Brand new ring stopped working

I purchased an NFC ring and just received it. Scanned it with my phone and got a website, downloaded the app and installed it. Ring was working fine until I wrote to it. Just simple text saying “Hello”. Now when I scan the ring, I get an “Invalid tag”. I’ve tried reading, writing, erasing, none of them work. I tried another phone, still get “invalid tag”.

Did I just brick this thing by trying to write to it? Am I just dumb and doing something wrong?

I asked tech support and they said to post here and to scan the tag with taginfo. Here’s what I got from that (Interestingly, that app does read the tag, anything else get’s an invalid tag error)

** TagInfo scan (version 4.24.8) 2021-10-22 11:42:23 **
Report Type: External

-- IC INFO ------------------------------

# IC manufacturer:
NXP Semiconductors

# IC type:
NTAG203(F) (NTAG203(F))

# NFC Forum NDEF-compliant tag:
Type 2 Tag

-- NDEF ------------------------------

# NFC data set information:
NDEF message containing 1 record
Current message size: 20 bytes
Maximum message size: 137 bytes
NFC data set access: Read & Write
Can be made Read-Only

# Record #1: vCard record:
Type Name Format: MIME type (RFC 2046)
Short Record
type: "text/x-vCard"
Hello
Payload length: 5 bytes
Payload data:

[0] 48 65 6C 6C 6F                                  |Hello           |


# NDEF message:
[00] D2 0C 05 74 65 78 74 2F 78 2D 76 43 61 72 64 48 |...text/x-vCardH|

[10] 65 6C 6C 6F                                     |ello            |


# NDEF Capability Container (CC):
Mapping version: 1.0
Maximum NDEF data size: 144 bytes
NDEF access: Read & Write
 E1 10 12 00                                     |....            |


# Control TLVs:
Lock Control TLV at address 0x04, offset 0
* Dynamic lock bytes at address 0x28, offset 0
	- 16 lock bits
	- 16 bytes locked per lock bit
 01 03 A0 10 44                                  |....D           |


-- EXTRA ------------------------------

# Memory size:
168 bytes total memory
* 42 pages, with 4 bytes per page
* 144 bytes user memory (36 pages)

# IC detailed information:
Full product name:
* NT2H0301G0DUD or NT2H0301F0DTx

# TagInfo Version:
Version :4.24.8

# Device Info:
Device Model :samsung ( SM-N975U )
Android OS Version :11

-- FULL SCAN ------------------------------

# Technologies supported:
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible

# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.NfcA, android.nfc.tech.MifareUltralight, android.nfc.tech.Ndef]
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 618 ms


# Detailed protocol information:
ID: 04:08:7F:32:93:36:80
ATQA: 0x4400
SAK: 0x00

# Memory content:
[00] * 04:08:7F FB (UID0-UID2, BCC0)
[01] * 32:93:36:80 (UID3-UID6)
[02] . 17 48 00 00 (BCC1, INT, LOCK0-LOCK1)
[03] . E1:10:12:00 (OTP0-OTP3)
[04] . 01 03 A0 10 |....|
[05] . 44 03 14 D2 |D...|
[06] . 0C 05 74 65 |..te|
[07] . 78 74 2F 78 |xt/x|
[08] . 2D 76 43 61 |-vCa|
[09] . 72 64 48 65 |rdHe|
[0A] . 6C 6C 6F FE |llo.|
[0B] . 74 61 72 74 |tart|
[0C] . 65 64 FE 00 |ed..|
[0D] . 00 00 00 00 |....|
[0E] . 00 00 00 00 |....|
[0F] . 00 00 00 00 |....|
[10] . 00 00 00 00 |....|
[11] . 00 00 00 00 |....|
[12] . 00 00 00 00 |....|
[13] . 00 00 00 00 |....|
[14] . 00 00 00 00 |....|
[15] . 00 00 00 00 |....|
[16] . 00 00 00 00 |....|
[17] . 00 00 00 00 |....|
[18] . 00 00 00 00 |....|
[19] . 00 00 00 00 |....|
[1A] . 00 00 00 00 |....|
[1B] . 00 00 00 00 |....|
[1C] . 00 00 00 00 |....|
[1D] . 00 00 00 00 |....|
[1E] . 00 00 00 00 |....|
[1F] . 00 00 00 00 |....|
[20] . 00 00 00 00 |....|
[21] . 00 00 00 00 |....|
[22] . 00 00 00 00 |....|
[23] . 00 00 00 00 |....|
[24] . 00 00 00 00 |....|
[25] . 00 00 00 00 |....|
[26] . 00 00 00 00 |....|
[27] . 00 00 00 00 |....|
[28] . 00 00 -- -- (LOCK2-LOCK3)
[29] . 00 00 -- -- (CNT0-CNT1, value: 0)


