FlexMN Tag Size - Proxmark 3

Hi everyone,
After messing around with some random Android apps and my flexMN, it seems one of these apps changed some things of my tag.
I recently got a Proxmark 3 (finally) and wiped the flexMN, changing it’s tag type to NTAG216.
However, I can’t write anything to it using TagWriter, error “Store Failed”. Also, the app shows that the tag size is only 137 bytes.
When the data size is less than 137 bytes, the error message is “Store Failed”, when it’s more than 137 bytes it’s “Store Failed. NFC data set is too large”.
Any clues on how to get the full storage free again?

Thanks! (btw, glad to get back to the forum)

Off Topic: My flexMN version is the LED one. One of the LEDs is still working after 6 or 7 months! The LEDs on my FlexNExT died much sooner

Could you share a Taginfo scan? It sounds like it might be configured as an NTAG213.

Also congrats on the LEDs lasting that long

Sure! Really weird cause it shows as 888 bytes in the full scan but when writing something through TagWriter it shows 137 bytes available and the error message, even if the dataset is smaller than 137 bytes

** TagInfo scan (version 4.24.7) 2021-08-26 11:44:46 **
Report Type: External

-- IC INFO ------------------------------

# IC manufacturer:
NXP Semiconductors

# IC type:
NTAG216

-- NDEF ------------------------------

# No NDEF Message present:

# Control TLVs:
Lock Control TLV at address 0x04, offset 0
* Dynamic lock bytes at address 0x28, offset 0
	- 12 lock bits
	- 8 bytes locked per lock bit
 01 03 A0 0C 34                                  |....4           |


-- EXTRA ------------------------------

# Memory size:
888 bytes user memory
* 222 pages, with 4 bytes per page

# IC detailed information:
Full product name: NT2H1611G0DUx
Capacitance: 50 pF

# Version information:
Vendor ID: NXP
Type: NTAG
Subtype: 50 pF
Major version: 1
Minor version: V0
Storage size: 888 bytes
Protocol: ISO/IEC 14443-3

# Configuration information:
ASCII mirror disabled
NFC counter: disabled
No limit on wrong password attempts
Strong load modulation disabled

# Originality check:
Signature cannot be verified

-- FULL SCAN ------------------------------

# Technologies supported:
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible

# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.NfcA, android.nfc.tech.MifareUltralight, android.nfc.tech.Ndef]
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 618 ms


