Dangerous NFC app issues

** TagInfo scan (version 4.24.6) 2020-08-03 08:20:32 **
Report Type: External

-- IC INFO ------------------------------

# IC manufacturer:
NXP Semiconductors

# IC type:
NTAG216

-- NDEF ------------------------------

# No NDEF data storage populated:

-- EXTRA ------------------------------

# Memory size:
888 bytes user memory
* 222 pages, with 4 bytes per page

# IC detailed information:
Full product name: NT2H1611G0DUx
Capacitance: 50 pF

# Version information:
Vendor ID: NXP (0x04)
Type: NTAG (0x04)
Subtype: 50 pF (0x02)
Major version: 1 (0x01)
Minor version: V0 (0x00)
Storage size: 888 bytes (0x13)
Protocol: ISO/IEC 14443-3 (0x03)

# Configuration information:
ASCII mirror disabled
NFC counter: disabled
No limit on wrong password attempts
Strong load modulation enabled

# Originality check:
Signature verified with NXP public keyECDSA signature:
* r: 0xDC3F76F86683AF4F6893847C518FB8EB
* s: 0x8E88A2B45855BB352DB92F15D38E7FB3

-- FULL SCAN ------------------------------

# Technologies supported:
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible

# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.NfcA, android.nfc.tech.MifareUltralight, android.nfc.tech.NdefFormatable]
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 618 ms
No MIFARE Classic support present in Android

