I would like to store data in an NFC tag in a secure way to avoid copying, but I would like the tag to be affordable and supported by most devices (smartphones).
The NTag21x seems better than the classic Mifare whose algorithm has been corrupted. But is it possible with this one to lock part of the data by leaving an NDef record accessible for reading?
Is the NTag21x secure? I saw that its password was 32 bits, and it seems easy to break with a dictionary. Am I wrong?
On the other hand, after a lot of research I can't really find any detailed documentation on the subject. I don't understand how a reader can tell the difference between the different tags, and what they have in common at the communication protocol level, how to detect a type of tag, and know if I can support it in my application. I would like to make a C# / Xamarin application.
You need to read the datasheet for the tag.
It is section 8.5.7 and allows you to set the first page with the AUTH0 field at which the password is used from.
Thus the first part of the tag can be readable and later pages can be read/write protected. As long as the tag is big enough to store Ndef message at the beginning of the tag and your private data at the end of the tag without using overlapping pages, you can achieve free-to-read and password-protected data.
You can also set the AUTHLIM to set the maximum number of negative password verification attempts, so that it is not possible to brute force the password.
To configure these features, you need to write to the appropriate memory pages using the low level NfcA transceive commands detailed in the datasheet.
The biggest problem you have with password protection is if you freely hand out an app that uses the password as it is trivial to reverse engineer the password from the JVM byte code that uses it.
You don't really need to know how the different tags are identified, but having a good understanding of how the different levels of protocols and standards fit together is key, and this is where this diagram from Wikipedia is good.
