Problem:
I'm working on a Flutter app using the flutter_nfc_kit package to manage NFC cards (NTAG213). I have successfully implemented password protection for NTAG213 cards, but I am facing a critical issue while trying to remove the password.
The problem occurs when I modify the AUTH0 page during the password removal process. Specifically:
- Setting the AUTH0 page to 0xFF or 0x0F makes the card permanently unusable (dead).
- Setting the AUTH0 page to 0x00 doesn't work as expected and fails to remove the protection.
Here’s the specific part of my code related to the issue:
Code:
Future<bool> removePasswordProtection({
required List<int> password,
}) async {
try {
setStatus('Checking NFC availability...');
var availability = await FlutterNfcKit.nfcAvailability;
if (availability != NFCAvailability.available) {
setStatus('NFC not available');
return false;
}
setStatus('Scanning for NFC tag...');
setScanning(true);
var tag = await FlutterNfcKit.poll(
timeout: const Duration(seconds: 10), androidCheckNDEF: true);
setStatus('Checking if card is NTAG213...');
if (!await isNTAG213(tag)) {
setStatus('Not an NTAG213 card');
return false;
}
setStatus('Attempting authentication...');
var authCommand = Uint8List.fromList([
0x1B, // PWD_AUTH command
password[0],
password[1],
password[2],
password[3]
]);
try {
var authResponse = await FlutterNfcKit.transceive(authCommand);
print('Auth Response: ${authResponse.map((e) => e.toRadixString(16).padLeft(2, '0')).join(' ')}');
if (authResponse.length < 2) {
setStatus('Authentication failed: Invalid response');
return false;
}
} catch (e) {
setStatus('Authentication Error: $e');
return false;
}
// Remove password
await FlutterNfcKit.transceive(
Uint8List.fromList([0xA2, 0x2B, 0xFF, 0xFF, 0xFF, 0xFF])); // Clear password
await FlutterNfcKit.transceive(
Uint8List.fromList([0xA2, 0x2C, 0x00, 0x00, 0x00, 0x00])); // Clear PACK
await FlutterNfcKit.transceive(
Uint8List.fromList([0xA2, 0x29, 0xFF, 0x00, 0x00, 0x00])); // Modify AUTH0
setStatus('Password protection reset successfully');
await FlutterNfcKit.finish();
setScanning(false);
return true;
} catch (e) {
setStatus('Error: $e');
await FlutterNfcKit.finish();
setScanning(false);
return false;
}
}
What I’ve Tried:
Setting the AUTH0 page value to:
- 0xFF: Makes the card permanently unusable.
- 0x0F: Same issue as above, card becomes dead.
- 0x00: Does not successfully remove the password protection.
Confirming that the card is indeed NTAG213 using a capability container check.
Writing and verifying the password during the protection setup process works as expected.
Questions:
- What is the correct value for AUTH0 to properly disable password protection on NTAG213 cards without rendering them unusable?
- Are there any additional steps or specific commands needed to safely remove password protection for NTAG213 cards?
- Could this issue be related to the card's configuration or a missing step in the removal process?
Any insights or guidance on resolving this issue would be greatly appreciated!
