I think 1k will be fine for me, I don’t plan on doing much complicated with it.
I’ve been reading this thread and its been very helpful as well, in case anyone else stumbles across this thread.
From that thread:
“The current batch of NExT does have a password set, but we decided to leave the xSIID password set to factory default FF FF FF FF. We did set AUTH0 to enable protections, just to ensure there was an extra step at least to alter those bytes… but it was a gamble… so many badly written NFC apps will gladly issue the PWDAUTH command with factory default just as a check mechanism, and in doing so, may possibly impact the AUTHLIM counter (if it’s enabled) which is a terrible disservice as an app to take a potentially destructive action without even informing the user… but then once PWDAUTH is issued, it can freely overwrite config bytes by accident… if it’s badly written… so you see it’s a bit of a risk for our users to not set a password on the xSIID…”
So from what I can tell, and from what I scanned on the chip, page 00 through 03 are locked by page 02, which also locks itself and can’t be changed, to keep the reading apps from trying to mess with sector 1.
Then, E2 basically locks itself and nothing else, to keep it from unintentionally locking other stuff (I think, that part confuses me), and E3 is random config stuffs and also makes it so that the password is in effect for E2 and above. E4 makes the password limit unlimited, and makes it so you need the password to change the values that are protected by it, and E5 contains the password, which is the default of 00000000 (or is this not readable and has a password set already? (FFFFFFFF but it displays as 0s because its hidden?) and E6 deals with what the chip returns when its sent a password.
and there’s therefore a slight chance that if a bad nfc app sends that PWDAUTH command with the default password, it could theoretically have write permissions to E2 and above, and the worst case is it changing the password without you knowing it. However, it shouldn’t attempt to write a new password or change anything, unless you specifically ask for it, as page 03 makes sector 1 basically just dead space, so it shouldn’t mess with anything but sector 0 and stop at page E1
So all in all, setting a password is essentially just to keep a bad app (or nefarious RFID enthusiast) from automatically sending that PWDAUTH command to gain write permissions to your E2 and above pages.
I think the main part that confuses me is page E2, I don’t quite understand how that part works, from my assumptions, they’re one time writable, and they’re set to lock nothing, and can’t be changed from that setting. Though, the “dynamic” part confuses me, and I can’t seem to find anything else about it.
That’s how I understood it, at least. Not 100% confident, but I think that’s mostly correct. Feel free to have a chuckle at me if not. 