Re: DaVinci Junior cartridge reset
Printing gold colored 3rd-party filament right now 
Re: DaVinci Junior cartridge reset
I contacted greatone76 and went through the process with him.
Thank you greatone76 worked perfect.
loading filament now
Re: DaVinci Junior cartridge reset
http://www.instructables.com/id/NFC-Tag-Hack/ I have added a step to the end that has basic values to change between the 2 extruder temps we know and what pages to reset to reset the length. I'm not 100% sure on how pages 21, 22 and 23 work. When I go back through the forum posts it appears that you don't need to touch those to reset the length. If any of my information is wrong please let me know. Thanks.
Re: DaVinci Junior cartridge reset
Here we go --- I can verify that the password is created using only the UID of the tag. Below are a few simplified UID’s and then one UID with one digit added to each value:
UID: 00 00 00 00 00 00 00 Pass: 5A DB F8 F3
UID: 01 01 01 01 01 01 01 Pass: 45 86 B5 E5
UID: FF FF FF FF FF FF FF Pass: 7D 10 F3 A6
Base:
UID: 04 31 CE 22 9A 3D 80 Pass: 8B BB D0 FC
Adding one to each digit of the base:
UID: 05 31 CE 22 9A 3D 80 Pass: 68 91 A5 D1
UID: 04 32 CE 22 9A 3D 80 Pass: 3D 34 64 97
UID: 04 31 CF 22 9A 3D 80 Pass: B2 B0 58 8B
UID: 04 31 CE 23 9A 3D 80 Pass: 59 AC 9A 62
UID: 04 31 CE 22 9B 3D 80 Pass: AF E8 35 75
UID: 04 31 CE 22 9A 3E 80 Pass: E1 39 B9 13
UID: 04 31 CE 22 9A 3E 81 Pass: D2 27 C1 C9
UID: 14 31 CE 22 9A 3D 80 Pass: AF 8B 77 25
UID: 04 41 CE 22 9A 3D 80 Pass: 5B 2A D9 8E
UID: 04 31 DE 22 9A 3D 80 Pass: 99 87 4A 39
UID: 04 31 CE 32 9A 3D 80 Pass: 81 61 0A 5C
UID: 04 31 CE 22 AA 3D 80 Pass: B6 A1 03 6A
UID: 04 31 CE 22 9A 4D 80 Pass: 6A AF 9D 79
UID: 04 31 CE 22 9A 3D 90 Pass: F5 A2 60 C9
I hope somebody sees it cause I sure don't. I just feel stupid for trying to add the basic 2 and 4 digit hex to try to figure it out. This appears to be quite a complete algorithm. Tell me if you want another number like 00 00 00 00 00 00 01 or something else basic to help out or check a theory.
Re: DaVinci Junior cartridge reset
As requested by charleshyman:
UID: 00 00 00 00 00 00 00 Pass: 5A DB F8 F3
UID: 01 00 00 00 00 00 00 Pass: 4C 33 D8 44
UID: 00 01 00 00 00 00 00 Pass: 44 F5 BB 33
UID: 00 00 01 00 00 00 00 Pass: 44 F5 BB 33
UID: 00 00 00 01 00 00 00 Pass: 9C 18 EB FF
UID: 00 00 00 00 01 00 00 Pass: 9C 18 EB FF
UID: 00 00 00 00 00 01 00 Pass: AB AA 7D 46
UID: 00 00 00 00 00 00 01 Pass: AB AA 7D 46
UID: 02 00 00 00 00 00 00 Pass: 1C 06 4D 52
UID: 00 00 00 00 00 00 02 Pass: 5E 8F C6 F8
631 2016-02-29 06:28:28 (edited by JustBen 2016-02-29 09:34:31)
Re: DaVinci Junior cartridge reset
hmm so far there is an obvious pattern.
what happens when we expect Byte 1 to always be 04 since that is the manufacture byte id.
next is well byte 2&3, 4&5 and 6&7 looks to generate the same result.
could you try and generate a few more pairs and see if it holds true?
also are you using something like a hydranfc or proxmark to emulate the tags? mby if we were more that could emulate tags we could generate sample data faster.
btw. i'm a QA pro and one of my specialitys are patterns on large data sets.
i'd be willing to look over data data sets for patterns if that can help in any way.
632 2016-02-29 15:44:19 (edited by AidenShaw 2016-02-29 16:31:27)
Re: DaVinci Junior cartridge reset
I am very greateful for greatone76 password generating.
Him save my time and money to cracking password.
I used this password, instructions from greatone76, and instructions from post 614, by methos0510 and worked as charm.
Thanks 
Re: DaVinci Junior cartridge reset
Created an account to say thanks for all the efforts and i will drop you a pm once i have my printer, due in the next few weeks
just one Q - can the chip that comes with the demo filament be reset and be made to show the full 300m ?
Thanks !
634 2016-02-29 16:00:03 (edited by AidenShaw 2016-02-29 16:31:56)
Re: DaVinci Junior cartridge reset
To mad_raptor:
Yes, this is my case, when you "programming", by this DATA HEX, can you use as 300m:
post 614, by methos0510
635 2016-02-29 18:24:16 (edited by NPCO543 2016-02-29 18:26:39)
Re: DaVinci Junior cartridge reset
Just wanted to report that Greatone's instructions worked like a charm. I was able to rewrite both my natural (that came with the printer) and a black that was about 1/2 used to black and 300 M of 300 M remaining.
I'm off to order some generic filament now!
Oh, I wanted to ask, is there any danger that this hack could be closed by firmware updates? Every time I run the software, it indicates that a firmware update is available. So far, I've declined to install it fearing that they'll close any exploits that would allow it to be further hacked in the future.
