cancel
Showing results for 
Search instead for 
Did you mean: 

Trying to read present password and Write Password on NFC Type 5 ST25DV64K

ShahzaibNaseem
Associate II

I'm working on a Flutter project where I need to enable a security session with an ST25DV04K NFC tag by using the Present Password command. However, when I send the command, I receive an unexpected response that suggests the command is failing. Specifically, the command I am sending is 02 b3 01 00 00 00 00 00 00 00 00 00 da 4e, and the response I get back is 01 02. Based on the ST25DV04K datasheet, I believe the 01 response code indicates an error, and 02 might represent a specific failure, but I can't pinpoint the exact issue. I am using 00 00 00 00 00 00 00 00 as the password for testing, and the CRC value da 4e was calculated based on the command, though I’m unsure if it's correct.

I'm trying to determine whether the issue lies in the password, the CRC, or the command structure itself. My questions are: Is 00 00 00 00 00 00 00 00 a valid default password for the tag, or should I use something else? What does the 01 02 response indicate specifically, and how can I calculate the CRC properly to ensure the command is accepted? Any guidance on these points or other suggestions on how to troubleshoot this would be much appreciated.



14 REPLIES 14
JL. Lebon
ST Employee

Hello, 

Actually, your Present Password command miss the IC Mfg code Byte.
The content of the command is described in the datasheet in chapter 7.6.36.
You can see that the IC Mfg code is mandatory for this command.
So, it must look like this: 02 B3 02 01 00 00 00 00 00 00 00 00 6D C2
B3 is the command code
02 is the IC Mfg code
01 is the password number
00 00 00 00 00 00 00 00 is the password value. Default value from factory is all 00.
6D C2 is the CRC. The CRC type is ISO13239, 16bits, X^16+X^12+X^5+1, backward, preset FFFF and residue 

Best regards.

I'm trying to write a password to an NFC tag using Flutter. However, I consistently encounter an issue where the response from the tag is 01 02, which likely indicates an error. Below is my code for writing the password to the tag. I'd like some help understanding the potential cause of this error and how to troubleshoot it.

 

 

Here's the code I am using to write a password to an NFC tag

Future<bool> _writePasswordToTag(NFCTag tag, List<int> password) async {
try {
// Convert password to Uint8List format
Uint8List passwordBytes = Uint8List.fromList(password);

// Reverse the tag ID into a formatted string with spaces
String formattedTagId = _reverseHexFormat(tag.id.replaceAll(":", ""));
print("Formatted Tag ID: $formattedTagId"); // Expected format: 1e b1 be d8 03 27 02 e0

// Convert the formatted tag ID back to Uint8List
Uint8List reversedTagIdBytes = _hexStringToUint8List(formattedTagId.replaceAll(" ", ""));

// Ensure reversedTagIdBytes is 8 bytes
if (reversedTagIdBytes.length != 8) {
print("Error: Reversed Tag ID does not have 8 bytes.");
return false;
}

// Create the command to send (22 bytes including CRC)
Uint8List command = Uint8List(22); // Initialize command buffer
command[0] = 0x02; // Flag byte
command[1] = 0xB3; // 'Set Password' command code
command[2] = 0x02; // IC Manufacturer code
command[3] = 0x01; // Password number
command.setRange(4, 12, reversedTagIdBytes); // Add reversed Tag UID
command.setRange(13, 19, passwordBytes); // Add password bytes

// Calculate CRC (ISO/IEC 13239 standard)
int crc = _calculateCRC16ISO13239(command.sublist(0, 21));
command[20] = crc & 0xFF; // Low byte of CRC
command[21] = (crc >> 8) & 0xFF; // High byte of CRC

// Print command in hex format for debugging
print("Command to NFC tag: ${_formatBytesAsHex(command)}");

// Send command to NFC tag and get response
Uint8List response = await FlutterNfcKit.transceive(command);

// Print response in hex format for debugging
print("Response from NFC tag: ${_formatBytesAsHex(response)}");

// Check if response indicates success (0x00 assumed as success code)
return response.isNotEmpty && response[0] == 0x00;
} catch (e) {
print("Error setting password on tag: $e");
return false;
}
}

