NTAG216 Amiibo collaboration thread

Discussion in 'Wii U - Hacking & Backup Loaders' started by KingOfTaurus, Mar 4, 2016.

  1. KingOfTaurus
    OP

    KingOfTaurus GBAtemp Regular

    Member
    174
    83
    Feb 19, 2016
    United States
    Las Vegas
    I received this directly from NXP the creator of the NTAG's

    Basically there's no such thing as a partition and if you lock the last 384 bytes with FF's and then write with tagmo, it should work. I'll try it in a bit. The program I use to write to the cards is not user friendly whatsoever.

    Edit:

    FF3F7FBD on page 226 (the dynamic lock) of ntag216 would lock the pages 16-224 and then block 16-225


    However:

    The ntag215 has 01000FBD written to its page 132 (the dynamic lock) which means:

    16-31 are locked (not everything)
    16-129 are blocked (everything)


    Perhaps what we need is 01007FBD written to 216

    16-31 locked (not everything)
    16-225 blocked (everything)


    Edit again:

    I found an anomaly

    on the successfully written 215's there's a page 135 (that according to the datasheet, does not exist)

    Where is this extra ghost page coming from?
     
    Last edited by KingOfTaurus, Mar 15, 2016


  2. gualala

    gualala Advanced Member

    Newcomer
    64
    27
    May 2, 2011
    United States
    What method did you used to read the '215 tag that page 135 appeared? READ command grabs 4 pages and will roll-over at the end.
     
  3. KingOfTaurus
    OP

    KingOfTaurus GBAtemp Regular

    Member
    174
    83
    Feb 19, 2016
    United States
    Las Vegas
    Just a simple reading program obtained on the markeplace. After seeing that 135th page, I see that it does mirror the 1st page. Perhaps that's the key to tricking the 216 to read like a 215.

    mirror that page 135 with the 1st. trying now

    Edit: that failed.
     
    Last edited by KingOfTaurus, Mar 15, 2016
  4. Phantisy

    Phantisy Advanced Member

    Newcomer
    87
    18
    Feb 12, 2016
    United States
    When I read the tag info with the app on my phone I see page 0-134. You are able to create an NDEF "partition", but I am not sure this is what needs to be done to take up those "extra" 384 bytes and you just fill them with FF's. I do not have any 216 tags to try anything though. All I have are 215's.
     
  5. KingOfTaurus
    OP

    KingOfTaurus GBAtemp Regular

    Member
    174
    83
    Feb 19, 2016
    United States
    Las Vegas
    Ill try making a 384 byte ndef message on a 216 then write with tagmo and see what happens. Give me a minute to update this post

    Edit: I wrote a 384 byte ndef and "locked" it, but I guess it was not a permanent lock and tagmo overwrote it and messed it all up again as if I had not wrote anything. Trying again and going to manually lock those pages. Wish me luck on the next attempt
     
    Last edited by KingOfTaurus, Mar 15, 2016
  6. Phantisy

    Phantisy Advanced Member

    Newcomer
    87
    18
    Feb 12, 2016
    United States
    It may be possible that it has to be done after page 134. Do you know what the pages look like on a blank 215 tag?

    EDIT:

    It looks like there is a way to write to specific bytes. I am sure you would need to lock those pages/bytes once you write to them as well.
     
    Last edited by Phantisy, Mar 15, 2016
  7. KingOfTaurus
    OP

    KingOfTaurus GBAtemp Regular

    Member
    174
    83
    Feb 19, 2016
    United States
    Las Vegas
    Here's a blank 215 tag ignore the last page

    Edit: If I were to write 348 bytes from page 225 of a 216 backwards going up, id write 87 pages of data and land on page 138. I cannot lock page 139 and beyond, due to the way the locks work. If I were to lock page 138, I'd also be locking 112-143 in the process.

    If I were to write 384, id write 96 pages and land on page 129, which would write into the area that an Amiibo needs. and again I could not lock page 130 and beyond.


