I bought a NExT and am trying to write to the xNT side (13.56MHz) via NFC. I used TagWriter, as Dangerous Things recommends, but it always returns “Read only, can not store”. The chip is brand new and has never had anything written to it. It is still only holding the default dngr.us/NExT link in the tag. Scanning it with TagInfo shows “NFC data set access: Read & Write”.
I then tried to run the Dangerous Things NFC app, but it just returns “Error: Lock Bits Already Altered”. A lot of information on this device is incomplete. I can’t find any useful information on what is going on. Most of the posts about the app just have DT complaining about third party apps/devs not doing things right in theri apps… followed by the we need to update the DT NFC app and to keep an eye out… it was last updated in 2014 though…
After trying that I tried writing a URL record with NFC Tools Pro and it could not write either.
What could be causing this new tag to not allow writing?
See in page E3 the AUTH0 byte is set to 04? That means the entire user memory from page 04 down are under the protection of the password feature. Something somewhere changed the AUTH0 byte in page E3. It just means you will have to authenticate first in order to write changes to the user memory. Probably the best way around it would be to reset the password to factory FF FF FF FF. Depending on the batch the default password will be DNGR or NExT. From the product page; Because of this, we set a default password value of 0x44 0x4E 0x47 0x52 which is ASCII code for DNGR (some older batches of NExT chips have the password 0x4E 0x45 0x78 0x54 which is the ASCII code for NExT).
I clicked the “Protect Tags” button and clicked “Password protection” from the list. This is the first time I went into the protection section. I checked "Current Password " and entered “4E457854”. I used the drop down to select “Remove Password” and then clicked done. The tag is now allowing writes.
It seems the entire tag was protected by that default NExT password… not just the config area. Bought this device brand new very recently, but guess was sent one from the old batch.
Also, this tag had to of come protected this way… or NXP TagWriter did it, which I doubt because every write has failed and all I have tried to do is write a different URL. Never had an issue like this with a new tag.
I wrote this earlier, so I could send it through to you.
Rather than letting it go to waste, here it is.
So you are obviously aware the NExT has 2 chips in it.
An HF that you can write to with your phone and an LF that you can write 2 with a special tool.
Let me break them down for you a little more
Firstly, don’t worry about the password, think of it more like an “anti fuck up my implant protection system from myself and others”
With your phone, I don’t want to insult you, but it is always easier to start with the basics just to make sure we are singing off the same song sheet. So no insult meant.
Make sure your NFC is turned on
Remove cover if it has one
Use your diagnostic card
on the back to make sure the NFC is working ( The HF LED should flash )
Then use your xFD
and move it slowly on the back of your phone in all different orientations, You are looking for the Brightest light ( Not unusual for your LED to pulse with a few low power flashes then a High power )
When you have found the best orientation, that is what you want to replicate with your NEXT.
If you have an iPhone, then same applies but it will be your top edge you will be using, To read you will place it like a across the NExT
This is a great simple tool with just a couple of limitations you need to be aware of.
They are not all created equally, they may look the same, but under the hood, they can be quite different.
The best option is the " Blue cloner " from the DT Store because it is a known entity and it gives the most amount of read write options.
If you want to just read / write EM, HID, AWID then it is perfect, if anything else like indala, prox etc… then you are better off getting a Proxmark
A limitation of the Blue Cloner is the limited range with an xSeries incl the NExT
But @anon3825968 came up with an easy and effective Mod. you can do to it to improve performance / reliability
Finally with the BlueCloner, it places a password onto your implant, This is not an issue if you only ever need the BlueCloner, but if you want to change it to anything outside of EM, HID, AWID, It is a known password and can be removed, but you need a Proxmark to do this.
Is your access badge HF or LF.
Once you answer THIS, we can help you with THAT