Hacking [Tools] AmiiBomb

[acidenitr0s]

I have ordered these NTAGs, for what its interested.

 

[GraFfiX420]

I was just thinking about something, since the datel powertags are rewriteable, couldn't we just use those if we wanted to? I mean does anyone know how they are emulating the lock bits?

 

[dragonbladerxx1]

will it work if I use a one of these actionreplay powersaves?

 

[LoDeus]

Open Serial Monitor in the Arduino IDE and scan the NTAG215 that you intend to program. It should display something that starts with a line like

Card UID: 04 9B ED F2 48 4D 80

. Copy that number to the clipboard without any extra spaces around it.

I'm using the card and tag that came with the kit but there's only 4 bits, not 7 like yours, and it then doesn't work, do you know why? What should I do (other than waiting for the other ones to come)?

 

[Gedi223]

I'm using the card and tag that came with the kit but there's only 4 bits, not 7 like yours, and it then doesn't work, do you know why? What should I do (other than waiting for the other ones to come)?

I don't believe the card and tag that comes with the kits are actual ntag215. Most kits I've seen come with mifare s50 tags.

 

[GizmoTheGreen]

I don't believe the card and tag that comes with the kits are actual ntag215. Most kits I've seen come with mifare s50 tags.

yeah I got both a card and a keyring tag with mine they're both mifare 1K tags. so not able to be used as amiibos.

 

[GraFfiX420]

yeah I got both a card and a keyring tag with mine they're both mifare 1K tags. so not able to be used as amiibos.

Exactly the same stuff that came with mine.

 

[GizmoTheGreen]

Exactly the same stuff that came with mine.

installed the arduino IDE, got the rc522 library and loaded the dumpinfo example to verify my soldering job... worked wonderfully spitting out all the info into the serial logger

 

[-Leif-]

Thank You! This is awesome, had an arduino already lying around
for 12 tags and the rfid modul+ jumpercables i only needed to pay 5,9$
Can't wait to test it

 

[cybrian]

I'm using the card and tag that came with the kit but there's only 4 bits, not 7 like yours, and it then doesn't work, do you know why? What should I do (other than waiting for the other ones to come)?

installed the arduino IDE, got the rc522 library and loaded the dumpinfo example to verify my soldering job... worked wonderfully spitting out all the info into the serial logger

Basically as others have said, the card and keyfob that come with the MFRC522 boards aren't NTAG215's (or, at least, nobody's mentioned an MFRC522 that comes with NTAG215's); they're another kind of MIFARE tag that stores 1 KB of data (including serial numbers, etc.) as opposed to the 540 byte (504 usable) NTAG215 that Amiibo requires.

However, they're perfect for making sure the soldering job was done properly.


In other news, both as a personal project for learning C/C++, as well as because I'm impatient and haven't seen anyone post updates on the actual Amiibomb project, I have been working on a piece of software based on the code throughout this thread by RubyRoid/kelemen, socram8888, ShoGinn, etc. that will automate all of this for you — like OP says, there will be both an Arduino firmware and a client application (that is, an OS-dependent program that runs on your PC or Mac), and the idea is that you'll run the PC client, supplying it with the Amiibo encryption key and any Amiibo dump, then it will have the Arduino scan a target tag that is to be programmed, use amiitool as a library to decrypt the dump, patch the UID into the dump, reencrypt it, send it over serial (over USB) to the Arduino, and then the Arduino will write it to the tag.

In other words, it will be as simple as running this program and supplying it with an Amiibo dump and the Amiibo key, then scanning a blank tag twice (or simply leaving it on the scanner).

Right now I have most of the pieces working separately, but being that I have a limited number of tags and a limited knowledge of C/C++ and the NTAG215 standard I'm basically going into this blind, working on it in pieces (for example I'm saving the part that writes the tags for last and hoping that my debug code works, comparing hex dumps via my code to opening something made via the website for instance before even writing the part that burns the tag)

I feel like this isn't the right place to ask for help working on this, but if anyone here knows some C/C++ and/or is involved in the projects I'm using in my code, I could definitely use a lot of C-noob help (especially regarding pointers and structs and serial communication, for instance). I'm somewhat active at least in reading posts on here, as well as on Reddit (my username there is cybrian). I know this can be done very simply, but I could definitely use a few C pointers here!

