Hey all,
Got a new xnt tag implanted not too long ago and haven’t been able to write to it since. Shortly after installing it I used an Android phone and Dangerous NFC to set a 4-digit password. Since then, however, I haven’t been able to write to the tag and usually get error messages when using NXP TagWriter or NFC Tools. NFC Tools says it is still writable and is password protected.
From reading previous posts in the forum, it looks like both TagWriter and NFC Tools format their passwords a little weird. Particularly when it comes to setting Auth0 to “04,” which as far as I can tell is the case with my tag.
How can I get access to my tag again?
Here is the info I pulled from the tag:
Get Version: 00 04 04 02 01 00 13 03
Page 00: 04 56 E5 3F
Page 01: 12 FF 38 80
Page 02: 55 48 0F 00
Page 03: E1 12 6D 00
Page 04: 03 00 FE 00
Page 05: 00 00 00 00
Page E2 :00 00 00 BD
Page E3 :04 00 00 04
Page E4 :00 05 00 00
From the full NXP scan:
** TagInfo scan (version 4.24.4) 2018-10-29 16:11:56 **
Report Type: External
– IC INFO ------------------------------
IC manufacturer:
NXP Semiconductors
IC type:
NTAG216
– NDEF ------------------------------
No NDEF Message present:
– EXTRA ------------------------------
Memory size:
888 bytes user memory
- 222 pages, with 4 bytes per page
IC detailed information:
Full product name: NT2H1611G0DUx
Capacitance: 50 pF
Version information:
Vendor ID: NXP
Type: NTAG
Subtype: 50 pF
Major version: 1
Minor version: V0
Storage size: 888 bytes
Protocol: ISO/IEC 14443-3
Configuration information:
ASCII mirror disabled
NFC counter: disabled
No limit on wrong password attempts
Strong load modulation enabled
Originality check:
Signature verified with NXP public key
– FULL SCAN ------------------------------
Technologies supported:
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible
Android technology information:
Tag description:
- TAG: Tech [android.nfc.tech.NfcA, android.nfc.tech.MifareUltralight, android.nfc.tech.Ndef]
- Maximum transceive length: 253 bytes
- Default maximum transceive time-out: 618 ms
Detailed protocol information:
ID: 04:56:E5:12:FF:38:80
ATQA: 0x4400
SAK: 0x00
Memory content:
[00] * 04:56:E5 3F (UID0-UID2, BCC0)
[01] * 12:FF:38:80 (UID3-UID6)
[02] * 55 48 0F 00 (BCC1, INT, LOCK0-LOCK1)
[03] * E1:12:6D:00 (OTP0-OTP3)
[04] +r 03 00 FE 00 |…|
[05] +r 00 00 00 00 |…|
[06] +r 00 00 00 00 |…|
[07] +r 00 00 00 00 |…|
[08] +r 00 00 00 00 |…|
[09] +r 00 00 00 00 |…|
[0A] +r 00 00 00 00 |…|
[0B] +r 00 00 00 00 |…|
[0C] +r 00 00 00 00 |…|
[0D] +r 00 00 00 00 |…|
[0E] +r 00 00 00 00 |…|
[0F] +r 00 00 00 00 |…|
[10] .r 00 00 00 00 |…|
[11] .r 00 00 00 00 |…|
[12] .r 00 00 00 00 |…|
