Amiibo: Difference between revisions

Line 7:

[[File:Amiibonfctaginfo.png|500px]]

~~Most of~~ the ~~NFC pages are~~ [[Process_Services_PXI|~~encrypted~~]]~~. This includes the actual Mii data for the owner, an UTF-16 string for the Amiibo nickname, etc~~.

See here regarding the Amiibo [[Process_Services_PXI|encryption]].

The NFC tag for Amiibo is NTAG215.

=== AUTH_PWD ===

The NFC 32bit password for the PWD_AUTH command(for enabling write-access to the encrypted NFC pages / etc), appears to be generated from unknown data that doesn't change when the Amiibo data pages are being updated.

~~The following~~ NTAG215 commands ~~are used when~~ reading ~~an Amiibo:~~

=== NTAG215 commands ===

==== Amiibo reading ====

* GET_VERSION

* READ, startpage=0x03

Line 23:

Line 25:

Therefore, *all* pages from the Amiibo NFC tag are read, including the configuration pages at the end.

Each page is 4-bytes, ~~the~~ following is the structure of the NFC pages:

==== Amiibo writing ====

* Use the same commands under the above reading section, then use those first 3 commands again.

* Multiple WRITE commands for writing to pages 0x04..0x0C. The first byte for page[4] is zero here.

* Multiple WRITE commands for writing to pages 0x20..0x81.

* Use the last 3 commands from the above reading section.

* WRITE: page=0x04, same data as before except first byte is 0xA5 this time.

* FAST_READ: startpage=0x04, endpage=0x04

=== NFC pages ===

Each page is 4-bytes, there is a total of 0x87/135 pages. The following is the structure of the NFC pages:

{| class="wikitable" border="1"

|-

Line 44:

Line 55:

| SHA256-HMAC over 0x1DF-bytes: first 3-bytes are from the last 3-bytes of page[12], the rest is over the first 0x1DC-bytes of the plaintext data following this hash(see page[13]).

|-

| 12

| 12/0x0C

| 1

| 0x30

Line 50:

Line 61:

| Unknown. Last 3-bytes here are used with the above HMAC.

|-

| 13

| 13/0x0D

|

| 0x34

Line 57:

Line 68:

|}

=== Structure of plaintext data from page13 ===

==== Structure of plaintext data from page13 ====

{| class="wikitable" border="1"

|-

Line 77:

Line 88:

|}

=== Structure of Amiibo settings ===

==== Structure of Amiibo settings ====

{| class="wikitable" border="1"

|-

@@ Line 7: / Line 7: @@
 [[File:Amiibonfctaginfo.png|500px]]
-Most of the NFC pages are [[Process_Services_PXI|encrypted]]. This includes the actual Mii data for the owner, an UTF-16 string for the Amiibo nickname, etc.
+See here regarding the Amiibo [[Process_Services_PXI|encryption]].
 The NFC tag for Amiibo is NTAG215.
+=== AUTH_PWD ===
 The NFC 32bit password for the PWD_AUTH command(for enabling write-access to the encrypted NFC pages / etc), appears to be generated from unknown data that doesn't change when the Amiibo data pages are being updated.
-The following NTAG215 commands are used when reading an Amiibo:
+=== NTAG215 commands ===
+==== Amiibo reading ====
 * GET_VERSION
 * READ, startpage=0x03
@@ Line 23: / Line 25: @@
 Therefore, *all* pages from the Amiibo NFC tag are read, including the configuration pages at the end.
-Each page is 4-bytes, the following is the structure of the NFC pages:
+==== Amiibo writing ====
+* Use the same commands under the above reading section, then use those first 3 commands again.
+* Multiple WRITE commands for writing to pages 0x04..0x0C. The first byte for page[4] is zero here.
+* Multiple WRITE commands for writing to pages 0x20..0x81.
+* Use the last 3 commands from the above reading section.
+* WRITE: page=0x04, same data as before except first byte is 0xA5 this time.
+* FAST_READ: startpage=0x04, endpage=0x04
+=== NFC pages ===
+Each page is 4-bytes, there is a total of 0x87/135 pages. The following is the structure of the NFC pages:
 {| class="wikitable" border="1"
 |-
@@ Line 44: / Line 55: @@
 | SHA256-HMAC over 0x1DF-bytes: first 3-bytes are from the last 3-bytes of page[12], the rest is over the first 0x1DC-bytes of the plaintext data following this hash(see page[13]).
 |-
-| 12
+| 12/0x0C
 | 1
 | 0x30
@@ Line 50: / Line 61: @@
 | Unknown. Last 3-bytes here are used with the above HMAC.
 |-
-| 13
+| 13/0x0D
 |
 | 0x34
@@ Line 57: / Line 68: @@
 |}
-=== Structure of plaintext data from page13 ===
+==== Structure of plaintext data from page13 ====
 {| class="wikitable" border="1"
 |-
@@ Line 77: / Line 88: @@
 |}
-=== Structure of Amiibo settings ===
+==== Structure of Amiibo settings ====
 {| class="wikitable" border="1"
 |-