Oh, and as soon as I have something that's at least somewhat working it'll be open source, I promise, and any release will contain credit where due. Right now, though, I need to make it a little more complete. I ported the 7-byte UID-to-9-byte UID code to C. very simple:

//9-byte UID is just 7-byte UID with two additional block check bits that can be calculated easily:
typedef unsigned char byte // I come from Arduino
byte bcc0; //first check bit
byte bcc1; //second check bit
byte uid9[9];
byte uid7[7] = { 0x04, 0x48, 0xe6, 0xf2, 0x48, 0x4d, 0x81}; //example 7 byte UID
#define xor ^ /* just to be clear what ^ does */
bcc0 = 0x88 xor uid7[0] xor uid7[1] xor uid7[2]; //0x88 is defined in the NTAG spec
bcc1 = uid7[3] xor uid7[4] xor uid7[5] xor uid7[6];
byte uid9[9] = { uid7[0], uid7[1], uid7[2], bcc0, uid7[3], uid7[4], uid7[5], uid7[6], bcc1 };

Right now I need to figure out the rest of how ShoGinn's script works so I can port the rest of it to C, but then it's simply a matter of programming the "write" function into my arduino firmware (thanks https://github.com/konstantin-kelemen/arduino-amiibo-tools ), porting amiitool to an includable function, and then this'll be a thousand times easier.

Again, I'd appreciate help from anyone involved in this sorta thing or otherwise knowledgeable in binary manipulation and serial communication via C/C++ (is termios.h meant to be this difficult to use? Thinking of switching to C++ and a higher level library)

 

[Ac_K]

Hi,
as I promise, there is the first Alpha version of AmiiBomb/AmiiBombuino.

Don't forget to set up a *.bin files folder and the Amiibo Keys when you start the program for the first time.
Please as I said, it's an Alpha version of it, so if you found bug when you use it normally, contact me.
Next steps are to add many little functions to make it more user friendly, add many checks to make sure you don't do somethings wrong and probably fix many bugs ^^!
After that, I want make AmiiBomb and AmiiBombuino open source (My code is to ugly right know...)!

Hope you enjoy it! Thanks for your patience!

http://www10.zippyshare.com/v/K6ILuuvS/file.html

 

[GizmoTheGreen]

Hi,
as I promise, there is the first Alpha version of AmiiBomb/AmiiBombuino.

Awesome! I had problem writing the arduino fw with your app, it says "Device Error" in a popup.
last two messages in log is
Establishing sync...
closing serial port...

anyway I wrote the .hex with XLoader and I managed to make an amiibo

 

[nitrostemp]

Hi,
as I promise, there is the first Alpha version of AmiiBomb/AmiiBombuino.

Don't forget to set up a *.bin files folder and the Amiibo Keys when you start the program for the first time.
Please as I said, it's an Alpha version of it, so if you found bug when you use it normally, contact me.
Next steps are to add many little functions to make it more user friendly, add many checks to make sure you don't do somethings wrong and probably fix many bugs ^^!
After that, I want make AmiiBomb and AmiiBombuino open source (My code is to ugly right know...)!

Hope you enjoy it! Thanks for your patience!

http://www10.zippyshare.com/v/K6ILuuvS/file.html

OMG, my arduino should be here to day, this is perfect. THANKS

 

[cybrian]

I'll definitely be checking this out tomorrow! Can you share the source code please? I for one don't mind ugly code. You could always put it on GitHub and just keep updating it as you refactor it/format it, etc.

 

[sith]

thanks for this! great work! would like to see it support powersaves and n2.

 

[Zarklord]

Awesome! I had problem writing the arduino fw with your app, it says "Device Error" in a popup.
last two messages in log is
Establishing sync...
closing serial port...

anyway I wrote the .hex with XLoader and I managed to make an amiibo

i get the same thing as him with a big fat "device error"

 

[dtomcat]

I get the following error when trying to write the amiibo (firmware was written fine)...

