Hacking Spoofing an amiibo using Android+NFC?

mixelpixx

hardware monkey
Member
Joined
Aug 10, 2014
Messages
133
Trophies
0
Location
y0uR m0mz b0x
XP
356
Country
United States
Here is a cheap reader, and if this is something you like doing might as well pick up an arduino, makes life easy.

h**p://store.cutedigi.com/nfc-rfid-kit-for-arduino/


Also looked at these "metals tags in bottom" that people keep talking about... its a store security tag. Makes the things at the door go off.. thats it. being they are RFID as well, may act to stop you from reading the device in package, but that is not why it is there. anti-theft.
 

Insaniac99

Member
Newcomer
Joined
Dec 5, 2014
Messages
7
Trophies
0
Age
40
XP
43
Country
United States
This weekend sparks a one week vacation from work for me, so within the next week I should have a chance to do what I want. for reference, I have a lvl50 samus and a ~lvl30 link. I scanned them as is and saved their info, when I have time I will check their inventory and save info again after it is empty, then I am going to level up the link one level and save him, then I can reset him. that will be the start of deciphering some of the bytes.

Attempts to modify will wait until I have some spare tags, which there seems to be some confusion over which are the correct ones. Are these the correct ones ( http://www.amazon.com/Kamor®-NFC-ta...TF8&qid=1418828985&sr=8-1&keywords=mifare+tag ) and if not if someone will provide an amazon link with the proper tags (prime shipping preferred) I will order some and have them by next week.
 

luney

Well-Known Member
Member
Joined
Aug 30, 2006
Messages
383
Trophies
0
XP
305
Country
United States
See, I just want to be able to scan in my pokemon into a sort of catalog or database if you will, that I could then choose the one from to write to an empty tag and use them that way. Is that possible right now with just a smartphone or would I need to build the hardware with the arduino and sensor that mixelpixx posted? I know I would also need at least one blank tag to use so I would be interested in knowing the proper ones to use as well. Or......., does the arduino option eliminate the need for using a blank tag? If it can broadcast the data itself, like emulate a tag, then no need to actually write it to a tag.
 

syntaxyz

Well-Known Member
Newcomer
Joined
Dec 2, 2014
Messages
50
Trophies
0
Age
33
XP
1,165
Country
Netherlands
See, I just want to be able to scan in my pokemon into a sort of catalog or database if you will, that I could then choose the one from to write to an empty tag and use them that way. Is that possible right now with just a smartphone or would I need to build the hardware with the arduino and sensor that mixelpixx posted? I know I would also need at least one blank tag to use so I would be interested in knowing the proper ones to use as well. Or......., does the arduino option eliminate the need for using a blank tag? If it can broadcast the data itself, like emulate a tag, then no need to actually write it to a tag.

Well I am suprised no one replied with an answer if copying the Amiibo tag to another writable tag makes the WiiU gamePad read the new tag.
If that works, than we just need everyone to scan their Amiibo's and dump the data.
Then build a fancy App that writes the Amiibo data to a NFC TAG. This is not difficult at all and can be done in a weekends work.
The whole idea with the phone acting as a TAG is some tricky business and one step further down the road.

I have Writable NFC tags but they are too small in bytesize, we need at least something like 540 bytes.
They should be very cheap.
 
  • Like
Reactions: TeamScriptKiddies

Insaniac99

Member
Newcomer
Joined
Dec 5, 2014
Messages
7
Trophies
0
Age
40
XP
43
Country
United States
Well I am suprised no one replied with an answer if copying the Amiibo tag to another writable tag makes the WiiU gamePad read the new tag.
If that works, than we just need everyone to scan their Amiibo's and dump the data.
Then build a fancy App that writes the Amiibo data to a NFC TAG. This is not difficult at all and can be done in a weekends work.
The whole idea with the phone acting as a TAG is some tricky business and one step further down the road.

