Toggle sidebar

Hacking Spoofing an amiibo using Android+NFC?

  • Thread starter Thread starter dude22072
  • Start date Start date
  • Views Views 501,559
  • Replies Replies 253
  • Likes Likes 1
ha....and the very person that does will be immediately cease and desisted and fined to oblivion.

Amibo is is their new baby...and skylanders makes more money than call of duty. you think they are going to seriously let someone hack their possible cashcow?

the last time someone was even RESEARCHING into hacking it NFC figures (without releasing anything) was threatened severely by Activision with imprisonment and copyright infringement fines. He immediately pulled his blog and all his findings immediately like the p***y they scared him into being

no ones going to do it.

and Nintendo will treat any breach of their NFC figure encryption the same way. Activision set the precedent.
 
  • Like
Reactions: jgalloway64
With the infinity figures there are custom files so you can play as any character on a rgh 360 or a cfw ps3
 
  • Like
Reactions: Margen67
Encryption doesn't mean a thing in this case. You could simply record the signal and play it back, probably just use a scope I don't believe there is anything active inside those, it's basically RFID. And a C&D letter? Having been on the receiving end of plenty, they mean nothing.

NFC Tags (as these toys ARE NOT powered):
Near-field communication devices operate at the same frequency (13.56 MHz) as HF RFID readers and tags. The standards and protocols of the NFC format is based on RFID standards outlined in ISO/IEC 14443, FeliCa, and the basis for parts of ISO/IEC 18092. These standards deal with the use of RFID in proximity cards.


  • Low Frequency (LF) 125 -134 kHz
  • High Frequency (HF)13.56 MHz <---------------------------------NFC and RFID
  • Ultra High Frequency (UHF) 856 MHz to 960 MHz




And these are the standards supported by Android devices, maybe not native,
but you can build software for:

NFC-A (ISO 14443-3A)
NFC-B (ISO 14443-3B)
NFC-F (JIS 6319-4)
NFC-V (ISO 15693)
ISO-DEP (ISO 14443-4)
NDEF
MIFARE
MIFARE Ultralight
 
  • Like
Reactions: m37r01d, EpicLPer, Elliander and 6 others
mixelpixx said:
Encryption doesn't mean a thing in this case. You could simply record the signal and play it back, probably just use a scope I don't believe there is anything active inside those, it's basically RFID. And a C&D letter? Having been on the receiving end of plenty, they mean nothing.

NFC Tags (as these toys ARE NOT powered):
Near-field communication devices operate at the same frequency (13.56 MHz) as HF RFID readers and tags. The standards and protocols of the NFC format is based on RFID standards outlined in ISO/IEC 14443, FeliCa, and the basis for parts of ISO/IEC 18092. These standards deal with the use of RFID in proximity cards.


  • Low Frequency (LF) 125 -134 kHz
  • High Frequency (HF)13.56 MHz <---------------------------------NFC and RFID
  • Ultra High Frequency (UHF) 856 MHz to 960 MHz



And these are the standards supported by Android devices, maybe not native,
but you can build software for:

NFC-A (ISO 14443-3A)
NFC-B (ISO 14443-3B)
NFC-F (JIS 6319-4)
NFC-V (ISO 15693)
ISO-DEP (ISO 14443-4)
NDEF
MIFARE
MIFARE Ultralight
Click to expand...
So does this mean you're going to make one?
 
  • Like
Reactions: mesenkomaha and FPSRussi4
What mixelpixx is true, I'm not really sure if amiibo needs your Wii U to be connected to the internet or not, but if it doesn't connect to the internet you can just record the signal of a amiibo figurine and clone it to use the recorded signal on another console..
 
mixelpixx said:
Encryption doesn't mean a thing in this case. You could simply record the signal and play it back, probably just use a scope I don't believe there is anything active inside those, it's basically RFID. And a C&D letter? Having been on the receiving end of plenty, they mean nothing.

NFC Tags (as these toys ARE NOT powered):
Near-field communication devices operate at the same frequency (13.56 MHz) as HF RFID readers and tags. The standards and protocols of the NFC format is based on RFID standards outlined in ISO/IEC 14443, FeliCa, and the basis for parts of ISO/IEC 18092. These standards deal with the use of RFID in proximity cards.


  • Low Frequency (LF) 125 -134 kHz
  • High Frequency (HF)13.56 MHz <---------------------------------NFC and RFID
  • Ultra High Frequency (UHF) 856 MHz to 960 MHz




And these are the standards supported by Android devices, maybe not native,
but you can build software for:

NFC-A (ISO 14443-3A)
NFC-B (ISO 14443-3B)
NFC-F (JIS 6319-4)
NFC-V (ISO 15693)
ISO-DEP (ISO 14443-4)
NDEF
MIFARE
MIFARE Ultralight
Click to expand...


Would like to pursue this as a side project. If its really that easy. Would buy RFID reader & figures... PM?
Have HTC M8, if thats compatible lets do this. I know RFID capture is simple and I achieved it before to haxx something that shant be named. As long as theres no serious hurdles Id like to test/dev.

dauphin327 said:
What mixelpixx is true, I'm not really sure if amiibo needs your Wii U to be connected to the internet or not, but if it doesn't connect to the internet you can just record the signal of a amiibo figurine and clone it to use the recorded signal on another console..
Click to expand...