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string.
Parameter name: length
at System.String.Substring(Int32 startIndex, Int32 length)
at AmiiBomb.Helper_Class.<>c__DisplayClass3_0.<String_To_Byte_Array>b__1(Int32 x)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at AmiiBomb.Helper_Class.String_To_Byte_Array(String Hex)
at AmiiBomb.Amiibo_Class.Generate_Password(String Long_UID)
at AmiiBomb.Amiibo_Class.Patch(Byte[] Data, String UID)
at AmiiBomb.Flash_Form.<button2_Click>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.AsyncMethodBuilderCore.<>c.<ThrowAsync>b__6_0(Object state)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
AmiiBomb
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
----------------------------------------
System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1638.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Newtonsoft.Json
Assembly Version: 10.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
----------------------------------------
System.Numerics
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Numerics/v4.0_4.0.0.0__b77a5c561934e089/System.Numerics.dll
----------------------------------------
System.Runtime.Serialization
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
----------------------------------------
System.Data
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1636.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_32/System.Data/v4.0_4.0.0.0__b77a5c561934e089/System.Data.dll
----------------------------------------
BouncyCastle.Crypto
Assembly Version: 1.8.1.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
----------------------------------------
System.Management
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1646.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Management/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Management.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

--------------------- MERGED ---------------------------

also get this error whenever i minimize the application:

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.InvalidOperationException: SplitterDistance must be between Panel1MinSize and Width - Panel2MinSize.
at System.Windows.Forms.SplitContainer.set_SplitterDistance(Int32 value)
at AmiiBomb.Main_Form.Controls_Size()
at AmiiBomb.Main_Form.Main_Form_Resize(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnResize(EventArgs e)
at System.Windows.Forms.Form.OnResize(EventArgs e)
at System.Windows.Forms.Control.OnSizeChanged(EventArgs e)
at System.Windows.Forms.Control.UpdateBounds(Int32 x, Int32 y, Int32 width, Int32 height, Int32 clientWidth, Int32 clientHeight)
at System.Windows.Forms.Control.UpdateBounds()
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
AmiiBomb
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
----------------------------------------
System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1638.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Newtonsoft.Json
Assembly Version: 10.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
----------------------------------------
System.Numerics
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1586.0 built by: NETFXREL2
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Numerics/v4.0_4.0.0.0__b77a5c561934e089/System.Numerics.dll
----------------------------------------
System.Runtime.Serialization
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
----------------------------------------
System.Data
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1636.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_32/System.Data/v4.0_4.0.0.0__b77a5c561934e089/System.Data.dll
----------------------------------------
BouncyCastle.Crypto
Assembly Version: 1.8.1.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
----------------------------------------
System.Management
Assembly Version: 4.0.0.0
Win32 Version: 4.6.1646.0 built by: NETFXREL3STAGE
CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Management/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Management.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

 

[RubyRoid]

Hi,
as I promise, there is the first Alpha version of AmiiBomb/AmiiBombuino.

Don't forget to set up a *.bin files folder and the Amiibo Keys when you start the program for the first time.
Please as I said, it's an Alpha version of it, so if you found bug when you use it normally, contact me.
Next steps are to add many little functions to make it more user friendly, add many checks to make sure you don't do somethings wrong and probably fix many bugs ^^!
After that, I want make AmiiBomb and AmiiBombuino open source (My code is to ugly right know...)!

Hope you enjoy it! Thanks for your patience!

http://www10.zippyshare.com/v/K6ILuuvS/file.html

Great news!

Will make a post about your application in my blog!

 

[nitrostemp]

would anyone be able to make a quick youtube video tute?

 

[DjoeN]

Awesome! I had problem writing the arduino fw with your app, it says "Device Error" in a popup.
last two messages in log is
Establishing sync...
closing serial port...

anyway I wrote the .hex with XLoader and I managed to make an amiibo

For those looking for Xloader:

Get it here