Compatibility problems with NXP TagWriter

[martinpaljak]

Reading works well. Writing with other apps like https://play.google.com/store/apps/details?id=com.mobiem.nfctool works OK. Has NXP changed it so that only their tags are writable?

[promovicz]

I can confirm this. Not sure yet on the cause.

[9500]

I remember that I used to be able to use NXP TagWriter to read and write tags, and with the most recent prebuilt cap I can't write tags anymore.

I tried to download old prebuilt file (javacard-ndef-full-plain.cap from 3aa1672 ) and with that binary NXP TagWritter works again for me... I am able to write, overwrite and read tags. Erase does not work.

[gregorjohannson]

The inability to read/write tags seems to be connected to #10.
Using AID D2760000850101 for the applet allows writing with apps like https://play.google.com/store/apps/details?id=com.wakdev.wdnfc for example.

From ef212b7 the AID was changed in the buildfile.

[darconeous]

FYI: I've noticed that on recent versions of gp, I've had to use --create D2760000850101 instead of --applet D2760000850101 in order to get the correct applet name to be created.

[martinpaljak]

@darconeous --create specifies the instance AID and that needs to be the NFC forum defined one. It used to be the default in the built cap, but was changed, as noted above. --applet, when used with --install selects a module from multi-applet package (or the module after a standalone --load).

[darconeous]

But nonetheless the README says to use --applet, not --create... Documentation bug? Or am I missing something?

[viktoriasee]

I can confirm it works with --create only.

[darconeous]

I think the issue that @martinpaljak was referring to when he filed this issue was different than the --applet vs --create issue. I'll file a new bug.

[darconeous]

I've filed #12 for the -applet vs -create issue, so this bug can track the original issue being described by @martinpaljak

[ckahlo]

Hi together,

I tracked down the issue with NXP TagWriter and some chip configurations resulting in a crash of the NXP app.
There is some condition that leads NXP TagWriter to assume it is talking to a real / fully emulated MIFARE tag
and thus tries to communicate with wrapped native commands.

TagWriter crashes with a "WRONG_CLA" and sniffing the NFC connection reaveals an attempt of 90 60 00 00 00
to obtain the UID of the tag. As far as I can see this happens after application selection
(44 10 7F 5C 02 -> 00 A4 04 00 07 D2 76 00 00 85 01 01 00 <- 35 C0) and without a RESET, so it could be
handled by an applet.

EDIT: sorted the stuff a bit and realized there's an REQA sequence betfore 90 60 00 00 00 and after

44 0A 7F 92 03 -> 00 A4 00 0C 02 E1 04 <- 6D DB
44 08 7F 9A 02 -> 00 B0 00 00 02 <- 6B 7D
44 08 7F A7 03 -> 00 B0 00 02 0C <- 8E A3

--> REQA, UID masked with U1 - U7

44 03 7F B2 C2 E0 B4
44 01 7F B7 52

44 09 7F BB 93 70 88 U1 U2 U3 12 D7 FB
44 09 7F BB 95 70 U4 U5 U6 U7 AB 3C BA

47 03 7F BB E1 6F 00
44 04 7F BE E0 80 31 73
44 04 7F D7 02 60 16 4E

/edit

HTH & best regards,
Christian