# Detailed protocol information:
ID: 04:11:22:33:44:55:66
ATQA: 0x4400
SAK: 0x00

# Memory content:
[00] *  04:11:22 BF (UID0-UID2, BCC0)
[01] *  33:44:55:66 (UID3-UID6)
[02] .  44 48 00 00 (BCC1, INT, LOCK0-LOCK1)
[03] .  E1:10:12:00 (OTP0-OTP3)
[04] .  01 03 A0 0C |....|
[05] .  34 03 00 FE |4...|
[06] .  00 00 00 00 |....|
[07] .  00 00 00 00 |....|
[08] .  00 00 00 00 |....|
[09] .  00 00 00 00 |....|
[0A] .  00 00 00 00 |....|
[0B] .  00 00 00 00 |....|
[0C] .  00 00 00 00 |....|
[0D] .  00 00 00 00 |....|
[0E] .  00 00 00 00 |....|
[0F] .  00 00 00 00 |....|
[10] .  00 00 00 00 |....|
[11] .  00 00 00 00 |....|
[12] .  00 00 00 00 |....|
[13] .  00 00 00 00 |....|
[14] .  00 00 00 00 |....|
[15] .  00 00 00 00 |....|
[16] .  00 00 00 00 |....|
[17] .  00 00 00 00 |....|
[18] .  00 00 00 00 |....|
[19] .  00 00 00 00 |....|
[1A] .  00 00 00 00 |....|
[1B] .  00 00 00 00 |....|
[1C] .  00 00 00 00 |....|
[1D] .  00 00 00 00 |....|
[1E] .  00 00 00 00 |....|
[1F] .  00 00 00 00 |....|
[20] .  00 00 00 00 |....|
[21] .  00 00 00 00 |....|
[22] .  00 00 00 00 |....|
[23] .  00 00 00 00 |....|
[24] .  00 00 00 00 |....|
[25] .  00 00 00 00 |....|
[26] .  00 00 00 00 |....|
[27] .  00 00 00 00 |....|
[28] .  00 00 00 00 |....|
[29] .  00 00 00 FF |....|
[2A] .  00 05 00 00 |....|
[2B] .  00 00 00 00 |....|
[2C] .  00 00 00 00 |....|
[2D] .  00 00 00 00 |....|
[2E] .  00 00 00 00 |....|
[2F] .  00 00 00 00 |....|
[30] .  00 00 00 00 |....|
[31] .  00 00 00 00 |....|
[32] .  00 00 00 00 |....|
[33] .  00 00 00 00 |....|
[34] .  00 00 00 00 |....|
[35] .  00 00 00 00 |....|
[36] .  00 00 00 00 |....|
[37] .  00 00 00 00 |....|
[38] .  00 00 00 00 |....|
[39] .  00 00 00 00 |....|
[3A] .  00 00 00 00 |....|
[3B] .  00 00 00 00 |....|
[3C] .  00 00 00 00 |....|
[3D] .  00 00 00 00 |....|
[3E] .  00 00 00 00 |....|
[3F] .  00 00 00 00 |....|
[40] .  00 00 00 00 |....|
[41] .  00 00 00 00 |....|
[42] .  00 00 00 00 |....|
[43] .  00 00 00 00 |....|
[44] .  00 00 00 00 |....|
[45] .  00 00 00 00 |....|
[46] .  00 00 00 00 |....|
[47] .  00 00 00 00 |....|
[48] .  00 00 00 00 |....|
[49] .  00 00 00 00 |....|
[4A] .  00 00 00 00 |....|
[4B] .  00 00 00 00 |....|
[4C] .  00 00 00 00 |....|
[4D] .  00 00 00 00 |....|
[4E] .  00 00 00 00 |....|
[4F] .  00 00 00 00 |....|
[50] .  00 00 00 00 |....|
[51] .  00 00 00 00 |....|
[52] .  00 00 00 00 |....|
[53] .  00 00 00 00 |....|
[54] .  00 00 00 00 |....|
[55] .  00 00 00 00 |....|
[56] .  00 00 00 00 |....|
[57] .  00 00 00 00 |....|
[58] .  00 00 00 00 |....|
[59] .  00 00 00 00 |....|
[5A] .  00 00 00 00 |....|
[5B] .  00 00 00 00 |....|
[5C] .  00 00 00 00 |....|
[5D] .  00 00 00 00 |....|
[5E] .  00 00 00 00 |....|
[5F] .  00 00 00 00 |....|
[60] .  00 00 00 00 |....|
[61] .  00 00 00 00 |....|
[62] .  00 00 00 00 |....|
[63] .  00 00 00 00 |....|
[64] .  00 00 00 00 |....|
[65] .  00 00 00 00 |....|
[66] .  00 00 00 00 |....|
[67] .  00 00 00 00 |....|
[68] .  00 00 00 00 |....|
[69] .  00 00 00 00 |....|
[6A] .  00 00 00 00 |....|
[6B] .  00 00 00 00 |....|
[6C] .  00 00 00 00 |....|
[6D] .  00 00 00 00 |....|
[6E] .  00 00 00 00 |....|
[6F] .  00 00 00 00 |....|
[70] .  00 00 00 00 |....|
[71] .  00 00 00 00 |....|
