Appears Im locked out of my implant

So it would seem that my implant already has a password set, or it might. Its an NExT implant. Using NFCTools, it tells me that its password protected, but Im not 100% sure if thats with the password i tried to set, or if its a preset password. In either case, I tried my password I set for it ,and I get two errors, one is an error that states “Identification error” which makes me think it may not be the correct password, but another error that seems like an error message for the wrong type of something, but I can never read the error message fast enough.

If I have to bruteforce my implant, how difficult is that, and has anyone ever attempted it, and if so, was that attempt successful? If it was successful, how do I replicate the process for successful results so I can reset my password if it needs to be reset, so I can configure my implant for the first time.

The default password for the NExT is “NExT” or 4E 45 78 54 in hexadecimal… but the problem is that every NFC app seems to handle passwords differently. For example, if you set a password using NFC Tools then TagWriter can’t use it, and vice versa… and neither of them are just straight forward ASCII… so we set the password to NExT and if you enter NExT into NFC Tools or TagWriter, you get a fail error… it’s so lame.

The good news is, that the password only protects pages E3 through E6 and those are config pages, so all the user memory is left available for read/write without a password.

1 Like

Really? I am still not able to write even with the password. I am only able to read memory. I am also using nfc tools app.

Ok, so I got an error message with NFCTools, says "Error: This NFC Tag is not supported (must be NTAG21X or mifare classic).

What confuses me about this is the read section says its an NXP MIFARE Ultralight - NTAG216, which would obviously be a NTAG21X type implant.

Also, I found this:

"As you can see, NFC Tools Pro write every record ok, also set the E2 page read-only locking permissions dependent of a password, and changed the AUTH0 config flag to mark every page below the 00 as read-only (everything including user memory and config page), but the connection broken while setting the password page which remained the standard. Luckily we can still read the config page including the password.

That’s why the password I was using didn’t work anymore and that combination was not accepted by GUI NFC applications.

So, I authed with the default password 1B FFFFFFFF (it returns 0000 if the default pw is correct not PAK or NAK ). Then sent A2 E3040000E2 to change AUTH0 from 00 to E2 ."

It would seem with a bit of memory space editing, we can edit the password protect field.

Has anyone ever done this before?

Send or post a full scan report from TagInfo (

1 Like

Do you think Ill need NFCTools Pro in order to work with mine, or should I try something else?

No, the issue is that NFC Tools is not sending the password as you have typed it to the chip, they are transforming it somehow… so pro won’t matter.

More importantly, what exactly are you trying to accomplish? Why do you need to write or change the configuration pages?

Oh, Im just trying to configure it for the first time so I can have it automatically go to a web application that Ive included an API key for in the URL so when the page is loaded, it automatically authenticates to a read only status for my entire datacenter, all of my infrastructure, applications, and DevOps processes so people can use NFC on their cell phones to see my projects, and all the things running in it. So basic configuration really, since a webpage seems to be the most common implementation.

Also, what would you recommend I use instead if NFCTools isnt working correctly?

I really would like to go ahead and configure my implant so I can move my focus to other projects that require my attention.

Ok so you just want to write a basic standard URI record? Easy… it should work no problem. If NFC Tools is not working though, you should try TagWriter ( If it does not work, then post the full scan info from TagInfo ( so I can figure out what’s up.

Ok, I didnt do that, but only because Im just now reading this. I got it working by using the NXP Tag Info and Tag Writer Apps via the android play store, and was able to configure my reader without a password, so Im guessing the information provided by NFCTools may not have been accurate.

That being said, its configured now! YESSSSSSSSS!!!


Also Also, super pro tip:

Take your cellphone out of its protective case when trying to work with your implants.

Turns out my cell phone provides a substantial amount of shielding, which shouldnt be super suprising seeing as I bought the most ruggedized case I could possibly get, the highest, most hardcore version of Otterbox, so I think ive hit full derp levels at this point, sO im gonna check out for today!

Thanks so much for all the assistance you provided, and continue to provide though! :slight_smile:

1 Like