# Detailed protocol information:
ID: 04:04:80:2A:1A:4E:81
ATQA: 0x4400
SAK: 0x00

# Memory content:
[00] *  04:04:80 08 (UID0-UID2, BCC0)
[01] *  2A:1A:4E:81 (UID3-UID6)
[02] .  FF 48 00 00 (BCC1, INT, LOCK0-LOCK1)
[03] .  E1:10:6D:00 (OTP0-OTP3)
[04] .  00 00 00 00 |␀␀␀␀|
[05] .  00 00 00 00 |␀␀␀␀|
[06] .  00 00 00 00 |␀␀␀␀|
[07] .  00 00 00 00 |␀␀␀␀|
[08] .  00 00 00 00 |␀␀␀␀|
[09] .  00 00 00 00 |␀␀␀␀|
[0A] .  00 00 00 00 |␀␀␀␀|
[0B] .  00 00 00 00 |␀␀␀␀|
[0C] .  00 00 00 00 |␀␀␀␀|
[0D] .  00 00 00 00 |␀␀␀␀|
[0E] .  00 00 00 00 |␀␀␀␀|
[0F] .  00 00 00 00 |␀␀␀␀|
[10] .  00 00 00 00 |␀␀␀␀|
[11] .  00 00 00 00 |␀␀␀␀|
[12] .  00 00 00 00 |␀␀␀␀|
[13] .  00 00 00 00 |␀␀␀␀|
[14] .  00 00 00 00 |␀␀␀␀|
[15] .  00 00 00 00 |␀␀␀␀|
[16] .  00 00 00 00 |␀␀␀␀|
[17] .  00 00 00 00 |␀␀␀␀|
[18] .  00 00 00 00 |␀␀␀␀|
[19] .  00 00 00 00 |␀␀␀␀|
[1A] .  00 00 00 00 |␀␀␀␀|
[1B] .  00 00 00 00 |␀␀␀␀|
[1C] .  00 00 00 00 |␀␀␀␀|
[1D] .  00 00 00 00 |␀␀␀␀|
[1E] .  00 00 00 00 |␀␀␀␀|
[1F] .  00 00 00 00 |␀␀␀␀|
[20] .  00 00 00 00 |␀␀␀␀|
[21] .  00 00 00 00 |␀␀␀␀|
[22] .  00 00 00 00 |␀␀␀␀|
[23] .  00 00 00 00 |␀␀␀␀|
[24] .  00 00 00 00 |␀␀␀␀|
[25] .  00 00 00 00 |␀␀␀␀|
[26] .  00 00 00 00 |␀␀␀␀|
[27] .  00 00 00 00 |␀␀␀␀|
[28] .  00 00 00 00 |␀␀␀␀|
[29] .  00 00 00 00 |␀␀␀␀|
[2A] .  00 00 00 00 |␀␀␀␀|
[2B] .  00 00 00 00 |␀␀␀␀|
[2C] .  00 00 00 00 |␀␀␀␀|
[2D] .  00 00 00 00 |␀␀␀␀|
[2E] .  00 00 00 00 |␀␀␀␀|
[2F] .  00 00 00 00 |␀␀␀␀|
[30] .  00 00 00 00 |␀␀␀␀|
[31] .  00 00 00 00 |␀␀␀␀|
[32] .  00 00 00 00 |␀␀␀␀|
[33] .  00 00 00 00 |␀␀␀␀|
[34] .  00 00 00 00 |␀␀␀␀|
[35] .  00 00 00 00 |␀␀␀␀|
[36] .  00 00 00 00 |␀␀␀␀|
[37] .  00 00 00 00 |␀␀␀␀|
[38] .  00 00 00 00 |␀␀␀␀|
[39] .  00 00 00 00 |␀␀␀␀|
[3A] .  00 00 00 00 |␀␀␀␀|
[3B] .  00 00 00 00 |␀␀␀␀|
[3C] .  00 00 00 00 |␀␀␀␀|
[3D] .  00 00 00 00 |␀␀␀␀|
[3E] .  00 00 00 00 |␀␀␀␀|
[3F] .  00 00 00 00 |␀␀␀␀|
[40] .  00 00 00 00 |␀␀␀␀|
[41] .  00 00 00 00 |␀␀␀␀|
[42] .  00 00 00 00 |␀␀␀␀|
[43] .  00 00 00 00 |␀␀␀␀|
[44] .  00 00 00 00 |␀␀␀␀|
[45] .  00 00 00 00 |␀␀␀␀|
[46] .  00 00 00 00 |␀␀␀␀|
[47] .  00 00 00 00 |␀␀␀␀|
[48] .  00 00 00 00 |␀␀␀␀|
[49] .  00 00 00 00 |␀␀␀␀|
[4A] .  00 00 00 00 |␀␀␀␀|
[4B] .  00 00 00 00 |␀␀␀␀|
[4C] .  00 00 00 00 |␀␀␀␀|
[4D] .  00 00 00 00 |␀␀␀␀|
[4E] .  00 00 00 00 |␀␀␀␀|
[4F] .  00 00 00 00 |␀␀␀␀|
[50] .  00 00 00 00 |␀␀␀␀|
[51] .  00 00 00 00 |␀␀␀␀|
[52] .  00 00 00 00 |␀␀␀␀|
[53] .  00 00 00 00 |␀␀␀␀|
[54] .  00 00 00 00 |␀␀␀␀|
[55] .  00 00 00 00 |␀␀␀␀|
[56] .  00 00 00 00 |␀␀␀␀|
[57] .  00 00 00 00 |␀␀␀␀|
[58] .  00 00 00 00 |␀␀␀␀|
[59] .  00 00 00 00 |␀␀␀␀|
[5A] .  00 00 00 00 |␀␀␀␀|
[5B] .  00 00 00 00 |␀␀␀␀|
[5C] .  00 00 00 00 |␀␀␀␀|
[5D] .  00 00 00 00 |␀␀␀␀|
[5E] .  00 00 00 00 |␀␀␀␀|
[5F] .  00 00 00 00 |␀␀␀␀|
[60] .  00 00 00 00 |␀␀␀␀|
[61] .  00 00 00 00 |␀␀␀␀|
[62] .  00 00 00 00 |␀␀␀␀|
[63] .  00 00 00 00 |␀␀␀␀|
[64] .  00 00 00 00 |␀␀␀␀|
[65] .  00 00 00 00 |␀␀␀␀|
[66] .  00 00 00 00 |␀␀␀␀|
[67] .  00 00 00 00 |␀␀␀␀|
[68] .  00 00 00 00 |␀␀␀␀|
[69] .  00 00 00 00 |␀␀␀␀|
[6A] .  00 00 00 00 |␀␀␀␀|
[6B] .  00 00 00 00 |␀␀␀␀|
[6C] .  00 00 00 00 |␀␀␀␀|
[6D] .  00 00 00 00 |␀␀␀␀|
[6E] .  00 00 00 00 |␀␀␀␀|
[6F] .  00 00 00 00 |␀␀␀␀|
[70] .  00 00 00 00 |␀␀␀␀|
[71] .  00 00 00 00 |␀␀␀␀|
