General Notes
The NTAG424DNA by NXP implements an NFC Forum standard Type 4 Tag, with a fixed file system for that purpose. Unlike DesFire, there is no Format command. It can be a challenge to reuse a chip once it is encoded because each file has to be individually recovered back to a default state. The chip's command set has a lot of options, and a hole or two, making implementation a challenge. For example, there is a command to SetConfiguration but no command to read the configuration back (we even tried to find an undocumented opcode), so all chip level Configuration settings have to be challenged.
RFID reader companies have been slow to support the new chip. The FEIG CPR74 used by GlueLogix supports NTAG424DNA only in its unique protocols for authentication and secure APDU exchange. Software developers are responsible for working with NTAG424DNA via APDUs. Most RFID software developers are more used to working with the command sets of their RFID readers, or maybe with libnfc calls. The necessity of working with APDUs puts a strain on development teams and has slowed adoption of the chip. GlueLogix is
available to consult with development groups that are trying to support NTAG424DNA.
NTAG424DNA Features Not Supported by LineLogixPC
The following features are not used in chip personalization and are not expected to be supported in LineLogixPC:
- Originality Signature Verification
- Authenticate Non-First
- Get File Counters
- Get Chip Version
- Get Key Version. Key version is set but not checked.
The following features are not yet completely implemented, mainly due to time constraints:
- Random UID. The Configuration can be set but no challenge is available. Requires implementation of the GetUID command through FEIG CPR74.
- Leakage Resilient Primitive (LRP) encryption mode. The Configuration can be set but there is no challenge for the setting.
- User Configured Bytes in PDCap2. The bytes can be set in text configuration files but are not supported in the software's Graphical User Interface (GUI)
- Binary Mirror Values. The chip will only accept Mirror configurations with the ASCII flag set. Even encrypted mirror strings are presented as ASCII-HEX, not Binary.
- LineLogixPC makes no attempt to stop the user from setting up bad configurations. This is a design choice, meant to ensure that no valid configuration is blocked by overly helpful software. But it can make it hard to get started.
LineLogixPC Features Not Implemented for NTAG424DNA
The following features are not yet completely implemented for NTAG424DNA, mainly due to time constraints. They work for Ultralight, NTAG21x, Classic and ISO15693 ("SLIX"):
- Test encode one sample tag from the NDEF Editor. You must save the DAT file, return to LineLogixPC, and Start Roll in order to test your chip settings.
- Clone Tag. LineLogixPC will not currently read NDEF records from a sample NTAG424DNA for replication.
- Data Import. LineLogixPC will not currently import Type 4 data saved from the NFC Forum standard Eclipse NDEF editor.
- Simple Protection. The Protect checkbox, which locks other tag types, has no effect in NTAG424DNA. The Setup user must arrange file protection based on keys and file settings in the NDEF Editor's Expert Mode, shown below.
SUPPORTED FEATURES
The following features are completely implemented in LineLogixPC for NTAG424DNA, as of the date above:
- Encode all three files, with a choice to not encode them
- Encode all five keys on every write
- Set all available PICC Configurations, within limits described above
- Authenticate using keys from the current DAT file and some common test keys like all-zero values
- Dump chip contents on a user defined JOB file button
- Format chip back to defaults on a user defined JOB file button
- FormatFirst option on JOB file for reprocessing tags with known keys
- Set Communication Mode and Access Permissions for all three files
- Set Plain Mode ASCII Mirror of UID and/or Read Counter (Plain Mode mirror does not seem to work without the ASCII option)
DAT file settings:
[file2.sdm._ctr.right 0E]
[file2.sdm._ctr.start 50]
[file2.sdm.meta.right 0E]
[file2.sdm._uid.start 1F]
File 2 data: 004ED1014A55046578616D706C652E6E74616734322E636F6D2F3F7569643D303439453444324141413631383026653D6768696A6B6C6D6E6F707172737475767778797A4748494A4B4C4D4E4F50515230303030303100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- Set Encrypted Mode ASCII Mirror of UID and/or Read Counter ("PICC Data")
DAT file settings:
[file2.sdm._ctr.right 0E] ignored when sdm.meta.right is a key
[file2.sdm._ctr.start 50] ignored when sdm.meta.right is a key
[file2.sdm._uid.start 1F] ignored when sdm.meta.right is a key
[file2.sdm.meta.right 00] this is not a "right" as much as an encryption key, but the datasheet calls it a "right."
[file2.sdm.meta.start 1B] the start of the encrypted data in ASCII-HEX
File 2 data, note that the plain mirrors disappear when you enable encrypted mirrors:
004ED1014A55046578616D706C652E6E74616734322E636F6D2F3F444235383245374230363734353730354435393744393232324238413937323272737475767778797A4748494A4B4C4D4E4F50515200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Encrypted payload: 4442353832453742303637343537303544353937443932323242384139373232
ASCII-HEX equivalent: DB582E7B06745705D597D9222B8A9722
Decrypted with all-FF key 0: c7047c4d2aaa618003000068ea7f4572
where:
  "C7" is the "PICCDataTag", indicating both 7 byte UID and Read Counter are present
  "047c4d2aaa6180" is the UID
  "030000" is the NFC read counter
  "68ea7f4572" is padding, which changes every session
- Set "Access Rights" (actually the encryption key) for each encrypted mirror value
- Set the Read Counter Limit for each file
- The "Set From Cursor" buttons (screenshot below) let you select the start point for mirror elements by clicking in the data box
- An "NFC Defaults" button (screenshot below) restores settings to shipped values
Warning: Not all permutations of features in the ChangeFileSettings command have been tested. It is always best to inform GlueLogix of new data requirements so that we can help you create a good DAT file for your needs.