Houston, I have a problem (SOLVED)

brand-new implantee here. i used the tagwriter app to try to program a link to my portfolio website to my tag, but when read it shows up as this:

anyone know what the problem could be? thanks.

(edit) it seems to store plaintext just fine, but URLs are no-go.

FINAL EDIT: tagwriter wasn’t writing right, for some reason. used NFC tools and it worked like a charm!


I found tag writer regardless of size struggles to write properly to the xSIID, nfc tools however works without fault upto the already discussed 1k


I know people have different opinions, but I’ve always preferred NFC Tool over tagwriter. I paid for the Pro revision of NFC tools.

1 Like

thanks so much @Devilclarke and @turbo2ltr ! hopefully soon we’ll be able to use tagwriter to write to both kbs. in the meantime, nfctools will work great for what i need.

I just found out that 3 days ago, as I tried to write stuff to my brand new xSIID.

1 Like

For other people to, it says this on the dangerous things shop (ksec as well in the uk)


The most important part of that message


Yes I’ve seen this message, but I understood TagWriter would have a problem writing to the xSIID only if the data was bigger than 1 Kb. There’s apparently always a problem.

It might be nice to rephrase this, @amal.


yep, i agree. i had assumed any write would be fine as long as it was under 1kb.

1 Like

That’s interesting I have written smaller things with tagwriter circa 400bytes, just tried something at 600 bytes and it failed every time. That’s really weird.

What do you experience trying to write smaller <400 bytes?

1 Like

A short URL, 14 bytes. The write worked, but the implant couldn’t be read by the phone. The app could read it though.

1 Like

That’s exactly what I found thought I was going daft. I found the information would also get garbled.

1 Like

Here’s what I do to get NDEF messages on the NTAG I2C Plus:

Open Tagwriter and select “Erase tags”

Select “Erase to factory default” and press it to the tag. After you’ve done that, select “Erase and format as NDEF”

It will ask you if you want to specify the memory size. Hit “No”.

After that you should be able to use the regular “Write tags” menu to apply a “dataset” (URI record, text record, WiFi password etc…) to the freshly formatted NDEF sectors, with a caveat.

DO NOT EVER EVER NEVER write an NDEF record that is longer than 873 bytes for fucks sake. NXP are complete dinguses and have not fixed their app. It will allow you to write over the configuration bytes at the end of the tag, functionally bricking the NDEF capabilities of your tag.

Luckily I made some business cards that act as an evaluation board for the NTAG I2C Plus chip, so I was able to test this pretty thoroughly. I bricked 6 chips in the process, though. I’m doing additional testing now, but I haven’t figured out a way to recover then yet, even with NFC Shell. I may need to whip out the old proxmark.



@Satur9 :ringer_planet:9

Has solved your problem

1 Like

I did a bunch more testing and updated my previous instructions. The NDEF record limit is 873 bytes. Don’t try to write any more than that with Tagwriter, and be very careful with other apps like NFC Tools which might prepend or append formatting bytes to the beginning or end of the message.




We helped solve this particular problem by setting the password and AUTH0 to E2 as well as disabling the lock bytes on all xSIID which were successfully programmed at the factory. We have been getting some unconfirmed reports that certain xSIID escaped without programming, and yes in those cases the config bytes could be overwritten… but for pre-programmed xSIID that is not a risk.


how could we tell if our xSIID has been pre-programmed or not? my computer-semi-illiterate self is terrified of bricking something that’s already inside me.
for now i’m gonna stick with the short URI i wrote into it with NFC Tools.

if it came with a URL pre-programmed in… scan and it takes you to the xSIID product page, then yours was pre-programmed

if not, scan with TagInfo and you will see the lock bytes in page 02 be 0F 00 instead of 00 00… there are other changes as well but that’s a perfect indication and it’s easy to find.


ok, yep, mine had that URL pre-programmed! thanks Amal :^)