[72] .  00 00 00 00 |....|
[73] .  00 00 00 00 |....|
[74] .  00 00 00 00 |....|
[75] .  00 00 00 00 |....|
[76] .  00 00 00 00 |....|
[77] .  00 00 00 00 |....|
[78] .  00 00 00 00 |....|
[79] .  00 00 00 00 |....|
[7A] .  00 00 00 00 |....|
[7B] .  00 00 00 00 |....|
[7C] .  00 00 00 00 |....|
[7D] .  00 00 00 00 |....|
[7E] .  00 00 00 00 |....|
[7F] .  00 00 00 00 |....|
[80] .  00 00 00 00 |....|
[81] .  00 00 00 00 |....|
[82] .  00 00 00 00 |....|
[83] .  00 00 00 FF |....|
[84] .  00 05 00 00 |....|
[85] .  00 00 00 00 |....|
[86] .  00 00 00 00 |....|
[87] .  00 00 00 00 |....|
[88] .  00 00 00 00 |....|
[89] .  00 00 00 00 |....|
[8A] .  00 00 00 00 |....|
[8B] .  00 00 00 00 |....|
[8C] .  00 00 00 00 |....|
[8D] .  00 00 00 00 |....|
[8E] .  00 00 00 00 |....|
[8F] .  00 00 00 00 |....|
[90] .  00 00 00 00 |....|
[91] .  00 00 00 00 |....|
[92] .  00 00 00 00 |....|
[93] .  00 00 00 00 |....|
[94] .  00 00 00 00 |....|
[95] .  00 00 00 00 |....|
[96] .  00 00 00 00 |....|
[97] .  00 00 00 00 |....|
[98] .  00 00 00 00 |....|
[99] .  00 00 00 00 |....|
[9A] .  00 00 00 00 |....|
[9B] .  00 00 00 00 |....|
[9C] .  00 00 00 00 |....|
[9D] .  00 00 00 00 |....|
[9E] .  00 00 00 00 |....|
[9F] .  00 00 00 00 |....|
[A0] .  00 00 00 00 |....|
[A1] .  00 00 00 00 |....|
[A2] .  00 00 00 00 |....|
[A3] .  00 00 00 00 |....|
[A4] .  00 00 00 00 |....|
[A5] .  00 00 00 00 |....|
[A6] .  00 00 00 00 |....|
[A7] .  00 00 00 00 |....|
[A8] .  00 00 00 00 |....|
[A9] .  00 00 00 00 |....|
[AA] .  00 00 00 00 |....|
[AB] .  00 00 00 00 |....|
[AC] .  00 00 00 00 |....|
[AD] .  00 00 00 00 |....|
[AE] .  00 00 00 00 |....|
[AF] .  00 00 00 00 |....|
[B0] .  00 00 00 00 |....|
[B1] .  00 00 00 00 |....|
[B2] .  00 00 00 00 |....|
[B3] .  00 00 00 00 |....|
[B4] .  00 00 00 00 |....|
[B5] .  00 00 00 00 |....|
[B6] .  00 00 00 00 |....|
[B7] .  00 00 00 00 |....|
[B8] .  00 00 00 00 |....|
[B9] .  00 00 00 00 |....|
[BA] .  00 00 00 00 |....|
[BB] .  00 00 00 00 |....|
[BC] .  00 00 00 00 |....|
[BD] .  00 00 00 00 |....|
[BE] .  00 00 00 00 |....|
[BF] .  00 00 00 00 |....|
[C0] .  00 00 00 00 |....|
[C1] .  00 00 00 00 |....|
[C2] .  00 00 00 00 |....|
[C3] .  00 00 00 00 |....|
[C4] .  00 00 00 00 |....|
[C5] .  00 00 00 00 |....|
[C6] .  00 00 00 00 |....|
[C7] .  00 00 00 00 |....|
[C8] .  00 00 00 00 |....|
[C9] .  00 00 00 00 |....|
[CA] .  00 00 00 00 |....|
[CB] .  00 00 00 00 |....|
[CC] .  00 00 00 00 |....|
[CD] .  00 00 00 00 |....|
[CE] .  00 00 00 00 |....|
[CF] .  00 00 00 00 |....|
[D0] .  00 00 00 00 |....|
[D1] .  00 00 00 00 |....|
[D2] .  00 00 00 00 |....|
[D3] .  00 00 00 00 |....|
[D4] .  00 00 00 00 |....|
[D5] .  00 00 00 00 |....|
[D6] .  00 00 00 00 |....|
[D7] .  00 00 00 00 |....|
[D8] .  00 00 00 00 |....|
[D9] .  00 00 00 00 |....|
[DA] .  00 00 00 00 |....|
[DB] .  00 00 00 00 |....|
[DC] .  00 00 00 00 |....|
[DD] .  00 00 00 00 |....|
[DE] .  00 00 00 00 |....|
[DF] .  00 00 00 00 |....|
[E0] .  00 00 00 00 |....|
[E1] .  00 00 00 00 |....|
[E2] .  00 00 00 00 (LOCK2-LOCK4, CHK)
[E3] .  00 00 00 FF (CFG, MIRROR, AUTH0)
[E4] .  00 05 -- -- (ACCESS)
[E5] +P FF FF FF FF (PWD0-PWD3)
[E6] +P 00 00 -- -- (PACK0-PACK1)

