Ok first, how did you do this? How did you write page E3 to all 00 00 00 00 ?
In short, the CFGLCK and AUTHLIM bits are in page E4 and that page still holds default values. Page E3 holds your data mirroring configuration and modulation mode, as well as AUTH0. The default value after using Dangerous NFC should be 04 00 00 E2, the last byte of course being AUTH0… so you can set that to 00 or 03 or whatever you want really… but at this point it’s set to 00 so that means to change anything on the tag, including any user data, you will need to authenticate first.
Unfortunately, if you set your password with Dangerous NFC, that means none of the other tools which support the NTAG216 password feature will work. For whatever reason, if you enter an ASCII value password with the keyboard of say… ABCD… in hex that value is 41 42 43 44 … and that’s what the Dangerous NFC app writes as your password to page E5… simple right? Well NFC Tools and NFC TagWriter from NXP apparently use something completely different… and so when you attempt to use those tools to make changes, it asks for your password, you type in ABCD, and it errors. No idea why. Nothing about password user input translations in the documentation. Insane.
So the way to fix this is very annoying. You’ll have to use the NFC Shell… actually, start by reading this thread; https://forum.dangerousthings.com/t/can-my-xnt-be-easily-set-to-read-only and grab NFC Shell from the link in that thread.
Type in the following lines in the NFC Shell box;
1B h1 h2 h3 h4
A2 E3 04 00 00 E2
The first line starting with 1B is the PWD_AUTH command, and the h1 h2 h3 h4 value needs to be replaced with the HEX value of the password you set for your xNT. So, if your password was 1234 then the HEX values of the ASCII characters 1, 2, 3, and 4 are 31 32 33 34. Check ye’ olde ASCII chart for a reference.
The second line, starting with A2, updates the AUTH0 byte to page E2… protecting the configuration pages of your tag with the password you’ve set.
Press the SEND button and then scan your tag. You should receive in the shell window, something like this;
TX: 1Bh1h2h3h4
RX: 4454
TX: A2 E3 04 00 00 04
RX:
That means success… no RX after successful write command means success. If it fails, you’ll get an RX: NAK back.