Ok, I finished up a python script that can scan, decrypt, encrypt, fix the signature at page 0x20, and restore the dump to either an unlocked NTag, or an existing Amiibo.
https://gist.github.com/anonymous/0a3e16f8f814deb2a056
WARNING: YOU CAN TOTALLY FUBAR AN AMIIBO WITH THIS
WARNING: THIS DOESN'T ACTUALLY WORK WITH BLANK TAGS (yet), WE ARE STILL MISSING PART OF THE PROCESS
Right now, any clones created with this will fail, and have certain pages locked from future writes.
Notes:
- The decrypted dump layout is different than amiitool; all sections are left in place, so the order is identical to that on the tag
- The key file format is exactly the same as amiitool
- This application works with 520 byte dumps, the config pages at the end are handled seperately
- This works with essentially any USB NFC reader. I used an ACR122U (even though they are crap). See the nfc py device compatibility page for more info.
Dependencies:
- Python 2.7: You will want to install the latest version of the 2.7 branch (currently 2.7.11). This is fairly straight forward.
- libusb: Getting this working on Windows is a bit of a pain, read this for help.
- pyusb: Download the latest zip from github, and then run the setup.py script to install.
- nfcpy: Download the tar.gz from Launchpad, open with 7zip, grab the "nfc" directory from inside, and put it either next to the script, or in your Python installation's site-packages directory. The tagtool.py script in the examples directory can be used to diagnose issues.
- PyCryptodome: Install from the command line with "python -m pip install pycryptodome".
Usage:
python amiibo.py -k KEYFILE scan [-o OUTFILE]
python amiibo.py -k KEYFILE decrypt [-i INFILE] [-o OUTFILE]
python amiibo.py -k KEYFILE encrypt [-i INFILE] [-o OUTFILE]
python amiibo.py -k KEYFILE restore [-i INFILE]
All infile arguments default to stdin, and all outfile arguments default to stdout.
Tested on Windows and Linux; should work on Mac as well.