  *:locked & blocked, x:locked,
  +:blocked, .:un(b)locked, ?:unknown
  r:readable (write-protected),
  p:password protected, -:write-only
  P:password protected write-only

--------------------------------------

Here’s the NTAG 216 in my NExT

Screenshot_20210826-110011~2827×788 58.2 KB

Screenshot_20210826-110119~3795×521 24.7 KB

And here’s the NTAG 213/215/216 datasheet for the memory structure

Yeah, it’s because byte 2 in page 03 is 12 on your tag

Screenshot_20210826-1106191080×2220 260 KB

I don’t know much about the magic NTAGs. I know you can change the UID values in pages 00 and 01, but I still don’t think you can change the OTP bits in page 03. This is a question for @amal

This doesn’t look good. Once the OTP bits are switched from 0 to 1 in most NTAGs they can’t be switched back. You can bitwise OR to change them to 1, but the binary of 12h and 6Dh are exact opposites

Screenshot_20210826-110948~21080×739 12.6 KB

Screenshot_20210826-110957~21080×702 14.6 KB

@Jirvin or @Equipter might have some idea of an exploit to trick the OTP bytes to write, but I wouldn’t count on it. Hopefully Amal comes back and says the CC bytes on a magic tag are also magic.

Thanks a lot @Satur9 !
Will wait for the inputs from @amal , @Jirvin or @Equipter
Thanks in advance for your help guys!

the -o parameter lets you overwrite the OTP bits.
If the tutorial is enough to get you up and running great, if not yeah wait for somone that can walk you through it, I have not actually done it myself so cant give extra advice, but it should be a good start.

if its nor working after using the OTp commands just inbox me or @ me

I could change the OTP using -o E1106D00
Wiped it and formatted it back to NTAG216, but still cannot write any data on it, “Store failed”.
Good thing is that now TagWriter shows 863 bytes and the full scan (pasted below) seems that the OTP is correct.
Any thoughts of what could be wrong? @Equipter

** TagInfo scan (version 4.24.7) 2021-08-26 12:46:41 **
Report Type: External

-- IC INFO ------------------------------

# IC manufacturer:
NXP Semiconductors

# IC type:
NTAG216

-- NDEF ------------------------------

# No NDEF Message present:

# Control TLVs:
Lock Control TLV at address 0x04, offset 0
* Dynamic lock bytes at address 0x28, offset 0
	- 12 lock bits
	- 8 bytes locked per lock bit
 01 03 A0 0C 34                                  |....4           |


-- EXTRA ------------------------------

# Memory size:
888 bytes user memory
* 222 pages, with 4 bytes per page

# IC detailed information:
Full product name: NT2H1611G0DUx
Capacitance: 50 pF

# Version information:
Vendor ID: NXP
Type: NTAG
Subtype: 50 pF
Major version: 1
Minor version: V0
Storage size: 888 bytes
Protocol: ISO/IEC 14443-3

# Configuration information:
ASCII mirror disabled
NFC counter: disabled
No limit on wrong password attempts
Strong load modulation disabled

# Originality check:
Signature cannot be verified

-- FULL SCAN ------------------------------

# Technologies supported:
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible

# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.NfcA, android.nfc.tech.MifareUltralight, android.nfc.tech.Ndef]
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 618 ms


