1,151 Reply by johnboyjr

  • johnboyjr
  • Member
  • Offline
  • Registered: 2015-12-08
  • Posts: 79

Re: DaVinci Junior cartridge reset

kr15_uk wrote:

@candle - Starting with firmware v2.2.6 any NFC chip info alterations locks particular tag.

@RapidRaid - v2.2.6 doesn't take hacked filaments, you can use it once and that's it. BUT, you can downgrade to v.2.2.0 fairly easy. You can find this post somewhere on the forum.

Btw, as you know Jr on firmware v2.2.6+ doesn't take hacked NFC tags (aka after it's been used once) - can I suggest to 2x volunteers to try to swap used NFC tags?! It's maybe used once on your Jr but for someone else it's new...
Postal stamp is cheaper than new spool of Jr filament! wink


this 2.26 does not work thing is not true i have 2.26 on my xyz and i have reset it a bunch of times

you just need to try resetting it a few times and it takes not sure what finally makes it work but it does

1,152 Reply by kr15_uk

  • kr15_uk
  • kr15_uk
  • Member
  • Offline
  • From: London
  • Registered: 2016-04-04
  • Posts: 206

Re: DaVinci Junior cartridge reset

@johnboyjr - thanks for the update. When I and some other bunch of people here was stuck on v2.2.6 we were unable to get it work. Or either we haven't tried hard enough or your machine is slightly different somehow.

But maybe that's the case - what if Jr keeps only lets say 10x records of the chip or so and after resetting it couple of times with the wrong details it's overrides cached info about the chip?!?!
Can anyone try to replicate this on any of the latest firmwares?!

kr15_uk's Website

1,153 Reply by zheli

  • zheli
  • Member
  • Offline
  • From: Sweden
  • Registered: 2016-12-03
  • Posts: 16

Re: DaVinci Junior cartridge reset

Hello everyone! Thanks for all the hard work! Just got my Da Vinci Mini last week and I wonder if I can use NFC reset hack also smile Could anyone tell me what is the password for this card? Many thanks!!!

Page: Data
[00]: 04099C19
[01]: 8A3E4D81
[02]: 78780000
[03]: E1101200
[04]: 0103A00C
[05]: 340300FE
[06]: 00000000
[07]: 00000000

Owns a DaVinci mini

1,154 Reply by johnboyjr

  • johnboyjr
  • Member
  • Offline
  • Registered: 2015-12-08
  • Posts: 79

Re: DaVinci Junior cartridge reset

kr15_uk wrote:

@johnboyjr - thanks for the update. When I and some other bunch of people here was stuck on v2.2.6 we were unable to get it work. Or either we haven't tried hard enough or your machine is slightly different somehow.

But maybe that's the case - what if Jr keeps only lets say 10x records of the chip or so and after resetting it couple of times with the wrong details it's overrides cached info about the chip?!?!
Can anyone try to replicate this on any of the latest firmwares?!

yeah it some times takes like 10 tried i just keep settin every thing back and it finally works

dont use the jr much any more anyways because i have a i3 but i will try resetting it again soon

1,155 Reply by johnboyjr

  • johnboyjr
  • Member
  • Offline
  • Registered: 2015-12-08
  • Posts: 79

Re: DaVinci Junior cartridge reset

kr15_uk wrote:

@johnboyjr - thanks for the update. When I and some other bunch of people here was stuck on v2.2.6 we were unable to get it work. Or either we haven't tried hard enough or your machine is slightly different somehow.

But maybe that's the case - what if Jr keeps only lets say 10x records of the chip or so and after resetting it couple of times with the wrong details it's overrides cached info about the chip?!?!
Can anyone try to replicate this on any of the latest firmwares?!

ok i just did it its something to do with the color settings i just keep changing them and then it kicked it

1,156 Reply by johnboyjr

  • johnboyjr
  • Member
  • Offline
  • Registered: 2015-12-08
  • Posts: 79

Re: DaVinci Junior cartridge reset

kr15_uk wrote:

@johnboyjr - thanks for the update. When I and some other bunch of people here was stuck on v2.2.6 we were unable to get it work. Or either we haven't tried hard enough or your machine is slightly different somehow.

But maybe that's the case - what if Jr keeps only lets say 10x records of the chip or so and after resetting it couple of times with the wrong details it's overrides cached info about the chip?!?!
Can anyone try to replicate this on any of the latest firmwares?!

ok i just did it its something to do with the color settings i just keep changing them and then it kicked it

1,157 Reply by kr15_uk

  • kr15_uk
  • kr15_uk
  • Member
  • Offline
  • From: London
  • Registered: 2016-04-04
  • Posts: 206

Re: DaVinci Junior cartridge reset

I see quite a lot of requests for NFC password for Mini.
Does any Mini owner actually is able to use hacked NFC chips?!
Can you also post your firmware version so we have some understanding which firmware versions are good and which aren't?!
Thanks.

kr15_uk's Website

1,158 Reply by zheli

  • zheli
  • Member
  • Offline
  • From: Sweden
  • Registered: 2016-12-03
  • Posts: 16

Re: DaVinci Junior cartridge reset

kr15_uk wrote:

I see quite a lot of requests for NFC password for Mini.
Does any Mini owner actually is able to use hacked NFC chips?!
Can you also post your firmware version so we have some understanding which firmware versions are good and which aren't?!
Thanks.

