Online Store

Configuring a SUN message using the SDM write function – SDK project ufr-examples-c-nt4h

Here are the necessary steps for configuring a SUN message using the ‘SDM write‘ option of the ufr-examples-c_sharp-nt4h software tool.

The first step is to configure the necessary security keys for the tag.

Configuring the AES keys of your tag needs to be performed carefully before setting file configuration and/or writing data. Since most of the parameters revolve around key indexes of the tag. The authentication will mostly depend on the keys set on these indexes.

For example, we will use the key ‘792F423F4528482B’. The software tool requires this key to be converted into 16 hexadecimal bytes. Of course, you can change this condition in your project code. After the conversion, the HEX key used in the demonstration below is  ’37:39:32:46:34:32:33:46:34:35:32:38:34:38:32:42′.


Step 1)

– Select the option (5) – Change AES key. Enter the key index you wish to change (we choose key #3 of the tag). Enter the card’s master key and old key (previously used) that are set for key index #3.

Step 2) 

Before writing the SDM (Secure dynamic message) that will contain an encrypted SUN message, check file settings for the current configuration of the tag.

– Select option (1) – get file settings and save that data somewhere nearby. This will be needed later for the SDM configuring.

Step 3) 

Writing the SDM.

– Select the option (9) – secure dynamic message write



Notice: There is a typo mistake in our example. The correct should be the ‘Enter write AES key’ statement instead of the ‘change’ key since this part is reserved for writing the NDEF message via LinearWrite(). Please, pay attention to this part of the SDM write procedure

We set up the write key as key #3, so we entered the key as shown above.
(This bug will be fixed in the next update of this software too).

A brief explanation of the SDM write procedure:

– All of these listed questions were answered with Yes (just the input of ‘Y’ on your keyboard when prompted).

– We have used change key 0 since it was previously configured (refer to step 2 and ‘get file settings’ options for your tag).

While doing the SDM write, first you need to enter the key index of the current change key as a form of authentication. Further, you can enter a new key index of the change key when prompted with the “Enter new change key number (0 – 2 for NTAG413) (0 – 4 for NTAG424 and NTAG424_TT”.

For other options, we used previously configured key #3. For the sake of simplicity, we used only these two keys, where key #0 is 16 hex bytes of 0x00, and key #3 is 3739324634323346343532334383242.

Step 4) 

SDM Read

To fully read the SDM message, the decryption requires these two keys:

Metadata AES key and the File data read AES key have been both previously configured as key #3.

If the entered key is not correct, the output will be incorrect data.

You can check and change the settings of the SDM file at any time, using the menu options 1) & 2).

Tag file settings used for this demo:



First step requires 16 hexadecimal bytes, meaning 16 bytes 00, so the input should be: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 or 00000000000000000000000000000000 (sum total 32 [47 with delimiters characters that represent 16 bytes).

You can enter the HEX key with or without ‘:’ as a delimiter. Alternatively, you can use ‘ ‘ (space) as a delimiter, too. These delimiters are ignored when parsing the key while checking if it is a correct hexadecimal string. This is just the way we solved the input method in our software example. This condition can be changed in your implementation (details provided by the uFR API).

The default AES master key contains all 0s. Make sure you keep track of key changes for your tag. 

You can check if the key was changed successfully by using the option (3) – get UID (NTAG424 and NTAG424_TT)