🧠 The New Hardware — Three Boards, One Purpose

NullTag v2 is built as a three-piece PCB stack.

The main board handles logic and UI. It includes:

✅ ESP32 MCU

✅ 240×240 TFT LCD (ST7789 driver)

✅ Dedicated power management circuitry

✅ 3-way hardware switch

This board is stable. It works. No drama there.

The second board is dedicated to the PN532. No module this time — just the chip and the required supporting components, connected over SPI.

The third board is the antenna. Just the antenna. A custom PCB coil designed for 13.56 MHz.

Separating the antenna was intentional. RF design is unpredictable. If I need to tweak the coil geometry or matching components, I don’t want to respin the entire main board.

That decision turned out to be very important.

🧩 Firmware

This isn’t an Arduino demo sketch anymore.

The firmware is structured:

• 📟 TFT menu-driven interface

• 🔘 3-button navigation (UP / DOWN / SELECT)

• 🔌 PN532 over SPI

• 🖥 Terminal-style diagnostic output

• 📡 Reader + Target mode support

• 🔍 Clear bring-up validation

On boot, the system checks communication with the PN532. If SPI fails, it stops and shows an error. No guessing.

Menus are navigated with three buttons. The display has a terminal-style interface. It feels like a device, not a dev board with a screen attached.

Feature-wise, it includes:

📖 1) Read

Reads ISO14443A tags, captures UID, identifies likely card family (Classic, Ultralight, NTAG, DESFire heuristic), and reads accessible blocks/pages.

🧬 2) Clone

Performs full source tag read and target write flow.

Includes authentication attempts and write verification.

Success depends on tag compatibility and key access.

🧹 3) Erase

Authenticates writable regions and clears memory where allowed.

Respects lock bits and card permissions.

📦 4) Dump

Reads sequential sectors or pages and exports structured hex data over serial.

Reports read failures when access conditions block memory.

📋 5) Card Info

Displays:

• UID length

• UID value

• Detected card family

Uses anti-collision and behavioral probing to classify tags.

🔐 6) Decode Access

Parses MIFARE access-condition bytes and translates bitfields into readable permissions.

No more raw hex confusion.

⚠️ 7) Disrupt Tag

Executes aggressive authentication and write patterns for resilience testing.

Can permanently alter tags.
Intended only for disposable test media you own.

⚠️ 8) Disrupt Emulator

Uses PN532 target mode to generate edge-case or non-standard responses.

Designed for testing reader robustness and error handling.

📊 9) Scan UIDs

Continuously polls for nearby tags.

• Converts UID bytes to hex

• Stores unique set in memory

• Updates live counters

• Logs over serial

Perfect for antenna validation.

🔎 10) MIFARE Audit Mode

Attempts default/common key validation and access-path testing.

Designed strictly for authorized security evaluation.

🔁 11) Reader Emulation Test

Validates PN532 initiator/target transitions.

Tests APDU exchange behavior and timing compatibility.

📋 12) Card Audit

Combines:

• Type detection

• Memory sampling

• Default-key probing

• Configuration consistency checks

Into a compact security summary.

Some of these are for lab use only. Some are for auditing. But the goal is simple: turn NullTag into an NFC research platform, not just a reader.

⚡ The Moment Everything Looked Perfect

Power it on. Display initializes. ESP32 boots cleanly. SPI communication works. PN532 firmware version detected successfully.

That moment feels good. Everything digital is alive.

You scroll through the menu, select “Scan UID,” bring a tag close…

Nothing.

No UID. ...