This doesn’t look good. Once the OTP bits are switched from 0 to 1 in most NTAGs they can’t be switched back. You can bitwise OR to change them to 1, but the binary of 12h and 6Dh are exact opposites
@Jirvin or @Equipter might have some idea of an exploit to trick the OTP bytes to write, but I wouldn’t count on it. Hopefully Amal comes back and says the CC bytes on a magic tag are also magic.
the -o parameter lets you overwrite the OTP bits.
If the tutorial is enough to get you up and running great, if not yeah wait for somone that can walk you through it, I have not actually done it myself so cant give extra advice, but it should be a good start.
I could change the OTP using -o E1106D00
Wiped it and formatted it back to NTAG216, but still cannot write any data on it, “Store failed”.
Good thing is that now TagWriter shows 863 bytes and the full scan (pasted below) seems that the OTP is correct.
Any thoughts of what could be wrong? @Equipter
Could be just the app being fucky. Do you have NFC Tools (Can do it with others just the one I use so might be called diffrent things)
I’d try formatting the tag, it might just be a poorly formatted ndef record / some other data at the start of the user data messing with things (the data in block 4 and 5)
as samuel has said it either the app being shitty or theres a partially formed ndef record that needs clearing. try wiping it with nfctools but the icinfo you posted looks good.
Tried formatting through NFC Tools and got an error with no details. Also using the proxmark3 wipe command didn’t seem to work either. The data in block 4 and 5 is still there.
Any way to clean this portion of data?
For what it’s worth, I was never able to get my flexMN to be phone-writable. I’ve experimented over the course of a few months to try and arrive at a solution, but ultimately couldn’t get it. I had success writing to it both from the proxmark as well as sending raw commands through an ACR, but phone writes always eluded success. I think @amal had mentioned getting one to write successfully at a certain point but couldn’t reliable replicate it, so it could be that either a) the phone antennas don’t provide a reliable enough connection to write the data out or b) that the nature of a magic chip is trigger an unintended response from the nfc writing apps, which are interpreting the signal as a write fail. At one point, trying to send raw commands through the phone to the chip was on the agenda to see if I could get it to write that way (as those raw commands are how I’m querying the chip on the proxmark software I wrote to write to it), but life got in the way, as it has a knack of doing.
Raw commands worked through pm3!
Still can’t write NDEF using TagWriter “Store Failed. Format card before use”, but again no way to format it through the app.
Is there a way to write NDEF using the PM3?
Really sad
I was patient enough to write a full NDEF VCARD using the PM3
Block. by. block
Aaaand it worked!
Reading the tag on Android is working fine!
I still can’t edit/write new records using TagWriter
Anyways, I’m happy that I can finally use NDEF on my flexMN!
Very interesting, well if you have a usb pc/sc reader you could probably find some software that cou;d write it a bit easier, sounds like some app/android nfc lib fuckyness, because the app should be sending those commands…
Nice! I have an ACR122U, gonna try some software with it and get back with the results later
Btw, if someone has any suggestions of software to use with the ACR, I’ll gladly accept it!
I use ndeftool and tagtool under Linux with an ACR122U to write all my NDEFs. Very flexible, works beautifully. It’s much easier to use than a cellphone, more versatile, and more reliable.
You can find a sample script that uses them here. But they’re perfectly usable directly on the command line.