xNT NFC Tag [NTAG216]

• 13.56MHz ISO14443A & NFC Type 2 compliant NTAG216 RFID chipset
• Full datasheet for the NXP NTAG216 RFID/NFC chip
• 7 byte UID and 880 bytes of user read/write memory
• 10 year data retention. Rated for 100k writes per memory block.
• Encased in 2.1mm by 12mm bioglass with non-toxic epoxy
• Pre-tested and pre-loaded in sterile injection assembly
• No “anti-migration” coating means easy removal/replacement

Our x-series transponders are typically installed into the webbing between the metacarpal bones of the index finger and thumb, resting parallel to the index metacarpal. The reason they are installed in the hand has to do with the extremely short read range of x-series tags and the typical use case being some form of access control where the tag must be presented to a fixed reader of some kind. The suggested placement within the hand was chosen due to the lack of major nerve bundles or blood vessels running through that area.

Achieving a safe installation definitely requires a steady hand and experience performing aseptic procedures. Dangerous Things prefers our customers locate one of our professional body piercing or body modification partners to complete the installation of this product. If no partners are available in your area, you should be able to follow this guide to finding a professional in your area who is willing to assist you.

For aftercare information and what to expect, please read our X-Series FAQ page.

You have questions! That’s understandable. The short answer is; it’s all good. If you’re looking for more specific answers, we have an extensive FAQ page that deals with many of the most commonly asked questions regarding installation of our x-series transponders.

Passive RFID and NFC tags are magnetically coupled devices that power themselves and communicate data over a shared magnetic field the reader generates. This means their effective read range and performance depends entirely on how well the antenna coils of both the tag and reader couple with each other. This typically means the shape, size, and orientation of both antennas must be complimentary.

Unfortunately, most reader devices, including mobile phones, typically have antennas designed with thin PCB traces made into blocky rectangular shapes that lay along a flat plane. These antenna designs are great for coupling with and reading large flat label tags, credit card style tags, and access cards which also share this antenna shape, but they have a hard time coupling to the very small cylindrical antenna coil inside our x-series tags. Most mobile phones and reader devices have a “sweet spot” or two that must be located and used each time to get consistent results. Other devices, such as the Samsung Ezon electronic deadbolt lock, sometimes use wire wound coil antenna loops inside, which work much more reliably with small glass tags like our x-series tags. You should not expect your USB reader or mobile device to achieve the same read range with our x-series tags that you normally get with a label tag or card style tag. Here are some example videos detailing typical read performance and how to find that “sweet spot”.

The xLED can help!
The xLED is a signal diagnostic device that mimics the x-series antenna coil winding and shows you the best possible location and rotation/orientation for holding your x-series transponder up to any reader. This video explains how it works.

Click here to order the xLED-HF (13.56MHz).

The xNT uses the NTAG216 chip from NXP, which was designed for use in more typical NFC applications such as smart posters, labels, and other disposable use cases where the memory contents would typically be written and then locked so it could not be changed. This is done using built-in “lock bytes” which are OTP (one time programmable). That means that once the lock bytes are turned on to protect memory blocks, they can never be unlocked. Once any memory block is locked, it will forever be read-only, which is not ideal for the xNT. Many NFC applications offer ways to “lock” or “protect” your tag, which will end up locking the tag read-only.

In addition to lock bytes, the NTAG216 offers a 32bit password protection function. Regardless of what some NFC smartphone apps indicate, it is not possible to remove or disable the password. It is only possible to set the password to the default value of FF FF FF FF. If the password is set to the default value, then anyone could easily authenticate, change the password, then write data or change protection options for your tag, and either permanently lock the tag or just change the password to some unknown value. Because it is also possible to protect memory blocks from unauthenticated reads using a password, this could make the tag completely useless by not allowing any memory blocks to even be read.

Finally, many of the critical configuration bytes used by the NTAG216 chip are stored in the last few memory pages of the tag. This means that it may be possible for an NFC application that does not properly detect or honor the xNT’s memory schema to accidentally attempt to write NDEF record data (the data you’re trying to store on the tag) overtop of the configuration bytes. For example, if the data you are attempting to write is longer than the user memory blocks available, the remainder of the data might be written overtop of configuration bytes, which contain settings that are potentially dangerous to modify such as the config lock byte. The configuration lock byte is not possible to disable, so accidentally writing to that byte could result in your configuration being irreversibly locked.

To help our customers protect their tag from accidental modification or malicious attack, we have developed Dangerous NFC for Android. Our DNFC app allows customers to secure their tag by doing the following things;

• Disable lock bytes so they cannot be used to lock any memory blocks as read-only
• Update the password block with a custom, non-default password value
• Update the memory protection option to write-only protection
• Update the memory protection range to protect the configuration bytes

This approach allows the entire user memory space to be written to/updated, while at the same time protecting the configuration bytes and password values at the bottom end of the xNT memory space. This means an application cannot accidentally write data unintentionally to any configuration bytes. It also means the password of the xNT cannot be updated without first authenticating. This means you will need the current password in order to update or change the password. Without updating the dynamic memory protection range, it would technically be possible to just write a new password without first knowing the old password.

Ultimately, once secured by Dangerous NFC, you are free to use any other NFC app to write data to the tag and not need to be afraid of accidentally locking the tag, or changing the configuration bytes, or someone maliciously locking your tag or changing your password. We suggest using NXP’s TagWriter app.

Testing Process
Our x-series tags come pre-loaded inside injector systems with steel needles and cannot be read while inside the needle. Because of this, we perform a full test on every x-series tag before it is loaded into the injector assembly and sterilized. We have also conducted several tests on our x-series tags and cataloged those tests here.

Return Policy
All sales of this product are final and no returns will be accepted. We keep tight control over chain of custody on this through manufacture, sterilization, and shipment. We would not want to re-sell something that has been returned, and you probably wouldn’t want to buy one either… so before you purchase, do your research and be sure you know you’re getting the correct product, know it’s compatibility/performance/limitations/etc.

Lifetime Warranty
If you do purchase one of our products and experience a failure, we offer a full lifetime warranty on all of our products. You will need to return the product for testing and analysis, and if it is malfunctioning, we will ship you a replacement free of charge.