Please Need Help With Locked Tag!

So I got a implant a while back and was always able to do the simple stuff like share my contact information. That’s all I really know how to do. I never planned on using it for anything else only because I have no idea on how to. Just recently I tried to change some contact information using the NFC Tools app and wasnt able to. I know that I in fact DID put a password word on it. And I know FOR SURE that I never changed it or put in the wrong password. I am not able to remove, add, or change anything that is already written on the tag. I have tried many other apps to try and unlock it but failed every time. I hadn’t touched it for a few months and didnt want it anymore only cause I was not able to rewrite it at all. I ended up going to a doctor and they said that it would cost around 1,500 USD to remove it. I was NOT going to pay that much to remove it. So I am back again trying to somehow fix what ever I did to it. I am going to list all the info I have about my specific tag and list it below. If someone could please help me fix this. I just ask that you dont give me some instructions that i would not understand. If there is a simple way to fix this I AM ALL IN.

[ 04:42:3D:F3 ] Addr. 00 : UID0 - UID2 / BCC0
[ 12:FF:38:81 ] Addr. 01 : UID3 - UDI6
[ 54:48:00:00 ] Addr. 02 : BCC1 / INT. / LOCK0 - LOCK1
[ E1:10:6D:00 ] Addr. 03 : OTP0 - OTP3
[ 03:1C:D1:01 ] Addr. 04 : DATA
[ 18:55:03:69 ] Addr. 05 : DATA
[ 6E:73:74:61 ] Addr. 06 : DATA
[ 67:72:61:6D ] Addr. 07 : DATA
[ 2E:63:6F:6D ] Addr. 08 : DATA
[ 2F:6D:69:6B ] Addr. 09 : DATA
[ 65:79:5F:37 ] Addr. 0A : DATA
[ 34:36:FE:72 ] Addr. 0B : DATA
[ 51:01:18:55 ] Addr. 0C : DATA
[ 03:69:6E:73 ] Addr. 0D : DATA
[ 74:61:67:72 ] Addr. 0E : DATA
[ 61:6D:2E:63 ] Addr. 0F : DATA
[ 6F:6D:2F:6D ] Addr. 10 : DATA
[ 69:6B:65:79 ] Addr. 11 : DATA
[ 5F:37:34:36 ] Addr. 12 : DATA
[ FE:00:00:00 ] Addr. 13 : DATA
[ 00:00:00:00 ] Addr. 14 : DATA
[ 00:00:00:00 ] Addr. 15 : DATA
[ 00:00:00:00 ] Addr. 16 : DATA
[ 00:00:00:00 ] Addr. 17 : DATA
[ 00:00:00:00 ] Addr. 18 : DATA
[ 00:00:00:00 ] Addr. 19 : DATA
[ 00:00:00:00 ] Addr. 1A : DATA
[ 00:00:00:00 ] Addr. 1B : DATA
[ 00:00:00:00 ] Addr. 1C : DATA
[ 00:00:00:00 ] Addr. 1D : DATA
[ 00:00:00:00 ] Addr. 1E : DATA
[ 00:00:00:00 ] Addr. 1F : DATA
[ 00:00:00:00 ] Addr. 20 : DATA
[ 00:00:00:00 ] Addr. 21 : DATA
[ 00:00:00:00 ] Addr. 22 : DATA
[ 00:00:00:00 ] Addr. 23 : DATA
[ 00:00:00:00 ] Addr. 24 : DATA
[ 00:00:00:00 ] Addr. 25 : DATA
[ 00:00:00:00 ] Addr. 26 : DATA
[ 00:00:00:00 ] Addr. 27 : DATA
[ 00:00:00:00 ] Addr. 28 : DATA
[ 00:00:00:00 ] Addr. 29 : DATA
[ 00:00:00:00 ] Addr. 2A : DATA
[ 00:00:00:00 ] Addr. 2B : DATA
[ 00:00:00:00 ] Addr. 2C : DATA
[ 00:00:00:00 ] Addr. 2D : DATA
[ 00:00:00:00 ] Addr. 2E : DATA
[ 00:00:00:00 ] Addr. 2F : DATA
[ 00:00:00:00 ] Addr. 30 : DATA
[ 00:00:00:00 ] Addr. 31 : DATA
[ 00:00:00:00 ] Addr. 32 : DATA
[ 00:00:00:00 ] Addr. 33 : DATA
[ 00:00:00:00 ] Addr. 34 : DATA
[ 00:00:00:00 ] Addr. 35 : DATA
[ 00:00:00:00 ] Addr. 36 : DATA
[ 00:00:00:00 ] Addr. 37 : DATA
[ 00:00:00:00 ] Addr. 38 : DATA
[ 00:00:00:00 ] Addr. 39 : DATA
[ 00:00:00:00 ] Addr. 3A : DATA
[ 00:00:00:00 ] Addr. 3B : DATA
[ 00:00:00:00 ] Addr. 3C : DATA
[ 00:00:00:00 ] Addr. 3D : DATA
[ 00:00:00:00 ] Addr. 3E : DATA
[ 00:00:00:00 ] Addr. 3F : DATA
[ 00:00:00:00 ] Addr. 40 : DATA
[ 00:00:00:00 ] Addr. 41 : DATA
[ 00:00:00:00 ] Addr. 42 : DATA
[ 00:00:00:00 ] Addr. 43 : DATA
[ 00:00:00:00 ] Addr. 44 : DATA
[ 00:00:00:00 ] Addr. 45 : DATA
[ 00:00:00:00 ] Addr. 46 : DATA
[ 00:00:00:00 ] Addr. 47 : DATA
[ 00:00:00:00 ] Addr. 48 : DATA
[ 00:00:00:00 ] Addr. 49 : DATA
[ 00:00:00:00 ] Addr. 4A : DATA
[ 00:00:00:00 ] Addr. 4B : DATA
[ 00:00:00:00 ] Addr. 4C : DATA
[ 00:00:00:00 ] Addr. 4D : DATA
[ 00:00:00:00 ] Addr. 4E : DATA
[ 00:00:00:00 ] Addr. 4F : DATA
[ 00:00:00:00 ] Addr. 50 : DATA
[ 00:00:00:00 ] Addr. 51 : DATA
[ 00:00:00:00 ] Addr. 52 : DATA
[ 00:00:00:00 ] Addr. 53 : DATA
[ 00:00:00:00 ] Addr. 54 : DATA
[ 00:00:00:00 ] Addr. 55 : DATA
[ 00:00:00:00 ] Addr. 56 : DATA
[ 00:00:00:00 ] Addr. 57 : DATA
[ 00:00:00:00 ] Addr. 58 : DATA
[ 00:00:00:00 ] Addr. 59 : DATA
[ 00:00:00:00 ] Addr. 5A : DATA
[ 00:00:00:00 ] Addr. 5B : DATA
[ 00:00:00:00 ] Addr. 5C : DATA
[ 00:00:00:00 ] Addr. 5D : DATA
[ 00:00:00:00 ] Addr. 5E : DATA
[ 00:00:00:00 ] Addr. 5F : DATA
[ 00:00:00:00 ] Addr. 60 : DATA
[ 00:00:00:00 ] Addr. 61 : DATA
[ 00:00:00:00 ] Addr. 62 : DATA
[ 00:00:00:00 ] Addr. 63 : DATA
[ 00:00:00:00 ] Addr. 64 : DATA
[ 00:00:00:00 ] Addr. 65 : DATA
[ 00:00:00:00 ] Addr. 66 : DATA
[ 00:00:00:00 ] Addr. 67 : DATA
[ 00:00:00:00 ] Addr. 68 : DATA
[ 00:00:00:00 ] Addr. 69 : DATA
[ 00:00:00:00 ] Addr. 6A : DATA
[ 00:00:00:00 ] Addr. 6B : DATA

