[Tools] AmiiBomb

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by Ac_K, Apr 17, 2017.

  1. acidenitr0s

    acidenitr0s Newbie

    Newcomer
    1
    May 2, 2017
    France
    I have ordered these NTAGs, for what its interested.
     
  2. GraFfiX420

    GraFfiX420 GBAtemp Fan

    Member
    8
    Oct 14, 2009
    United States
    I was just thinking about something, since the datel powertags are rewriteable, couldn't we just use those if we wanted to? I mean does anyone know how they are emulating the lock bits?
     
  3. dragonbladerxx1

    dragonbladerxx1 GBAtemp Regular

    Member
    2
    Sep 12, 2008
    United States
  4. LoDeus

    LoDeus Advanced Member

    Newcomer
    2
    Feb 2, 2016
    Belgium
    I'm using the card and tag that came with the kit but there's only 4 bits, not 7 like yours, and it then doesn't work, do you know why? What should I do (other than waiting for the other ones to come)?
     
  5. Gedi223

    Gedi223 Advanced Member

    Newcomer
    3
    Feb 16, 2008
    United States

    I don't believe the card and tag that comes with the kits are actual ntag215. Most kits I've seen come with mifare s50 tags.
     
    LoDeus, GraFfiX420 and Azel like this.
  6. GizmoTheGreen

    GizmoTheGreen GBAtemp Advanced Fan

    Member
    6
    Oct 8, 2009
    yeah I got both a card and a keyring tag with mine they're both mifare 1K tags. so not able to be used as amiibos.
     
    LoDeus likes this.
  7. GraFfiX420

    GraFfiX420 GBAtemp Fan

    Member
    8
    Oct 14, 2009
    United States
    Exactly the same stuff that came with mine.
     
  8. GizmoTheGreen

    GizmoTheGreen GBAtemp Advanced Fan

    Member
    6
    Oct 8, 2009
    installed the arduino IDE, got the rc522 library and loaded the dumpinfo example to verify my soldering job... worked wonderfully spitting out all the info into the serial logger :)
     
  9. -Leif-

    -Leif- Member

    Newcomer
    3
    Nov 11, 2009
    Gambia, The
    Thank You! This is awesome, had an arduino already lying around
    for 12 tags and the rfid modul+ jumpercables i only needed to pay 5,9$
    Can't wait to test it ^_^
     
    gix222 likes this.
  10. cybrian

    cybrian GBAtemp Regular

    Member
    4
    Sep 14, 2009
    United States
    Basically as others have said, the card and keyfob that come with the MFRC522 boards aren't NTAG215's (or, at least, nobody's mentioned an MFRC522 that comes with NTAG215's); they're another kind of MIFARE tag that stores 1 KB of data (including serial numbers, etc.) as opposed to the 540 byte (504 usable) NTAG215 that Amiibo requires.

    However, they're perfect for making sure the soldering job was done properly.


    In other news, both as a personal project for learning C/C++, as well as because I'm impatient and haven't seen anyone post updates on the actual Amiibomb project, I have been working on a piece of software based on the code throughout this thread by RubyRoid/kelemen, socram8888, ShoGinn, etc. that will automate all of this for you — like OP says, there will be both an Arduino firmware and a client application (that is, an OS-dependent program that runs on your PC or Mac), and the idea is that you'll run the PC client, supplying it with the Amiibo encryption key and any Amiibo dump, then it will have the Arduino scan a target tag that is to be programmed, use amiitool as a library to decrypt the dump, patch the UID into the dump, reencrypt it, send it over serial (over USB) to the Arduino, and then the Arduino will write it to the tag.

    In other words, it will be as simple as running this program and supplying it with an Amiibo dump and the Amiibo key, then scanning a blank tag twice (or simply leaving it on the scanner).

    Right now I have most of the pieces working separately, but being that I have a limited number of tags and a limited knowledge of C/C++ and the NTAG215 standard I'm basically going into this blind, working on it in pieces (for example I'm saving the part that writes the tags for last and hoping that my debug code works, comparing hex dumps via my code to opening something made via the website for instance before even writing the part that burns the tag)

    I feel like this isn't the right place to ask for help working on this, but if anyone here knows some C/C++ and/or is involved in the projects I'm using in my code, I could definitely use a lot of C-noob help (especially regarding pointers and structs and serial communication, for instance). I'm somewhat active at least in reading posts on here, as well as on Reddit (my username there is cybrian). I know this can be done very simply, but I could definitely use a few C pointers here!