    Here's a spreadsheet explaining the locks for 216, 215, and a written Amiibo for you guys to look at

    https://docs.google.com/spreadsheets/d/1jAAgJD8ENUqq827NXMye6j3SuU0oJJPCK4vnfCJL1uw/edit?usp=sharing
     

    Attached Files:

    Last edited by KingOfTaurus, Mar 15, 2016
  8. KingOfTaurus
    OP

    KingOfTaurus GBAtemp Regular

    Member
    174
    83
    Feb 19, 2016
    United States
    Las Vegas
    I found something online about having multiple NDEF messages:


     
  9. asper

    asper GBAtemp Advanced Fan

    Member
    610
    306
    May 14, 2010
    United States
    Here it is what a pm3 listen to a pad<->ntag216 transaction:
    Code:
    40662432 |   40663488 | Rdr |26                                                               |     | REQA
       40664676 |   40667044 | Tag |44  00                                                           |     |
       41114480 |   41119248 | Rdr |50  00  57  cd                                                   |  ok | HALT
       41183824 |   41184816 | Rdr |52                                                               |     | WUPA
       41186068 |   41188436 | Tag |44  00                                                           |     |
       41196928 |   41199392 | Rdr |93  20                                                           |     | ANTICOLL
       41200580 |   41206404 | Tag |88  04  40  27  eb                                               |     |
       41215008 |   41225536 | Rdr |93  70  88  04  40  27  eb  95  4a                               |  ok | SELECT_UID
       41226708 |   41230228 | Tag |04  da  17                                                       |     |
       41238704 |   41241168 | Rdr |95  20                                                           |     | ANTICOLL-2
       41242340 |   41248228 | Tag |9a  98  3c  81  bf                                               |     |
       41256832 |   41267296 | Rdr |95  70  9a  98  3c  81  bf  9e  03                               |  ok | ANTICOLL-2
       41268532 |   41272116 | Tag |00  fe  51                                                       |     |
       41296864 |   41300480 | Rdr |60  f8  32                                                       |  ok | EV1 VERSION
       41301652 |   41313300 | Tag |00  04  04  02  01  00  13  03  b1  ad                           |  ok |
       41364896 |   41369664 | Rdr |3c  00  a2  01                                                   |  ok | READ_SIG
       41370868 |   41410164 | Tag |c9  bd  e2  fa  c4  5c  58  be  50  c2  fc  4b  9e  05  b1  d3   |     |
                |            |     |6d  60  f8  8d  83  7a  49  a4  fb  5d  d1  a7  10  68  3e  2d   |     |
                |            |     |d4  a2                                                           |  ok |
       41432816 |   41437520 | Rdr |30  03  99  9a                                                   |  ok | READBLOCK(3)
       41438756 |   41459556 | Tag |e1  10  6d  00  03  00  fe  00  00  00  00  00  00  00  00  00   |     |
                |            |     |4a  93                                                           |  ok |
       41963584 |   41964640 | Rdr |26                                                               |     | REQA
       41965828 |   41968196 | Tag |44  00                                                           |     |
       42415728 |   42420496 | Rdr |50  00  57  cd                                                   |  ok | HALT
       42485072 |   42486064 | Rdr |52                                                               |     | WUPA
       42487300 |   42489668 | Tag |44  00                                                           |     |
       42498176 |   42500640 | Rdr |93  20                                                           |     | ANTICOLL
       42501812 |   42507636 | Tag |88  04  40  27  eb                                               |     |
       42516256 |   42526784 | Rdr |93  70  88  04  40  27  eb  95  4a                               |  ok | SELECT_UID
       42527972 |   42531492 | Tag |04  da  17                                                       |     |
       42539968 |   42542432 | Rdr |95  20                                                           |     | ANTICOLL-2
       42543604 |   42549492 | Tag |9a  98  3c  81  bf                                               |     |
       42558048 |   42568512 | Rdr |95  70  9a  98  3c  81  bf  9e  03                               |  ok | ANTICOLL-2
       42569748 |   42573332 | Tag |00  fe  51                                                       |     |
       42602192 |   42605808 | Rdr |60  f8  32                                                       |  ok | EV1 VERSION
       42606980 |   42618628 | Tag |00  04  04  02  01  00  13  03  b1  ad                           |  ok |
       42674560 |   42679328 | Rdr |3c  00  a2  01                                                   |  ok | READ_SIG
       42680500 |   42719796 | Tag |c9  bd  e2  fa  c4  5c  58  be  50  c2  fc  4b  9e  05  b1  d3   |     |
                |            |     |6d  60  f8  8d  83  7a  49  a4  fb  5d  d1  a7  10  68  3e  2d   |     |
                |            |     |d4  a2                                                           |  ok |
       42738048 |   42742752 | Rdr |30  03  99  9a                                                   |  ok | READBLOCK(3)
       42743988 |   42764788 | Tag |e1  10  6d  00  03  00  fe  00  00  00  00  00  00  00  00  00   |     |
                |            |     |4a  93                                                           |  ok |
       72994336 |   72995392 | Rdr |26                                                               |     | REQA
    
    The pad gets the UID, read the tag signature to see if it is authentic, then it reads block 3: in that case without finding any good information to consider it an amiibo so it starts again to see if an amiibo pops in. Tested by a friend with 2 amiibo-compatible game titles. Reading that the pad is not looking specifically for an ntag215 so an ntag216 could do the job if correctly programmed.
     
