Hacking DIY amiibo cards

[HiddenRambler]

Really? I thought that it should start with uint8_t hmacKey[16] https://github.com/javimadgit/amiitool/blob/master/include/nfc3d/keygen.h and 7F 75 28 is the hardcoded type string "unfixed infos" I found @ pastbin

I know i though so too. finally i wrote a program to write every possible combination of key files using every single bit of data available from that pastebin file, and checked for the one which matched the md5 posted by others , and thats what it says in the start of my locked secret file.

--------------------- MERGED ---------------------------

I should note that when with the two tags I made, 3DS gave a corrupted tag error but allowed me to reset the tag. After resetting it worked just fine. So there must be some small part of the encryption which is broken but as long as you don't care about the data already in the file it works fine.

 

[derthomas]

Can you provide a win application too? Dont have an nfc android phone. usb nfc reader/writer only soon :/

 

[HiddenRambler]

what I'm doing wrong? I try to create the required key file since 1 hour. but checksum does not match. here are first 2 and last 2 columns of my dump:

ed 29...8a c0
75 6e...00 0e
db 4b...00 00
04 49...ae d4
ef 39...47 66
1d 16...c2 05
6c 6f...00 10
fd c8...74 c1
04 49...ae d4
ef 39...47 66

What's wrong with it?

i'm so sorry i was wrong. I didn't realise you were trying to make the new file with both sets of keys.

You file should start with 1D 16. The second half half of your file(where it says 1d 16 in your file) should start with 7F 75.

Hope this helps. Again sorry for the confusion.

 

[rena2019]

I know i though so too. finally i wrote a program to write every possible combination of key files using every single bit of data available from that pastebin file, and checked for the one which matched the md5 posted by others , and thats what it says in the start of my locked secret file.

--------------------- MERGED ---------------------------

I should note that when with the two tags I made, 3DS gave a corrupted tag error but allowed me to reset the tag. After resetting it worked just fine. So there must be some small part of the encryption which is broken but as long as you don't care about the data already in the file it works fine.

i'm so sorry i was wrong. I didn't realise you were trying to make the new file with both sets of keys.

You file should start with 1D 16. The second half half of your file(where it says 1d 16 in your file) should start with 7F 75.

Hope this helps. Again sorry for the confusion.

no problem. many thanks for your help:

$ md5sum ~/javimadgit_amiitool/amiitool/all_in_one_keys.bin
45fd53569f5765eef9c337bd5172f937 ~/javimadgit_amiitool/amiitool/all_in_one_keys.bin
$ sha1sum ~/javimadgit_amiitool/amiitool/all_in_one_keys.bin
bbdbb49a917d14f7a997d327ba40d40c39e606ce ~/javimadgit_amiitool/amiitool/all_in_one_keys.bin

 

[Deleted User]

I GOT IT WORKING! Amiibo made!

 

[HiddenRambler]

I GOT IT WORKING! Amiibo made!

lol. Did you use my app? If so did it just work or did you have to fiddle with it?

 

[Pecrow]

I GOT IT WORKING! Amiibo made!

Im so exited Could you make a step by step guide? For noobs like myself?

--Edit--

By the way guys, remember the amiibo cards I made : Now that it is possible these look a lot better If you need any additional amiibo made let me know,

Hey I finished all 87 Amiibo cards (Covering every single amiibo release upto date excluding Animal Crossing cards) + an extra surprise for the REAL fans !! ( Spoiler below on the surprise )

Spoiler: Spoiler

It's KIPACHU !!!!!!!!
* For those who dont know kipachu http://9gag.com/gag/aDmmYV9/somebody-wanted-a-drawing-of-the-kipachu-here-you-go-d *

@_Tim_ OP If you would like to add this to the main post as an extra bonus I'm all for it. I put a lot of hours to get these ready. Hope everyone enjoys !!!!

I didn't know there was a file size limit on the attachments so I uploaded it to my OneDrive -25MB- : http://1drv.ms/1mSOlmS (Let me know if link goes bad)

Each Amiibo ARCARD has its own code. Kept the same codes to match the original ARCARDS and all other codes go in order in which they were released (As displayed by http://www.nintendo.com/amiibo/line-up Except for Yoshi.. which I skipped accidentally so he got first one )

 

[Deleted User]

lol. Did you use my app? If so did it just work or did you have to fiddle with it?

It just worked.

 

[Deleted User]

https://gbatemp.net/threads/making-amiibo-ntag215s.413050/

 

[izy]

In fact, it would be better to first be able to write a blank NTAG215. Because, with a phone, we still need to know that AND how to emulate a NTAG215.

