DefCon NFC implant


#1

Hi,

I got a NFC implant by Cooper and I’m having a hard time writing to it. To be quite honest, I got this quite spontaneously and don’t know too much about the field. Is the xNT the only NFC “model” they were implanting are DefCon? This will help me trouble shoot some of my problems, so I can do further research.

Also what is the BEST way to write and lock my implant? App recommendations, hardware, etc.

Thanks!


#2

Hi Hannah.

The best way to protect the xNT is with the Dangerous Things app (on Android). It lets you set a password and it sets the lock bits to prevent anything messing up the tag.

For writing, I like NFC Tools by wakdev, (also on Android). The Pro version is worth the money. It reads and writes, lets you write multiple NDEF records to the tag, etc. and has some other tools and functions.

Other good ones (on Android) are NFC TagInfo by NXP is good and thorough, and NFC Tag Writer also by NXP, has some good functions.

For iPhone, the options there are all read-only due to Apple restrictions, but NFC TagInfo by NXP is a good app for reading tags.

Good luck.


#3

@Hannah,

The previous response has some really good information. Specifically the Dangerous Things app (on Android).

I was at DEFCON and can confirm. They were implanting 2 types of chips. The xNT (NFC) and the xEM (RFID). If you received an NFC chip, you can be certain it was the Dangerous Things xNT chip. The other chip will not be able to be read by your phone. (There were also a very limited amount of the xM1+ chips. Only 6, so I doubt that was one you were given)

If you have trouble reading/writing your chip, come back and we can help out. Let us know which phone you have and what app you’re using.

Have fun! Let us know what cool things you do with your nfc chip.


#4

Hannah,

I had a really difficult time originally writing to my chip as well. I had the NTAG216 NFC chip implanted at DEFCON this year.

The problem with my chip is that the AUTH0 field was set to 00, when it should have been set to FF. What that meant is that I had to authenticate with the default password before I could do a write. I couldn’t even change the AUTH0 field.

Eventually I found a program that allowed me to both authenticate with the default password, and then write to AUTH0 to a higher value, allowing me to write to wherever I wanted to after that.

To figure out if you had my problem, read address E3. It should be 04:00:00:FF. (Or 04:00:00:E2 if you have run the dangerous things app). Mine was 04:00:00:00.

If you need help changing the last byte of E3, let me know, and I’ll give instructions how I did it.

Thanks,
Jason


#5

What app did you use?


#6

It is called “RFID NFC Tool”.

It doesn’t do much. However, when you open it and click on “Mifare Ultralight/NTAG”, it gives you the ability to set the address, and the data. But the most important part is check the box with “authenticate with 1 of preset and enabled keys”. When you check that box, you can then set the address to E3, and the data to 04:00:00:FF

That fixed all of my problems for me. I’ve been able to write to my chip ever since.


#7

We really recommend that auth0 be set to at least E2 to protect the config bytes, including the password page. If you set auth0 to FF or anything past E6 then anyone could change your config and your password without needing to authenticate … not good. Also there are some dangerous config settings you don’t want tripped.


#8

Yes. Amal is completely right. I knew I eventually wanted to run the Dangerous Things protection app, but I figured that the value had to be set to FF first, and then the app would set it to where it needed to be set to.


#9

I appreciate the help everyone! Using NFC Tools, I was able to write to it.
Thanks!