[72] .  00 00 00 00 |␀␀␀␀|
[73] .  00 00 00 00 |␀␀␀␀|
[74] .  00 00 00 00 |␀␀␀␀|
[75] .  00 00 00 00 |␀␀␀␀|
[76] .  00 00 00 00 |␀␀␀␀|
[77] .  00 00 00 00 |␀␀␀␀|
[78] .  00 00 00 00 |␀␀␀␀|
[79] .  00 00 00 00 |␀␀␀␀|
[7A] .  00 00 00 00 |␀␀␀␀|
[7B] .  00 00 00 00 |␀␀␀␀|
[7C] .  00 00 00 00 |␀␀␀␀|
[7D] .  00 00 00 00 |␀␀␀␀|
[7E] .  00 00 00 00 |␀␀␀␀|
[7F] .  00 00 00 00 |␀␀␀␀|
[80] .  00 00 00 00 |␀␀␀␀|
[81] .  00 00 00 00 |␀␀␀␀|
[82] .  00 00 00 00 |␀␀␀␀|
[83] .  00 00 00 00 |␀␀␀␀|
[84] .  00 00 00 00 |␀␀␀␀|
[85] .  00 00 00 00 |␀␀␀␀|
[86] .  00 00 00 00 |␀␀␀␀|
[87] .  00 00 00 00 |␀␀␀␀|
[88] .  00 00 00 00 |␀␀␀␀|
[89] .  00 00 00 00 |␀␀␀␀|
[8A] .  00 00 00 00 |␀␀␀␀|
[8B] .  00 00 00 00 |␀␀␀␀|
[8C] .  00 00 00 00 |␀␀␀␀|
[8D] .  00 00 00 00 |␀␀␀␀|
[8E] .  00 00 00 00 |␀␀␀␀|
[8F] .  00 00 00 00 |␀␀␀␀|
[90] .  00 00 00 00 |␀␀␀␀|
[91] .  00 00 00 00 |␀␀␀␀|
[92] .  00 00 00 00 |␀␀␀␀|
[93] .  00 00 00 00 |␀␀␀␀|
[94] .  00 00 00 00 |␀␀␀␀|
[95] .  00 00 00 00 |␀␀␀␀|
[96] .  00 00 00 00 |␀␀␀␀|
[97] .  00 00 00 00 |␀␀␀␀|
[98] .  00 00 00 00 |␀␀␀␀|
[99] .  00 00 00 00 |␀␀␀␀|
[9A] .  00 00 00 00 |␀␀␀␀|
[9B] .  00 00 00 00 |␀␀␀␀|
[9C] .  00 00 00 00 |␀␀␀␀|
[9D] .  00 00 00 00 |␀␀␀␀|
[9E] .  00 00 00 00 |␀␀␀␀|
[9F] .  00 00 00 00 |␀␀␀␀|
[A0] .  00 00 00 00 |␀␀␀␀|
[A1] .  00 00 00 00 |␀␀␀␀|
[A2] .  00 00 00 00 |␀␀␀␀|
[A3] .  00 00 00 00 |␀␀␀␀|
[A4] .  00 00 00 00 |␀␀␀␀|
[A5] .  00 00 00 00 |␀␀␀␀|
[A6] .  00 00 00 00 |␀␀␀␀|
[A7] .  00 00 00 00 |␀␀␀␀|
[A8] .  00 00 00 00 |␀␀␀␀|
[A9] .  00 00 00 00 |␀␀␀␀|
[AA] .  00 00 00 00 |␀␀␀␀|
[AB] .  00 00 00 00 |␀␀␀␀|
[AC] .  00 00 00 00 |␀␀␀␀|
[AD] .  00 00 00 00 |␀␀␀␀|
[AE] .  00 00 00 00 |␀␀␀␀|
[AF] .  00 00 00 00 |␀␀␀␀|
[B0] .  00 00 00 00 |␀␀␀␀|
[B1] .  00 00 00 00 |␀␀␀␀|
[B2] .  00 00 00 00 |␀␀␀␀|
[B3] .  00 00 00 00 |␀␀␀␀|
[B4] .  00 00 00 00 |␀␀␀␀|
[B5] .  00 00 00 00 |␀␀␀␀|
[B6] .  00 00 00 00 |␀␀␀␀|
[B7] .  00 00 00 00 |␀␀␀␀|
[B8] .  00 00 00 00 |␀␀␀␀|
[B9] .  00 00 00 00 |␀␀␀␀|
[BA] .  00 00 00 00 |␀␀␀␀|
[BB] .  00 00 00 00 |␀␀␀␀|
[BC] .  00 00 00 00 |␀␀␀␀|
[BD] .  00 00 00 00 |␀␀␀␀|
[BE] .  00 00 00 00 |␀␀␀␀|
[BF] .  00 00 00 00 |␀␀␀␀|
[C0] .  00 00 00 00 |␀␀␀␀|
[C1] .  00 00 00 00 |␀␀␀␀|
[C2] .  00 00 00 00 |␀␀␀␀|
[C3] .  00 00 00 00 |␀␀␀␀|
[C4] .  00 00 00 00 |␀␀␀␀|
[C5] .  00 00 00 00 |␀␀␀␀|
[C6] .  00 00 00 00 |␀␀␀␀|
[C7] .  00 00 00 00 |␀␀␀␀|
[C8] .  00 00 00 00 |␀␀␀␀|
[C9] .  00 00 00 00 |␀␀␀␀|
[CA] .  00 00 00 00 |␀␀␀␀|
[CB] .  00 00 00 00 |␀␀␀␀|
[CC] .  00 00 00 00 |␀␀␀␀|
[CD] .  00 00 00 00 |␀␀␀␀|
[CE] .  00 00 00 00 |␀␀␀␀|
[CF] .  00 00 00 00 |␀␀␀␀|
[D0] .  00 00 00 00 |␀␀␀␀|
[D1] .  00 00 00 00 |␀␀␀␀|
[D2] .  00 00 00 00 |␀␀␀␀|
[D3] .  00 00 00 00 |␀␀␀␀|
[D4] .  00 00 00 00 |␀␀␀␀|
[D5] .  00 00 00 00 |␀␀␀␀|
[D6] .  00 00 00 00 |␀␀␀␀|
[D7] .  00 00 00 00 |␀␀␀␀|
[D8] .  00 00 00 00 |␀␀␀␀|
[D9] .  00 00 00 00 |␀␀␀␀|
[DA] .  00 00 00 00 |␀␀␀␀|
[DB] .  00 00 00 00 |␀␀␀␀|
[DC] .  00 00 00 00 |␀␀␀␀|
[DD] .  00 00 00 00 |␀␀␀␀|
[DE] .  00 00 00 00 |␀␀␀␀|
[DF] .  00 00 00 00 |␀␀␀␀|
[E0] .  00 00 00 00 |␀␀␀␀|
[E1] .r 00 00 00 00 |␀␀␀␀|
[E2] .r 00 00 00 BD (LOCK2-LOCK4, CHK)
[E3] .r 04 00 00 E1 (CFG, MIRROR, AUTH0)
[E4] .r 00 05 -- -- (ACCESS)
[E5] +P XX XX XX XX (PWD0-PWD3)
[E6] +P XX XX -- -- (PACK0-PACK1)