Shouldnt need internet to use figures, thatd be a cruel joke to kids everywhere. My concern is if they're serialized you would HAVE to be offline, bc if everyone DL's the same amiibo file and it requires authentication, guess what...

On a side note RFID recording is possible portably... I.e. picking up somebody's speedpass for Exxon and getting free gas.... Or walking down the toy store aisle and recording up to 100's of amiibos... The possibilities.... Just dont expect the Google Play Store to host your app lol. Would b nice to pick an amiibo on your mobile and then bam, done....
 
  • Like
Reactions: dauphin327
Master0fBlunt said:
On a side note RFID recording is possible portably... I.e. picking up somebody's speedpass for Exxon and getting free gas.... Or walking down the toy store aisle and recording up to 100's of amiibos... The possibilities.... Just dont expect the Google Play Store to host your app lol. Would b nice to pick an amiibo on your mobile and then bam, done....
Click to expand...


Aaaaaaactually, this is not possible, and I'm certain its probably to prevent something like what you guys are talking about from happening. Anyway, the current security measures inside an Amiibo box is a small 1"x1" (ish) sheet of tin foil at the bottom inside the packaging that prevents communication with anything.
 
  • Like
Reactions: pelago and cearp
TotalInsanity4 said:
Aaaaaaactually, this is not possible, and I'm certain its probably to prevent something like what you guys are talking about from happening. Anyway, the current security measures inside an Amiibo box is a small 1"x1" (ish) sheet of tin foil at the bottom inside the packaging that prevents communication with anything.
Click to expand...

LoL, dont want to be condescending but that would be at the bottom of my list of concerns. However you have my interest, would like details/pics. Sounds like an anti theft device to me.... A jammer would require power, which is not likely if its just a piece of foil lol. You would essentially have to wrap every miibo in lead to be remotely effective. Which if its made in china itll probably already be lead coated lmao.

Edit:

For sake of argument lets say thats true, it still doesnt mean sh1t lol. I could easily and discreetly defeat that instore, and if i couldnt who cares. Ill scan all my friends and my own, etc. I mean ultimately the the biggest issue is recording, and re transmitting. Everything else is trivial.
 
Eh im not sold. That metal piece reacts at a certain frequency like security tags i bet. And its on the bottom... They take attendance in some schools with rfid, meaning you dont have to be very close. Might be a diff freq but the point is, i can easily find somethin more powerful than that gimmick they crammed into the gamepad...
 
RFID can work from pretty big distances, sure, but these are specifically made to only work close by. Either way - being able to read them isn't really something that matters when you know the data format and can emulate them.

Yes, this is technically possible. The figures are Mifare Ultralight NFC tags, and the data is readable without any keys. Writing is locked, however. Most NFC enabled Android phones support Host-based Card Emulation, which could reproduce this information in a way readable for the gamepad. Theoretically.

Technically/theoretically possible doesn't mean it'll happen though.
If I have some free time I'll look into it. Reverse engineering stuff is a hobby of mine.
 
  • Like
Reactions: Fpsrussia117 and sychotix
mixelpixx said:
A C&D letter? Having been on the receiving end of plenty, they mean nothing.
Click to expand...


watch-out-guys-clean.jpg


To everyone else, this would definitely be a good way to spoof an amiibo, but i'm not sure if you could exploit the system or something like that.
 
  • Like
Reactions: cearp
All this technical mumbo jumbo aside, how realistic would it be that someone could start spoofing the NFCs in Amiibos (or Disney Infinity or Skylanders) and upload the process online for everyone to put on their smart phone and have all the Amiibos they wanted? Whoever was saying it would be hard to scan figures in the boxes, well heck we could just buy them. If this was possible I wouldn't mind donating money to buy an amiibo, and if 48 people did that we could have an entire amiibo collection for everyone to share.
 
DinohScene said:
And this is the day that pirates are even pirating physical figurines.
Wow....

Come on, their 15 quid.
Prolly cheaper when buying them second hand later on...
Click to expand...

The paint job in their new condition isn't that solid much less being used by someone who probably dropped and more.

Most online retailers sell it for about £10, but ain't sure about retail stores.
 
DinohScene said:
Retail is 15 quid.
Online is a tenner yeh.

Eh, I'll get the Pit one for sure, prolly just for placing it on me shelves of games ;p
Click to expand...
Fox, Samus, Pit, Mega Man, Mario, Rosalina, Little Mac.. all these seem to be worth it. Except for Link, what the hell have they done to him?!

Nintendo, you should be ashamed of Link's Amiibo!
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Strange Blue Blinking Wii U

Hacking Homebrew Project  Modernized YouTube for Wii U

Wii Games Performance on Wii U (vWii C2W Overclock) – Community Testing & Results Sharing

[discussion] Paper Mario Wii U or Mario Kart 64 wii u?

Gaming Homebrew Misc Project  Roséverse - a 1:1 Miiverse revival by Project Rosé!

Can the Wii u pro controller works for Wii games ?

My dad's Wii U cannot install Aroma. HELP!!

[PRERELEASE] Sonic 3 A.I.R. (finally) Wii U