How to configure NDEF SDM mirroring options in NXP's TagWriter?

nfc-developer / sdm-backend

Backend server for Secure Dynamic Messaging (SDM). Supports decryption of PICCData, SDMENCFileData, and validation of SDMMAC. Compatible with NTAG 424 DNA (both variants). Written in Python 3 Flask. Pull requests welcome.

MIT License

75 stars 39 forks source link

How to configure NDEF SDM mirroring options in NXP's TagWriter? #1

Closed lucashenning closed 4 years ago

lucashenning commented 4 years ago

Hi Michal, thanks a lot for putting this together. This is the only working implementation of 424 tags that I found and it saved me a ton of time after struggling with this for several days and getting lost in NXP's documentation. I really appreciate you publishing this.

I can confirm that everything works as expected. I was able to start your application and validate some NXP sample tags. However, I ran into some issues with setting up new tags in NXPs TagWriter App.

Would you mind elaborating on the values you used to make this work? Could you share your config? These are the settings that I'm using in NXP's TagWriter App but the writing process fails.

URL: http://example.com/tag?picc_data=00000000000000000000000000000000&c=0000000000000000
SDM Meta Read Access Rights: 00
UID Mirror: off
Counter Mirror: off
PICC Offset: 40
Derivation Key for CMAC: 00
SDM Mac Input: 75
SDM Mac Offset: 75

icedevml commented 4 years ago

@lucashenning Hello, so far this looks pretty OK. The PICCData has 32 zeros (16 bytes), the CMAC has 16 zeros (8 bytes) and the offsets seem to be configured properly.

Did you erase the tag and formatted it as NDEF (TagWriter: Erase -> Format as NDEF)? Also, does the device has blank authorization keys (0000...)?

At the moment I don't have any clean tag to test the configuration in reality, I will try to manage something in a moment.

icedevml commented 4 years ago

@lucashenning Btw.

I really appreciate you publishing this.

Glad to hear that :)

When it comes to the issue - I think I've got what's wrong. You need to enable UID Mirroring and Counter Mirroring for this to work. Otherwise the settings are self-contradictory (i.e. impossible situation is requested and thus there is a Store fail).

Be aware that the application may mess with your URL a little bit after enabling these two features mentioned above. You need to correct the URL manually. Also don't forget to format your tag as NDEF (through Erase tab) before configuring SDM.

Please review my screenshots: Screenshot_20200207-220025_TagWriter Screenshot_20200207-220035_TagWriter Screenshot_20200207-220215_TagWriter

lucashenning commented 4 years ago

@icedevml , you're the man! Thank you so much for helping me in this matter. Enabling UID Mirroring and Counter Mirroring worked like a charm and I was able to write everything to the tag.

Your backend service works as well. I can decrypt every picc for every scan using your python code.

Awesome work! Thanks again for putting this together and your support.

icedevml commented 4 years ago

Cool! Thanks for testing :)

Additional explanations were added to README.md to cover this issue.