The NFC function is pretty simple, handled by a few €-Cent part from NXP, a NTAG203(F), with a fixed data record which contains an “application/vnd.bluetooth.ep.oob”, see below, for which the documentation can be found here. The interesting part is that the contents of the NFC chip is not write protected at all, i.e. everyone with access to the device can program arbitrary stuff into the 144 bytes of user memory. Pretty bad idea. Even worse, a bad guy could reprogram and lock it! So you would even not be able to restore it. Very bad idea.
The contained NDEF records show that it does not support any simple pairing scheme, just the transmission of the device’s MAC address (BDADDR in Bluetooth jargon).
-- INFO ------------------------------ # IC manufacturer: NXP Semiconductors # IC type: NTAG203(F) (NTAG203(F)) # NFC Forum NDEF-compliant tag: Type 2 Tag -- NDEF ------------------------------ # NFC data set information: NDEF message containing 2 records Current message size: 81 bytes Maximum message size: 137 bytes NFC data set access: Read & Write Can be made Read-Only # Record #1: Handover Select record: Type Name Format: NFC Forum well-known type Short Record type: "Hs" version: 1.2 # Alternative Carrier record type: "ac" * carrier power state: Active * carrier data record: "0" * no auxiliary data records Payload length: 10 bytes Payload data: [00] 12 D1 02 04 61 63 01 01 30 00 |....ac..0. | # Record #2: Bluetooth Secure Simple Pairing record: Type Name Format: MIME type (RFC 2046) Short Record, ID Length present ID: "0" type: "application/vnd.bluetooth.ep.oob" OOB data length: 27 bytes * Error: length should include length field MAC address: xx:xx:xx:xx:xx:xx * Manufacturer: PARROT SA Complete local name: "Parrot ZIK 2.0" Device class: 20:04:04 * Service class: - Audio * Major type: Audio/Video * Minor type: Wearable headset * Format type: Format #1 Payload length: 29 bytes Payload data: [00] 1B 00 xx xx xx xx xx xx 0F 09 50 61 72 72 6F 74 |.... .....Parrot| [10] 20 5A 49 4B 20 32 2E 30 04 0D 04 04 20 | ZIK 2.0.... | # NDEF message: [00] 91 02 0A 48 73 12 D1 02 04 61 63 01 01 30 00 5A |...Hs....ac..0.Z| [10] 20 1D 01 61 70 70 6C 69 63 61 74 69 6F 6E 2F 76 | ..application/v| [20] 6E 64 2E 62 6C 75 65 74 6F 6F 74 68 2E 65 70 2E |nd.bluetooth.ep.| [30] 6F 6F 62 30 1B 00 xx xx xx xx xx xx 0F 09 50 61|oob0.... =....Pa|
[40] 72 72 6F 74 20 5A 49 4B 20 32 2E 30 04 0D 04 04 |rrot ZIK 2.0....| [50] 20 | | # NDEF Capability Container (CC): Mapping version: 1.0 Maximum NDEF data size: 144 bytes NDEF access: Read & Write E1 10 12 00 |.... | # Control TLVs: Lock Control TLV at address 0x04, offset 0 * Dynamic lock bytes at address 0x28, offset 0 - 16 lock bits - 16 bytes locked per lock bit 01 03 A0 10 44 |....D | -- EXTRA ------------------------------ # Memory size: 168 bytes total memory * 42 pages, with 4 bytes per page * 144 bytes user memory (36 pages) # IC detailed information: Full product name: * NT2H0301G0DUD or NT2H0301F0DTx -- TECH ------------------------------ # Detailed protocol information: ID: xx:xx:xx:xx:xx:xx:xx ATQA: 0x4400 SAK: 0x00 # Memory content: [00] * xx:xx:xx D2 (UID0-UID2, BCC0) [01] * xx:xx:xx:xx (UID3-UID6) [02] . 31 48 00 00 (BCC1, INT, LOCK0-LOCK1) [03] . E1:10:12:00 (OTP0-OTP3) [04] . 01 03 A0 10 |....| [05] . 44 03 51 91 |D.Q.| [06] . 02 0A 48 73 |..Hs| [07] . 12 D1 02 04 |....| [08] . 61 63 01 01 |ac..| [09] . 30 00 5A 20 |0.Z | [0A] . 1D 01 61 70 |..ap| [0B] . 70 6C 69 63|plic|
[0C] . 61 74 69 6F|atio|
[0D] . 6E 2F 76 6E|n/vn|
[0E] . 64 2E 62 6C|d.bl|
[0F] . 75 65 74 6F|ueto|
[10] . 6F 74 68 2E |oth.| [11] . 65 70 2E 6F|ep.o|
[12] . 6F 62 30 1B |ob0.| [13] . 00 xx xx xx |... | [14] . xx xx xx 0F |....| [15] . 09 50 61 72 |.Par| [16] . 72 6F 74 20 |rot | [17] . 5A 49 4B 20 |ZIK | [18] . 32 2E 30 04 |2.0.| [19] . 0D 04 04 20 |... | [1A] . FE 00 00 00 |....| [1B] . 00 00 00 00 |....| [1C] . 00 00 00 00 |....| [1D] . 00 00 00 00 |....| [1E] . 00 00 00 00 |....| [1F] . 00 00 00 00 |....| [20] . 00 00 00 00 |....| [21] . 00 00 00 00 |....| [22] . 00 00 00 00 |....| [23] . 00 00 00 00 |....| [24] . 00 00 00 00 |....| [25] . 00 00 00 00 |....| [26] . 00 00 00 00 |....| [27] . 00 00 00 00 |....| [28] . 00 00 -- -- (LOCK2-LOCK3) [29] . 00 00 -- -- (CNT0-CNT1, value: 0) *:locked & blocked, x:locked, +:blocked, .:un(b)locked