# Detailed protocol information:
ID: 04:11:22:33:44:55:66
ATQA: 0x4400
SAK: 0x00

# Memory content:
[00] *  04:11:22 BF (UID0-UID2, BCC0)
[01] *  33:44:55:66 (UID3-UID6)
[02] .  44 48 00 00 (BCC1, INT, LOCK0-LOCK1)
[03] .  E1:10:6D:00 (OTP0-OTP3)
[04] .  01 03 A0 0C |....|
[05] .  34 03 00 FE |4...|
[06] .  00 00 00 00 |....|
[07] .  00 00 00 00 |....|
[08] .  00 00 00 00 |....|
[09] .  00 00 00 00 |....|
[0A] .  00 00 00 00 |....|
[0B] .  00 00 00 00 |....|
[0C] .  00 00 00 00 |....|
[0D] .  00 00 00 00 |....|
[0E] .  00 00 00 00 |....|
[0F] .  00 00 00 00 |....|
[10] .  00 00 00 00 |....|
[11] .  00 00 00 00 |....|
[12] .  00 00 00 00 |....|
[13] .  00 00 00 00 |....|
[14] .  00 00 00 00 |....|
[15] .  00 00 00 00 |....|
[16] .  00 00 00 00 |....|
[17] .  00 00 00 00 |....|
[18] .  00 00 00 00 |....|
[19] .  00 00 00 00 |....|
[1A] .  00 00 00 00 |....|
[1B] .  00 00 00 00 |....|
[1C] .  00 00 00 00 |....|
[1D] .  00 00 00 00 |....|
[1E] .  00 00 00 00 |....|
[1F] .  00 00 00 00 |....|
[20] .  00 00 00 00 |....|
[21] .  00 00 00 00 |....|
[22] .  00 00 00 00 |....|
[23] .  00 00 00 00 |....|
[24] .  00 00 00 00 |....|
[25] .  00 00 00 00 |....|
[26] .  00 00 00 00 |....|
[27] .  00 00 00 00 |....|
[28] .  00 00 00 00 |....|
[29] .  00 00 00 FF |....|
[2A] .  00 05 00 00 |....|
[2B] .  00 00 00 00 |....|
[2C] .  00 00 00 00 |....|
[2D] .  00 00 00 00 |....|
[2E] .  00 00 00 00 |....|
[2F] .  00 00 00 00 |....|
[30] .  00 00 00 00 |....|
[31] .  00 00 00 00 |....|
[32] .  00 00 00 00 |....|
[33] .  00 00 00 00 |....|
[34] .  00 00 00 00 |....|
[35] .  00 00 00 00 |....|
[36] .  00 00 00 00 |....|
[37] .  00 00 00 00 |....|
[38] .  00 00 00 00 |....|
[39] .  00 00 00 00 |....|
[3A] .  00 00 00 00 |....|
[3B] .  00 00 00 00 |....|
[3C] .  00 00 00 00 |....|
[3D] .  00 00 00 00 |....|
[3E] .  00 00 00 00 |....|
[3F] .  00 00 00 00 |....|
[40] .  00 00 00 00 |....|
[41] .  00 00 00 00 |....|
[42] .  00 00 00 00 |....|
[43] .  00 00 00 00 |....|
[44] .  00 00 00 00 |....|
[45] .  00 00 00 00 |....|
[46] .  00 00 00 00 |....|
[47] .  00 00 00 00 |....|
[48] .  00 00 00 00 |....|
[49] .  00 00 00 00 |....|
[4A] .  00 00 00 00 |....|
[4B] .  00 00 00 00 |....|
[4C] .  00 00 00 00 |....|
[4D] .  00 00 00 00 |....|
[4E] .  00 00 00 00 |....|
[4F] .  00 00 00 00 |....|
[50] .  00 00 00 00 |....|
[51] .  00 00 00 00 |....|
[52] .  00 00 00 00 |....|
[53] .  00 00 00 00 |....|
[54] .  00 00 00 00 |....|
[55] .  00 00 00 00 |....|
[56] .  00 00 00 00 |....|
[57] .  00 00 00 00 |....|
[58] .  00 00 00 00 |....|
[59] .  00 00 00 00 |....|
[5A] .  00 00 00 00 |....|
[5B] .  00 00 00 00 |....|
[5C] .  00 00 00 00 |....|
[5D] .  00 00 00 00 |....|
[5E] .  00 00 00 00 |....|
[5F] .  00 00 00 00 |....|
[60] .  00 00 00 00 |....|
[61] .  00 00 00 00 |....|
[62] .  00 00 00 00 |....|
[63] .  00 00 00 00 |....|
[64] .  00 00 00 00 |....|
[65] .  00 00 00 00 |....|
[66] .  00 00 00 00 |....|
[67] .  00 00 00 00 |....|
[68] .  00 00 00 00 |....|
[69] .  00 00 00 00 |....|
[6A] .  00 00 00 00 |....|
[6B] .  00 00 00 00 |....|
[6C] .  00 00 00 00 |....|
[6D] .  00 00 00 00 |....|
[6E] .  00 00 00 00 |....|
[6F] .  00 00 00 00 |....|
[70] .  00 00 00 00 |....|
[71] .  00 00 00 00 |....|
