What’s the out-of-the-box configuration meant to be for the flexNT? Mine just arrived and I did a test read, appears there’s no password (ie set to FFFFFFFF) despite the “NTAG Chip Security” info. Now I’m concerned about the “lock and config” bits (I noticed in cfg0, “pages don’t need authentication” which seems wrong).
Yeah that’s not right… it should be configured… but it appears it’s not been. NFC shell used to be the go-to tool but now it’s not on the store anymore for modern phones. NFC Tools advanced command mode will be needed to fix
I’ll sort out the commands tomorrow… too tired to reliably recall them from memory
A2 02 xx xx 0F 00 - lock static lock bytes A2 E2 00 00 7F BD - lock dynamic lock bytes A2 E3 04 00 00 E3 - set auth0 byte to password protect config A2 E5 xx xx xx xx - set password
In the above commands, A2 is the write command, the next byte is the 4 byte memory page to write to, and the following 4 bytes are the data to write to the page. You must write all 4 bytes to the page in the write command, even if you’re only wanting to change the first byte.
The first line includes two bytes which are shown as xx xx, and that’s because you need to first read memory page 02 and get the value of those bytes, which are different for every tag. Get those byte values using taginfo or whatever can read the pages out properly, then update the command to use those two bytes plus 0F 00.
The bottom line is just a 4 byte password you can choose. The default password is FF FF FF FF which leaves you open to pretty easy attacks using tagwriter or nfc tools. There is no way remove the password, so choose one other than the default and remember what you chose
Here’s a video I sent recently to someone explaining the password feature which is actually pretty apt here:
Thanks for the commands but having an issue setting the password.
Verified 02/E2/E3 had changed by reading the memory again but E5 is stored securely (for obvious reasons) so returns 00:00:00:00. I sent a PWD_AUTH command to verify this one and although it was acknowledged when setting, hasn’t changed;
>> A2 E5 44 4E 47 52 (DNGR)
00
>> 1B 41 42 43 44 (ABCD)
Error: Tag connection lost
>> 1B 44 4E 47 52 (DNGR)
Error: Tag connection lost
>> 1B FF FF FF FF (no pwd)
<< 00 00
Ok so what happens now when you auth first then write?
1B FF FF FF FF
A2 E5 44 4E 47 52
Those commands must be sent one after the other during the same session… you can’t auth then remove the tag and then try to change the pw.
I think this is actually quite difficult to do with NFC Tools… I’ve never liked NFC Tools… NFC shell needs a revamp and release…or maybe DT should do something…
Hmm well you can’t re-auth during the same session… just send the auth and then the write… then remove the tag and try to auth again using the updated pwd
Ok we’re working on an update to a very old project called RawNFC to replace NFC Shell… it’ll have an awesome feature though which will allow us to make a library of useful commands anyone can easily use / add to.