[13] .r 00 00 00 00 |…|
[14] .r 00 00 00 00 |…|
[15] .r 00 00 00 00 |…|
[16] .r 00 00 00 00 |…|
[17] .r 00 00 00 00 |…|
[18] .r 00 00 00 00 |…|
[19] .r 00 00 00 00 |…|
[1A] .r 00 00 00 00 |…|
[1B] .r 00 00 00 00 |…|
[1C] .r 00 00 00 00 |…|
[1D] .r 00 00 00 00 |…|
[1E] .r 00 00 00 00 |…|
[1F] .r 00 00 00 00 |…|
[20] .r 00 00 00 00 |…|
[21] .r 00 00 00 00 |…|
[22] .r 00 00 00 00 |…|
[23] .r 00 00 00 00 |…|
[24] .r 00 00 00 00 |…|
[25] .r 00 00 00 00 |…|
[26] .r 00 00 00 00 |…|
[27] .r 00 00 00 00 |…|
[28] .r 00 00 00 00 |…|
[29] .r 00 00 00 00 |…|
[2A] .r 00 00 00 00 |…|
[2B] .r 00 00 00 00 |…|
[2C] .r 00 00 00 00 |…|
[2D] .r 00 00 00 00 |…|
[2E] .r 00 00 00 00 |…|
[2F] .r 00 00 00 00 |…|
[30] .r 00 00 00 00 |…|
[31] .r 00 00 00 00 |…|
[32] .r 00 00 00 00 |…|
[33] .r 00 00 00 00 |…|
[34] .r 00 00 00 00 |…|
[35] .r 00 00 00 00 |…|
[36] .r 00 00 00 00 |…|
[37] .r 00 00 00 00 |…|
[38] .r 00 00 00 00 |…|
[39] .r 00 00 00 00 |…|
[3A] .r 00 00 00 00 |…|
[3B] .r 00 00 00 00 |…|
[3C] .r 00 00 00 00 |…|
[3D] .r 00 00 00 00 |…|
[3E] .r 00 00 00 00 |…|
[3F] .r 00 00 00 00 |…|
[40] .r 00 00 00 00 |…|
[41] .r 00 00 00 00 |…|
[42] .r 00 00 00 00 |…|
[43] .r 00 00 00 00 |…|
[44] .r 00 00 00 00 |…|
[45] .r 00 00 00 00 |…|
[46] .r 00 00 00 00 |…|
[47] .r 00 00 00 00 |…|
[48] .r 00 00 00 00 |…|
[49] .r 00 00 00 00 |…|
[4A] .r 00 00 00 00 |…|
[4B] .r 00 00 00 00 |…|
[4C] .r 00 00 00 00 |…|
[4D] .r 00 00 00 00 |…|
[4E] .r 00 00 00 00 |…|
[4F] .r 00 00 00 00 |…|
[50] .r 00 00 00 00 |…|
[51] .r 00 00 00 00 |…|
[52] .r 00 00 00 00 |…|
[53] .r 00 00 00 00 |…|
[54] .r 00 00 00 00 |…|
[55] .r 00 00 00 00 |…|
[56] .r 00 00 00 00 |…|
[57] .r 00 00 00 00 |…|
[58] .r 00 00 00 00 |…|
[59] .r 00 00 00 00 |…|
[5A] .r 00 00 00 00 |…|
[5B] .r 00 00 00 00 |…|
[5C] .r 00 00 00 00 |…|
[5D] .r 00 00 00 00 |…|
[5E] .r 00 00 00 00 |…|
[5F] .r 00 00 00 00 |…|
[60] .r 00 00 00 00 |…|
[61] .r 00 00 00 00 |…|
[62] .r 00 00 00 00 |…|
[63] .r 00 00 00 00 |…|
[64] .r 00 00 00 00 |…|
[65] .r 00 00 00 00 |…|
[66] .r 00 00 00 00 |…|
[67] .r 00 00 00 00 |…|
[68] .r 00 00 00 00 |…|
[69] .r 00 00 00 00 |…|
[6A] .r 00 00 00 00 |…|
[6B] .r 00 00 00 00 |…|
[6C] .r 00 00 00 00 |…|
[6D] .r 00 00 00 00 |…|
[6E] .r 00 00 00 00 |…|
[6F] .r 00 00 00 00 |…|
[70] .r 00 00 00 00 |…|
[71] .r 00 00 00 00 |…|
[72] .r 00 00 00 00 |…|
[73] .r 00 00 00 00 |…|
[74] .r 00 00 00 00 |…|
[75] .r 00 00 00 00 |…|
[76] .r 00 00 00 00 |…|
[77] .r 00 00 00 00 |…|
[78] .r 00 00 00 00 |…|
[79] .r 00 00 00 00 |…|
[7A] .r 00 00 00 00 |…|
[7B] .r 00 00 00 00 |…|
[7C] .r 00 00 00 00 |…|
[7D] .r 00 00 00 00 |…|
[7E] .r 00 00 00 00 |…|
[7F] .r 00 00 00 00 |…|
[80] .r 00 00 00 00 |…|
