PWD and PACK in the MiFARE and NTAG standards

Question

My question relates to the use of the PWD and PACK in the MiFARE and NTAG standards. It's similar to NTAG212 Mifare Ultralight with Authentication

If I understand correctly, the idea behind PWD_AUTH is that the Proximity Coupling Device (PCD) sends the password and the tag responds with the PACK. Other parameters AUTHLIM, PROT and AUTH0 respectively set the number of attempts, the memory protection, and page addresses to apply the password.

My questions are:

1) Should the tag itself be programmed with the PWD and the PACK values or just PACK? For example on MF0UL21 tags this would be on pages 39 and 40 respectively?

2) Consider a situation where the PROT value is set so that the PWD_AUTH is only needed for write access. Then wouldn't be possible to read the tag contents and the PWD and PACK values?

Answer 1

1. You need to program both PWD and PACK. Not programming the PWD would result in the tag only authenticating with whatever PWD that was previously written (FF FF FF FF out of the factory).
2. PWD and PACK can never be read out because the tag will transmit zeroes instead of the actual values. This is described in the tag's datasheet.