Cannot format or write on xsiid anymore

Hello, recently my implant stopped working. I am using NFC tools pro and this has been working fine for quite a while now but now I can no longer write anything to my implant anymore. The tag can be recognised by the app but that’s about it. I have tried formatting it, which used to work, but now I get an error message. I have tried different apps to no success.
I don’t know what’s going on

Did you set a password or use an app with it that would have set a password?

Consider posting memory blocks 03 - E5 from a full scan report using TagInfo and we can see if there is anything wrong with the NDEF record.

Also, are you on iPhone? They are notorious for being picky bastards.

1 Like

[002] * 44 00 0F 00 (CFG0-CFG1, LOCK0-LOCK1)
[003] * E1:10:EA:00 (CC0-CC3)

[004] to [00F] has sensitive data on it and is marked with a +

[039] to [0E1] is empty, marked with a full stop

[0E2] . 00 00 FF 00 (LOCK2-LOCK4, CHK)
[0E3] . 00 00 00 E2 (RFU-RFU, AUTH0)
[0E4] . 00 00 00 00 (ACCESS, RFU-RFU)
[0E5] . 00 00 00 00 (PWD)
[0E6] . 00 00 00 00 (PACK,PACK,RFU,RFU)
[0E7] . 00 00 00 00 (PT_I2C, RFU-TO)

I am on Android
I hope that is sufficient

actually blocks 000 and 001 contain your UID which could be considered sensitive… and for me to evaluate properly I would need the contents of blocks 04-038.

I do see your capability container is set to E1:10:EA:00 which has to do with this nefarious and ultimately frustrating issue… but since blocks 039-0E1 are set to null (char 0, which is not empty technically speaking)… chances of this being an issue are slight… but still, if your NDEF record was written without TLVs in blocks 04-06 which detail available NDEF memory as 1kB then it could be the problem.

Is the last byte of written data for your NDEF record, likely in block 038, indeed an end of file character with a hex value of FE?

1 Like

[004] + 00 00 00 00 |…|
[005] + 2B 55 00 62 |+U.b|
[006] + contains nothing but data I have written

Yes [038] ends with FE

Actually everything from
[100] to [1FF] is . 00 00 00 00
except for:
[1FC] . 00 00 00 53 |…S|
which seems a bit weird to me

Honestly one of the first things I do when I get issues with my xsiid is this

The commands are:

A20400000000
A20500000000
A2060000031F
A207D1011B55
A20803666F72
A209756D2E64
A20A616E6765
A20B726F7573
A20C7468696E
A20D67732E63
A20E6F6D2FFE

These can be run one at a time or as a block depending on how your app of choice works. I recommend NFC shell on android.

This will clear the xsiid and sent a ndef uri record pointing to dangerousthings.com

4 Likes

This worked! It cleared everything and I can use it like before! Thank you so much, I’ve been breaking my head over this but to be fair I don’t know anything about all that stuff

3 Likes

So what you did was in some way mess up the header of the ndef message so the apps could not work out where and how long the message is. What I imagine you did was try to write something longer than sector 0 to the xsiid and that’s what caused it.

What doing I suggested does is skips everything and write raw bytes to the sector in the memory skipping all the checks etc.

This is great for fixing things like this but can be pretty destructive if not done properly / incorrect commands are sent.

2 Likes