Hacking DIY amiibo cards

[azerty55]

i have pm sweis12 for ask explain her job but he don't reply me
he don't give a source for modify this

 

[Mhetralla]

i have pm sweis12 for explain her job but he don't reply me
he don't give a source for modify this

He won't release anything, and he has a right to do it. Don't send him PMs harassing him to release it. Maybe he wants to be safe of possible C&Ds of Nintendo.

Also, be patient, he said that he will maybe posts a dev-blog in the future. Meanwhile, we have to try to do it in our own.

 

[azerty55]

i understand why he don't give a source.
but he give some word but he don't explain this
nVI1Vs, hVIII10, 123I81
i found Nothing about this

 

[Pecrow]

How about releasing via an anonymous pastbin? That has always worked in the past, has it not?

 

[SonicRings]

I'd love to just be able to use my phone as an amiibo instead of these NFC tags.

 

[Pecrow]

I'd love to just be able to use my phone as an amiibo instead of these NFC tags.

I would prefer NFC Tags over a Phone to be honest .

 

[izy]

He won't release anything, and he has a right to do it. Don't send him PMs harassing him to release it. Maybe he wants to be safe of possible C&Ds of Nintendo.

Also, be patient, he said that he will maybe posts a dev-blog in the future. Meanwhile, we have to try to do it in our own.

i already stated this since he gave not a single ounce of information on how this works and the video is clearly lacking.

We have a better chance assuming he has a blank tag under his phone and either it failed to read the first time, OR the APP wrote to the blank tag using the same type of data from this thread and it read the second time.

Since he gave no info, the video is very hidden in how he did it he could have shown the underside of his phone and also he did not swap multiple amiibos which would have been better proof on amiibo emulating because once a tag is written it cannot be rewritten.

So until he gives some actual information instead of posting some POC BS and saying OH NINTENDO WILL C&D ME and not even PMing anyone info then until then its total BS and view fishing

 

[SonicRings]

I would prefer NFC Tags over a Phone to be honest .

Using a phone is just way more convenient. No need to make sure your cards don't get creased, wet or lost when you leave them on the table. Also no need to buy the tags in the first place

 

[azerty55]

me i want just he give info about hce or just give her blog
i think it is real .
for the moment a wait to receive blank tag and nfc writer to china

 

[Mhetralla]

i understand why he don't give a source.
but he give some word but he don't explain this
nVI1Vs, hVIII10, 123I81
i found Nothing about this

I'm pretty sure the first one is NFC and the second one is HCE. I don't know about the third one, maybe it's Cia? (from CyanogenMod) Also, in his video, he gave us this hint "Cyanogen: O". I don't know what the ": O" bit could be.

i already stated this since he gave not a single ounce of information on how this works and the video is clearly lacking.

We have a better chance assuming he has a blank tag under his phone and either it failed to read the first time, OR the APP wrote to the blank tag using the same type of data from this thread and it read the second time.

Since he gave no info, the video is very hidden in how he did it he could have shown the underside of his phone and also he did not swap multiple amiibos which would have been better proof on amiibo emulating because once a tag is written it cannot be rewritten.

So until he gives some actual information instead of posting some POC BS and saying OH NINTENDO WILL C&D ME and not even PMing anyone info then until then its total BS and view fishing

Don't start this again, this is not the thread for that, the proper thread was his thread and now is closed.
I believe him. The first time he nears the phone to the reader, the NFC is disabled, to proof that he doesn't have anything under the cover. Naturally, it doesn't work, because there is nothing to read. The next time he tries it he enables NFC and it works. What you are saying that he's doing it doesn't even makes sense.
Look, I'm disappointed too for not having this, but c'mon. View fishing? He doesn't even has ads or more videos on his channel.

 

[Pecrow]

That is true, Leave that poor soul alone to this awesome app. We have this thread to try and do something similar and I hope that we are able to get the ntag215s ready and working In addition, thanks to the ones trying to work this out

 

[izy]

I'm pretty sure the first one is NFC and the second one is HCE. I don't know about the third one, maybe it's Cia? (from CyanogenMod) Also, in his video, he gave us this hint "Cyanogen: O". I don't know what the ": O" bit could be.


Don't start this again, this is not the thread for that, the proper thread was his thread and now is closed.
I believe him. The first time he nears the phone to the reader, the NFC is disabled, to proof that he doesn't have anything under the cover. Naturally, it doesn't work, because there is nothing to read. The next time he tries it he enables NFC and it works. What you are saying that he's doing it doesn't even makes sense.
Look, I'm disappointed too for not having this, but c'mon. View fishing? He doesn't even has ads or more videos on his channel.