Actually I don't know how to check the printer firmware version yet tongue Is it the version shown in the bottom-right corner in XYZware? In that case my Da Vinci mini is version 1.0.6 (1A6)

Still going through all the posts in this thread, I am on page 15 right now...

Owns a DaVinci mini

1,159 Reply by cgrillo

  • cgrillo
  • cgrillo
  • Member
  • Offline
  • From: UK
  • Registered: 2016-06-14
  • Posts: 929

Re: DaVinci Junior cartridge reset

Look at the menu options on the printer itself - something like "info" then "system version" ???
The printer firmware version will then be displayed on the printer LCD.



zheli wrote:
kr15_uk wrote:

I see quite a lot of requests for NFC password for Mini.
Does any Mini owner actually is able to use hacked NFC chips?!
Can you also post your firmware version so we have some understanding which firmware versions are good and which aren't?!
Thanks.

Actually I don't know how to check the printer firmware version yet tongue Is it the version shown in the bottom-right corner in XYZware? In that case my Da Vinci mini is version 1.0.6 (1A6)

Still going through all the posts in this thread, I am on page 15 right now...

1,160 Reply by zheli

  • zheli
  • Member
  • Offline
  • From: Sweden
  • Registered: 2016-12-03
  • Posts: 16

Re: DaVinci Junior cartridge reset

cgrillo wrote:

Look at the menu options on the printer itself - something like "info" then "system version" ???
The printer firmware version will then be displayed on the printer LCD.



zheli wrote:
kr15_uk wrote:

I see quite a lot of requests for NFC password for Mini.
Does any Mini owner actually is able to use hacked NFC chips?!
Can you also post your firmware version so we have some understanding which firmware versions are good and which aren't?!
Thanks.

Actually I don't know how to check the printer firmware version yet tongue Is it the version shown in the bottom-right corner in XYZware? In that case my Da Vinci mini is version 1.0.6 (1A6)

Still going through all the posts in this thread, I am on page 15 right now...

Do you mean the XYZware? Da Vinci Mini doesn't have a LCD display on the printer itself...

Owns a DaVinci mini

1,161 Reply by cgrillo

  • cgrillo
  • cgrillo
  • Member
  • Offline
  • From: UK
  • Registered: 2016-06-14
  • Posts: 929

Re: DaVinci Junior cartridge reset

Ah - sorry about that!

zheli wrote:
cgrillo wrote:

Look at the menu options on the printer itself - something like "info" then "system version" ???
The printer firmware version will then be displayed on the printer LCD.



zheli wrote:

Actually I don't know how to check the printer firmware version yet tongue Is it the version shown in the bottom-right corner in XYZware? In that case my Da Vinci mini is version 1.0.6 (1A6)

Still going through all the posts in this thread, I am on page 15 right now...

Do you mean the XYZware? Da Vinci Mini doesn't have a LCD display on the printer itself...

1,162 Reply by zheli

  • zheli
  • Member
  • Offline
  • From: Sweden
  • Registered: 2016-12-03
  • Posts: 16

Re: DaVinci Junior cartridge reset

cgrillo wrote:

Ah - sorry about that!

No worries, thanks for the help! smile

Owns a DaVinci mini

1,163 Reply by Xenolphthalein (edited by Xenolphthalein 2016-12-04 17:26:30)

  • Xenolphthalein
  • Member
  • Offline
  • From: Germany
  • Registered: 2016-11-29
  • Posts: 34

Re: DaVinci Junior cartridge reset

Hey guys,

cgrillo sent me the pass and i was able to read the chip.
@zheli i have also the mini w (with firmware 1.0.6), but i am a little bit afraid of changing the chip because at the moment there are 66 m left on it. And it would be a shame if they were lost.

Has anyone already tried to buy some NTAG213's and just add the block data of one of the chips to it?
If we can not change the existing chip, eventually we can copy it and alter some values, so that the printer think the copied chip is a new one.

Sry for bad englisch, i am not a native speaker. smile

Regards,
xenolph

EDIT: You can now find me in the irc mentioned in the main menu of soliforum.