[81] .r 00 00 00 00 |…|
[82] .r 00 00 00 00 |…|
[83] .r 00 00 00 00 |…|
[84] .r 00 00 00 00 |…|
[85] .r 00 00 00 00 |…|
[86] .r 00 00 00 00 |…|
[87] .r 00 00 00 00 |…|
[88] .r 00 00 00 00 |…|
[89] .r 00 00 00 00 |…|
[8A] .r 00 00 00 00 |…|
[8B] .r 00 00 00 00 |…|
[8C] .r 00 00 00 00 |…|
[8D] .r 00 00 00 00 |…|
[8E] .r 00 00 00 00 |…|
[8F] .r 00 00 00 00 |…|
[90] .r 00 00 00 00 |…|
[91] .r 00 00 00 00 |…|
[92] .r 00 00 00 00 |…|
[93] .r 00 00 00 00 |…|
[94] .r 00 00 00 00 |…|
[95] .r 00 00 00 00 |…|
[96] .r 00 00 00 00 |…|
[97] .r 00 00 00 00 |…|
[98] .r 00 00 00 00 |…|
[99] .r 00 00 00 00 |…|
[9A] .r 00 00 00 00 |…|
[9B] .r 00 00 00 00 |…|
[9C] .r 00 00 00 00 |…|
[9D] .r 00 00 00 00 |…|
[9E] .r 00 00 00 00 |…|
[9F] .r 00 00 00 00 |…|
[A0] .r 00 00 00 00 |…|
[A1] .r 00 00 00 00 |…|
[A2] .r 00 00 00 00 |…|
[A3] .r 00 00 00 00 |…|
[A4] .r 00 00 00 00 |…|
[A5] .r 00 00 00 00 |…|
[A6] .r 00 00 00 00 |…|
[A7] .r 00 00 00 00 |…|
[A8] .r 00 00 00 00 |…|
[A9] .r 00 00 00 00 |…|
[AA] .r 00 00 00 00 |…|
[AB] .r 00 00 00 00 |…|
[AC] .r 00 00 00 00 |…|
[AD] .r 00 00 00 00 |…|
[AE] .r 00 00 00 00 |…|
[AF] .r 00 00 00 00 |…|
[B0] .r 00 00 00 00 |…|
[B1] .r 00 00 00 00 |…|
[B2] .r 00 00 00 00 |…|
[B3] .r 00 00 00 00 |…|
[B4] .r 00 00 00 00 |…|
[B5] .r 00 00 00 00 |…|
[B6] .r 00 00 00 00 |…|
[B7] .r 00 00 00 00 |…|
[B8] .r 00 00 00 00 |…|
[B9] .r 00 00 00 00 |…|
[BA] .r 00 00 00 00 |…|
[BB] .r 00 00 00 00 |…|
[BC] .r 00 00 00 00 |…|
[BD] .r 00 00 00 00 |…|
[BE] .r 00 00 00 00 |…|
[BF] .r 00 00 00 00 |…|
[C0] .r 00 00 00 00 |…|
[C1] .r 00 00 00 00 |…|
[C2] .r 00 00 00 00 |…|
[C3] .r 00 00 00 00 |…|
[C4] .r 00 00 00 00 |…|
[C5] .r 00 00 00 00 |…|
[C6] .r 00 00 00 00 |…|
[C7] .r 00 00 00 00 |…|
[C8] .r 00 00 00 00 |…|
[C9] .r 00 00 00 00 |…|
[CA] .r 00 00 00 00 |…|
[CB] .r 00 00 00 00 |…|
[CC] .r 00 00 00 00 |…|
[CD] .r 00 00 00 00 |…|
[CE] .r 00 00 00 00 |…|
[CF] .r 00 00 00 00 |…|
[D0] .r 00 00 00 00 |…|
[D1] .r 00 00 00 00 |…|
[D2] .r 00 00 00 00 |…|
[D3] .r 00 00 00 00 |…|
[D4] .r 00 00 00 00 |…|
[D5] .r 00 00 00 00 |…|
[D6] .r 00 00 00 00 |…|
[D7] .r 00 00 00 00 |…|
[D8] .r 00 00 00 00 |…|
[D9] .r 00 00 00 00 |…|
[DA] .r 00 00 00 00 |…|
[DB] .r 00 00 00 00 |…|
[DC] .r 00 00 00 00 |…|
[DD] .r 00 00 00 00 |…|
[DE] .r 00 00 00 00 |…|
[DF] .r 00 00 00 00 |…|
[E0] .r 00 00 00 00 |…|
[E1] .r 00 00 00 00 |…|
[E2] .r 00 00 00 BD (LOCK2-LOCK4, CHK)
[E3] .r 04 00 00 04 (CFG, MIRROR, AUTH0)
[E4] .r 00 05 – – (ACCESS)
[E5] +P XX XX XX XX (PWD0-PWD3)
[E6] +P XX XX – – (PACK0-PACK1)
*:locked & blocked, x:locked,
+:blocked, .:un(b)locked, ?:unknown
r:readable (write-protected),
p:password protected, -:write-only
P:password protected write-only