I have successfully written some data on data pages 30 to 38.
After that I want to lock those pages in order to prevent further writing. The write lock should be permanent, so even if someone knows the authentication key, they should not be able to write to those pages.
As far as I have understood the datasheet, I have to write some bits on OTP pages. But I do not fully understand what command I have to send for locking specifically pages 30 to 38.
Can somebody help me in identifying the command that needs to be sent to the card? My thinking is that I have to write F0 on page 40. However, this might also make pages 28, 29 and 39 locked and, hence, unusable.
In order to set the lock-bits that include pages 30 to 38, you would need to set the lock-bits that are located in bits 5, 6, and 7 of byte 0 of page 40. You can do this with the WRITE command. For lock bits (or any OTP pages) this command will only program those bits that are set to '1' in the data parameter of the command (essentially resulting into a logical OR). Note that the WRITE command always takes one full page (i.e. 4 bytes) as its data parameter:
byte[] result = nfcA.transceive(new byte[] {
(byte)0xA2, /* CMD = WRITE */
(byte)0x28, /* PAGE = 40 */
(byte)0xE0, (byte)0x00, (byte)0x00, (byte)0x00 /* DATA = lock pages 28..39 */
});
Unfortunately, you can't! The locking mechanism of MIFARE Ultralight C for pages 16 to 39 is organized in blocks of 4 pages. Hence, you can only lock the following groups of 4 pages:
The block locking bit sets the write protection for bits within the lock page. So for instance if the block locking bit for pages 28 to 39 is set to '1', this means that you cannot change the state of the three lock-bits for these pages. Hence, if you set the lock-bit for pages 28 to 31 but leave the lock-bits for pages 32 to 35 and 36 to 39 unset, and then set the block locking bit, you can no longer activate the write protection for pages 32 to 39.