    Last edited by asper, Mar 22, 2016
  10. gualala

    gualala Advanced Member

    Newcomer
    64
    27
    May 2, 2011
    United States
    Wow, interesting read. That matches the 3Dbrew description. Perhaps writing the correct data in CC (page 0x03) would trigger next stage of the read routine and we will know we are stalled by which data page. [I could donate a few (<10) '216s if you want]
     
  11. dpad_5678

    dpad_5678 GBAtemp's Memelord

    Member
    1,624
    1,169
    Nov 19, 2015
    United States
    Untrue.
     
  12. Nephiel

    Nephiel Artificer

    Member
    166
    54
    Nov 3, 2002
    Yes, if by "partition" in this context you mean "NDEF record"...
     
  13. dpad_5678

    dpad_5678 GBAtemp's Memelord

    Member
    1,624
    1,169
    Nov 19, 2015
    United States
    Yep, but a lot of people refer to them as "partitions". It's the same concept of partitions on digital storage. Maybe you have an 8GB drive but need it to be partitioned as FAT. FAT has a partition limit of 2GB.You would make a 6GB second partition to be able to format the first 2GB partition as FAT.
     
  14. Sliter

    Sliter GBAtemp Psycho!

    Member
    3,020
    787
    Dec 7, 2013
    Brazil
    ᕕ( ᐛ )ᕗ
    nice that it's happening XD when I get any nfc writting device I would like to try to help here o3o


    roy.png
    (lol)
    yeah, you avatar and signature tell that you really don't like to make fun of people trying to do stuff and not being able to xp
    You know that it would not only bring piracy, but help a lot with accessibility (amiibos aren cheap all over the world, do you undestand that, right? and also importing nTAG215 in'st easy to find or to import is a problem) portability and collection stuff (the ones that don't want to get the amiibos out the box but want the functionality ...)

    Anyway I think we discussed this too much, but with this attitude I still see you as a bad pirate, that wnat all the gold only for you and laugh at poors, not a copyright and legal stuff defensor hahaha
    at least are giving hints now... if being truth or not xp

    Also you tell it was an easy task and eveverybody with a good known of the Ntag stuff can't do it, this is the strange part but anyway, I have other stuff to care about xp

    edit:
    Its my first post on this thread, if you don't noticed, I haven't saw this post a month ago, just now =A= see you can help the others but want to hide the gold? you proved yourself how is being helpful xD nice job

    also I'm not going to waste more posts with you xP
     
    Last edited by Sliter, Mar 24, 2016
    TotalInsanity4 likes this.
  15. dpad_5678

    dpad_5678 GBAtemp's Memelord

    Member
    1,624
    1,169
    Nov 19, 2015
    United States
    You quoted me from a post I made over a month ago.

    I've always revealed THIS which made a lot of people happy.
     
  16. Nephiel

    Nephiel Artificer

    Member
    166
    54
    Nov 3, 2002
    I see. It's just that I have never heard the term "partition" applied to NFC storage before.

    (Actually, in the FAT example, you don't really need to make a second partition. You can simply leave the remaining 6GB as unpartitioned space, unused. But I get the point.)
     
    dpad_5678 likes this.
  17. Fatih120

    Fatih120 GBAtemp Regular

    Member
    160
    72
    Jan 22, 2016
    Canada
    Cornwall, Ontario
    Bump?
     
  18. dpad_5678

    dpad_5678 GBAtemp's Memelord

    Member
    1,624
    1,169
    Nov 19, 2015
    United States
    Buy 215's.
     
  19. Fatih120

    Fatih120 GBAtemp Regular

    Member
    160
    72
    Jan 22, 2016
    Canada
    Cornwall, Ontario
    Bought as listed, but in the end it was mislabelled.

    I'll buy one another time. The shipping time was retarded on this one.
     
  20. Kafluke

    Kafluke GBAtemp Psycho!

    Member
    3,563
    1,761
    May 6, 2006
    United States
    Exact thing happened to me. Listed as 215s showed up as 216s. Not worth the hassel to send back. I got some 215s now but I still have a stack of 216s collecting dust