NTAG424 DNA is one of the most advanced secure NFC chips available today. With built-in AES-128 cryptography, Secure Dynamic Messaging (SDM), and SUN (Secure Unique NFC) Message technology, it has become the preferred choice for anti-counterfeiting, product authentication, Digital Product Passports (DPP), and secure customer engagement applications.
However, programming an NTAG424 DNA tag is very different from programming a standard NTAG213 or MIFARE Ultralight tag. It requires an understanding of secure files, APDU commands, encryption keys, and backend authentication.
This guide covers everything you need to know about NTAG424 DNA programming, including available SDKs, APIs, software tools, and development approaches.
Understanding NTAG424 DNA Architecture
Before writing any code, it’s important to understand how NTAG424 DNA works.
The chip supports:
- 13.56 MHz NFC frequency
- ISO/IEC 14443 Type A
- ISO/IEC 14443-4 (ISO-DEP) communication
- AES-128 mutual authentication
- Secure Dynamic Messaging (SDM)
- Encrypted file access
- Multiple file structures and access rights
Unlike ordinary NFC tags, NTAG424 DNA is essentially a secure microcontroller that communicates using APDU commands.
Typical NTAG424 DNA Development Workflow
Initialize Tag
↓
Change Default Keys
↓
Create File Structure
↓
Configure Access Rights
↓
Enable SDM
↓
Write URL Template
↓
Test Authentication
↓
Deploy Production Tags
Programming Methods for NTAG424 DNA
There are generally three ways to program NTAG424 DNA tags.
Method 1: NXP TagXplorer Software
TagXplorer is NXP’s official desktop software for configuring secure NFC tags.
Features
- Configure file settings
- Change AES keys
- Enable SDM
- Create encrypted URLs
- Read and write NDEF records
- Test authentication
Advantages
- Easy to use
- No coding required
- Ideal for prototypes and testing
Limitations
- Not suitable for mass production
- Limited automation capabilities
Method 2: Programming with SDKs
For commercial projects, developers typically use SDKs.
The most common development platforms are:
- Android
- iOS
- Windows
- Linux
- Embedded systems
Android Development
Android provides excellent support for NTAG424 DNA development.
APIs Used
NfcAdapter
IsoDep
Tag
Communication Method
Smartphone
↓
ISO-DEP
↓
APDU Commands
↓
NTAG424 DNA
Common Functions
- Select application
- Authenticate with AES keys
- Read files
- Write files
- Configure SDM
- Read SUN messages
Example Android Workflow
IsoDep isoDep = IsoDep.get(tag);
isoDep.connect();
isoDep.transceive(apduCommand);
Developers generally build a custom authentication application on top of these APIs.
iOS Development
Apple supports NTAG424 DNA communication through Core NFC.
Main APIs
NFCTagReaderSession
NFCISO7816Tag
sendCommand()
Supported Functions
- APDU communication
- Authentication
- Read and write files
- Read encrypted messages
Limitations
- Requires iOS 13 or newer
- More restrictive than Android
- Background NFC access is limited
PC Development (Windows & Linux)
Desktop applications often use USB NFC readers such as:
- ACR122U
- ACR1252U
- HID Omnikey readers
Programming is usually done using:
- C#
- Java
- Python
- C++
- Node.js
Communication is typically handled through:
- PC/SC libraries
- Reader SDKs
- APDU command interfaces
Popular Development Languages
Python
Python is widely used for:
- Authentication servers
- Batch programming
- Production tools
- Backend services
Popular libraries:
pyscard
nfcpy
Java
Common for:
- Android applications
- Enterprise authentication systems
- NFC middleware
C#
Common for:
- Windows desktop software
- Manufacturing tools
- Production encoding systems
Node.js
Popular for:
- Backend authentication services
- Cloud APIs
- Web-based management systems
Understanding APDU Commands
NTAG424 DNA uses Application Protocol Data Unit (APDU) commands.
Typical commands include:
| Function | Purpose |
|---|---|
| Select Application | Select NFC application |
| Authenticate EV2 | AES authentication |
| Read Data | Read file content |
| Write Data | Write file content |
| Change Key | Update AES keys |
| Get File Settings | Read configuration |
| Change File Settings | Configure permissions |
Almost all secure operations require APDU communication.
Programming Secure Dynamic Messaging (SDM)
SDM is one of the most powerful features of NTAG424 DNA.
A typical URL template looks like:
https://yourdomain.com/auth?e={ENC}&c={CMAC}
Each tap generates:
- Encrypted data
- Dynamic counter
- Secure MAC
- Unique message
The backend server then:
- Receives the parameters.
- Decrypts the message.
- Verifies authenticity.
- Returns the authentication result.
Backend Authentication API Architecture
Smartphone
↓
Scan Tag
↓
Open URL
↓
Authentication API
↓
Decrypt SUN Message
↓
Database Lookup
↓
Return Result
Most anti-counterfeit projects use:
- REST APIs
- Cloud databases
- Product management systems
- Analytics dashboards
Mass Programming NTAG424 DNA Tags
For production projects, manufacturers often need to encode thousands or millions of tags.
Typical workflow:
Import Serial Numbers
↓
Generate Encryption Keys
↓
Configure SDM
↓
Write Dynamic URLs
↓
Verify Programming
↓
Export Database
Mass programming software is usually developed using:
- Reader SDKs
- PC/SC APIs
- Python scripts
- Production encoding software
Recommended Tools for NTAG424 DNA Development
| Tool | Purpose |
|---|---|
| NXP TagXplorer | Configuration and testing |
| ACR122U | Development reader |
| ACR1252U | Commercial deployment |
| Android Studio | Android app development |
| Xcode | iOS development |
| Python + pyscard | Batch encoding |
| Postman | API testing |
| MySQL / PostgreSQL | Authentication database |
Typical NTAG424 DNA Project Architecture
NTAG424 DNA Tag
↓
Smartphone Scan
↓
Authentication API
↓
Database
↓
Analytics Dashboard
↓
Consumer Verification Result
Common Programming Challenges
1. Default Keys Not Changed
Leaving factory keys unchanged creates security risks.
2. Incorrect Access Rights
Improper permissions can permanently lock files.
3. Storing AES Keys in the Mobile App
Keys should always remain on the server.
4. Improper SDM Configuration
Incorrect offsets or URL settings can break authentication.
5. Lack of Production Planning
Mass deployment requires:
- Key management
- UID tracking
- Database synchronization
- Programming verification
Which Development Approach Should You Choose?
| Project Type | Recommended Method |
|---|---|
| Prototype | TagXplorer |
| Mobile App | Android SDK / Core NFC |
| Authentication Platform | REST API + Backend |
| Production Encoding | Python + PC/SC |
| Enterprise Deployment | Custom SDK Solution |
Conclusion
Programming NTAG424 DNA involves much more than simply writing an NFC tag. Because of its advanced security architecture, developers must work with:
- ISO-DEP communication
- APDU commands
- AES authentication
- Secure Dynamic Messaging (SDM)
- Backend authentication APIs
For small projects, NXP TagXplorer is an excellent starting point. For commercial deployments, custom applications and server-side authentication systems provide the flexibility and security needed for large-scale anti-counterfeit and Digital Product Passport solutions.
With the right SDKs, APIs, and tools, NTAG424 DNA can power highly secure NFC applications that protect brands, engage consumers, and create trusted digital identities for physical products.