Im saying if you read that he clearly could have just wrote to a NFC 215 TAG with the app when the nfc is enabled, since the device underside is hidden besides the tags are small enough to fit inside the case. (unless you have not been following this thread lol)

Aka he enables NFC the 2nd ttime and it writes to the tag, there are clearly apps that can do this. His POC would be believable if he swapped amiibos because of the reason that once a 215tag is written to it gets locked

 

[Mhetralla]

That is true, Leave that poor soul alone to this awesome app. We have this thread to try and do something similar and I hope that we are able to get the ntag215s ready and working In addition, thanks to the ones trying to work this out

In fact, it would be better to first be able to write a blank NTAG215. Because, with a phone, we still need to know that AND how to emulate a NTAG215.

Im saying if you read that he clearly could have just wrote to a NFC 215 TAG with the app when the nfc is enabled, since the device underside is hidden besides the tags are small enough to fit inside the case. (unless you have not been following this thread lol)

Aka he enables NFC the 2nd ttime and it writes to the tag, there are clearly apps that can do this. His POC would be believable if he swapped amiibos because of the reason that once a 215tag is written to it gets locked

Mm, okay, now I get what you are saying. That is a possibility, but... that's so twisted. Why he would do that? He's a known user of this forum. There is no need for that. Also, if he faked it and we discovered it, it would be worse for his e-fame.

 

[azerty55]

hope he write very fast a post in her blog
for know if it more easy to use hce or use nfc writer with tag

 

[Mhetralla]

hope he write very fast a post in her blog
for know if it more easy to use hce or use nfc writer with tag

He's not a girl, I'm pretty sure he'll prefer if you refer to him as a "his", and not as a "her".
Emulating tags with a phone will be harder than writing them on real tags.

My two cents: Scene world is not fast. You have to be patient, be mature, and give everyone a chance and trust them.

 

[Pecrow]

He's not a girl, I'm pretty sure he'll prefer if you refer to him as a "his", and not as a "her".
Emulating tags with a phone will be harder than writing them on real tags.

My two cents: Scene world is not fast. You have to be patient, be mature, and give everyone a chance and trust them.

Well said. Now lets get back on track with writing amiibos to blank ntag215

 

[Mhetralla]

Ok, back on track.

• We still have to know more about the amiibo data structure. This is the stuff we know at the moment. @Supercool330 said this a few days ago:
  

  I updated the layout on the Wikitemp Amiibo page to document the entire layout. I'll add descriptions for each byte when I have some time. There is really only two things I haven't figured out. The first is what the data on page 23 is used for. This is the page immediately after the character data pages, and as far as I can tell it isn't really used for anything currently. This means that if we are doing something wrong on this page (which is locked) it is possible that this could be used to detect a fake. If people could post UIDs along with pages 21 through 23, that would be great. The second thing is exactly how the 0x20 byte block at page 24 is generated. You can use whatever values you want here and the tag seems to work fine, so my assumption is that it is random (which makes sense as it is essentially used as salt for the DRBG used to generate per amiibo keys). However, if it is a hash of something, this could again be used to detect a fake. In fact, generating a valid (but corrupt) Amiibo dump is super easy, you can just set every byte to random, and then write the 2 pages with the character data.

  @Supercool330, take this. It's a lot of scanned amiibos info, it could be helpful to figure out the page 23.
  Also, we have to still to figure out this:
  

  The missing piece however is in fact using the locked secret keys to generate another derived keyset, and then using the hmac key from that keyset to hash the last two pieces hashed for the key at 0x80 (0x00 to 0x08 and 0x54 to 0x80).

• We will assume that the app @Skyforce77 modded works, and can write bin files on blank tags. We can't test yet if the tags it writes work, but at least the interface does so. It would be great if him can fix his app to work on <5.0 devices. (It crashes when it tries to open the file browser on <5.0 devices)

 

[Skyforce77]

Ok, back on track.

• We still have to know more about the amiibo data structure. This is the stuff we know at the moment. @Supercool330 said this a few days ago:
  
  @Supercool330, take this. It's a lot of scanned amiibos info, it could be helpful to figure out the page 23.
  Also, we have to still to figure out this:
  
  
• We will assume that the app @Skyforce77 modded works, and can write bin files on blank tags. We can't test yet if the tags it writes work, but at least the interface does so. It would be great if him can fix his app to work on <5.0 devices. (It crashes when it tries to open the file browser on <5.0 devices)

I can't because I haven't any 5.0< device. But I Can confirm it write on amiibo (not factory locked bytes). I think you'll have to lock your blank tag with a password (Generated with tag's UUID)

 

[Mhetralla]

I can't because I haven't any 5.0< device. But I Can confirm it write on amiibo (not factory locked bytes). I think you'll have to lock your blank tag with a password (Generated with tag's UUID)

You can emulate any Android with Android Studio. Go to Tools>Android>AVD Manager and "Create Virtual Device...".

About locking the blank tag, we can do that. We can get the UID of the blank tag with any NFC scanner on Android and generate the password with this website.

 

[nurofen]

I am stuck again, I think I am getting closer, but I want to check my keys file (The locked secret one, not the unfixed infos) can someone help me out here, maybe an md5 checksum or something?