Hacking Spoofing an amiibo using Android+NFC?

fiveighteen

fiveighteen

Distractible Dabbler
Member
Level 10
Joined
Jun 30, 2008
Messages
1,768
Trophies
2
XP
1,930
Country
United States
I found a product (unrelated to Wii U/Android) that shows:
Communication Interfaces: RS232 / RS485 ciphered with AES-128bits (SX2 / SX3)

So it seems like SX3 is for security? RS232 works for ISO14443A (Amiibo chips).

Someone has created an Amiibo Decryption Service, where you send your encrypted amiibo.bin file to a server and it decrypts it for you. I made a bash script that runs through Cygwin (requires nc; netcat) so you can easily decrypt a single file or decrypt all files in a folder. Open with Notepad++ or similar and change your location folder and your decrypted location folder (where the .bin files are, and where you want the decrypted .bin files to go). Double-click it to run from anywhere.
 

Attachments

  • Amiibo-Decrypt.zip
    936 bytes · Views: 504
  • Like
Reactions: NWPlayer123
NWPlayer123

NWPlayer123

Well-Known Member
Member
Level 17
Joined
Feb 17, 2012
Messages
2,642
Trophies
0
Location
The Everfree Forest
XP
6,693
Country
United States
Summersett said:
I found a product (unrelated to Wii U/Android) that shows:
Communication Interfaces: RS232 / RS485 ciphered with AES-128bits (SX2 / SX3)

So it seems like SX3 is for security? RS232 works for ISO14443A (Amiibo chips).

Someone has created an Amiibo Decryption Service, where you send your encrypted amiibo.bin file to a server and it decrypts it for you. I made a bash script that runs through Cygwin (requires nc; netcat) so you can easily decrypt a single file or decrypt all files in a folder. Open with Notepad++ or similar and change your location folder and your decrypted location folder (where the .bin files are, and where you want the decrypted .bin files to go). Double-click it to run from anywhere.
Click to expand...
Well that makes my life easier, may as well translate the full including what's on the servers to python now.
 
A

asper

Well-Known Member
Member
Level 10
Joined
May 14, 2010
Messages
942
Trophies
1
XP
2,030
Country
United States
Well, with amiiqo (the "q" is a reversed "b", have you ever noticed it ;) ) everyone can have a full load of virtual toys...
But with socram888 service it will be fun to see how data is stored inside toys !

Are amiibo useful for online gaming or are they totally unuseful ?
 
NWPlayer123

NWPlayer123

Well-Known Member
Member
Level 17
Joined
Feb 17, 2012
Messages
2,642
Trophies
0
Location
The Everfree Forest
XP
6,693
Country
United States
asper said:
Well, with amiiqo (the "q" is a reversed "b", have you ever noticed it ;) ) everyone can have a full load of virtual toys...
But with socram888 service it will be fun to see how data is stored inside toys !
Click to expand...
Using @golden45's Cafiine dump I dumped the NFP backup loaded in Splatoon, which contains the raw decrypted data now (I know since it's the same format as the stuff in @socram8888's thread)
SplatoonAmiiboBackup.png
 
  • Like
Reactions: asper
A

asper

Well-Known Member
Member
Level 10
Joined
May 14, 2010
Messages
942
Trophies
1
XP
2,030
Country
United States
NWPlayer123 said:
Using @golden45's Cafiine dump I dumped the NFP backup loaded in Splatoon, which contains the raw decrypted data now (I know since it's the same format as the stuff in @socram8888's thread)
SplatoonAmiiboBackup.png
Click to expand...

What's an "NFP" backup ? You mean NFC ? Can you tell us where in memory the decrypted dump is stored ?

Anyway if you change the data in memory then the game will write them re-encrypted for you ! Great finding man !!!!
 
NWPlayer123

NWPlayer123

Well-Known Member
Member
Level 17
Joined
Feb 17, 2012
Messages
2,642
Trophies
0
Location
The Everfree Forest
XP
6,693
Country
United States
Rubyheart said:
NFP was the code name for the amiibos. Nintendo Figurine Platform.
Click to expand...
Yes, and that's also what the library's called. The Wii U has like 3 different libraries, a very low level NFC library, a higher level NTAG library, and then their specialized nn_nfp (Nintendo Network Nintendo Figurine Platform) library that needs C++. I haven't looked to see where it's loaded yet.
 
  • Like
Reactions: asper
A

asper

Well-Known Member
Member
Level 10
Joined
May 14, 2010
Messages
942
Trophies
1
XP
2,030
Country
United States
NWPlayer123 said:
Yes, and that's also what the library's called. The Wii U has like 3 different libraries, a very low level NFC library, a higher level NTAG library, and then their specialized nn_nfp (Nintendo Network Nintendo Figurine Platform) library that needs C++. I haven't looked to see where it's loaded yet.
Click to expand...

So there is a file called nfp_backup.dat somewhere in memory during the game... really good finding man !
 
socram8888

socram8888

Well-Known Member
Newcomer
Level 4
Joined
Apr 6, 2009
Messages
81
Trophies
1
Age
29
Location
Valencia, Spain
Website
orca.pet
XP
560
Country
Spain
asper said:
Well, with amiiqo (the "q" is a reversed "b", have you ever noticed it ;) ) everyone can have a full load of virtual toys...
But with socram888 service it will be fun to see how data is stored inside toys !

Are amiibo useful for online gaming or are they totally unuseful ?
Click to expand...
Actually they would be even more suitable, given you could use them as simple keys and store data on a remote server, protected from cheating and replay attacks, and without using the scarce tag memory, which would mean you could use them with several games also. You would need permanent internet connection to use these amiibos, though.
asper said:
So there is a file called nfp_backup.dat somewhere in memory during the game... really good finding man !
Click to expand...
I can't speak for the Wii U, but on 3DS that file is stored on NAND, not on RAM, so it'll be there when not playing too.
 
A

asper

Well-Known Member
Member
Level 10
Joined
May 14, 2010
Messages
942
Trophies
1
XP
2,030
Country
United States
socram8888 said:
Actually they would be even more suitable, given you could use them as simple keys and store data on a remote server, protected from cheating and replay attacks, and without using the scarce tag memory, which would mean you could use them with several games also. You would need permanent internet connection to use these amiibos, though.
Click to expand...

A kind of "virtual Amiibo" ! Cool ! Even if spoofing the simple UID/key will make a real-time perfect clone without needing to know the algos... so this will not be a great idea at last... anyway this is a new world to explore ! :)
 
A

asper

Well-Known Member
Member
Level 10
Joined
May 14, 2010
Messages
942
Trophies
1
XP
2,030
Country
United States
Last edited by asper,

Site & Scene News

Go to forum More news

Popular threads in this forum

Hardware Tutorial  MLC2SD - A Wii U NAND (eMMC) Replacement Interposer

A really, REALLY old browser exploit (for 5.3.2)?

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Wii U after try to change region has no video signal, and no game pad synced

Hacking Hardware  Wii U No Display (Logs dumped)

Homebrew  Huevo's Vault | Wii U Themes

Hacking Gaming  Xenoblade Chronicles X - Lifeline and Enhancement Mod

Watch videos on Wii U, offline, saved on SD?

General chit-chat
Help Users
    ButterScott101 @ ButterScott101: +1