flexNT Default Configuration?

Ok, so, here are the commands;

A2 02 xx xx 0F 00 - lock static lock bytes
A2 E2 00 00 7F BD - lock dynamic lock bytes
A2 E3 04 00 00 E3 - set auth0 byte to password protect config
A2 E5 xx xx xx xx - set password

In the above commands, A2 is the write command, the next byte is the 4 byte memory page to write to, and the following 4 bytes are the data to write to the page. You must write all 4 bytes to the page in the write command, even if you’re only wanting to change the first byte.

The first line includes two bytes which are shown as xx xx, and that’s because you need to first read memory page 02 and get the value of those bytes, which are different for every tag. Get those byte values using taginfo or whatever can read the pages out properly, then update the command to use those two bytes plus 0F 00.

The bottom line is just a 4 byte password you can choose. The default password is FF FF FF FF which leaves you open to pretty easy attacks using tagwriter or nfc tools. There is no way remove the password, so choose one other than the default and remember what you chose :slight_smile:

Here’s a video I sent recently to someone explaining the password feature which is actually pretty apt here:

fml… great preview image… pff

5 Likes