Protect Tag NXP NTAG21X

Minimum 6 bytes, first 4 bytes for PWD and next two bytes for PACK. See https://nfcpy.readthedocs.io/en/latest/modules/tag.html#nfc.tag.tt2_nxp.NTAG21x.protect. Any more bytes are ignored.

This would be correct?

import nfc

def connected(tag):
    password = tag.protect("0000", False, 0)
    if password:
        print ("correct")
    else:
        print ("Incorrect")

clf = nfc.ContactlessFrontend("usb")
clf.connect(rdwr={"on-connect": connected})
clf.close()

The password argument must be at least 6 bytes, not just four. And just be sure: The string "0000" is four times byte 0x30 (the ASCII value for character "0"), a byte zero would be expressed as "\x00".

The return value of tag.protect() tells whether the password was set successfully, it's not about correctness of the password.

Once a tag is password protected, future updates to protected memory will require tag.authenticate() first (in the same session after tag.protect() the tag.authenticate() is already done).

In https://github.com/nfcpy/nfcpy/blob/master/examples/tagtool.py you can find a protect routine at line 450. The example does also run the input password together with the tag identifier through a hash function to generate a key that is always unique even if the input password is the same (used as a master password). Of course this is just an implementation artefact.

Sorry, but I do not understand very well. Could you make me some simple example to set a password and authenticate? the example of Tagtool do not understand and gives me error to put password "000000".

Thank you very much

Thanks Stephen Tiedemann, that solved my question.