I have Writable NFC tags but they are too small in bytesize, we need at least something like 540 bytes.
They should be very cheap.

For my part it is because I have not tested and don't know exactly which tags to buy. it seems like that is all we need but I want to test before I go around telling people that.
 

PityOnU

Well-Known Member
Member
Joined
Jul 5, 2012
Messages
1,182
Trophies
1
XP
1,614
Country
United States
Amiibo are not MIFARE tags like Skylanders. Skylanders are hilariously easy to clone because the MIFARE style cards have been hacked for like 8 years now. Surprised they still use that tech.

Amiibo's, on the other hand, use a new style of NFC tech called NTAG. It has yet to be hacked, and portions of the chip are locked READ-ONLY from the factory. As there is only a single manufacturer for the type of chip, you will not be able to find any "jailbroken" or "unlocked" chips as the company that makes the tags will only makes sales as long as the chips are secure.

In regards to emulating the chip on Android - NFC emulation on Android is extremely limited and fudged right now. Only a certain few protocols are supported, and this varies from device to device and from OS to OS. If it is possible (big IF), you will likely need one of a few select devices running a specific version of the OS.

Also looked at these "metals tags in bottom" that people keep talking about... its a store security tag. Makes the things at the door go off.. thats it. being they are RFID as well, may act to stop you from reading the device in package, but that is not why it is there. anti-theft.

Also, no. The metal sheet is inside the packaging and is put there by Nintendo specifically to stop you reading the data. Do you even own an Amiibo?
 
  • Like
Reactions: TotalInsanity4

Ray Lewis

Banned!
Banned
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Amiibo are not MIFARE tags like Skylanders. Skylanders are hilariously easy to clone because the MIFARE style cards have been hacked for like 8 years now. Surprised they still use that tech.

Amiibo's, on the other hand, use a new style of NFC tech called NTAG. It has yet to be hacked, and portions of the chip are locked READ-ONLY from the factory. As there is only a single manufacturer for the type of chip, you will not be able to find any "jailbroken" or "unlocked" chips as the company that makes the tags will only makes sales as long as the chips are secure.

In regards to emulating the chip on Android - NFC emulation on Android is extremely limited and fudged right now. Only a certain few protocols are supported, and this varies from device to device and from OS to OS. If it is possible (big IF), you will likely need one of a few select devices running a specific version of the OS.



Also, no. The metal sheet is inside the packaging and is put there by Nintendo specifically to stop you reading the data. Do you even own an Amiibo?
My son is getting the Skylanders Trap Team set for the Wii U for Christmas. I told the wife people are trying to "hack" an amiibo. To me, even though I am reading that the Skylander stuff is hacked, it is not worth it to me. Unless you are a grown kid/man then have fun showing your 4 to 8 year old (or whatever age they might grow out of it) how to use a phone and use a new character. A BIG part of the experience is the same as Disney Infinity; taking the characters and placing them on the "reader." I HATED the idea of the wife wanting to buy a game where you need to continue to purchase pieces. They make good surprise gifts/rewards and can be included for the holidays (these pieces). While I've appreciated a hacked PSP, Wii, and 360, ...only used a "game shark" on the GameCube...I really am almost disgusted by this.

Buy a grown up game or just buy a $5 to $12 figure once in a while for your child. My wife finds the Infinity characters "on the cheap" and each piece unlocks a LOT of gaming. Anyway, I guess if these were pieces for an adult game maybe it would not annoy me. However, when I think of my 6 year old not being able to SEE and TOUCH the cool looking figures and to use that base that draws kids in it annoys me because that is the experience. A game, a copy of the game itself, "meh", it plays the same way. Lol, it seems like the amiibo's are not hackable right now and I am glad.
 