    Oh, and as soon as I have something that's at least somewhat working it'll be open source, I promise, and any release will contain credit where due. Right now, though, I need to make it a little more complete. I ported the 7-byte UID-to-9-byte UID code to C. very simple:
    Code:
    //9-byte UID is just 7-byte UID with two additional block check bits that can be calculated easily:
    typedef unsigned char byte // I come from Arduino
    byte bcc0; //first check bit
    byte bcc1; //second check bit
    byte uid9[9];
    byte uid7[7] = { 0x04, 0x48, 0xe6, 0xf2, 0x48, 0x4d, 0x81}; //example 7 byte UID
    #define xor ^ /* just to be clear what ^ does */
    bcc0 = 0x88 xor uid7[0] xor uid7[1] xor uid7[2]; //0x88 is defined in the NTAG spec
    bcc1 = uid7[3] xor uid7[4] xor uid7[5] xor uid7[6];
    byte uid9[9] = { uid7[0], uid7[1], uid7[2], bcc0, uid7[3], uid7[4], uid7[5], uid7[6], bcc1 };
    Right now I need to figure out the rest of how ShoGinn's script works so I can port the rest of it to C, but then it's simply a matter of programming the "write" function into my arduino firmware (thanks https://github.com/konstantin-kelemen/arduino-amiibo-tools ), porting amiitool to an includable function, and then this'll be a thousand times easier.

    Again, I'd appreciate help from anyone involved in this sorta thing or otherwise knowledgeable in binary manipulation and serial communication via C/C++ (is termios.h meant to be this difficult to use? Thinking of switching to C++ and a higher level library)
     
    Azel, GraFfiX420 and Zarklord like this.
  11. Ac_K
    OP

    Ac_K Advanced Member

    Newcomer
    6
    Mar 1, 2009
    France
    Hi,
    as I promise, there is the first Alpha version of AmiiBomb/AmiiBombuino.

    Don't forget to set up a *.bin files folder and the Amiibo Keys when you start the program for the first time.
    Please as I said, it's an Alpha version of it, so if you found bug when you use it normally, contact me.
    Next steps are to add many little functions to make it more user friendly, add many checks to make sure you don't do somethings wrong and probably fix many bugs ^^!
    After that, I want make AmiiBomb and AmiiBombuino open source (My code is to ugly right know...)!

    Hope you enjoy it! Thanks for your patience!

    http://www10.zippyshare.com/v/K6ILuuvS/file.html
     
    anonymoose, GraFfiX420, Azel and 4 others like this.
  12. GizmoTheGreen

    GizmoTheGreen GBAtemp Advanced Fan

    Member
    6
    Oct 8, 2009
    Awesome! I had problem writing the arduino fw with your app, it says "Device Error" in a popup.
    last two messages in log is
    Establishing sync...
    closing serial port...

    anyway I wrote the .hex with XLoader and I managed to make an amiibo :)
     
  13. nitrostemp

    nitrostemp GBAtemp Maniac

    Member
    6
    Mar 15, 2009
    OMG, my arduino should be here to day, this is perfect. THANKS
     
  14. cybrian

    cybrian GBAtemp Regular

    Member
    4
    Sep 14, 2009
    United States
    I'll definitely be checking this out tomorrow! Can you share the source code please? I for one don't mind ugly code. You could always put it on GitHub and just keep updating it as you refactor it/format it, etc.
     
  15. sith

    sith Member

    Newcomer
    4
    Apr 10, 2007
    United States
    thanks for this! great work! would like to see it support powersaves and n2.
     
  16. Zarklord

    Zarklord GBAtemp Regular

    Member
    2
    May 13, 2016
    United States
    i get the same thing as him with a big fat "device error"
     
  17. dtomcat

    dtomcat Newbie

    Newcomer
    1
    May 8, 2017
    United States
    I get the following error when trying to write the amiibo (firmware was written fine)...

    See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.