 

 

This code snippet illustrates writing a password to an NFC tag using Flutter. The process involves formatting and reversing the tag ID, constructing a command that includes the password, and calculating a CRC checksum following the ISO/IEC 13239 standard. The command, which contains flag bytes and the reversed tag ID, is then sent using FlutterNfcKit.transceive(). The issue I’m facing is that the response from the NFC tag is consistently 01 02, suggesting an error. This could be due to missing password authentication requirements or incorrect command formatting. To address this, I need to confirm if the tag needs authentication before writing, check the command format against the tag's documentation, and ensure the command structure matches the tag's protocol.

I'm trying to write a password to an NFC tag using Flutter. However, I consistently encounter an issue where the response from the tag is 01 02, which likely indicates an error. Below is my code for writing the password to the tag. I'd like some help understanding the potential cause of this error and how to troubleshoot it.

 

 

Here's the code I am using to write a password to an NFC tag

Future<bool> _writePasswordToTag(NFCTag tag, List<int> password) async {
try {
// Convert password to Uint8List format
Uint8List passwordBytes = Uint8List.fromList(password);

// Reverse the tag ID into a formatted string with spaces
String formattedTagId = _reverseHexFormat(tag.id.replaceAll(":", ""));
print("Formatted Tag ID: $formattedTagId"); // Expected format: 1e b1 be d8 03 27 02 e0

// Convert the formatted tag ID back to Uint8List
Uint8List reversedTagIdBytes = _hexStringToUint8List(formattedTagId.replaceAll(" ", ""));

// Ensure reversedTagIdBytes is 8 bytes
if (reversedTagIdBytes.length != 8) {
print("Error: Reversed Tag ID does not have 8 bytes.");
return false;
}

// Create the command to send (22 bytes including CRC)
Uint8List command = Uint8List(22); // Initialize command buffer
command[0] = 0x02; // Flag byte
command[1] = 0xB3; // 'Set Password' command code
command[2] = 0x02; // IC Manufacturer code
command[3] = 0x01; // Password number
command.setRange(4, 12, reversedTagIdBytes); // Add reversed Tag UID
command.setRange(13, 19, passwordBytes); // Add password bytes

// Calculate CRC (ISO/IEC 13239 standard)
int crc = _calculateCRC16ISO13239(command.sublist(0, 21));
command[20] = crc & 0xFF; // Low byte of CRC
command[21] = (crc >> 8) & 0xFF; // High byte of CRC

// Print command in hex format for debugging
print("Command to NFC tag: ${_formatBytesAsHex(command)}");

// Send command to NFC tag and get response
Uint8List response = await FlutterNfcKit.transceive(command);

// Print response in hex format for debugging
print("Response from NFC tag: ${_formatBytesAsHex(response)}");

// Check if response indicates success (0x00 assumed as success code)
return response.isNotEmpty && response[0] == 0x00;
} catch (e) {
print("Error setting password on tag: $e");
return false;
}
}

 

 

This code snippet illustrates writing a password to an NFC tag using Flutter. The process involves formatting and reversing the tag ID, constructing a command that includes the password, and calculating a CRC checksum following the ISO/IEC 13239 standard. The command, which contains flag bytes and the reversed tag ID, is then sent using FlutterNfcKit.transceive(). The issue I’m facing is that the response from the NFC tag is consistently 01 02, suggesting an error. This could be due to missing password authentication requirements or incorrect command formatting. To address this, I need to confirm if the tag needs authentication before writing, check the command format against the tag's documentation, and ensure the command structure matches the tag's protocol.

Hello, 

You first need to authenticate by presenting the password before being able to write it.
Anyway, the error code you received (01 02) indicates "Command is not recognized (format error)." according to the datasheet chapter 7.4.8 Response and error code.

