Writing SDM messages on ntag 424 with npx tagwriter?

theelous3 · ‎07-31-2024

Hi folks. I understand the underlying principles of SUN/SDM, but cannot for the life of me figure out how to program the tag with nxp's tagwriter.

Firstly, the pdf that gets linked every time a question like this is asked anywhere, but doesn't really give good implementation info: https://www.nxp.com/docs/en/application-note/AN12196.pdf

I understand I need several components:

Static https://example.com/nfc?x= + &y= for example
Mirrored uid & nfc counter and cmac
Offsets that dictate where the mirrored and encrypted content is interleaved with the static content, and the length of the mirrored and encrypted content.

The tagwriter app provides two dataset types that seem appropriate, Link and Plain Text.

Link provides a custom URL option, and "configure mirroring options". Say I put in a custom url of https://example.com/nfc?x=00000000000000000000000000000000&y=0000000000000000 (or the same without the padded data, or any other variation thereof).

When I click in to configure mirroring, I can select ntag 424 dna (good) and enable SDM mirroring (also seems good) but that gives two hex fields with a couple of what look like read/write/delete hex value options. SDM meta read access right and derivation key for cmac calculation. These... don't seem like what I'm looking for.

The other type of dataset is plain text - I get the impression (even though it doesn't say anywhere) that this is where I can put NDEF commands.

From the docs it looks like I want a PICCData encrypted mirror - an encrypted combo of UID and NFCCounter with cmac appended to the end of whatever our url schema is.

How do I accomplish this?

What records should I create? Do they interact with the Link type record?

Given the example url above with padding, what's the procedure to get that working?

Thanks folks.

EduardoZamora · ‎08-01-2024

Hello @theelous3

Hope you are doing well.

Could you please confirm that you have gone through the TagWriter User Manual? Chapter 4 describes the steps to use Mirroring features with NTAG 424 DNA.

SDM mirroring for NTAG 424 is described in Section 4.7.

Regards,
Eduardo.

theelous3 · ‎08-03-2024

Hi @EduardoZamora

Since posting, yes I found that document. However it leaves me with some questions.

What I am looking for is almost exactly as given in the example encrypted SUN shown here in section 4.1 https://www.nxp.com/docs/en/application-note/AN12196.pdf

My configuration on TagWriter is as follows:

Not pictured:
SDM MAC Input Offset: 25 (after "/nfc?e=")
SDM MAC Offset: 69 (after "&cmac=")

I understand setting SDM Meta Read Access Right and Derivation key for CMAC Calcualtion should point to an AppKey? I am pointing to key 01 as described in 8.2.4.2 of the data sheet: https://www.nxp.com/docs/en/data-sheet/NT4H2421Gx.pdf#%5B%7B%22num%22%3A225%2C%22gen%22%3A0%7D%2C%7B...

It is noted:

> Remark: It is highly recommended to change all 5 keys at personalization, even if not all
keys are used in the application.

How can I view / change a key? It's not clear.

Additionally, how can I view and or set the UID to be used in mirroring? With TagInfo I see:

However I cannot actually see any keys, or see how to change them, or see any UID, or how to set one.

EduardoZamora · ‎08-06-2024

Hi,

UID is a Unique Identifier that is programmed and locked during production. You can read its value with TagInfo app > Full Scan > Detailed Protocol Information > ID.

As mentioned in NTAG 424 Data Sheet, Section 8.2.4, the application of NTAG 424 includes 5 AES 128-bit keys, numbered from 0 to 4. ChangeKey command can be used to change these application keys. More information on this can be found in Section 10.6.1 ChangeKey.

TagWriter app may not be intended for operations such a key change. For this, I will strongly recommend you please using our recommended Software Tool, RFIDDiscover, together with PEGODA Contactless Smart Card Reader.

Regards,
Eduardo.