Retrieve unlock NTAG213 status after read&write protection

elizabeth1 · ‎10-24-2018

Good morning,

My application reads and writes nTAG213 tags and I'm adding password protection to it. I have successfully implement write protection so the app is able to set a password and authenticate for remove it.

However, when I set PWD_AUTH to 1 for read/write protection the tag is protected but, after that, it keeps locked forever: I can't authenticate for removing password protection.

I was wondering if it is possible to retrieve the unlocked status once the tag is read&write protected and, if so, how could I achieve it. Any help will be appreciate it.

Thank you in advance

Elisabet.

Jonathan_Iglesias · ‎10-24-2018

Dear Elisabet Navarro Salva,

please send me here the command sequence from the tag activated on iso 14443-3 to the pwd setup, to see what might be going.

BR

Jonathan

elizabeth1 · ‎10-25-2018

Good morning Jonathan,

Thank you for your quick response. Here is the commands I use for set read&write protection flow:

- Set the password

byte[] command = new byte[pass.length + 2];
command[0] = -94;
command[1] = (byte) 0x2B;
for(int i = 0;i < pass.length ; i++){
command[i+2] = pass[i];
}
answer = nfca.transceive(command);

- Set password acknowledge

answer = nfca.transceive(new byte[] {
-94, // WRITE
(byte) 0x2C, // pack page address
pack[0], pack[1], // bytes 0-1 are PACK value
(byte) 0, (byte) 0
});

- Set authentication pointer

answer = nfca.transceive(new byte[] {
(byte) 0x30, // READ
(byte) 0x29 // page address
});

answer = nfca.transceive(new byte[] {
-94, // WRITE
(byte) 0x29, // page address
answer[0], answer[1], answer[2], (byte)0x04});

- Set PWD_AUTH

boolean prot = readwrite; // false = PWD_AUTH for write only, true = PWD_AUTH for read and write
int authlim = 0; // 0 = unlimited tries
answer = nfca.transceive(new byte[] {
(byte) -94, // WRITE command
(byte) 0x2A, // Page address
(byte) ((answer[0] & 0x078) | (prot ? 0x080 : 0x000) | (authlim & 0x007)), 0, 0, 0 });

Thank you in advance,

Elisabet.

Jonathan_Iglesias · ‎12-12-2018

I think what is happening here is that you set the counter for failed authentications so what is happening here is you are locking forever the tag, please check that you are not setting up the AUTHLIM, the AUTHLIM detects a number of failed authentications once you reach up to that limt the tag gets blocked forever.

BR

Jonathan