  • Like
Reactions: PityOnU

PityOnU

Well-Known Member
Member
Joined
Jul 5, 2012
Messages
1,182
Trophies
1
XP
1,614
Country
United States
My son is getting the Skylanders Trap Team set for the Wii U for Christmas. I told the wife people are trying to "hack" an amiibo. To me, even though I am reading that the Skylander stuff is hacked, it is not worth it to me. Unless you are a grown kid/man then have fun showing your 4 to 8 year old (or whatever age they might grow out of it) how to use a phone and use a new character. A BIG part of the experience is the same as Disney Infinity; taking the characters and placing them on the "reader." I HATED the idea of the wife wanting to buy a game where you need to continue to purchase pieces. They make good surprise gifts/rewards and can be included for the holidays (these pieces). While I've appreciated a hacked PSP, Wii, and 360, ...only used a "game shark" on the GameCube...I really am almost disgusted by this.

Buy a grown up game or just buy a $5 to $12 figure once in a while for your child. My wife finds the Infinity characters "on the cheap" and each piece unlocks a LOT of gaming. Anyway, I guess if these were pieces for an adult game maybe it would not annoy me. However, when I think of my 6 year old not being able to SEE and TOUCH the cool looking figures and to use that base that draws kids in it annoys me because that is the experience. A game, a copy of the game itself, "meh", it plays the same way. Lol, it seems like the amiibo's are not hackable right now and I am glad.

Ray, I 100% agree with you.

As far as I understand, what Nintendo wants Amiibo to be are official, collectible miniature figurines - that's it. Nice little collector's items you can get so you have a physical figure of your favorite Nintendo character.

Because Nintendo is awesome, though, they decided to use the low cost of NFC to embed ID tags in all the figures. Using this, they are able to further reward people who purchase them by including fun little cosmetic unlocks related to your favorite character in their games. It's actually super awesome. Skylanders and Disney Infinity are a little different, though, in that you need to purchase them to unlock further, actual playable content in the game.

In either case, the figures are aimed primarily at two groups: collectors and children. Anyone who has the skills required to hack/clone the data is either (a) to old to give a damn, (b) actively uses their skill set in their career to make enough money that $13 a figure doesn't really matter to them, or (c) would buy the figures anyway, because they are awesome.

What I would really love to see (as a collector) is a way to scan the figures without having to take them out of my display case and carry them downstairs into the realm of my family's three dogs. :ohnoes:
 

chevowner

Well-Known Member
Newcomer
Joined
May 23, 2014
Messages
56
Trophies
0
Age
36
XP
68
Country
United States
This is only for figures you own, and plan to keep.

If you want to leave it in the package and use it you can carefully cut a line into the botton of the package to remove the tape.

PS
If you have a crazy friend willing to give you two free games if you buy one amiibo would you pass that up?
 

RdJcz

Member
Newcomer
Joined
Dec 12, 2014
Messages
11
Trophies
0
Age
43
XP
43
Country
United States
I was going to attempt a scoping of the amiibo, but others are already way ahead.
The only thing left now is determining the IDs of the different amiibo stored in their EEPROM.
http://www.proxmark.org/forum/viewtopic.php?pid=13067

Oh, and scanning them while they're still in the package may be possible, just not with the gamepad.
It is a matter of having a strong enough transmission device and a sensitive enough detector.
 

chevowner

Well-Known Member
Newcomer
Joined
May 23, 2014
Messages
56
Trophies
0
Age
36
XP
68
Country
United States
Also looked at these "metals tags in bottom" that people keep talking about... its a store security tag. Makes the things at the door go off.. thats it. being they are RFID as well, may act to stop you from reading the device in package, but that is not why it is there. anti-theft.

Except when I have seen people buy them at Best Buy, and Gamestop they are scanned with a handheld scanner. They don't have the "security tag" deactivated, and no one has problems leaving silently.
 

PityOnU

Well-Known Member
Member
Joined
Jul 5, 2012
Messages
1,182
Trophies
1
XP
1,614
Country
United States
I was going to attempt a scoping of the amiibo, but others are already way ahead.
The only thing left now is determining the IDs of the different amiibo stored in their EEPROM.
http://www.proxmark.org/forum/viewtopic.php?pid=13067

Oh, and scanning them while they're still in the package may be possible, just not with the gamepad.
It is a matter of having a strong enough transmission device and a sensitive enough detector.

