How to Password Protect Writing to Nfc Ntag216 Tag on iOS 13 Using Nfc Core

  • Home
  • Languages
  • iOS
  • How to Password Protect Writing to Nfc Ntag216 Tag on iOS 13 Using Nfc Core

How to password protect writing to NFC NTAG216 tag on iOS 13 using NFC Core

You can use the following method in iOS for sending any command to NTAG:

func sendCommand(data: CmdData, completionHandler: @escaping(Data?, Error?) -> Void) {
    tag?.sendMiFareCommand(commandPacket: data, completionHandler: { (data, error) in
        completionHandler(data, error)
    })
}

where, parameter data is the command APDU and tag object is of type NFCMiFareTag.

Command APDU to write password & PACK to NFC Tag:

  1. Password (FF FF FF FF): [Write cmd: CMD | Address | Data] -> A2 E5 FF FF FF FF
  2. PACK (01 02): [Write cmd: CMD | Address | Data] -> A2 E6 01 02 RFU RFU

Note: In place of RFU you can simply write 00h or you can retain the values by following steps:

  • Read page E6h ----> You will receive 16 bytes (4 page) data ---->
    Take out the first 4 bytes, which will be the data on E6 page ---->
    Replace 0th and 1st byte with PACK value to be written ----> Write
    the updated 4 bytes data to E6h using write command as mentioned
    above.

Activating Protection

Once the Password and PACK values are configured onto NFC tag, next step would be to activate the protection by defining from which page the read/write access must need authentication. In order to do that:

  • Read page E3h ---> Copy the first 4 bytes into data[]
  • Over-write the AUTH0 value at index 3, with the first user page number 04h, which means any page starting from 04h will need authentication for read (by default) access

Accessing Read protected pages

  1. User Enters PWD & PACK for unlocking the Tag
  2. Authenticate the tag using the entered data, using following command:
    • Authenticate: [Command(1Bh) | PWD] --> 1B FF FF FF FF
    • The Tag will respond with the PACK value, which can be verified by matching it with the PACK value that you have for extra security
  3. Now that the tag is in authenticated state, data can be written to tag. **Note: Once the tag goes out of the field, the authentication state gets reset. Therefore, you have to authenticate and write the data in the same session.
  4. Unless there is need of changing the PWD/PACK, no further action is needed as the tag goes back to protected state every time the session is complete i.e. comes out of field.

You can refer NTAG 213/215/216 Data sheet

How correct protect NXP NTAG215 for read/write

Everything looks fine except for the last command.

ENABLE READ/WRITE PROTECTION
nfc.transceive('A2 84 10 00 00 00')

In order to enable the protection the command must be as follows:

nfc.transceive('A2 84 80 00 00 00')

Writing to a Type 5 NFC tag from iOS?

I believe that the NXP Icode Slix chips are not formatted for NDEF Storage by default.

There is no Capability Container as defined by the NFC Type 2 Spec

There is no Empty TLV Block as as defined by the NFC Type 2 Spec

All blocks are delivered with 00h values from the factory.

There is a procedure to initialise them as NFC Type 2 Spec cards.

See Section 6.5 of the correct Application Note

This should be possible https://developer.apple.com/documentation/corenfc/nfciso15693tag Apple NFC methods to write the correct data to Blocks 0 and 1 on iOS 13 and above.

I would not expect most NFC writing Apps to bother with formatting cards as NDEF capable as this was not possible pre iOS 13 and most are pre formatted from the factory, though I would expect that NXP's TagWriter App to have this capability (It does on the Android version).

Using NFC NTAG216 for Access Control

That depends on how secure you want your access control to be.

In short, the NTAG216 password gets transmitted by the reader in clear text, so all that an attacker has to do is to spoof and replay it at the secured door. That can be done even at a distance of several meters.

With the right equipment it would take me about two hours to break an access control system based on the NTAG216.

Then on the other hand lots of hotels are still using the completely broken mifare classic tags for access control and no one seems to care.

NFC Tag Writer sample or tutorial for ios?

You cannot write to an NFC tag from iOS, only read. In the Core NFC documentation from Apple it's stated you can only read NFC NDEF tags, and only on iPhone 7 and 7 plus devices (assuming 8 and X are also supported)

https://developer.apple.com/documentation/corenfc

The apps you are finding in the App Store require you to use an external Bluetooth NFC reader.

Update iOS 13 -->

It is now possible to use the CoreNFC framework to write to NFC protocol specific tags such as ISO 7816, ISO 15693, FeliCa™, and MIFARE® tags.

See Apple's example: https://developer.apple.com/documentation/corenfc/creating_nfc_tags_from_your_iphone

It is possible to read protected NFC tags in iOS?

Important note: The answer below was true for Core NFC in iOS 11. A lot has happened since then. In 2019, Apple added many enhancements to Core NFC. The API now provides access to lower protocol layers (such as exchanging APDUs with contactless smartcards (ISO/IEC 14443-4), and sending commands to MIFARE (and potentially, but not verified, other ISO 14443-3A tags), FeliCa, and ISO/IEC 15693 tags).

The Core NFC overview page announces that as:

Your app can also write data to tags, and interact with protocol specific tag such as ISO 7816, ISO 15693, FeliCa™, and MIFARE® tags.

Answer from 2017:

No, Core NFC only works with NFC tag that are NDEF formatted. Thus, you can only interact with NFC tags that adhere to the NDEF (NFC Data Exchange Format) hardware abstraction layer specified by the NFC Forum. Specifically, with NFC Forum tag types 1 to 5.

Core NFC overview page:

Reading NFC NDEF tags is supported on iPhone 7 and iPhone 7 Plus.

Using Core NFC, you can read Near Field Communication (NFC) tags of
types 1 through 5 that contain data in the NFC Data Exchange Format
(NDEF).

Contactless smartcards (like electronic passports, payment cards, etc.) and even additional protection features of NFC tags (like NTAG password protection, MIFARE DESFire or Ultralight authentication, etc.) cannot be accessed using the iOS 11 NFC API.


Related Topics

Simple and Clean Way to Convert JSON String to Object in Swift

Error: Initializer for Conditional Binding Must Have Optional Type, Not 'String'

Implementing Hmac and Sha1 Encryption in Swift

iPhone App Under Test Crashes After a Few Days

How to Save a Uicolor with Userdefaults

Restoring Animation Where It Left Off When App Resumes from Background

How to Compile for Arm Rather Than Thumb in Xcode 4

How to Add Equal Spacing and Equal Width for Button in iOS Auto Layout

Xmppframework - How to Create a Muc Room and Invite Users

The Executable Gets Signed with Invalid Entitlements in Xcode

Didreceiveremotenotification:Fetchcompletionhandler Not Being Called When App Is in Background and Not Connected to Xcode

Push Notification Not Receiving in Background iOS

Nsfetchedresultscontroller V.S. Uilocalizedindexedcollation

Uitextfield Securetextentry Bullets with a Custom Font

Optional Chaining in Swift Closure Where Return Type Has to Be Void

Debug iPad Safari with a Pc

"Do Not Embed", "Embed & Sign", "Embed Without Signing". What Are They. What They Do

Handling Private Frameworks in Xcode ≥ 7.3


Leave a reply



Submit