Protect Tag NXP NTAG21X

Asked by Rafael on 2016-09-18

Hi! How have to be the password to protect a Tag? It has to be numbers or letters? And few characters minimum and maximum? You can tell me some example?

Thank you

Question information

English Edit question
nfcpy Edit question
No assignee Edit question
Solved by:
Stephen Tiedemann
Last query:
Last reply:

Minimum 6 bytes, first 4 bytes for PWD and next two bytes for PACK. See Any more bytes are ignored.

Rafael (hibara94) said : #2

This would be correct?

import nfc

def connected(tag):
    password = tag.protect("0000", False, 0)
    if password:
        print ("correct")
        print ("Incorrect")

clf = nfc.ContactlessFrontend("usb")
clf.connect(rdwr={"on-connect": connected})

The password argument must be at least 6 bytes, not just four. And just be sure: The string "0000" is four times byte 0x30 (the ASCII value for character "0"), a byte zero would be expressed as "\x00".

The return value of tag.protect() tells whether the password was set successfully, it's not about correctness of the password.

Once a tag is password protected, future updates to protected memory will require tag.authenticate() first (in the same session after tag.protect() the tag.authenticate() is already done).

In you can find a protect routine at line 450. The example does also run the input password together with the tag identifier through a hash function to generate a key that is always unique even if the input password is the same (used as a master password). Of course this is just an implementation artefact.

Rafael (hibara94) said : #4

Sorry, but I do not understand very well. Could you make me some simple example to set a password and authenticate? the example of Tagtool do not understand and gives me error to put password "000000".

Thank you very much

Assuming the Tag is not yet protected:


Now the tag is write-protected. Next time, before writing stuff or changing password, you must authenticate:


To remove password protection provide an empty string as the password argument:


Rafael (hibara94) said : #6

Thanks Stephen Tiedemann, that solved my question.