Describe the enhancement you're suggesting.
I'm experimenting with Philips Sonicare brush heads. Those have an NTAG213 chip with all readable, but various write-protected pages. The brush sends the password and expects the correct PACK in return. Only then will it accept the emulated chip.
While I can get the password displayed and "unlock" the chip, the password is not saved to the dump file. It should go into Page 43. Also, during the authentication, the NFC chip answers with the "PACK" value - this one should go into Page 44.
(This is only valid for NTAG213, of course. Other chips have these values in different pages.)
Instead, in the dump file, both pages are always 00s. After loading it again at a later time, I'm still offered to unlock the chip.
Page 43: 00 00 00 00
Page 44: 00 00 00 00
On a side note: the NTAG213 never returns the actual values of Pages 43 and 44 during reading operations. These are always 00s and thus the "Pages read" will always be 43 of 45 total. Once password and PACK are determined (and saved into the file), the "Pages Read" counter should be increased to 45/45. This is also necessary so the "Unlock" option gets hidden and the "Write" option appears.
Anything else?
After manually adding the password and PACK value to the dump file, the emulation was flawless and the brush detected the Flipper as if it was a genuine head attachment.
Page 43: 4D EE 92 7C
Page 44: F4 54 00 00
Would be nice if I could achieve this without having to manually edit the dump file.
Describe the enhancement you're suggesting.
I'm experimenting with Philips Sonicare brush heads. Those have an NTAG213 chip with all readable, but various write-protected pages. The brush sends the password and expects the correct PACK in return. Only then will it accept the emulated chip.
While I can get the password displayed and "unlock" the chip, the password is not saved to the dump file. It should go into Page 43. Also, during the authentication, the NFC chip answers with the "PACK" value - this one should go into Page 44.
(This is only valid for NTAG213, of course. Other chips have these values in different pages.)
Instead, in the dump file, both pages are always
00s. After loading it again at a later time, I'm still offered to unlock the chip.On a side note: the NTAG213 never returns the actual values of Pages 43 and 44 during reading operations. These are always
00s and thus the "Pages read" will always be 43 of 45 total. Once password and PACK are determined (and saved into the file), the "Pages Read" counter should be increased to 45/45. This is also necessary so the "Unlock" option gets hidden and the "Write" option appears.Anything else?
After manually adding the password and PACK value to the dump file, the emulation was flawless and the brush detected the Flipper as if it was a genuine head attachment.
Would be nice if I could achieve this without having to manually edit the dump file.