Skip to content
Backend server to decrypt and validate NTAG 424 DNA Secure Dynamic Messaging (also called SDM, SUN or mirroring); written in Python 3 Flask. Pull requests welcome.
Python HTML
Branch: master
Clone or download
Latest commit 45293ea Jan 22, 2020
Type Name Latest commit message Commit time
Failed to load latest commit information.
templates set viewport properly on mobile devices Jan 14, 2020
.gitignore initial commit Dec 28, 2019
LICENSE initial commit Dec 28, 2019 initial commit Dec 28, 2019 initial commit Dec 28, 2019
requirements.txt initial commit Dec 28, 2019

Backend server for NTAG 424 DNA Secure Direct Messaging (SDM)

An example of Flask application which can decrypt and validate signature of Secure Direct Messaging "mirrors". Implemented according to AN12196 "NTAG 424 DNA and NTAG 424 DNA TagTamper features and hints".

Pull requests welcome.

Note: NTAG — is a trademark of NXP B.V.

How to setup SDM?

Use NXP's TagWriter application for Android. When writing an URL record, choose "Configure mirroring options". Refer to the tag's datasheet to understand particular options/flags.

Supported cases

  • PICCData Encrypted mirroring (CMACInputOffset == CMACOffset)


  • SDMENCFileData mirror with PICCData Encrypted mirroring (must satisfy: CMACInputOffset != CMACOffset && SDMMACInputOffset == ENCDataOffset)



How to test?

  1. Clone the repository
    git clone
    cd ntag424-dna-server
  2. Install the required dependencies and copy example config:
    pip3 install -r requirements.txt
  3. Run Flask development server:
    python3 --host --port 5000
  4. Visit localhost:5000 and check out the examples.

Further usage

  1. Edit to adjust the decryption keys.
  2. Setup nginx (with obligatory SSL encryption).
  3. Configure the application to run with uwsgi (example tutorial).
You can’t perform that action at this time.