RFID/NFC Troubleshooting: Writes Fail but Reads Work

Reads use the lowest privilege path: often UID + public user memory. Writes require the correct key, the correct block addressing, and writable access bits in the sector trailer (for Classic-style tags). If any of those are wrong, you get authentication failures—or silent refusal—while reads still look fine.

1) Usually not an RF problem

If UID reads reliably and public pages read reliably, coupling is often good enough. Persistent write failures point to authentication or permissions, not antenna wobble.

2) Keys: default, changed, or unknown

• Default keys: many lab tags still ship with well-known defaults; production badges often do not.
• Key A vs Key B: some operations require one key for read and the other for write, depending on trailer bits.
• “Partial knowledge”: you might read UID without ever authenticating to user sectors—don’t confuse that with having write keys.

3) Wrong block or page

• Off-by-one addressing: tools enumerate blocks differently; verify decimal vs hex and first-block offsets.
• Manufacturer pages: some areas are read-only by design—writes fail even with a valid key.

4) Sector trailers and access bits

On MIFARE Classic–style layouts, the last block of each sector is the sector trailer: it stores keys and access bits that define whether data blocks are read/write or read-only. Mis-set access bits can lock a sector—including locking you out if you don’t have the surviving key.

• Treat trailer writes as dangerous: test on disposable tags.
• “Read works, write denied” often matches read-only access bits for that block.

5) Tag family: Ultralight vs Classic vs DESFire

• NTAG/Ultralight: page-based; some variants are password-protected; lock bytes can make writes fail.
• Classic: sector-based keys + access bits; classic debugging workflow applies.
• DESFire / EVx: application IDs and file permissions; reads and writes are not “one key fits all.”

6) A tight lab workflow

1. Identify tag family and document UID + what read without authentication.
2. Authenticate explicitly with known keys on a disposable test tag before touching production-like cards.
3. Target a single writable block in a sector you control; verify write, then read back.
4. If writes fail, dump access conditions (as your tool allows) before retrying.

Validation criteria

1. You can explain failure as keys, block choice, or access bits—not “bad RF,” unless reads are also unstable.
2. You have a write/read-back proof on a lab tag with documented keys.
3. You have avoided bricking tags: no trailer experiments on non-disposable media.