If Nintendo is in any way competent, the data stored on the figure is encrypted before being transmitted. This makes it so that reading the data off of the figures doesn't really get you anything. This was the case with Skylanders.
 

syntaxyz

Well-Known Member
Newcomer
Joined
Dec 2, 2014
Messages
50
Trophies
0
Age
33
XP
1,165
Country
Netherlands
Sure, everyone has their own reason why they want Amiibo to be hacked or not.
While one likes to have a soft copy of every character, the other is disgusted by the idea of piracy.
Thing is if you like it or not, you have a lot of free choice on the internet and how people are using it is their own responsibility.
 
  • Like
Reactions: Fpsrussia117
Joined
Sep 17, 2009
Messages
2,572
Trophies
2
XP
3,770
Country
United States
My son is getting the Skylanders Trap Team set for the Wii U for Christmas. I told the wife people are trying to "hack" an amiibo. To me, even though I am reading that the Skylander stuff is hacked, it is not worth it to me. Unless you are a grown kid/man then have fun showing your 4 to 8 year old (or whatever age they might grow out of it) how to use a phone and use a new character. A BIG part of the experience is the same as Disney Infinity; taking the characters and placing them on the "reader." I HATED the idea of the wife wanting to buy a game where you need to continue to purchase pieces. They make good surprise gifts/rewards and can be included for the holidays (these pieces). While I've appreciated a hacked PSP, Wii, and 360, ...only used a "game shark" on the GameCube...I really am almost disgusted by this.

Buy a grown up game or just buy a $5 to $12 figure once in a while for your child. My wife finds the Infinity characters "on the cheap" and each piece unlocks a LOT of gaming. Anyway, I guess if these were pieces for an adult game maybe it would not annoy me. However, when I think of my 6 year old not being able to SEE and TOUCH the cool looking figures and to use that base that draws kids in it annoys me because that is the experience. A game, a copy of the game itself, "meh", it plays the same way. Lol, it seems like the amiibo's are not hackable right now and I am glad.

Thing is some people, dont want to pay for ANYTHING, and will go to any lengths to accomplish that goal.
 
  • Like
Reactions: elmoemo

drfsupercenter

Flash Cart Aficionado
Member
Joined
Mar 26, 2008
Messages
1,909
Trophies
1
XP
1,163
Country
United States
Hey guys

I've seen this thread but haven't really been keeping up on it, as until now I didn't think I would have a use for this sort of thing.

At any rate - I started collecting Amiibo figures after learning of the extreme rarity of Marth and similar, actually managed to find Marth and Villager and have an unopened figure of each. I was, of course, disappointed to learn about the little foil square they put in there so you can't scan them through the box. I have collected all of the Pokémon Rumble U figures, and those were actually scannable without even breaking the seal.

So this leaves me in a dilemma... do I want to open all of my figures so I can actually use them in games, or keep them in the box because they're more pristine that way? So I thought, what if I could just get the "raw" scans of each of the figures I own (hopefully soon it'll be all of them...) and just keep them in one place, so I can keep my boxed Amiibo figures on the shelf.

A couple things, though. The main one being, I don't have a phone with an NFC chip. My Android phone is a few years old now and for some reason just doesn't have one.

Does anyone know of any cheap devices that could read/write tags like that? I know you can buy no-contract Android phones cheaply, but I'd want to make sure it's one that will actually work for this purpose.

I also saw mention of writing the data to an actual RFID tag, and I certainly wouldn't be opposed to that either. They seem cheap enough, and at least there isn't the issue of scalpers (like those asking $80 for a Marth figure...) Hypothetically, even if I didn't bother to buy a device capable of writing them myself, couldn't somebody with the equipment write the "raw" data on a re-writable RFID tag and send it to me, and I could use it with the gamepad like a real Amiibo?

