Hi all!
I got my NExT installed around 3 weeks ago. Now I’m wanting to get another implant in the other hand already!
I’ve set the NTAG216 up so that the AUTH0 protects the whole user memory from being written to, without sending the command 1B (XX XX XX XX).
I used the NFC shell within NFC Tools to send:
1BXXXXXXXX,A2E304000004,A2E400000000.
Where XXXXXXXX is the password set using TagWriter.
This changed the AUTH0 to protect from page 04 onwards. But still allow the tag to be read. Thus, preventing anyone (including myself!) from overwriting the user memory of my implant without sending the 1B command with the password.
A few questions, though:
The datasheet has info in the ‘block locking’ mechanism, that uses the static locking bits to irreversibly make the tag read only. I assume this is applied to 00-03. The LOCK0/1 bytes are 0F00. (00001111 00000000). This makes the CC permanently blocked, with the other static locking bits also not being able to be changed, right? I think this is what DT do during manufacturing, correct?
By setting AUTH0 to 04, everything after 04 should be pwd protected. I am just confused about the full scan I am getting. What is the difference between +r (blocked, readable), *r (blocked and locked, readable) and +p (blocked, pwd protect)? I cant find much info on the differences.
When I did a full scan before, all memory showed as (?p) however now it is showing +r for all user memory. I assume this is just due to requiring the 1B XX XX XX XX command to be sent to make these be writable once more, unless I’ve accidentally permanently blocked writing…
Additionally, E2 Is set as *r, E3-E4 as (.r)… Why are all these not set as +r, in the same as the user memory? I understand r = read only, but what is the difference between unblocked read only, and blocked read only?
I am thinking that because I did not change the dynamic locking bytes, the memory isn’t ‘locked’. Just blocked from being overwritten.
Thanks in advance. I am sorry for such a long post!