    ************** Exception Text **************
    System.ArgumentOutOfRangeException: Index and length must refer to a location within the string.
    Parameter name: length
    at System.String.Substring(Int32 startIndex, Int32 length)
    at AmiiBomb.Helper_Class.<>c__DisplayClass3_0.<String_To_Byte_Array>b__1(Int32 x)
    at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
    at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
    at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
    at AmiiBomb.Helper_Class.String_To_Byte_Array(String Hex)
    at AmiiBomb.Amiibo_Class.Generate_Password(String Long_UID)
    at AmiiBomb.Amiibo_Class.Patch(Byte[] Data, String UID)
    at AmiiBomb.Flash_Form.<button2_Click>d__8.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.AsyncMethodBuilderCore.<>c.<ThrowAsync>b__6_0(Object state)


    ************** Loaded Assemblies **************
    mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
    ----------------------------------------
    AmiiBomb
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
    ----------------------------------------
    System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
    ----------------------------------------
    System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
    ----------------------------------------
    System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
    ----------------------------------------
    System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
    ----------------------------------------
    System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1638.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
    ----------------------------------------
    System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
    ----------------------------------------
    Newtonsoft.Json
    Assembly Version: 10.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
    ----------------------------------------
    System.Numerics
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Numerics/v4.0_4.0.0.0__b77a5c561934e089/System.Numerics.dll
    ----------------------------------------
    System.Runtime.Serialization
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
    ----------------------------------------
    System.Data
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1636.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_32/System.Data/v4.0_4.0.0.0__b77a5c561934e089/System.Data.dll
    ----------------------------------------
    BouncyCastle.Crypto
    Assembly Version: 1.8.1.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
    ----------------------------------------
    System.Management
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1646.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Management/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Management.dll
    ----------------------------------------

    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.

    For example:

    <configuration>
    <system.windows.forms jitDebugging="true" />
    </configuration>

    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.

    Untitled.png

    — Posts automatically merged - Please don't double post! —

    also get this error whenever i minimize the application:

    See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.

    ************** Exception Text **************
    System.InvalidOperationException: SplitterDistance must be between Panel1MinSize and Width - Panel2MinSize.
    at System.Windows.Forms.SplitContainer.set_SplitterDistance(Int32 value)
    at AmiiBomb.Main_Form.Controls_Size()
    at AmiiBomb.Main_Form.Main_Form_Resize(Object sender, EventArgs e)
    at System.Windows.Forms.Control.OnResize(EventArgs e)
    at System.Windows.Forms.Form.OnResize(EventArgs e)
    at System.Windows.Forms.Control.OnSizeChanged(EventArgs e)
    at System.Windows.Forms.Control.UpdateBounds(Int32 x, Int32 y, Int32 width, Int32 height, Int32 clientWidth, Int32 clientHeight)
    at System.Windows.Forms.Control.UpdateBounds()
    at System.Windows.Forms.Control.WndProc(Message& m)
    at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
    at System.Windows.Forms.Form.WndProc(Message& m)
    at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
    at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
    at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


    ************** Loaded Assemblies **************
    mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
    ----------------------------------------
    AmiiBomb
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
    ----------------------------------------
    System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
    ----------------------------------------
    System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
    ----------------------------------------
    System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
    ----------------------------------------
    System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
    ----------------------------------------
    System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1638.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
    ----------------------------------------
    System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
    ----------------------------------------
    Newtonsoft.Json
    Assembly Version: 10.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
    ----------------------------------------
    System.Numerics
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1586.0 built by: NETFXREL2
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Numerics/v4.0_4.0.0.0__b77a5c561934e089/System.Numerics.dll
    ----------------------------------------
    System.Runtime.Serialization
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1637.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Serialization/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Serialization.dll
    ----------------------------------------
    System.Data
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1636.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_32/System.Data/v4.0_4.0.0.0__b77a5c561934e089/System.Data.dll
    ----------------------------------------
    BouncyCastle.Crypto
    Assembly Version: 1.8.1.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Robert/Desktop/Amiibomb/AmiiBomb.exe
    ----------------------------------------
    System.Management
    Assembly Version: 4.0.0.0
    Win32 Version: 4.6.1646.0 built by: NETFXREL3STAGE
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Management/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Management.dll
    ----------------------------------------

    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.

    For example:

    <configuration>
    <system.windows.forms jitDebugging="true" />
    </configuration>

    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.
     
  18. RubyRoid

    RubyRoid Member

    Newcomer
    2
    Jan 27, 2014
    Cyprus
    Great news!

    Will make a post about your application in my blog!
     
  19. nitrostemp

    nitrostemp GBAtemp Maniac

    Member
    6
    Mar 15, 2009
    would anyone be able to make a quick youtube video tute?
     
  20. DjoeN

    DjoeN Captain Haddock!

    Member
    10
    Oct 21, 2005
    Belgium
    Somewhere in this potatoland!
    For those looking for Xloader:

    Get it here
     
    rivenliu, TerryG, GraFfiX420 and 2 others like this.
Quick Reply
Draft saved Draft deleted
Loading...