By raw data in this case, I mean the untouched Amiibo figures, like they come from the store. Not ones with someone's profile written to them. Actually, it would be an interesting experiment, if two people who have the same character scan them and dump the data, does it match? Or is each one different even when fresh from the factory? I would imagine that each character starts out the same, but once you "personalize" it and write your data to it, then it obviously changes.
 

ssj4android

Well-Known Member
Member
Joined
Jun 4, 2006
Messages
182
Trophies
0
XP
259
Country
Has anyone tried using of the android nfc proxy programs to sniff the amiibo/gamepad transactions?
I've tried nfcproxy (needs CyanogenMod) and NFC Spy (should just need 4.4) but I haven't had either do anything in response to getting near a gamepad
It may just be the phone I'm using (d2vzw), cab someone else give it a try?
 

mixelpixx

hardware monkey
Member
Joined
Aug 10, 2014
Messages
133
Trophies
0
Location
y0uR m0mz b0x
XP
356
Country
United States
Amiibo are not MIFARE tags like Skylanders. Skylanders are hilariously easy to clone because the MIFARE style cards have been hacked for like 8 years now. Surprised they still use that tech.

Amiibo's, on the other hand, use a new style of NFC tech called NTAG. It has yet to be hacked, and portions of the chip are locked READ-ONLY from the factory. As there is only a single manufacturer for the type of chip, you will not be able to find any "jailbroken" or "unlocked" chips as the company that makes the tags will only makes sales as long as the chips are secure.

In regards to emulating the chip on Android - NFC emulation on Android is extremely limited and fudged right now. Only a certain few protocols are supported, and this varies from device to device and from OS to OS. If it is possible (big IF), you will likely need one of a few select devices running a specific version of the OS.



Also, no. The metal sheet is inside the packaging and is put there by Nintendo specifically to stop you reading the data. Do you even own an Amiibo?


Umm so that whole f*cking display at Wal-Mat where they say TAKE THE AMIIBO FROM THE SHELF AND PLACE IT HERE TO SEE IT IN ACTION... except for that you must be correct, or do I need to show you the foil piece and what is inside of it... not to mention you make some bold claims about the chips too, care to post a datasheet? Or you want me to mail you and the other bulls*tters here a garden hose, and a pack of Kools so you can more effectively blow smoke up my ass...?
 

elmoemo

Well-Known Member
Member
Joined
Dec 4, 2012
Messages
570
Trophies
0
Age
36
XP
453
Country
Umm so that whole f*cking display at Wal-Mat where they say TAKE THE AMIIBO FROM THE SHELF AND PLACE IT HERE TO SEE IT IN ACTION... except for that you must be correct, or do I need to show you the foil piece and what is inside of it... not to mention you make some bold claims about the chips too, care to post a datasheet? Or you want me to mail you and the other bulls*tters here a garden hose, and a pack of Kools so you can more effectively blow smoke up my ass...?
Wow why is this getting so heated in here. I have no amiibos so can't weigh in on this but this should be a civil discussion not a heated debate.

I've heard from multiple people that the figures can not be read through the packaging on the Wii u pad. However Walmart etc could have special adaptations of the Wii u pad etc that would allow it.
 

shinkodachi

On permanent leave
Member
Joined
Dec 31, 2013
Messages
1,478
Trophies
0
XP
633
Country
Finland
Wow why is this getting so heated in here. I have no amiibos so can't weigh in on this but this should be a civil discussion not a heated debate.

I've heard from multiple people that the figures can not be read through the packaging on the Wii u pad. However Walmart etc could have special adaptations of the Wii u pad etc that would allow it.

Or maybe it just recognizes the item / package? You know like the supermarket scanners that actually see a banana and count it as a banana, without a barcode.
 
  • Like
Reactions: elmoemo

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.