Hacking DIY amiibo cards

[piratesephiroth]

I need to find how to edit the UID - You can write to an amiibo or tag by using AmiiWrite.
http://amiibo.codlab.eu/amiibo.apk

Does this site even work?

 

[aracom]

http://amiibo.codlab.eu/amiibo.apk

That link doesn't work, just gives me a timeout.

 

[Tesa]

That link doesn't work, just gives me a timeout.

@pokasmax posted it here: https://gbatemp.net/threads/save-and-restore-your-amiibos-on-android.403072/

You can clone the repo and compile it yourself: https://github.com/codlab/amiibo

 

[SuperSVGA]

What's the issue everyone's having?
Writing and editing should be the easy part.

 

[piratesephiroth]

@pokasmax posted it here: https://gbatemp.net/threads/save-and-restore-your-amiibos-on-android.403072/

You can clone the repo and compile it yourself: https://github.com/codlab/amiibo

And download the android SDK?
Nah, better wait for the site to come back...

 

[SuperSVGA]

And download the android SDK?
Nah, better wait for the site to come back...

Why not just use Mifare++ Ultralight? That's what I use for all my reading, editing, and writing.

 

[Supercool330]

One other small problem, I'm not sure how to generate the 32 byte xorpad. The pastebin post a while back with all the keys in it had the AES IV and KeyY needed to create the xorpad, and I feel like it should be fairly straight forward with Decrypt9, but I'm not really that familiar with xorpad generation. Has anybody else done this before?

 

[Deleted User]

You're trying to encrypt and decrypt, aren't you? Get an API key from the guy and use amiicli.sh

 

[OctopusRift]

You're trying to encrypt and decrypt, aren't you? Get an API key from the guy and use amiicli.sh

oorrr just use his online thing.

 

[Deleted User]

Or do that.

 

[asper]

Set1 keys:
1st 3 are DEVs data (and they are all correct).
2nd 3 are DEVs data and HMAC key is 830E75...

Set2 keys:
1st 3 are retail data and HMAC key is 1D164B...
2nd 3 are retail data and HMAC key is 7F752D...


As stated, algo for xorpad: AES-128 CTR mode: 1st key is AES KeyY, 2nd key is AES IV.

Resulting xorpads are:
495B197A5B802055AEE8AE8EA08E053233C770A8A99E6DAD6F1CA01FE3618022 (for DEVs)
044917DC76B49640D6F83939960FAED4EF392FAAB21428AA21FB54E545054766 (for retail)

xorpads ARE NOT copyrighted materials... they are just... xorpads, so no reason to censor them



Everything started from this great job.

 

[solitaire4eva]

Thanks to the OP for posting!

 

[fraret]

Set1 keys:
1st 3 are DEVs data (and they are all correct).
2nd 3 are DEVs data and HMAC key is 830E75...

Set2 keys:
1st 3 are retail data and HMAC key is 1D164B...
2nd 3 are retail data and HMAC key is 7F752D...


As stated, algo for xorpad: AES-128 CTR mode: 1st key is AES KeyY, 2nd key is AES IV.

Resulting xorpads are:
495B197A5B802055AEE8AE8EA08E053233C770A8A99E6DAD6F1CA01FE3618022 (for DEVs)
044917DC76B49640D6F83939960FAED4EF392FAAB21428AA21FB54E545054766 (for retail)

xorpads ARE NOT copyrighted materials... they are just... xorpads, so no reason to censor them



Everything started from this great job.

Thank you very much, you just released the last key needed (well, the xorpads). I couldn't find any documentation about how they work, so I couldn't calculate them with the keys. Now I only have to find the way to use the keys and the xorpad with amiibo-tools

EDIT: Which set is the developer one and which is the retail?

 

[Supercool330]

Set1 keys:
1st 3 are DEVs data (and they are all correct).
2nd 3 are DEVs data and HMAC key is 830E75...

Set2 keys:
1st 3 are retail data and HMAC key is 1D164B...
2nd 3 are retail data and HMAC key is 7F752D...


As stated, algo for xorpad: AES-128 CTR mode: 1st key is AES KeyY, 2nd key is AES IV.

Resulting xorpads are:
495B197A5B802055AEE8AE8EA08E053233C770A8A99E6DAD6F1CA01FE3618022 (for DEVs)
044917DC76B49640D6F83939960FAED4EF392FAAB21428AA21FB54E545054766 (for retail)

xorpads ARE NOT copyrighted materials... they are just... xorpads, so no reason to censor them



Everything started from this great job.

Awesome; thanks asper. Out of curiosity, how did you generate the xorpads?

 

[asper]

Maybe using a 3ds ?

 

[Supercool330]

Maybe using a 3ds ?

lol, I figured. I was curious on how you interacted with the AES module. Did you use decrypt9 somehow, or something else?

 

[Sliter]

well guys this is really awesome XD I want to do some :v there are no way they can be blocked, right? XD

Also... there is a way to do the same with skylanders/disney stuff? °w°

 

[nurofen]

Could someone help out please?
I have created a.bin file of Mario using amiiqo.
I have successfully run it through the online decrypt-er and I am able to read the contents of the file.
What I am trying to do is use the amiitool to do the same decrypting. I have a binary keys file 80 bytes in length using the info I have found here, however amiitool says simply says
"!!! WARNING !!!: Tag signature was NOT valid".

Any idea what I am doing wrong?

 

[javiMaD]

Could someone help out please?
I have created a.bin file of Mario using amiiqo.
I have successfully run it through the online decrypt-er and I am able to read the contents of the file.
What I am trying to do is use the amiitool to do the same decrypting. I have a binary keys file 80 bytes in length using the info I have found here, however amiitool says simply says
"!!! WARNING !!!: Tag signature was NOT valid".

Any idea what I am doing wrong?

Your keyfile is correct?
Please post MD5 or SHA1 of your keyfile for check it

 

[nurofen]

looking in a hex editor this is what the last 4 columns look like.

I have basically tried everything from a pastebin file and the xorpads, hopefully it is just a case of finding the right combination.