Hacking NTAG216 Amiibo collaboration thread

[KingOfTaurus]

Hey guys,

I've decided that we have need a separate thread to discuss the usage of NTAG216.

There has been rumors about the existence of the possibility to use 216 in place of 215,but certain users refuse to actually give any information about how.

We know a few things about how 216 works in comparison to 215. Mostly the difference is the size of the cards and the location of the locking bits. Most notably, the difference that may potentially lock us out of using 216 is if Ninty checks for 215 to be used.

What I have personally tried:

Straight copying of the .bin's using tagmo.
-Does not work, the data differs from 215 when scanning the raw data written to the card.

Editing the .bin and filling with 0's
-Does not work, scanning the tags reveals the same result written to the card. So, basically tagmo does this already.

I tried to look into this issue. However I am new to making android apk's, the apk always generate errors ('Unfortunately app has stopped') when I trigger the NFC functions in my custom tagmo app (signed with self-generated key). The error exists even with compling the original code. I do not know what's wrong with my android studio :\

I hypothesized earlier on the NTAG215 thread for replacing with NTAG216:
Took a brief look at the datasheet. The difference between the 2 chips are the location of 'dynamic lock bytes' and 'configuration pages' as well as the value in CC. [Also, the response in GET_VERSION will be different too] So in order to use NTAG216 in place of NTAG215, the data for 'dynamic lock bytes' and 'configuration pages' need to be written to the correct location. CC bits could be set to FF (refer to Amiibo article on 3dbrew) so the difference in default value does not matter. [Those data may need to be written into both NTAG215 and '216 locations. However, for the PASS and PACK they are write-only, so the NTAG215 location needs to be 0's]
The problem is with GET_VERSION which is fixed. Byte 6 (storage size) is different between NTAG215 and '216. If ninty really checks the response, I do not think there is a way to get around it. However I could not get my working android compiler to play with it

Here's a link to the datasheet of the 215 and 216's (its basically what we are using)

http://www.nxp.com/documents/data_sheet/NTAG213_215_216.pdf

Let's work together on this. Certain users that claim they know how to do it should just be ignored.

If you're looking for info on Ntag215, there is already a tutorial and a thread on that.

 

[GOT4N]

Yeah, might be interestin'

 

[Azeryn]

I mean honestly, is it worth it? It's not like we all have 216s laying around like crazy already and using them would be more beneficial than 215s. It's not like the extra space in 216s is going to be useful for anything. If we have to buy them already, just buy the correct ones...

 

[KingOfTaurus]

I mean honestly, is it worth it? It's not like we all have 216s laying around like crazy already and using them would be more beneficial than 215s. It's not like the extra space in 216s is going to be useful for anything. If we have to buy them already, just buy the correct ones...

Yes, it is worth it.

Reason 1:
When it comes to printing an image onto the card, injket PVC ID cards using 216 is cheaper and ships faster.

Reason 2:
Non inkjet PVC ID cards are cheaper and shipping is faster.

Reason 3:
Using 216 is cheaper period.

For me, someone who intends to create every Amiibo card (about 500 total including the Animal crossing series) and for my friends, and with permission from the artwork Designers here on the forum that created images for these cards, sell them to the users, the price per card matters.

Edit: Why hack the Wii U? I it worth it? Is it just a challenge?

Also this:

If I/WE come up with a good enough quality product, I/WE could potentially get Ninty's permission to sell them as well. They won't give permission for a shit product.

 

[TotalInsanity4]

If I/WE come up with a good enough quality product, I/WE could potentially get Ninty's permission to sell them as well. They won't give permission for a shit product.

Lol

 

[Deleted User]

They're cheaper, big whoop.

Anyways, you would need to lock so much of the tag, not just NULL it (probably editing TagMo too), as anyone with a basic understanding of NTAG 2xx knows.

 

[EmanueleBGN]

get Ninty's permission to sell them as well. They won't give permission for a shit product.