  *:locked & blocked, x:locked,
  +:blocked, .:un(b)locked

--------------------------------------

I doubt vcard is the correct type.
You’d want text/plain I believe.

Can you try to write a normal url with NFC tools? Or TagWriter? A rickroll for example.

I can not say anything about config bytes and stuff like that, but that’s a weird NDEF record with an invalid vcard so maybe that’s causing some apps to fail.

Looks like the vcard is broken / malformed. Have you tried NFC Tools. To write a blank text ndef or a url link?

We should be able to use NFC Shell to clear it but thats kind of a nuclear option if all else fails.

NFC Shell clear
A20400000000
A20500000000
A2060000031F
A207D1011B55
A20803666F72
A209756D2E64
A20A616E6765
A20B726F7573
A20C7468696E
A20D67732E63
A20E6F6D2FFE

https://play.google.com/store/apps/details?id=com.emutag.nfcshell

1 Like

I have tried writing with all of those apps and none of them will write. I get the error on the attached screenshot when I try to read or write using anything other than Taginfo.

NFC shell didn’t even see the tag at all, but I did get a warning that it was intended for an older version of android

Right so with nfc shell you need to paste the code block into the window press send then position the ring and wait.

Right now it sounds like the positioning isn’t great. Nfc shell is for older versions but works great still ( I use in on my s10 5g running latest android)

Yep, that’s exactly what I did, moved the ring all over past all the spots that usually work and got nothing. This is a Note 10 with latest Android

Try using the dangerous things support tool to write a blank ndef record?

Same results

You might have to find a proxmark3 at this point and do some raw writes to the memory blocks to fix.

I want to be absolutely clear here… The ring works fine. What has happened is that a new record was attempted to be written to the NFC memory and it was incomplete. This is called a tear… It means that the record was not properly written. This could be for many reasons, but usually it’s because a strong connection with the ring from the phone was not present when writing the record was attempted. If the field power is insufficient or a good connection is lost during the write process, this can be the result.

Normally, it’s a simple matter of overwriting the failed record… But in very rare circumstances the record is left in a state that creates problems for phones when they try to engage the NFC tag. This is because of the way the phone operating systems work with NFC tags. When you present a tag to a phone, it tries to figure out all it can about the tag you’re presenting before passing any control over to an app like tag info or tag writer or even the dangerous thing support tool. When the phone first sees a tag it tries to read everything on the tag and determine what kind of chip it is and do a lot of other functions… But, sometimes the software functions performing these checks essentially have bugs… So one of the functions is seeing an NDEF record, then trying to read it… only it’s broken in such a way that it causes an error. When that error occurs, connection with the NFC tag is lost and the “invalid tag” error is passed to whatever application is trying to access the NFC tag.

Basically this is totally fixable, it’s nothing to do with the ring or its function, it’s just that you have performed a write action to it in such a way that has left the record broken… any other kind of reader that can write to an NFC tag like a USB reader for the computer or a proxmark3 can totally resolve this problem… just not a phone. Once the record is overwritten, it will work fine again with phones.

5 Likes