data that can be sent in one packet. The additional 3 bytes are reserved for the header.
      • segmentSize is determined based on the remaining data (DataSize). If the remaining data is larger than the MTU_SIZE, the segment will be MTU_SIZE long. Otherwise, it will be the size of the remaining data.
  3. Setting Up the Packet Header:
    • packet[0] = 0x00;
    • packet[1] = 0x00;
    • packet[2] = segmentSize;
      • The first three bytes of the packet (packet[0], packet[1], and packet[2]) are reserved for the header:
        • packet[0] and packet[1] are set to 0x00 as placeholders for example header bytes (these would typically contain relevant protocol or control information).
        • packet[2] is set to segmentSize, indicating the size of the data segment being sent in this packet.
  4. Copying the Data Segment into the Packet:
    • memcpy(&packet[3], &pData[offset], segmentSize);
      • The memcpy function is used to copy a segment of data (segmentSize bytes) from the source data buffer (pData[offset]) into the packet buffer, starting at packet[3] (after the 3-byte header).
  5. Setting the Packet Boundary Flag (PBF):
    • if (DataSize > MTU_SIZE) { packet[0] |= 0x10; } else { packet[0] &= ~0x10; }
      • The PBF is used to indicate whether there are more segments to follow after the current packet:
        • If the remaining DataSize is greater than MTU_SIZE, it means that this is not the last segment, so the PBF is set to 1 (packet[0] |= 0x10), indicating that more segments will follow.
        • If the DataSize is less than or equal to MTU_SIZE, this is the last segment, so the PBF is set to 0 (packet[0] &= ~0x10), indicating that this is the final segment.
  6. Sending the Packet:
    • writeData(packet, segmentSize + 3);
      • The packet is then sent using a function writeData, which should be implemented to handle the actual transmission of the packet (e.g., via I2C, SPI, or another communication interface). The function is called with the packet buffer and the total size of the packet (segmentSize + 3).
  7. Updating Offset and Data Size:
    • offset += segmentSize; DataSize -= segmentSize;
      • After sending the packet, the offset is increased by segmentSize to point to the next segment of the data, and DataSize is decreased by segmentSize to reflect the remaining data to be sent.

What the Code is Doing:

  • Data Fragmentation: The code fragments a large block of data into smaller segments that fit within the MTU_SIZE limit. Each fragment is prepared with a header and the necessary data segment.
  • PBF Management: It uses the PBF to manage the sequence of these fragments, ensuring the receiver knows whether more packets are coming or if it has received the final segment.
  • Packet Transmission: Each prepared packet is then sent using the writeData function, which is responsible for the actual data transfer over the communication interface (like I2C).
  • Iterative Process: The process repeats until all data has been sent, handling each segment in sequence, and appropriately setting the PBF to ensure proper data reassembly at the receiving end.

This approach takes a different route by cleverly utilizing existing mechanisms in unexpected ways. By leveraging the Packet Boundary Flag within the NCI protocol, we can seamlessly fragment large amounts of data into smaller, manageable pieces that fit through the narrow bandwidth “passage,” ensuring each piece knows its place in the overall sequence. Once all pieces arrive, they effortlessly reassemble into the original, complete dataset without loss or confusion.

For researchers, this opens up exciting possibilities:

  • Security Testing and Fuzzing: By manipulating the fragmentation process, one can introduce controlled anomalies and variations into data transmission, effectively stress-testing NFC systems to uncover vulnerabilities and improve resilience.
  • Test Efficient Data Transfer: Large datasets that were previously difficultto send over constrained channels can now be transmitted more efficiently and reliably.
  • Protocol Enhancement Exploration: This technique provides a great opportunity for experimenting with protocol behaviors.

Your curiosity, dedication, and passion for knowledge inspire me every day. Keep pushing boundaries, stay curious, and never stop learning. Your work has the power to shape the future, and I’m excited to see where your research will lead.