Never ever.
AC amiibo cards aren't indispensable, and you can collect and exchange them with other players to don't spend millions (400 cards : 3 cards per pack x 4,50€ per pack = 600€).
Maybe, one day Nintendo will print all current amiibo figures in card format - but they will not call me or another one to use my cards, they have their graphic designer

 

[dpad_5678]

By certain users I assume you mean me.

I'll share the technical info so you guys can do it yourself but I won't share the tools.

NFC tags can actually have multiple partitions (I'm sure most of us know). Make a separate (second) partition on the NTAG216 that is exactly 348 bytes, and fill it with dummy data (FF's, not 00's).

TagMo will then write the Amiibo bin's to them as they were NTAG215's.

 

[y03usw6e]

By certain users I assume you mean me.

I'll share the technical info so you guys can do it yourself but I won't share the tools.

NFC tags can actually have multiple partitions (I'm sure most of us know). Make a separate (second) partition on the NTAG216 that is exactly 348 bytes, and fill it with dummy data (FF's, not 00's).

TagMo will then write the Amiibo bin's to them as they were NTAG215's.

I don't know why you didn't want to share this information in the first place, but thank you for sharing it nonetheless. It won't help me at all, but I'm sure it'll help a few people.

 

[KingOfTaurus]

By certain users I assume you mean me.

I'll share the technical info so you guys can do it yourself but I won't share the tools.

NFC tags can actually have multiple partitions (I'm sure most of us know). Make a separate (second) partition on the NTAG216 that is exactly 348 bytes, and fill it with dummy data (FF's, not 00's).

TagMo will then write the Amiibo bin's to them as they were NTAG215's.

I suspected this. I'll give it a go after I shower. Thank you. I'll have 7 more attempts afterwards.

Why didn't I try it before? Well that's because I didn't want to waste any of the 10 attempts that I had with useless information. We had ideas, I tried them, now we came up with more ideas

 

[dpad_5678]

Apologies to anyone I pissed off. I just didn't want to be anyone known for causing any sort of piracy, but I guess helping the community is okay. Not like anyone couldn't just buy the NTAG215's anyway so may as well release my methods.

 

[Deleted User]

@dpad_5678 please don't use that excuse. The NTAG215 method existed beforehand, so you have no valid argument but "I don't want to let you spend less money" which even then you can't use unless you sell NTAG215s. I wrote a tutorial for the old TagMo (old keys and all), so really the creator of TagMo and such will be known for allowing NFC amiibo to be made. Until you can load in a folder, get an NFC wand, and program the amiibo on a conveyor belt, this will stay in the "fun to do" section of the Internet.

Plus, on 3DS and Wii U, people just make codes and poke RAM to unlock amiibo stuff, and I'm surprised no-one's looked at the amiibo NFC reader/writer - it's not hard to make an IR camera and LED pair that is connected by a RPi (speed would in theory be instant) and then intercept everything sent.

 

[DarkFlare69]

@dpad_5678 please don't use that excuse. The NTAG215 method existed beforehand, so you have no valid argument but "I don't want to let you spend less money" which even then you can't use unless you sell NTAG215s. I wrote a tutorial for the old TagMo (old keys and all), so really the creator of TagMo and such will be known for allowing NFC amiibo to be made. Until you can load in a folder, get an NFC wand, and program the amiibo on a conveyor belt, this will stay in the "fun to do" section of the Internet.

Plus, on 3DS and Wii U, people just make codes and poke RAM to unlock amiibo stuff, and I'm surprised no-one's looked at the amiibo NFC reader/writer - it's not hard to make an IR camera and LED pair that is connected by a RPi (speed would in theory be instant) and then intercept everything sent.

I don't think this qualifies as a tutorial.

You simply need the amiibo key (Google for it, you'll find it on pastebin ), split it in half, and TagMo 2, then load up the 2 keys, then the BIN files.

 

[KingOfTaurus]

@dpad_5678 please don't use that excuse. The NTAG215 method existed beforehand, so you have no valid argument but "I don't want to let you spend less money" which even then you can't use unless you sell NTAG215s. I wrote a tutorial for the old TagMo (old keys and all), so really the creator of TagMo and such will be known for allowing NFC amiibo to be made. Until you can load in a folder, get an NFC wand, and program the amiibo on a conveyor belt, this will stay in the "fun to do" section of the Internet.

