0

I've been looking into NTAG203 NFC chips for a membership card solution and intend to set up and write a unique ID onto each card.

Oddly I can't find much online about how to write protect NTAG203 chips although I can find write-protected ones being sold. I've also seen apps which offer the write protection service.

How do you code an android app to enable write protection on an NTAG203?

Thanks!

(Edited question for clarity)

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Ali
  • 3
  • 4
  • 1
    What do you mean by "programmatically" but "not using an app"? You can use a reader connected to a PC with some software. – corvairjo Jan 23 '15 at 11:37
  • Sorry - not very clear - I meant that I was looking for a method which could be coded into my own android app. I wanted to omit answers suggesting the use of a third party app. - Have updated the question. – Ali Jan 23 '15 at 16:24

1 Answers1

1

Yes, that's possible. NTAG203 (datasheet) is an ISO/IEC 14443 Type A ("NFC-A") tag and follows the NFC Forum Type 2 Tag Operation specification. In order to activate the physical write protection feature of such a tag, you need to set the lock bits.

On Android, you can access such a tag by obtaining an instance of the NfcA technology connector class for your tag handle:

Tag tag = ...  // I assume you already received the tag handle by means of an NFC discovery intent
NfcA nfcA = NfcA.get(tag);
if (nfcA != null) {
    // this is an NFC-A tag
    ...

The lock bits of NTAG203 are located in page 2 (0x02) bytes 2-3 and in page 40 (0x28) bytes 0-1. Each of the bits of those 4 bytes controls the lock state of certain pages of the NTAG203 memory area. In order to activate locking, you have to set the lock bit to '1' by issuing a write command for the pages containing the lock bits. So for the simplest scenario of locking the whole tag, you could do something like this:

    // connect to the tag
    nfcA.connect();

    byte[] result;
    // write all-ones to the lock bits on page 0x02
    result = nfcA.transceive(new byte[]{
            (byte)0xA2,  // Command: WRITE
            (byte)0x02,  // Address: page 0x02 (2)
            (byte)0x00, (byte)0x00, (byte)0xFF, (byte)0xFF  // Data: set bytes 2-3 to all '1'
    });
    // write all-ones to the lock bits on page 0x28
    result = nfcA.transceive(new byte[]{
            (byte)0xA2,  // Command: WRITE
            (byte)0x02,  // Address: page 0x28 (40)
            (byte)0xFF, (byte)0x11, (byte)0x00, (byte)0x00  // Data: set byte 0 and lock bits in byte 1 to all '1'
    });

    nfcA.close();
Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • Just for completeness: you can use `makeReadOnly()` to define a NDEF message as readonly on a NFC/NDEF level. However, this is less secure than the method Michael Roland described. But using `makeReadOnly()` works on all types of NFC chips, while setting the lock bits is chip type dependant. – corvairjo Jan 26 '15 at 10:14
  • Correct, though you should note that `makeReadOnly()` does not work on all combinations of devices & tags. Moreover, it does not necessarily set the actual lock bits of a tag. – Michael Roland Jan 26 '15 at 20:43
  • `makeReadOnly()` sets a bit inside the CC. That should be covered by the NFC standard and should work on all standard compliant chips. Are there any devices which do not support this in their API? – corvairjo Jan 27 '15 at 10:33
  • What I meant with my comment is that setting a flag in the capability container to tell the reader "don't write to this tag" isn't really *locking the memory*. Moreover, `makeReadOnly()` in Android's libnfc-* libraries isn't implemented for all tag types. – Michael Roland Jan 27 '15 at 11:52
  • 1
    Michael, it is fully clear that the security level of using the flag is weak. It just reduces the need to dig into the datasheets of the chips which may be used. But I was not aware that not all tag types do support `makereadOnly()`, thanks for the hint. – corvairjo Jan 30 '15 at 11:19