+/* performs iso14443a anticollision procedure
+ * fills the uid pointer unless NULL
+ * fills resp_data unless NULL */
+int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr) {
+ uint8_t wupa[] = { 0x52 }; // 0x26 - REQA 0x52 - WAKE-UP
+ uint8_t sel_all[] = { 0x93,0x20 };
+ uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ uint8_t rats[] = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0
+ uint8_t *resp = ((uint8_t *)BigBuf) + RECV_RESP_OFFSET;
+ uint8_t *resp_par = ((uint8_t *)BigBuf) + RECV_RESP_PAR_OFFSET;
+ byte_t uid_resp[4];
+ size_t uid_resp_len;
+
+ uint8_t sak = 0x04; // cascade uid
+ int cascade_level = 0;
+ int len;
+
+ // Broadcast for a card, WUPA (0x52) will force response from all cards in the field
+ ReaderTransmitBitsPar(wupa,7,0, NULL);
+
+ // Receive the ATQA
+ if(!ReaderReceive(resp, resp_par)) return 0;
+ //Dbprintf("atqa: %02x %02x",resp[1],resp[0]);
+
+ if(p_hi14a_card) {
+ memcpy(p_hi14a_card->atqa, resp, 2);
+ p_hi14a_card->uidlen = 0;
+ memset(p_hi14a_card->uid,0,10);
+ }
+
+ // clear uid
+ if (uid_ptr) {
+ memset(uid_ptr,0,10);
+ }
+
+ // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in
+ // which case we need to make a cascade 2 request and select - this is a long UID
+ // While the UID is not complete, the 3nd bit (from the right) is set in the SAK.
+ for(; sak & 0x04; cascade_level++) {
+ // SELECT_* (L1: 0x93, L2: 0x95, L3: 0x97)
+ sel_uid[0] = sel_all[0] = 0x93 + cascade_level * 2;
+
+ // SELECT_ALL
+ ReaderTransmit(sel_all, sizeof(sel_all), NULL);
+ if (!ReaderReceive(resp, resp_par)) return 0;
+
+ if (Demod.collisionPos) { // we had a collision and need to construct the UID bit by bit
+ memset(uid_resp, 0, 4);
+ uint16_t uid_resp_bits = 0;
+ uint16_t collision_answer_offset = 0;
+ // anti-collision-loop:
+ while (Demod.collisionPos) {
+ Dbprintf("Multiple tags detected. Collision after Bit %d", Demod.collisionPos);
+ for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point
+ uint16_t UIDbit = (resp[i/8] >> (i % 8)) & 0x01;
+ uid_resp[uid_resp_bits & 0xf8] |= UIDbit << (uid_resp_bits % 8);
+ }
+ uid_resp[uid_resp_bits/8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position
+ uid_resp_bits++;
+ // construct anticollosion command:
+ sel_uid[1] = ((2 + uid_resp_bits/8) << 4) | (uid_resp_bits & 0x07); // length of data in bytes and bits
+ for (uint16_t i = 0; i <= uid_resp_bits/8; i++) {
+ sel_uid[2+i] = uid_resp[i];
+ }
+ collision_answer_offset = uid_resp_bits%8;
+ ReaderTransmitBits(sel_uid, 16 + uid_resp_bits, NULL);
+ if (!ReaderReceiveOffset(resp, collision_answer_offset, resp_par)) return 0;
+ }
+ // finally, add the last bits and BCC of the UID
+ for (uint16_t i = collision_answer_offset; i < (Demod.len-1)*8; i++, uid_resp_bits++) {
+ uint16_t UIDbit = (resp[i/8] >> (i%8)) & 0x01;
+ uid_resp[uid_resp_bits/8] |= UIDbit << (uid_resp_bits % 8);
+ }
+
+ } else { // no collision, use the response to SELECT_ALL as current uid
+ memcpy(uid_resp, resp, 4);
+ }
+ uid_resp_len = 4;
+ //Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
+
+ // calculate crypto UID. Always use last 4 Bytes.
+ if(cuid_ptr) {
+ *cuid_ptr = bytes_to_num(uid_resp, 4);
+ }