XNTi NFC Chip Question

edited April 2015 in RFID/NFC
So I implanted my chip today but have one issue. I can't write more than 137 bytes to it... Even though it says I have 868 available... Any tips?


  • what app/writer are you using?

    I just retested one of the same chips I sent you, and was able to write 800 bytes without issue,

    I was using this app
  • I figured out my issue. The app I was using was called "Tagstand Writer", and seems to have a 137 byte limit. I am now using the pro version of the app you suggested and am having no further issues.

    Thanks so much!
  • Cool, I'm glad it was just a bad app, I freaked out there for a second.
  • I used Amal's program to lock my chip into read/write mode only when I got it, so that no one could brick it by placing it into read only mode. However I used this app and I'm just curious about something. it says my chip is "protected by password" but it also says "can be made read only: yes"

    Would I be right in assuming it requires my password in order to set it to read only mode?
  • edited April 2015
    @AlexSmith, I wouldn't say it is a bad app per se, it actually has a really nice method of writing contacts to tags, but it isn't fully compatible with anything more than an ntag203.

    @ightden, I did a little testing to try to find the answer to your question. I didn't actually use my XNT chip, but used some ntag216 stickers that I have. 

    I was using the app, "NFC TOOLS PRO".

    First, I used the Dangerous Things app to set a password and prevent it from being set to read only. Then I read the tag and tried to set it to read only. I was not asked to provide a password, but got a "Write Error!" message.

    I am not actually sure where the password you set is used or if there is anywhere you will need it later, I might have to ask Amal about that. But, the Dangerous Things app definitely does work in preventing a tag from being locked.

    Hope this is helpful.
  • Sorry for resurrecting an old thread but I joined because I had this exact issue with an NTAG216 implant; I couldn't remove the password set by the "Dangerous NFC (Beta)" app using "NFC Tools".
    By chance this morning I found an app called "RE>AD" on google play store would happily remove and reset the password so all's good. Possibly the NFC Tools app is using the recommendation in the NTAG21x datasheet of using the 7 Byte UID of the tag to diversify the password between different tags?
  • Wait, so that app will remove the password from a tag?  I thought those bytes could not be written more than once...
  • Hi guys,

    Actually you can't "remove" the password. The password bytes are also not "write once" or "OTP"... the password memory page must have a value, it has not concept of NULL, so there is no way to remove the password. 

    However you can set the password to factory default; FF FF FF FF

    You can also set the AUTH0 byte to FF which means the password becomes irrelevant because it protects nothing.

    The Dangerous NFC app is really only there to ensure your tag is protected (lock CC page, disable remaining lock bytes, set password to non-factory default, set AUTH0 to password protect last config pages in memory). All user pages are left fully read/write accessible.

    -begin rant-

    Our app currently does not allow you to change the password, however other apps like NFC Tools and even TagWriter from NXP fail to properly detect the tag's perfectly legitimate and NFC compliant state, and give false tag sizes and/or falsely report that the tag is locked when it's not. These are the faults of other app developers, and I highly suggest everyone submit commentary to those developers to ensure they stop using shitty shortcuts in their code and properly evaluate tag state before tossing up errors and false into to users. Standards are well thought out and documented for a reason, and DNFC does not put NTAG216s out of spec.

    -rant over-
  • Agreed I should have used the word "change" rather than "remove". However neither the password nor the protected memory range set by DNFC (AUTH0 set to E2h) can be changed by either DNFC or the popular NFC Tools app. I wanted to use the password function to reversibly write protect all records (AUTH0 set to 00h) and the only way I found of doing this easily was to use RE>AD app. I don't doubt other apps are available which will do the job properly but certainly I found none referenced elsewhere. My intention is to advertise the possibility of doing this.
  • i'd pay for a DT app :)
  • @markbloke I get it... the problem is that NFC Tools should be able to change the password, but they programmed it all shitty, so it can't. I think it may have something to do with the PAK, which we set to ASCII "DT" instead of factory 00h 00h and again, this is totally acceptable and within spec, it's just that they were not thinking through things on their side and probably bork when auth attempts come back with 44h 54h instead of 00h 00h. TagWriter from NXP does this also (borks when trying to change pw) so it's not just the NFC Tools guys.

    There is an updated version of DNFC coming but implants are top priority for time/dev/effort at the moment, so that's why I'm pushing hard to get people to ping these other app makers to tell them to straighten up their shit.
Sign In or Register to comment.