There are several things that are wrong in the way you construct the command:
First, the command code for the Write password command is B1h, not B3h (that is for the Present password command).
Second, the password number must be after the tag's UID, not before, meaning password number of offset 12 in the command, not 4. Please see chapter 7.6.35 Write Password in the datasheet for a complete description of this command.
Lastly, if you include the tag's UID in the command (this is not mandatory), you must also set the "address" flag (see datasheet chapter 7.4.3 Modes). The request flag byte should then be 22h. If the request flag is 02h, the tag's UID must be omitted in the command.

Best regards.

Hello,

I successfully executed the "present password" command, receiving a "00" response, indicating it was done successfully. However, when I run the "write password" command, it returns an error stating "permission denied to write password." Could you please guide me on resolving this issue? Do I need to open a session or unlock any specific configuration to enable password writing? Additionally, if there are any other necessary steps to address this problem, I would appreciate your assistance. Thank you!

Hello, 

In order to modify a password, you need first to open the corresponding security session.
This is done by presenting the password. 
Example to update password 3:
step 1: present password 3 => 02 B3 02 03 00 00 00 00 00 00 00 00 CRC1 CRC2 (password value is 00 by default). You should get a 00 as response meaning success.
step 2: write password 3 => 02 B1 02 03 xx xx xx xx xx xx xx xx CRC1 CRC2, where xx...xx is the new password value.

Best regards.

 

ShahzaibNaseem
Associate II

Hello,

I’m working with the ST25DV04K NFC chip and have successfully set passwords for Password IDs 01, 02, 03, and 00. However, I’m struggling with configuring memory areas (e.g., RFAS1, RFAS2) and assigning passwords to them.

I know the "Set Memory Protection" command (02 BA) can define the start and end addresses of an area and link it to a specific Password ID, but I’m unclear on the exact steps to achieve this. Additionally, how do I assign passwords to specific areas to secure them properly?

For example:

  1. How can I define an area like RFAS1 with specific boundaries?
  2. How can I link a specific Password ID (e.g., Password 01) to that area?

Any guidance or examples would be greatly appreciated!

Best regards,

Hello, 

The "Set Memory Protection" command (02 BA) doesn't exist for the ST25DV04KC (it is a command of the ST25TV02KC). Please see the command supported in the datasheet in chapter 7.6.2 Command codes list.

In order to protect an area, you need to write the configuration bytes RFA1SS, RFA2SS, RFA3SS and RFA4SS (RFA1S and RFA2S looks like registers from the ST25TV04KC, please check the correct datasheet). Each register protects the corresponding user memory area (RFA1SS protect user area 1, etc.). In those registers, you set the type of protection, and the password used to unprotect the area.
Description of those registers are in datasheet chapter 5.6.1 Data protection registers. 

You also need to set the user areas length. You can split the memory in 1, 2 3 or 4 areas. This is done using the ENDA1, ENDA2, AND3 registers. See chapter 4.2.1 User memory areas of the datasheet.

In order to update RFA1SS, RFA2SS... and ENDA1, ENDA2... registers, you need first to present the password 0 (RF configuration password, all 00 by default) and then use the command Write Configuration (A1h), with the correct address (see registers addresses in Table 13. System configuration memory map in the datasheet).

Best regards.

Hello,
I am encountering an issue while attempting to update the RFA1SS register on the ST25DV04K NFC chip using the FlutterNfcKit package. The authentication process for the RF configuration password is successful, and I am able to update other registers, such as setting ENDA3 to 47, without any issues. However, when trying to write a new protection value to the RFA1SS register, the operation fails with a response of [1, 16]. This indicates that while the communication and command structure seem correct, the chip is rejecting the write operation.

Potential causes could include an invalid protection value, an incorrect register address, a locked configuration, or a mismatch in the expected command sequence. I have verified that the default RF configuration password is being used and believe the issue is specific to the RFA1SS register or its settings. Insights or guidance on resolving this problem would be greatly appreciated.

await _setAreaProtection(0x20, 0x0A, "RFA1SS"); // Protect Area 1

Uint8List command = Uint8List.fromList([
0x02, // Flags
0xA1, // Write Configuration command
0x02, // Manufacturer code for ST
registerAddress, // Address of RFAxSS register
protectionValue // Protection setting
]);

Regards,