Ntag 424DNA write lock failed while using android Native method

Anandhu · ‎09-23-2020

We have a React native mobile application which write some data (NDEF) to NTAG 424 DNA. After writing Tag needs to be write locked.

For write locking purpose, used android default method makeReadonly(). But it failing on tag 424 DNA.

I was able to format and Write-lock with NXP tagWriter android application. but not with android API s

Given below is tag info which I used:-

{
   "canMakeReadOnly":false,
   "id":"043743CE80",
   "isWritable":true,
   "maxSize":254,
   "ndefMessage":[],
   "techTypes":[
      "android.nfc.tech.IsoDep",
      "android.nfc.tech.NfcA",
      "android.nfc.tech.Ndef"
   ],
   "type":"NFC Forum Type 4"
}

Here is a part of code which Currently using

try{
await NfcManager.writeNdefMessage(bytes)
        .then(()=>NfcManager.makeReadOnlyAndroid())
        .then((result)=>{          console.log("Make read Only result:->",result);
        });
}
catch (ex) {      console.warn('exception', ex);      _cleanUp();
     
    }

The same is working for "NTAG216"

{"canMakeReadOnly": true, "id": "04883C82B25680", "isWritable": true, "maxSize": 868, "ndefMessage": [{"id": "", "payload": [Array], "tnf": 1, "type": [Array]}], "techTypes": ["android.nfc.tech.NfcA", "android.nfc.tech.MifareUltralight", "android.nfc.tech.Ndef"], "type": "NFC Forum Type 2"}

for react native i have also used

https://github.com/whitedogg13/react-native-nfc-manager :- this plugin.

Anandhu · ‎09-27-2020

Hi Jonathan,

Many thanks for your support. I've just consolidated the steps I did into a file. This may give you a clear understanding of where I'm stuck.

https://docs.google.com/document/d/16lOoh2Fuo6cTDzgddQXz4VOy0K8mGEaIIApeJdeNMhw/edit?usp=sharing

Thanks & Regards,

Anandhu

Jonathan_Iglesias · ‎09-24-2020

Hi,

I dont think the same process as an NTAG216 can apply to an NTAG 424,

the NTAG is a T2T which means that the capability container and the protection is handled by a PROT register and a PWD. for NTGA 424 is different since it is a T4T the capability container is not in a memory sector like NTAG 215 is in a file inside the NTAG 424

in order to interact with this you should first select the FID, then authenticate to the NTAG 424 then modify the value of the CC file.

please check if there is some API for T4T or please perform the sequence to modify the NTAG 424 CC file and also it would be good that you change the write, change and R/W access key to a known key or if you dont want anybody to using this in the future change them to F, and just leave the read value to E to everyone can read the NDEF file.

maybe you can use as reference the following post

https://community.nxp.com/t5/NFC/Change-Keys-and-quot-lock-quot-NTAG-DNA-424/m-p/1058607#M7158

it does not uses a code example or something but you can see how is the process and apply it to your code.

BR

Jonathan

Anandhu · ‎09-25-2020

Hope their is only

[NfcTech].transceive([0x00,etc..])

but am completely confused with these hexadecimal part. Is it possible to read and modify CC file using these commands,

Jonathan_Iglesias · ‎09-25-2020

I am sorry but I dont completely understand this reply, can you please elaborate more on this.

also please confirm you are using the DS of NTAG 424? because all of this is explained there, also in the features and hints you can find examples of how to do some things on NTAG 424.

https://www.nxp.com/docs/en/data-sheet/NT4H2421Gx.pdf

in section 5.1 you can see the user memory and the explanation of the CC file also section 10 for the command set like write and read.

https://www.nxp.com/docs/en/application-note/AN12196.pdf

in section 6 there is a personalization example where you can see how to modify the CC file.

BR

Jonathan

Anandhu · ‎10-06-2020

Hi, @Jonathan_Iglesias

Thanks for helping me to complete AuthenticateEV2First using APDU commands.

Now am trying to Get File Settings using this [CC file].

[

0x90,

0xf5,

0x00,

0x20,

0x01,

0x00,

]

But the result is : [145, 126] - Which is " LENGTH_ERROR 7Eh Command size not allowed."

Length will always be 1 byte. What will be the reason for this error.

Anandhu · ‎09-30-2020

Hi, @Jonathan_Iglesias

We were able to complete part 1 of "AuthenticateEV2First" using command :

1.

[

0x90, //cla

0x71, //cmd

0x00, //p1

0x00, //p2

0x02, //lc

0x00, //key

0x00, //lencap

0x00, //le

]

Authentication response : [147, 205, 124, 135, 153, 89, 104, 47, 41, 139, 13, 19, 29, 16, 52, 216, 145, 175].

We took Encrypted RndB as "147, 205, 124, 135, 153, 89, 104, 47, 41, 139, 13, 19, 29, 16, 52, 216" and tried to decrypt using key :

{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} (0x00)

but the response was "Pad block Corrupted".

Are we passing the right key?

Is there any other possibility of getting this error?

zahra2023 · ‎10-02-2023

Hi,

I know this question is from a long time ago. However, I am currently stuck at this step of writing on NTAG 424 DNA. I would like to know if you have solved this problem. Additionally, I cannot convince myself to consider the 147, 205, 124, 135, 153, 89, 104, 47, 41, 139, 13, 19, 29, 16, 52, 216 as RndB . I think the result of E(k0 , RndB) should be equal to 147, 205, 124, 135, 153, 89, 104, 47, 41, 139, 13, 19, 29, 16, 52, 216.

Thank you in advance