Skip to content
CrypTag

Discovery & Authentication

Discovering the Tag

discoverTag()

Read version, file settings, access rights, and SDM configuration. Called automatically by other operations; call it directly only to inspect the tag or refresh the cache. The result is cached until invalidated.

const res = await tag.discoverTag();

Returns

{
  success: true,
  data: {
    uid: '04A1B2C3D4E580',
    randomUID: false,
    variant: 'Standard',
    versionData: {
      uid: '04A1B2C3D4E580',
      hardware: {
        vendor: 'NXP Semiconductors',
        type: 'NTAG DNA Family',
        subtype: 'NTAG424 DNA',
        version: '3.0',
        storage: '416 bytes',
        protocol: 'ISO/IEC 14443-4',
        capacitance: '50pF'
      },
      software: {
        vendor: 'NXP',
        type: 'NTAG DNA Family',
        subtype: 'NTAG424 DNA',
        version: '3.0'
      },
      production: {
        batchNumber: '4B5C6D',
        productionDate: '2023-03-20',
        fabKey: 1
      },
      variant: 'Standard',
      raw: {
        uid: '04A1B2C3D4E580',
        hwVendor: '04', hwType: '04', hwSubtype: '02',
        hwMajor: '30', hwMinor: '00', hwStorage: '11', hwProtocol: '05',
        swVendor: '04', swType: '04', swSubtype: '02',
        swMajor: '30', swMinor: '00',
        batchNo: '4B5C6D', productionDate: '2023-03-20', fabKey: '01',
        variant: 'Standard'
      }
    },
    fileSettings: {
      '1': {
        fileType: 0, fileOption: 0,
        readAccess: 'free', writeAccess: 0, readWriteAccess: 0, changeAccess: 0,
        fileSize: 32, sdmEnabled: false, commMode: 'plain'
      },
      '2': {
        fileType: 0, fileOption: 192,
        readAccess: 'free', writeAccess: 0, readWriteAccess: 'free', changeAccess: 0,
        fileSize: 256, sdmEnabled: true,
        sdmOptions: 193, sdmAccessRights: 'F121', offsets: [],
        commMode: 'full'
      },
      '3': {
        fileType: 0, fileOption: 0,
        readAccess: 3, writeAccess: 3, readWriteAccess: 3, changeAccess: 0,
        fileSize: 128, sdmEnabled: false, commMode: 'full'
      }
    },
    accessRights: {
      '1': { read: 'free', write: 0, readWrite: 0, change: 0 },
      '2': { read: 'free', write: 0, readWrite: 'free', change: 0 },
      '3': { read: 3, write: 3, readWrite: 3, change: 0 }
    },
    sdmEnabled: true,
    sdmConfig: {
      enabled: true,
      profile: 'full',
      options: {
        uidMirror: true, readCounter: true, readCounterLimit: false,
        encryptedFileData: false, ttStatusMirror: false, asciiEncoding: true
      },
      keys: { sdmCtrRet: 1, sdmMetaRead: 1, sdmFileRead: 2 },
      offsets: [32, 67],
      counterLimit: null,
      raw: { sdmOptions: 193, sdmAccessRights: 61729 }
    }
  },
  duration: 41
}

getCardUID()

Return the real 7-byte UID even when random-UID mode is enabled. Requires authentication (Key 0 by default; handled automatically).

const res = await tag.getCardUID();

Returns

{
  success: true,
  data: { uid: '04A1B2C3D4E580' },
  duration: 12
}

Authenticating

authenticate(keyNo)

Authenticate with a key (0–4). Usually automatic — call it directly only to pre-authenticate or force a specific key. Auto-detects EV2/LRP, reuses the session if already authenticated with keyNo, and uses NonFirst authentication to switch keys inside a transaction.

const res = await tag.authenticate(0);   // force Key 0 (e.g. before a config change)

Returns

{
  success: true,
  data: { keyNo: 0, mode: 'EV2', nonFirst: false },
  duration: 23
}

verifyKeys()

Test authentication with all 5 keys and report which succeed. Top-level success is true only if all keys authenticate.

const res = await tag.verifyKeys();

Returns

{
  success: true,
  data: {
    keyList: {
      '0': { success: true, keyVersion: 0 },
      '1': { success: true, keyVersion: 0 },
      '2': { success: true, keyVersion: 0 },
      '3': { success: true, keyVersion: 0 },
      '4': { success: true, keyVersion: 0 }
    },
    authMode: 'EV2'
  },
  duration: 38
}

getKeyVersion(keyNo?)

Read a key’s version byte (auth: Key 0, automatic). keyNo defaults to 0.

const res = await tag.getKeyVersion(0);

Returns

{
  success: true,
  data: { keyNo: 0, version: 0 },
  duration: 11
}

Integrity & Tamper Checks

verifySignature()

Read and verify the NXP originality signature (ECDSA secp224r1) — proves genuine NXP silicon.

const res = await tag.verifySignature();

Returns

{
  success: true,
  data: {
    verified: true,
    signature: 'A1B2C3D4E5F60718293A4B5C6D7E8F90112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF001122334455667700'
  },
  duration: 18
}

getTTStatus(keyNo?)

TagTamper status (TagTamper variant only). keyNo (default 0) is the key to authenticate with.

const res = await tag.getTTStatus();

Returns

{
  success: true,
  data: { permanentStatus: 'closed', currentStatus: 'open', tamperDetected: true, featureConfigured: true, rawValues: 'C40C' },
  duration: 14
}