:point_up:I just copied text from the NFC TOOLS APP​:point_up:
:point_down:Here is from another app​:point_down:

When you scan it with your phone, does it say invalid tag?

  1. is this an xNT or a different product?

  2. Your tag is not locked, however your AUTH0 byte has been set to 00 and your PROT bit appears to be set. In short, your password is being used to write-protect the user memory blocks, but they are not “locked”… locked would be a condition that is not recoverable.

  3. None of the tools or apps available use the same method of setting a password… the bytes you type are never actually written to the PWD block as-is… they all have to dick with it somehow… so, which tool did you use originally to set the password with, and what version, and do you still have access to that specific version of the app/tool?

On some apps it does but when I just scan it with my phone or any other phone it opens up my instagram.

So I used the NFC TOOLS APP. I dont know exactly which version of the app i used but it was NFC TOOLS. i know that because i remember the last thing I had put on it was my Instagram. I also am not able to remove the password or format the tag at all.

So can you use NFC Tools to remove the password?

No I am not able to. I have tried with many other apps as well but none let me remove or add anything to the tag.

Hmm… if you are unsure what version of NFC Tools was used, you may have to attempt to brute force it. Since authlim is not set, you can try an infinite number of times.

Should I write a brute forcer app?

Idk what a brute force app is but if it can help me get this tag working again I will definitely give it a try!:slightly_smiling_face:

Yes can you? It would help.

If you dont mind me stepping in here, but this seems to be the solution I need as well. I havent been able to configure my implant yet, and it seems as Ive finally found out how to, using NFCTools atm, It appears mine is already password protected, and I get “identification error” when I attempt to remove the password protection that seems to be in place.

Any thoughts or progress on the bruteforce tool?

1 Like