Mm, okay, now I get what you are saying. That is a possibility, but... that's so twisted. Why he would do that? He's a known user of this forum. There is no need for that. Also, if he faked it and we discovered it, it would be worse for his e-fame.

real question is why would he post it in the first place if he is so scared of nintendo hunting him down, Look at this Thread and what @_Tim_ has done for us, besides all the software would do is write a tag copyright cant even be claimed y nintendo over something like that unless they prove he is using illegal dumps of tags, when he could actually follow up that it was a backup of his own amiibo or any BS becausein truth nintendo wont do anything or else the amiiqo would have been taken out long ago.

Also as you can see from the thread PokerAcer just made, my idea on how he did it can easily be verified at least because it is no longer a POC its an actual thing writing tags directly from the phone to a 215

 

[Mhetralla]

real question is why would he post it in the first place if he is so scared of nintendo hunting him down, Look at this Thread and what @_Tim_ has done for us, besides all the software would do is write a tag copyright cant even be claimed y nintendo over something like that unless they prove he is using illegal dumps of tags, when he could actually follow up that it was a backup of his own amiibo or any BS becausein truth nintendo wont do anything or else the amiiqo would have been taken out long ago.

Also as you can see from the thread PokerAcer just made, my idea on how he did it can easily be verified at least because it is no longer a POC its an actual thing writing tags directly from the phone to a 215

@_Tim_ gave us the same ammount of info that @sweis12 did. We have to figure out what he did, in the the same way we did with this, here.

 

[Kawaii]

Hi, just i got mixed information regarding NTAG215 that is compatible.

i was looking at this link which is posted few page back. its not a 888 byte though. will it work?

de.aliexpress.com/item/NTAG215-NFC-TAG-NFC-Forum-Type-2-Tag-All-NFC-Phone-Available-NFC-Adhesive-Labels-Dia/32315909847.html?spm=2114.47010308.4.2.4lzkcp

 

[Deleted User]

you need a 540 byte.

 

[sweis12]

you need a 540 byte.

Attached is a small app which can write VALID tag file to a blank NTAG215 tag. **The file must already be correctly encrypted to match the new tags UID**. The app will auto calculate the write password.

Load the file using the menu. then select write from menu and then put the phone on the tag. try not to move the phone and be careful as there is virtually no error checking/recovery.

I think you can use the modified version of amiitoo by @javiMaD, but i haven't tested it.

It worked twice for me so far but it your mileage will probably vary.

This is really alpha quality stuff. No real error checking I have no idea what bad things it could do to your tags/phone/3ds. I will not be held responsible for any damage including but not limited to the event that Nintendo may send hitmen to kill you.

I will post the source code as soon as I can figure out which files might contain private data in a android project.

Thx again for all the people who posted details to make this possible.


Edit: Included source code.

Has anyone else tested this? I ordered some NTAG215 to test this out.
If it is working, congratulations !

 

[azerty55]

it is working thanks all for your help
sweis you made a app hce why you use tag ?

 

[socram8888]

I uploaded a modified version of amitool, which calculates the hash missing. Use one key file (160 bytes), simply concatenate the "unfixed info" followed by "secret locked" into one file.

https://github.com/javimadgit/amiitool

Aaahhh... So that's what "locked secret" was for...

I didn't knew what it was for. Thought it was for some sorta of upcoming ads with read-only NFC tags to unlock stuff on games.

 

[nurofen]

Well I finally got it working last night.
I have created a modified version of the python script from @Supercool330 , many thanks to him. It basically only decrypts and encrypts and takes the same parameters each time even though they may not be used.
You will need two binary key files, the 'unfixed infos' and the 'locked secret' . the md5s can be found for both here.
The -u parameter is for a binary file of the 7 byte UID of the blank tag (can be found using the amiiqo app)

The idea is you decrypt your file with:

python amiibo_encrypt.py -k unfixed_keys.bin -m locked_keys.bin -u uid_blank_tag.bin decrypt -i luigi.bin -o luigi_decrypt.bin

then encrypt...

python amiibo_encrypt.py -k unfixed_keys.bin -m locked_keys.bin -u uid_blank_tag.bin encrypt -i luigi_decrypt.bin -o luigi_blank.bin

You can then write the output file to your blank tag using whatever method you like. I have modified @Skyforce77 app (https://github.com/skyforce77/unsafeamiiwrite) and created my own app for writing the tags.

Anyway here is the python script if anyone is interested. http://pastebin.com/qCXAS7HQ

I am now working on getting the python stuff into the android app so it all in one program, not sure if I can or how long it will take.

 

[oxenh]

hi, there is a way to do the amiibo card thing with only a PC? ( because i don´t have a NFC phone and cannot afford one for now)

 

[elmoemo]

hi, there is a way to do the amiibo card thing with only a PC? ( because i don´t have a NFC phone and cannot afford one for now)

With the amiiqo they have a nfc reader and I believe you can buy it separately too

 

[oxenh]

So i cannot do it without the amiiqo stuff? like a NFC reader/writter and windows program and stuff like that