1,164 Reply by zheli

  • zheli
  • Member
  • Offline
  • From: Sweden
  • Registered: 2016-12-03
  • Posts: 16

Re: DaVinci Junior cartridge reset

Xenolphthalein wrote:

Hey guys,

cgrillo sent me the pass and i was able to read the chip.
@zheli i have also the mini w (with firmware 1.0.6), but i am a little bit afraid of changing the chip because at the moment there are 66 m left on it. And it would be a shame if they were lost.

Has anyone already tried to buy some NTAG213's and just add the block data of one of the chips to it?
If we can not change the existing chip, eventually we can copy it and alter some values, so that the printer think the copied chip is a new one.

Sry for bad englisch, i am not a native speaker. smile

Regards,
xenolph

If the remaining length is stored, i think it should be stored somewhere other than the printer itself. Otherwise you can bring the reseted NFC chip to anther printer and it will treat it as a unmodified one, because it doesn't have the serial number stored.

I suspect the length information is saved on their server, since I have seen POST requests that were sent from XYZware to this endpoint:

http://xyzlog.xyzprinting.com/api/getFilamentUsage

with my filament SN and printer SN. Anyway I block this address and maybe later I can try to reset my filament and see if it works.

But I would probably wait until my current filament run out as well, haha. Still have 85m to go...

Owns a DaVinci mini

1,165 Reply by Xenolphthalein

  • Xenolphthalein
  • Member
  • Offline
  • From: Germany
  • Registered: 2016-11-29
  • Posts: 34

Re: DaVinci Junior cartridge reset

I just overflew the topic, so i dont know if it was already determined if it is possible to just lock the nfc chip so that the printer cant update the remaining filament on the roll.

Fun Fact: Internet access for xyzware was one of the first things i blocked with glasswire (win).
I just looked through the glasswire log and only saw one entry: 

xyzportal.cloudapp.net

It would be interesting if we could get more informations about the api you mentioned in your last post. Eventually we can emulate our own api and point the host file to it so it tells xyzware false informations.

1,166 Reply by kr15_uk

  • kr15_uk
  • kr15_uk
  • Member
  • Offline
  • From: London
  • Registered: 2016-04-04
  • Posts: 206

Re: DaVinci Junior cartridge reset

Unfortunately NFC info is stored on the printer.
My Jr never seen "WorldWideWeb" after v2.2.6 upgrade but still managed to lock new and old NFC tags.
(3x old - used prior v2.2.6, 1x new was purchased when printer was already on v2.2.6)

kr15_uk's Website

1,167 Reply by Xenolphthalein

  • Xenolphthalein
  • Member
  • Offline
  • From: Germany
  • Registered: 2016-11-29
  • Posts: 34

Re: DaVinci Junior cartridge reset

Okay then the api is just one of many components to drm lock the filament. What about firmware hijacking i already read something somewhere in this thread, but could not find a good description. And now that we now that the used tags are stored on the printer we can surely copy the tags and alter various pages so that the printer thinks its a new one.

But therefore we have to know how the password is generated. I hope cgrillo has some success with the algorithm and will tell us how to when he knows more.

1,168 Reply by cgrillo (edited by cgrillo 2016-12-04 22:13:49)

  • cgrillo
  • cgrillo
  • Member
  • Offline
  • From: UK
  • Registered: 2016-06-14
  • Posts: 929

Re: DaVinci Junior cartridge reset

No luck as yet.
All UIDs, passwords and PACKs to date are attached in case anyone else wants to have a look
*Edit - seems to be tab seperated!


Xenolphthalein wrote:

Okay then the api is just one of many components to drm lock the filament. What about firmware hijacking i already read something somewhere in this thread, but could not find a good description. And now that we now that the used tags are stored on the printer we can surely copy the tags and alter various pages so that the printer thinks its a new one.

But therefore we have to know how the password is generated. I hope cgrillo has some success with the algorithm and will tell us how to when he knows more.

Post's attachments

Davinci Card Nos.csv 2.53 kb, 28 downloads since 2016-12-04 

You don't have the permssions to download the attachments of this post.

1,169 Reply by Xenolphthalein

  • Xenolphthalein
  • Member
  • Offline
  • From: Germany
  • Registered: 2016-11-29
  • Posts: 34

Re: DaVinci Junior cartridge reset

Thank you for sharing the list, how do you currently extract the passwords from the UID?
I for myself will try to figure out some kind of algorithm with the data you have given me.

If the thing with the copied and altered NFC works, we can just collect more and more valid combinations and just use them. As far as i see we have already about 60 Entries with valid uid and pwd combinations. That should be enough for a long time of printing.

But ther comes another question, is the UID somehow bound to the color and length?

1,170 Reply by Bozotclown1970

  • Bozotclown1970
  • Bozotclown1970
  • Member
  • Offline
  • From: USA
  • Registered: 2016-01-05
  • Posts: 1,516

Re: DaVinci Junior cartridge reset

Xenolphthalein wrote:

Hey guys,

Has anyone already tried to buy some NTAG213's and just add the block data of one of the chips to it?
If we can not change the existing chip, eventually we can copy it and alter some values, so that the printer think the copied chip is a new one.