  *:locked & blocked, x:locked,
  +:blocked, .:un(b)locked, ?:unknown
  r:readable (write-protected),
  p:password protected, -:write-only
  P:password protected write-only

--------------------------------------

PhoneS - I tried with two phones with vastly different Android versions (9 for one, 5 for the other). The second one is a hacking phone: it had nothing on it apart from Tagwriter and the DT app.

Must be me then - bad vibes from yours truly :slight_smile:

I literally did the following, step by step:

  • Pull the strip of tags out of the box, cut one tag off the strip
  • Put the PM3 in 14a-sniff mode
  • Put the tag on the PM3
  • Started the DT app, entered ABCD in the password
  • Slapped the phone onto the tag on the PM3 (DT app reported “transceive failed”)
  • Stopped the sniffing on the PM3 and saved it - the relevant excerpt of which I posted above.

It’s not so much that I’m the common denominator, I think it’s more like I’m possibly the first one who’s paranoid and OCD enough to have a close look on test tags before running the app on my valuable doNExT.

I bet you anything there are plenty of implants that don’t answer to PWD_AUTH out there, with the DT app having reported an error, but people ignored it because, ultimately, nobody gives a flying fuck and it works fine to store and read NDEFs.

It would be interesting to code a diagnostics app and ask the forum dwellers who used the DT app to run it on their implant, don’t you think? Or simply ask them to do a Taginfo and report if they see E1 in AUTH0. That’s easy enough to do.

And as a suggestion for the next version of the DT app, it should check that it can do what it intends to do first and report if there’s something amiss.