I bought a NExT and am trying to write to the xNT side (13.56MHz) via NFC. I used TagWriter, as Dangerous Things recommends, but it always returns “Read only, can not store”. The chip is brand new and has never had anything written to it. It is still only holding the default dngr.us/NExT link in the tag. Scanning it with TagInfo shows “NFC data set access: Read & Write”.
I then tried to run the Dangerous Things NFC app, but it just returns “Error: Lock Bits Already Altered”. A lot of information on this device is incomplete. I can’t find any useful information on what is going on. Most of the posts about the app just have DT complaining about third party apps/devs not doing things right in theri apps… followed by the we need to update the DT NFC app and to keep an eye out… it was last updated in 2014 though…
After trying that I tried writing a URL record with NFC Tools Pro and it could not write either.
What could be causing this new tag to not allow writing?
See in page E3 the AUTH0 byte is set to 04? That means the entire user memory from page 04 down are under the protection of the password feature. Something somewhere changed the AUTH0 byte in page E3. It just means you will have to authenticate first in order to write changes to the user memory. Probably the best way around it would be to reset the password to factory FF FF FF FF. Depending on the batch the default password will be DNGR or NExT. From the product page; Because of this, we set a default password value of 0x44 0x4E 0x47 0x52 which is ASCII code for DNGR (some older batches of NExT chips have the password 0x4E 0x45 0x78 0x54 which is the ASCII code for NExT).
I clicked the “Protect Tags” button and clicked “Password protection” from the list. This is the first time I went into the protection section. I checked "Current Password " and entered “4E457854”. I used the drop down to select “Remove Password” and then clicked done. The tag is now allowing writes.
It seems the entire tag was protected by that default NExT password… not just the config area. Bought this device brand new very recently, but guess was sent one from the old batch.
Also, this tag had to of come protected this way… or NXP TagWriter did it, which I doubt because every write has failed and all I have tried to do is write a different URL. Never had an issue like this with a new tag.
I am having the exact same issue but TagWriter is not giving me the option to remove the password and both Tag Writer and NFC tools cannot format my NExT.
Hey @dalinali ,
Can you confirm for me what you are trying to achieve?
Remove password and Format?
What is your end goal?
Just incase there is another way to go about it…
FYI
The password is there to protect you from yourself and to protect the config pages.
If you want to format it, I would reccomend TagWriter…
I am currently just trying to write to it, but it is not allowing me to write to it at all. I have tried both my phone and the blue read write gun, both are unable to write.
I am scanning it at the top of the phone. Right where it scans for the app. I think that I am going to have to be patient and wait for the swelling to go down
I wrote this earlier, so I could send it through to you.
Rather than letting it go to waste, here it is.
So you are obviously aware the NExT has 2 chips in it.
An HF that you can write to with your phone and an LF that you can write 2 with a special tool.
Let me break them down for you a little more
Firstly, don’t worry about the password, think of it more like an “anti fuck up my implant protection system from myself and others”
With your phone, I don’t want to insult you, but it is always easier to start with the basics just to make sure we are singing off the same song sheet. So no insult meant.
Make sure your NFC is turned on
phone unlocked
Remove cover if it has one
Use your diagnostic card
and move it slowly on the back of your phone in all different orientations, You are looking for the Brightest light ( Not unusual for your LED to pulse with a few low power flashes then a High power )
When you have found the best orientation, that is what you want to replicate with your NEXT.
If you have an iPhone, then same applies but it will be your top edge you will be using, To read you will place it like a across the NExT
Where and how are you trying to scan it?
Have you checked the phone compatibility list ( Dont worry if it is not on it, but if it is on there , it may give you some helpful pointers )
Might be worth while taking the entire troubleshooting flow chart, and breaking it down into individual steps/parts that you can copy paste in the future?
This is a great simple tool with just a couple of limitations you need to be aware of.
They are not all created equally, they may look the same, but under the hood, they can be quite different.
The best option is the " Blue cloner " from the DT Store because it is a known entity and it gives the most amount of read write options.
If you want to just read / write EM, HID, AWID then it is perfect, if anything else like indala, prox etc… then you are better off getting a Proxmark
A limitation of the Blue Cloner is the limited range with an xSeries incl the NExT
But @anon3825968 came up with an easy and effective Mod. you can do to it to improve performance / reliability
Finally with the BlueCloner, it places a password onto your implant, This is not an issue if you only ever need the BlueCloner, but if you want to change it to anything outside of EM, HID, AWID, It is a known password and can be removed, but you need a Proxmark to do this.
Is your access badge HF or LF.
Once you answer THIS, we can help you with THAT
across the 