Protect Tag NXP NTAG21X

Asked by Rafael on 2016-09-18

Hi! How have to be the password to protect a Tag? It has to be numbers or letters? And few characters minimum and maximum? You can tell me some example?

Thank you

Question information

Language:
English Edit question
Status:
Solved
For:
nfcpy Edit question
Assignee:
No assignee Edit question
Solved by:
Stephen Tiedemann
Solved:
2016-09-22
Last query:
2016-09-22
Last reply:
2016-09-22

Minimum 6 bytes, first 4 bytes for PWD and next two bytes for PACK. See https://nfcpy.readthedocs.io/en/latest/modules/tag.html#nfc.tag.tt2_nxp.NTAG21x.protect. Any more bytes are ignored.

Rafael (hibara94) said : #2

This would be correct?

import nfc

def connected(tag):
    password = tag.protect("0000", False, 0)
    if password:
        print ("correct")
    else:
        print ("Incorrect")

clf = nfc.ContactlessFrontend("usb")
clf.connect(rdwr={"on-connect": connected})
clf.close()

The password argument must be at least 6 bytes, not just four. And just be sure: The string "0000" is four times byte 0x30 (the ASCII value for character "0"), a byte zero would be expressed as "\x00".

The return value of tag.protect() tells whether the password was set successfully, it's not about correctness of the password.

Once a tag is password protected, future updates to protected memory will require tag.authenticate() first (in the same session after tag.protect() the tag.authenticate() is already done).

In https://github.com/nfcpy/nfcpy/blob/master/examples/tagtool.py you can find a protect routine at line 450. The example does also run the input password together with the tag identifier through a hash function to generate a key that is always unique even if the input password is the same (used as a master password). Of course this is just an implementation artefact.

Rafael (hibara94) said : #4

Sorry, but I do not understand very well. Could you make me some simple example to set a password and authenticate? the example of Tagtool do not understand and gives me error to put password "000000".

Thank you very much

Assuming the Tag is not yet protected:

tag.protect(b"123456")

Now the tag is write-protected. Next time, before writing stuff or changing password, you must authenticate:

tag.authenticate(b"123456")
tag.protect(b"abcdef")

To remove password protection provide an empty string as the password argument:

tag.authenticate("abcdef")
tag.protect("")

Rafael (hibara94) said : #6

Thanks Stephen Tiedemann, that solved my question.