ICODE SLIX2 Memory Protection with 32-bit Password using the Pepper C1 reader

Memory Protection in ICODE Tags

NXP’s ICODE family of HF RFID tags is widely used in library systems, supply chain tracking, and brand protection. While they share the same ISO/IEC 15693 standard, their memory protection features differ depending on the product generation. In this post, we will demonstrate the ICODE SLIX2 Memory Protection ways and how to set READ and WRITE passwords using the Pepper C1 reader and the C1 Client software.

• ICODE SLI: The first generation, offering basic memory features with no dedicated password-based protection. Suitable for simple identification use cases.
• ICODE SLIX: An improved version of SLI with larger memory and enhanced functionality, but limited to basic access control. Memory protection is minimal.
• ICODE SLIX2: The most advanced in terms of memory security. It introduces 32-bit password protection for both READ and WRITE operations, enabling strong authentication and flexible access control.
• ICODE DNA: Designed for the highest level of security, ICODE DNA integrates cryptographic authentication (AES-128) in addition to standard memory protection. This makes it ideal for applications requiring secure anti-counterfeiting and brand protection.

Among these, ICODE SLIX2 is the tag of choice when strong but efficient password-based memory protection is required. It allows setting custom READ/WRITE passwords, authenticating with XOR-based random numbers, and defining access rules for different memory regions.

Setting Custom READ and WRITE Passwords

By default, the READ and WRITE passwords are set to 00000000. The first step is to change these default passwords to unique custom values. For this example:

• READ password: 11111111
• WRITE password: 22222222

Logging In with Default Passwords

1. Execute the GET_RANDOM_NUMBER command to obtain the required random number.
2. Use the random number and perform the SET_PASSWORD command for both READ (01) and WRITE (02) passwords.
   • Example: GET_RANDOM_NUMBER returns BCF2.
   • XOR the high 16 bits of the password with BCF2.
   • XOR the low 16 bits of the password with BCF2.
   • Since the default password is 00000000, the result is BCF2BCF2.

Changing Default Passwords

Once authenticated using the default passwords, update to the new passwords:

• Set READ password to 11111111.
• Set WRITE password to 22222222.

Logging In with New Passwords

After changing the passwords, use the new ones with a fresh random number for login (using XOR as before). Online calculators such as xor.pw can help.

Configuring Access Control (PROTECT_PAGE Command)

The ICODE SLIX2 memory can be divided into two regions: LOW (blocks 0–7) and HIGH (blocks 8 and above), each with separate READ/WRITE access controls.

• LOW region: Unrestricted READ, WRITE protected by password.
• HIGH region: Both READ and WRITE require a password.

To set this, execute the PROTECT_PAGE (0xA3) command:

• First parameter: block address where the split occurs (here, block 8).
• Second parameter: protection bit mask:
  • LOW-WRITE: 0x02
  • HIGH-READ: 0x10
  • HIGH-WRITE: 0x20
  • Resulting bitmask: 0x32

Now, pages 0–7 can be read freely, but writing requires a password; pages 8+ require a READ password for reading and a WRITE password for writing.

To remove password protection (and go back to defaults), execute PROTECT_PAGE with parameters 00 00 (all access unrestricted), but this requires both passwords to be entered first.

 

Should you experience any difficulties integrating our readers into your device, please contact us at technical@eccel.co.uk. Our team can provide integration support and, where required, adapt the software and/or hardware to meet specific customer requirements. We specialize in developing custom solutions. Further information is available at: https://eccel.co.uk/custom-design/