[72] .  00 00 00 00 |....|
[73] .  00 00 00 00 |....|
[74] .  00 00 00 00 |....|
[75] .  00 00 00 00 |....|
[76] .  00 00 00 00 |....|
[77] .  00 00 00 00 |....|
[78] .  00 00 00 00 |....|
[79] .  00 00 00 00 |....|
[7A] .  00 00 00 00 |....|
[7B] .  00 00 00 00 |....|
[7C] .  00 00 00 00 |....|
[7D] .  00 00 00 00 |....|
[7E] .  00 00 00 00 |....|
[7F] .  00 00 00 00 |....|
[80] .  00 00 00 00 |....|
[81] .  00 00 00 00 |....|
[82] .  00 00 00 00 |....|
[83] .  00 00 00 FF |....|
[84] .  00 05 00 00 |....|
[85] .  00 00 00 00 |....|
[86] .  00 00 00 00 |....|
[87] .  00 00 00 00 |....|
[88] .  00 00 00 00 |....|
[89] .  00 00 00 00 |....|
[8A] .  00 00 00 00 |....|
[8B] .  00 00 00 00 |....|
[8C] .  00 00 00 00 |....|
[8D] .  00 00 00 00 |....|
[8E] .  00 00 00 00 |....|
[8F] .  00 00 00 00 |....|
[90] .  00 00 00 00 |....|
[91] .  00 00 00 00 |....|
[92] .  00 00 00 00 |....|
[93] .  00 00 00 00 |....|
[94] .  00 00 00 00 |....|
[95] .  00 00 00 00 |....|
[96] .  00 00 00 00 |....|
[97] .  00 00 00 00 |....|
[98] .  00 00 00 00 |....|
[99] .  00 00 00 00 |....|
[9A] .  00 00 00 00 |....|
[9B] .  00 00 00 00 |....|
[9C] .  00 00 00 00 |....|
[9D] .  00 00 00 00 |....|
[9E] .  00 00 00 00 |....|
[9F] .  00 00 00 00 |....|
[A0] .  00 00 00 00 |....|
[A1] .  00 00 00 00 |....|
[A2] .  00 00 00 00 |....|
[A3] .  00 00 00 00 |....|
[A4] .  00 00 00 00 |....|
[A5] .  00 00 00 00 |....|
[A6] .  00 00 00 00 |....|
[A7] .  00 00 00 00 |....|
[A8] .  00 00 00 00 |....|
[A9] .  00 00 00 00 |....|
[AA] .  00 00 00 00 |....|
[AB] .  00 00 00 00 |....|
[AC] .  00 00 00 00 |....|
[AD] .  00 00 00 00 |....|
[AE] .  00 00 00 00 |....|
[AF] .  00 00 00 00 |....|
[B0] .  00 00 00 00 |....|
[B1] .  00 00 00 00 |....|
[B2] .  00 00 00 00 |....|
[B3] .  00 00 00 00 |....|
[B4] .  00 00 00 00 |....|
[B5] .  00 00 00 00 |....|
[B6] .  00 00 00 00 |....|
[B7] .  00 00 00 00 |....|
[B8] .  00 00 00 00 |....|
[B9] .  00 00 00 00 |....|
[BA] .  00 00 00 00 |....|
[BB] .  00 00 00 00 |....|
[BC] .  00 00 00 00 |....|
[BD] .  00 00 00 00 |....|
[BE] .  00 00 00 00 |....|
[BF] .  00 00 00 00 |....|
[C0] .  00 00 00 00 |....|
[C1] .  00 00 00 00 |....|
[C2] .  00 00 00 00 |....|
[C3] .  00 00 00 00 |....|
[C4] .  00 00 00 00 |....|
[C5] .  00 00 00 00 |....|
[C6] .  00 00 00 00 |....|
[C7] .  00 00 00 00 |....|
[C8] .  00 00 00 00 |....|
[C9] .  00 00 00 00 |....|
[CA] .  00 00 00 00 |....|
[CB] .  00 00 00 00 |....|
[CC] .  00 00 00 00 |....|
[CD] .  00 00 00 00 |....|
[CE] .  00 00 00 00 |....|
[CF] .  00 00 00 00 |....|
[D0] .  00 00 00 00 |....|
[D1] .  00 00 00 00 |....|
[D2] .  00 00 00 00 |....|
[D3] .  00 00 00 00 |....|
[D4] .  00 00 00 00 |....|
[D5] .  00 00 00 00 |....|
[D6] .  00 00 00 00 |....|
[D7] .  00 00 00 00 |....|
[D8] .  00 00 00 00 |....|
[D9] .  00 00 00 00 |....|
[DA] .  00 00 00 00 |....|
[DB] .  00 00 00 00 |....|
[DC] .  00 00 00 00 |....|
[DD] .  00 00 00 00 |....|
[DE] .  00 00 00 00 |....|
[DF] .  00 00 00 00 |....|
[E0] .  00 00 00 00 |....|
[E1] .  00 00 00 00 |....|
[E2] .  00 00 00 00 (LOCK2-LOCK4, CHK)
[E3] .  00 00 00 FF (CFG, MIRROR, AUTH0)
[E4] .  00 05 -- -- (ACCESS)
[E5] +P FF FF FF FF (PWD0-PWD3)
[E6] +P 00 00 -- -- (PACK0-PACK1)

