Making the NExT read only (with a password)

Support
1

Hello all,

Just got my NExT implanted last week and have been having a blast setting it all up.

For the HF side of the chip, I am storing some encrypted backup text and would ideally like to make the implant read only, with a password required to overwrite the data. This would basically be a sanity check to avoid me accidentally overwriting the data unintentionally.

I found this thread Can my xNT be easily set to read-only? - #2 by amal referencing the xNT and I believe I have figured out the default password on the NExT, however, when I try and send the second and 3rd lines of hex I just receive an NAK response. Below is what I am sending and receiving:

TX: 1B xx xx xx xx
RX: 0000
TX: A2 E3 04 00 00 04
RX: NAK
TX: A2 E4 00 00 00 00
RX: NAK

When I send an intentionally invalid password, I receive an ‘NAK’ on line 1 as well, so I believe this means the password is correct.

Anyone have any pointers?

2

How are you sending the commands

3

I believe there are 2 commonly known passwords
DNGR and in your case NExT

Have you tried both?

There might be something in here @DonFire posted for the xSIID that could help

1 Like
4

I’m using the NFC Shell app on Android to send the commands

5

Thanks for the suggestion, using the DNGR password results in the first line coming back ‘NAK’ which is what I have observed when using a deliberately invalid password

1 Like
6

You sounds like you know what you are doing; but better safe than sorry, so just a little reminder for you, just be very careful when using shell commands, it is easy to get your implant all kinds of fucked up if you make a mistake with your command

7

So have you tried NExT

8

Yup NExT is what I am using when I get a ‘0000’ response on the first line.

Interestingly, using the article that you linked I was able to successfully change the password, but still unable to set the lock bits using the A2E300000004 string

9

Thanks! Yeah, sightly terrified of potentially bricking this thing

10

Might I suggest getting some NTAG 216 stickers, they are relatively cheap on Amazon for example.

Then you can practice your commands on those, ensure that you have the right commands, and that they do what you want, without risking your implant?

1 Like
11

For sure! Initial experiments I’ve actually done on an unimplemented sacrificial NxT which works without issue with the above commands, just seems odd that the NExT seems to have different behavior

1 Like
12

You should not need to change page E4 so I would leave that one alone for now. What is your current page E2 and E3 set to?

13

Thanks for the reply, How would I check the current values?

14
15

Cheers!
When I look at the ‘full scan’ tab I’m seeing the following:

[00] 04 2E A4 06
[01] 32 0A 54 80
[02] EC 48 0F 00
[03] E1 10 6D 00

Does that give you what you need?

16

Yep but the last few pages

17

Gotchya, sorry I see now:

[E2] 00 00 7F BD
[E3] FF 00 00 FF

18

Hmm uh oh. Page E3 has a config byte of FF… I have to review my notes but pretty sure that includes a config lock bit which has been set… therefore you cannot change the configuration at all.

19

Actually what’s page E4 look like?

20

Screenshot_20210729-170157
Screenshot_20210729-1701571943×2048 468 KB

For reference…