Plus, on 3DS and Wii U, people just make codes and poke RAM to unlock amiibo stuff, and I'm surprised no-one's looked at the amiibo NFC reader/writer - it's not hard to make an IR camera and LED pair that is connected by a RPi (speed would in theory be instant) and then intercept everything sent.

I was actually thinking about getting one of those and seeing whats going on there, I already have an IR reader/writer that I created on another completely irrelevant idea. I just didn't feel like buying a single one amiibo or the reader/writer for any reason whatsoever.

I already have an app that can create as many cards as I please as fast as I can touch them to the back of my tablet (a conveyor is an interesting idea). But for now, I just like helping other people do things easier and result in a more professional looking end product, hence why I suggest, Inkjet printable NFC216 ID cards.

I don't think this qualifies as a tutorial.

I myself couldn't even follow that tutorial. Using it word for word did not work and I had to find a different version of Tagmo and also use a different (but similar) method to even get it to work. I started directing people towards that tutorial after that point because it worked and was easy to follow. No ill feelings toward you @PokeAcer

 

[DarkFlare69]

I was actually thinking about getting one of those and seeing whats going on there, I already have an IR reader/writer that I created on another completely irrelevant idea. I just didn't feel like buying a single one amiibo or the reader/writer for any reason whatsoever.

I already have an app that can create as many cards as I please as fast as I can touch them to the back of my tablet (a conveyor is an interesting idea). But for now, I just like helping other people do things easier and result in a more professional looking end product, hence why I suggest, Inkjet printable NFC216 ID cards.



I myself couldn't even follow that tutorial. Using it word for word did not work and I had to find a different version of Tagmo and also use a different (but similar) method to even get it to work. I started directing people towards that tutorial after that point because it worked and was easy to follow. No ill feelings toward you @PokeAcer

ill

yeah thats why i made a video tutorial

 

[SANNIC789]

ill

yeah thats why i made a video tutorial

yeah his tutorial sucks

 

[KingOfTaurus]

yeah his tutorial sucks

Let's not hate on someone. That's uncalled for. Please keep this thread without hate.

 

[SANNIC789]

Let's not hate on someone. That's uncalled for. Please keep this thread without hate.

everyone makes mistakes in life and this was one of them

 

[dpad_5678]

@dpad_5678 please don't use that excuse. The NTAG215 method existed beforehand, so you have no valid argument but "I don't want to let you spend less money" which even then you can't use unless you sell NTAG215s. I wrote a tutorial for the old TagMo (old keys and all), so really the creator of TagMo and such will be known for allowing NFC amiibo to be made. Until you can load in a folder, get an NFC wand, and program the amiibo on a conveyor belt, this will stay in the "fun to do" section of the Internet.

Plus, on 3DS and Wii U, people just make codes and poke RAM to unlock amiibo stuff, and I'm surprised no-one's looked at the amiibo NFC reader/writer - it's not hard to make an IR camera and LED pair that is connected by a RPi (speed would in theory be instant) and then intercept everything sent.

I can't tell if you are pissed off at me or not.

I spilled the beans.... and I still get bitched at? It's not like telling everyone how it's done with 216's hurts you, your tutorial, or anyone that has done it with 215's

Hell, I even apologized for not explaining earlier and causing tension between me and other members.

The NTAG215 method existed beforehand

I am very aware the 215 method existed before. I said I didn't want to be the cause for piracy. Which I wasn't for the 215 method.

 

[KingOfTaurus]

I can't tell if you are pissed off at me or not.

I spilled the beans.... and I still get bitched at? It's not like telling everyone how it's done with 216's hurts you, your tutorial, or anyone that has done it with 215's

Hell, I even apologized for not explaining earlier and causing tension between me and other members.



I am very aware the 215 method existed before. I said I didn't want to be the cause for piracy. Which I wasn't for the 215 method.

Just ignore him. Hate is everywhere and people are bitter. Just wait till..... Hyk <snip>

I, and everyone that matters, likes that you are now helping. And I am sure I can speak for everyone when I say Thank You