Regards,
xenolph

EDIT: You can now find me in the irc mentioned in the main menu of soliforum.


Ok, just for grins I updated one of my paper tags with the first PACK code on cgrillo's list with no luck. I do believe the PACK code is calculated just like the password is. So until we can figure out the encryption we are stuck updating what we have.

1,171 Reply by donox59

  • donox59
  • Member
  • Offline
  • Registered: 2016-12-05
  • Posts: 34

Re: DaVinci Junior cartridge reset

Hello, I just spent two days reading the forum because I have a xyz junior meter in V.S 2.2.7 what can I do for the rest filaments?
Re switch to lower version?
Or purchased an empty nfc card or purchased a PN532?
Or other?   

My nfs card
04F17F02
22973C80
09480000
E1101200
00000000
00000000
00000000
00000000

Thank you really and very pretty work has you all in any case
Ps sorry for my imperfect English

1,172 Reply by cgrillo

  • cgrillo
  • cgrillo
  • Member
  • Offline
  • From: UK
  • Registered: 2016-06-14
  • Posts: 929

Re: DaVinci Junior cartridge reset

The UID is not connected to the colour or length.  The UID is read only on ly on official NTAG213 cards so in general can't be changed.
As mentioned above, the PACK is the major roadblock at the moment as there are 2 of us who can generate passwords for any given UID.  As the PACK is stored on the card, that can't be generated as easy as the user visible UID - hence whenever passwords are given out the PACK is asked for in return.  I'm assuming that the PACK is related to the UID - or how else could the printer validate it?



Xenolphthalein wrote:

Thank you for sharing the list, how do you currently extract the passwords from the UID?
I for myself will try to figure out some kind of algorithm with the data you have given me.

If the thing with the copied and altered NFC works, we can just collect more and more valid combinations and just use them. As far as i see we have already about 60 Entries with valid uid and pwd combinations. That should be enough for a long time of printing.

But ther comes another question, is the UID somehow bound to the color and length?

1,173 Reply by Xenolphthalein (edited by Xenolphthalein 2016-12-05 10:30:24)

  • Xenolphthalein
  • Member
  • Offline
  • From: Germany
  • Registered: 2016-11-29
  • Posts: 34

Re: DaVinci Junior cartridge reset

Thank you for the update. I agree with you regarding the validation of the printer through UID and PACK.
@Bozotclown1970 so you already have NTAG213's at home? Thats good, so once we find out how all the values are connected with each other you can test it.

EDIT: The Topic is getting quite long, i will try to compress everything that we know and create a new topic for it, so that we have a big overview in the first post which will be altered every now and then with new informations. Also i would split the Topic in two sperate sections, one for the JR and one for the mini.

1,174 Reply by nicolo.berry

  • nicolo.berry
  • Newbie
  • Offline
  • Registered: 2016-12-05
  • Posts: 1

Re: DaVinci Junior cartridge reset

EDIT: The Topic is getting quite long, i will try to compress everything that we know and create a new topic for it, so that we have a big overview in the first post which will be altered every now and then with new informations. Also i would split the Topic in two sperate sections, one for the JR and one for the mini.


Hello, tanks for this. I'm quite new. Upgraded Davinci Junior 1.0 to the last firmware yesterday evening. May i have some chances to hack the RFID system?
The filaments cost a lot of euros...

1,175 Reply by fj.aquino

  • fj.aquino
  • Newbie
  • Offline
  • From: Spain
  • Registered: 2016-12-05
  • Posts: 8

Re: DaVinci Junior cartridge reset

Hello everyone! Still digesting all the info in this (long) thread!
I've just received my Vinci Mini w and x4 1 kg rolls of third party PLA :( This was sort of a compulsive black friday buy and the shop's product page didn't say anywhere this thing would only work with first party filament.

The Mini w didn't arrive with a software CD so I downloaded XYZWare (v2.1.16.4) from xyzprinting page. This version enforces user registration and also won't allow the user to print until FW is up to date. My out-of-the-box FW version was 1.0.9 but I'm now on 1.1.2 because of this.

I've connected the Mini w via Wi-Fi so I could try some port scanning and/or traffic monitoring more easily. A port scan with nmap revealed only port 9100 (JetDirect) as open. Still have to try traffic monitoring though.

@cgrillo
Here goes my NFC tag data:
[00]: 0450E438
[01]: 32B44280
[02]: 44480000
[03]: E1101200
[04]: 0103A00C
[05]: 340300FE
[06]: 00000000
[07]: 00000000

Thank you everybody for all the info in this thread and thanks @cgrillo for taking the bother to help.