  *:locked & blocked, x:locked,
  +:blocked, .:un(b)locked, ?:unknown
  r:readable (write-protected),
  p:password protected, -:write-only
  P:password protected write-only

--------------------------------------

Could be just the app being fucky. Do you have NFC Tools (Can do it with others just the one I use so might be called diffrent things)
I’d try formatting the tag, it might just be a poorly formatted ndef record / some other data at the start of the user data messing with things (the data in block 4 and 5)

as samuel has said it either the app being shitty or theres a partially formed ndef record that needs clearing. try wiping it with nfctools but the icinfo you posted looks good.

Tried formatting through NFC Tools and got an error with no details. Also using the proxmark3 wipe command didn’t seem to work either. The data in block 4 and 5 is still there.
Any way to clean this portion of data?

The raw commands:

A20400000000

A20500000000

Should wipe those blocks. NFC Tools has a raw commands option and the PM3 can send them too.

For what it’s worth, I was never able to get my flexMN to be phone-writable. I’ve experimented over the course of a few months to try and arrive at a solution, but ultimately couldn’t get it. I had success writing to it both from the proxmark as well as sending raw commands through an ACR, but phone writes always eluded success. I think @amal had mentioned getting one to write successfully at a certain point but couldn’t reliable replicate it, so it could be that either a) the phone antennas don’t provide a reliable enough connection to write the data out or b) that the nature of a magic chip is trigger an unintended response from the nfc writing apps, which are interpreting the signal as a write fail. At one point, trying to send raw commands through the phone to the chip was on the agenda to see if I could get it to write that way (as those raw commands are how I’m querying the chip on the proxmark software I wrote to write to it), but life got in the way, as it has a knack of doing.

Raw commands worked through pm3!
Still can’t write NDEF using TagWriter “Store Failed. Format card before use”, but again no way to format it through the app.
Is there a way to write NDEF using the PM3?

A2060000031F
A207D1011B55
A20803666F72
A209756D2E64
A20A616E6765
A20B726F7573
A20C7468696E
A20D67732E63
A20E6F6D2FFE

That set of commands should (bit long soz ) but not sure there is an easy way with the pm3 no.
Odd that the apps are having such issues.

Really sad
I was patient enough to write a full NDEF VCARD using the PM3
Block. by. block

Aaaand it worked!
Reading the tag on Android is working fine!
I still can’t edit/write new records using TagWriter
Anyways, I’m happy that I can finally use NDEF on my flexMN!

Thanks everyone for your support!

Im glad it worked, out of curosity do any other writer apps work?

Tried NFC Tools and TagWriter. No success with both