Apologies if I am out of the loop or if this is a stupid pointless question.
Theoretically speaking, could you rewrite the data on an amiibo or other NFC chip so when it is read by the 3DS, Wii U or Switch it would exploit a vulnerability in the system and could then run userland homebrew? I doubt it would be possible on the Switch as it’s got some “state of the art” security thanks to Nvidia but how about on Nintendo’s older, forgotten systems? Amiibo can only store 8 KB of data, so it would need some compression, but is it possible?
There are a few of things that are always required for an exploit to be possible:
1. There must be some sort of glitch that either causes the console to execute garbage code or that we can control with carefully crafted data so that it executes garbage code. Not all crashes work in this way. This is our entrypoint.
2. Then, we must be able to control the location of the garbage that's executed, or the contents of that garbage to make it execute the code we want. Meaning we must somehow be able to control data in memory.
3. Additionally, even if we can control data in memory, that doesn't automatically mean we can execute our own code. So often another exploit or trick is needed for that. But that would often be a more general exploit that can be used with any entrypoint. I believe this exists, but not for the latest firmware version, and not in public.
Also, we have to mostly/completely break out of the sandbox to do most of the interesting stuff. But for userland homebrew, the above 3 are enough.
The exception to these rules is when we can actually trick the code into thinking our code is legitimate. That's the holy grail of exploits. The RCM exploit works this way as well as B9S and ntrboot on 3DS. But in this case that's not an option, because there's no code inside the Amiibos that gets executed.
So for this case, we can tick the second box. We have full control over the data written to Amiibos and we can encrypt it to work on any retail console.
That also makes it easier to find an exploit, since we're able to test random garbage data, or corrupting certain sections of the Amiibo data to try to produce a crash.
But we still need an actual exploit, if one even exists.
I don't know if anyone's done research into if this is possible, but we don't know half of what goes on behind the scenes and I suspect that it's probably been looked at and dismissed as not possible or not viable, though that doesn't mean it's 100% not possible, it just means whoever looked at it couldn't find anything.
In the end, the only person who can tell you if it's possible would be the one that looked at it. It's not possible for us to answer. But, most likely not as exploits are few and far between (especially on the Switch but that could change in the future) and such a convenient entrypoint would have no doubt been looked at a long time ago.
Note, there might be some inaccuracies in this post. I'm no console hacking guru, this is all just going off what I've read and watched of console hacking writeups, talks, source code, and the goings on in the scene over the years and I might be forgetting or misremembering stuff.
.... I think