If it helps anyone figure out how the system works, here's the info for both of my tags:
Re: DaVinci Junior cartridge reset
Hello
I think dont upgrade your firmware for the moment !We dont know the modifications they have made
this topic is to find a solutions with firmaware 2.0 or 2.2.0 (it seems...)
Any ave other idea???
637 2016-02-29 22:11:20 (edited by johnboyjr 2016-02-29 22:23:47)
Re: DaVinci Junior cartridge reset
villards74 wrote:
Hello
I think dont upgrade your firmware for the moment !We dont know the modifications they have made
this topic is to find a solutions with firmaware 2.0 or 2.2.0 (it seems...)
Any ave other idea???
if you have the keys and can reset your nfc card I don't think they can block that because they won't know if it's moded or not
Re: DaVinci Junior cartridge reset
Hi johnboyjr,
if think if you have the password you can make a new password with a new algorithm
with a new version its not a problem he can test the fisrt and make a new password .Its what i mean!
639 2016-02-29 23:33:35 (edited by viper960 2016-03-01 01:05:23)
Re: DaVinci Junior cartridge reset
I also had greatone76 generate the password for the tag that came with my starter filament. I was able to easily set it to 300m using my Nexus tablet's NFC reader and the RFID NFC tool downloaded from the Play store.
One hiccup was that I got the 'unidentified spool' error but I used the advice from a few posts back that said to, "try writing line 08 to 5A505000 and it will let you change lines 0A,0B &14 to E0930400."
Now I can use the rest of the starter filament I was going to have to throw away otherwise!
Re: DaVinci Junior cartridge reset
Here is the next set again if anyone sees something speak up. Request a set of 01's Otherwise I'm going to keep going down the line.
UID: 01 01 00 00 00 00 00 Pass: E1 F0 41 6E
UID: 01 00 01 00 00 00 00 Pass: 2D D1 EC DC
UID: 01 00 00 01 00 00 00 Pass: 41 0A 47 8B
UID: 01 00 00 00 01 00 00 Pass: C9 D3 F9 B1
UID: 01 00 00 00 00 01 00 Pass: DC C3 A8 D4
UID: 01 00 00 00 00 00 01 Pass: A3 40 ED B8
UID: 00 01 01 00 00 00 00 Pass: 54 D6 DE B3
UID: 00 01 00 01 00 00 00 Pass: 87 BF 4D 95
UID: 00 01 00 00 01 00 00 Pass: 92 6D 64 F6
UID: 00 01 00 00 00 01 00 Pass: 12 29 25 AC
UID: 00 01 00 00 00 00 01 Pass: F6 7A B4 C8
Re: DaVinci Junior cartridge reset
I get one forum they get algo for getting password and gave web page where you can get password from UID, but for my UID and know password it do not work
Re: DaVinci Junior cartridge reset
Vienisas
You got the link to the password website and the forum. Maybe that have accomplished the project and or can help with a next step.
643 2016-03-01 19:06:05 (edited by hholz 2016-03-01 19:08:22)
Re: DaVinci Junior cartridge reset
would be very happy if someone would find out the paswort me
Re: DaVinci Junior cartridge reset
Thanks to Greaton76 !!!!
he had send to me the good pasword!I can read the card and change the lenght of my filament (page14)
but i cant change page 0A and 0B .....
i try to change the page 08 :action failed!
i have push in page 14 the same value as he page 0A and 0B but the printer dont recognize the filament
Have you a solution
See images bellow
Thanks for your help!
Re: DaVinci Junior cartridge reset
http://www.proxmark.org/forum/viewtopic … 57&p=9
Is the forum vienisas is talking about. The password is for the Lego dimensions NFc tags. Same NTAG213, but I'm sure a different algorithm and why it doesn't work. I have not had time but we should look through their process. Based on the forum it looks like they are using a proxmark3 emulation to play. It could also be valuable to know what numbers they used to break the password. Same size pass key as ours. Could be a good guide.
Re: DaVinci Junior cartridge reset
I was trying registry to this forum, get confirm, but do not receiving email with tem password
Re: DaVinci Junior cartridge reset
@vienisas. that is the rabbit hole i'm going down right now.
i think that the proxmark way is probably one of the ways we can crack this, but that hardware cost is pretty high compared to a cheapo logic analyser and reuse old cards.
just waiting on hardware and more free time to learn about rfid and crypto.
i'm going slow and learning as i go here, so don't count on any results from me.
Re: DaVinci Junior cartridge reset
UID: 00000000000000 PWD: 5ADBF8F3
UID: 00000000000001 PWD: ABAA7D46
UID: 00000000000002 PWD: 1C064D52
UID: 00000000000003 PWD: 1608A707
UID: 00000000000004 PWD: E324D073
UID: 00000000000005 PWD: F4A0001D
UID: 00000000000006 PWD: C32EA6F2
UID: 00000000000007 PWD: 56985233
UID: 00000000000008 PWD: 48A469FE
UID: 00000000000009 PWD: 6D8417B6
UID: 00000000000010 PWD: A97836A4
I realize that the last value is not the next hex value I was in a hurry when running this set.
Re: DaVinci Junior cartridge reset
I finally understood! Page 2 must not contain FF. This is irreversible and the tag is off. It s come when we go to the end of the coil and the printer locks all .Its works with other coils not at end .Warning to length if you want to use your Tag with the password....
Re: DaVinci Junior cartridge reset
I have 7 tags and all of them was 0m but I reset them to 300, maybe new firmware writing to this bit FF, what your firmware, my 2.2.0