Does the DT app really apply password protection?


#1

Might be because I just got started here, but I can’t figure this one out yet.

After using the DT app on my xNT to change some of the lock bits and set a password, I can still use NFC Tools Pro and without entering any password write various records to it (multiple times).

I was wondering if something had gone wrong setting the password (NFC Tools Pro says it’s a tag with a password applied, but never asks for a password).

Or Is the password only to change lock-bits? Or is there something else I’m missing?


Can my xNT be easily set to read-only?
#2

TL;DR app developers are lazy.

The problem has to do with;

  1. Most apps (including NFC Tools) are made by lazy developers. Most apps don’t even properly recognize the lock bit configuration Dangerous NFC sets, which is perfectly within NFC spec… they just assume “anything non-zero = the tag is locked” and they don’t actually parse the bits to determine which pages are locked and which are open… they assume any deviation from 00 00 = the whole tag is locked. It’s extremely frustrating because we don’t want to have to reinvent the wheel here and make yet another NFC “tag writer” style application.

  2. The password (PWD) and acknowledgement (ACK) bytes default to FF FF FF FF and 00 00, respectively. Dangerous NFC changes the password to whatever you specify, and also sets the ACK to 44 54 (“DT”)… well this makes just about every other app out there shit the bed when it tries to perform an AUTH to first unlock the password page so it can write an update. Again, another example of app developers being lazy and not actually understanding how the ACK works or that it can be anything other than 00 00 and be perfectly within the spec.

  3. Because we don’t bother protecting the user space memory pages with the password, just the configuration bytes, some apps again erroniously assume that if the AUTH0 byte is set to anything other than the default FF then “the entire tag is password protected”. We set AUTH0 to E2, leaving all the user blocks free to be written (without fear of locking because we disabled those already with DNFC).

  4. emails with extremely detailed descriptions of what’s happening here go unheeded.

At this point you might try TagWriter… they have tried to keep up in the past… but I think the reality is that we’re going to have to get a developer back on the case to put more effort into DNFC… just so we can do things the correct way and do right by our customers.


#3

Okay, thanks @amal, so it’s clear to me now that it protects the lock bits not the user space memory.

Of course you’ve clarified it for me and everyone reading these forum posts. Perhaps a note in the dangerous NFC app could help avoid and confusion like I had: “P.S. While password protection is added to prevent being locked out, the tag’s user space stays writable without a password.” (or something along these lines)


#4

Hmm. yeah, I thought I did that in section 3 on the main screen… but I guess it’s not clear.


#5

Yes, technically you did write it correctly :slight_smile:

But some users might not be smart enough, e.g. myself :wink: (I admit I’m bad at RTFM)


#6

Amal, I am looking for the DT app and cannot seem to find it under “Dangerous NFC”. Is that the correct name?


#7

It’s called “Dangerous NFC (BETA)”

https://play.google.com/store/apps/details?id=com.dangerousthings.nfc


#8

Thanks Satur9 !!! Found it. I was only looking in Galaxy store, not the google store. That’s what i get being an apple user!


#9

NP. None of this is intuitive.


#10

I would agree, this is where all of my confusion came from that took weeks of reading posts to figure out. Maybe something along the lines of

“Setting a password on your DT NFC Implant using this application simply protects the lock bits of your implant against improperly coded/out of spec writing causing permanent damage to your implant. This password is not required to write and/or make changes to the user memory of your implant using apps such as NFC Tools or NXP Tag Writer.”

Having something like that in there would’ve saved me a tonne of headache and anxiety trying to use the password I set using the DT App in NXP Tag Writer’s Password option for existing password when attempting to write to my implant. To what is likely a large portion of the people who are purchasing the xNT,(myself included) all of 1, 2, and 3 is perhaps_too clear_, it says exactly what’s happening, but we just have no idea what that actually means. We know enough to know we’re supposed to use the DT app, but not how it does/doesn’t effect what our actual end use of the device will be.


#11

We have another product coming out soon that also has an NTAG216 chip in it, and we’ve gone ahead and applied these protections during manufacturing to help avoid this part of the learning curve.


#12

how soon do u think it will be i plan on geting my 1st 2 implants soon will i be better off to hold off i plan to get a XEM AND A FLEXNT