NTAG main

How to set a password for the read/write operations on NTAG2xx

Sometimes the user needs to protect their data written to the user memory against overwriting by someone else. We will show you how to do this in the following example.

This is how the memory is organized in the case of NTAG213:

NTAG 00 1

The memory organization for NTAG215 and NTAG216 is similar – just the user memory is extended.

Pages 29h to 2Ch for NTAG213, pages 83h to 86h for NTAG215 and pages E3h to E6h for NTAG216 are used to configure the memory access restriction and to configure the UID ASCII mirror feature. The memory content of the configuration pages is detailed below.

NTAG 10 2

AUTH0 defines the page address from which the password verification is required. The valid address range for byte AUTH0 is from 00h to FFh. If AUTH0 is set to a page address which is higher than the last page from the user configuration, the password protection is effectively disabled.

In this example, we will show how to protect the user memory against writing, starting from page no. 9, so we will set AUTH0 to 09h.

First of all we will set a password. In this example we are going to use the Pepper C1 USB reader and the C1 Client PC app.

https://eccel.co.uk/product/pepper-c1-usb/

https://eccel.co.uk/wp-content/downloads/Pepper_C1/C1-client.zip

The screenshot below is showing the memory content of NTAG213 before setting a write protection. A screenshot made in the NFC TagInfo by NXP app (the official NXP app for smartphones).

NTAG 20 3

Step 1 – Activate the tag:

Execute the Get tag count command to power and activate the tag:

NTAG 30 1 4

In this example, we have NTAG213 with UID = 04B41E42345E80.

Step 2 – write page no. 43 and set a password to 0xAA BB CC DD:

NTAG 40 5

Step 3 – write page no. 44 and set the PACK (Password ACK) to 0xA5 5A:

NTAG 50 6

Step 4 – write page no. 41 and set the AUTH0 to 0x09.

NTAG 60 7

Memory content after enabling the write protection:

NTAG 70 8

Now, every attempt to write a page no. 9 or with a higher address will lead to an error:

NTAG 80 9

To write a page no. 9 we must execute the Password Authentication command. Before that, execute the Get tag count command to reset the RFID field and activate the tag again after the last error:

NTAG 90 10

The previously set PACK = 0xA5 5A was received.

The tag is now unlocked, and we can write page no. 9:

NTAG 100 11

To disable write protection, the AUTH0 has to be set to a page address which is higher than the last page from the user configuration. The password protection will be effectively disabled.

NTAG 110 12

Please now, have a look at the ACCESS configuration byte in page no. 42 (for NTAG213):

NTAG 110 1 13
NTAG 120 14

If the user wants to enable read and write protection then the PROT bit has to set to “1”, so the ACCESS byte should be: 10000000b = 0x80, this give the whole page no. 42 to be:
0x80 00 00 00.

Writing this value to the page no. 42 will enable the read/write protection for the pages defined by the AUTH0 parameter in page no 41.

share post:

Leave a Reply

Your email address will not be published. Required fields are marked *