Amiibo: Difference between revisions

Retrieved from "https://www.3dbrew.org/wiki/Amiibo"

Please enable JavaScript to pass antispam protection!
Here are the instructions how to enable JavaScript in your web browser http://www.enable-javascript.com.
Antispam by CleanTalk.

@@ Line 38: / Line 38: @@
 | 0x4
 | style="background: green" | Yes
-| Last 3-bytes here are used with the following HMAC where the size is 0x1DF-bytes. The u16 starting at byte1 is used for the first two bytes in the 0x40-byte input buffer for Amiibo [[Process_Services_PXI|crypto]] init. The first byte must be 0xA5. The remaining bytes are initially(before the Amiibo is written to) all-zero. Byte[2](maybe big-endian u16 starting at byte1?) here is incremented each time the Amiibo is written to.
+| Last 3-bytes here are used with the following HMAC where the size is 0x1DF-bytes. The u16 starting at byte1 is used for the first two bytes in the 0x40-byte input buffer for Amiibo [[Process_Services_PXI|crypto]] init.
+{| class="wikitable" border="1"
+|-
+!  Offset
+!  Size
+!  Description
+|-
+| 0x0
+| 0x1
+| Magic (Always 0xA5)
+|-
+| 0x1
+| 0x2
+| Incremented each time the Amiibo is written to.
+|-
+| 0x3
+| 0x1
+| Figure version (always 0x00)
+|}
 |-
 | 0x5
@@ Line 119: / Line 137: @@
 |-
 | 0x0
-| 0xC
+| 0x8
+| Amiibo Identification Block
+|-
+| 0x8
+| 0x4
 | ?
 |-
@@ Line 125: / Line 147: @@
 | 0x20
 | Probably a SHA256-(HMAC?) hash.
+|}
+===Structure of Amiibo Identification Block===
+{| class="wikitable" border="1"
+|-
+! Offset
+! Size
+! Description
+! Notes
+|-
+| 0x0
+| 0x2
+| Game & Character ID
+| First 10 bits are the Game ID and last 6 bits are Character ID.
+|-
+| 0x2
+| 0x1
+| Character variant
+|
+|-
+| 0x3
+| 0x1
+| Amiibo Figure Type
+|
+|-
+| 0x4
+| 0x2
+| Amiibo Model Number
+|
+|-
+| 0x6
+| 0x1
+| Amiibo Series
+|
+|-
+| 0x7
+| 0x1
+| Format Version
+| Always 0x02
 |}
@@ Line 195: / Line 256: @@
 | 0x1
 | 0x1
-| Unknown. The low 4-bits here are copied to the struct used with [[NFC:GetAmiiboSettings]].
+| Country Code ID, [[Config_Savegame|from]] the system which setup this amiibo. This is copied to the struct used with [[NFC:GetAmiiboSettings]].
 |-
 | 0x2
@@ Line 288: / Line 349: @@
 !  Available for (New)3DS
 !  Available for Wii U
+!  Amiibo AppID
 !  AppData structure / link to info
 !  AppData modification for exploitation notes.
@@ Line 294: / Line 356: @@
 | Yes
 | Yes
+| 0x10110E00
 | [https://github.com/yellows8/smash3ds-tools/wiki/SmashAmiiboAppData]
 | No crash ever triggered via AppData fuzzing.
@@ Line 300: / Line 363: @@
 | No
 | Yes
+| ?
 | N/A
 | N/A
@@ Line 306: / Line 370: @@
 | Yes
 | No
+| 0x0014F000
 | N/A
 | The initial AppData handling doesn't appear to have any vuln(s), going by manual code-RE for update v2.0. Fuzzing wasn't attempted.
@@ Line 312: / Line 377: @@
 | Yes
 | No
+| 0x00152600
 | The entire AppData is read by the game, but only the first 0x10-bytes are actually used.
-| Fuzzing wasn't attempted yet.
+| No crash ever triggered via AppData fuzzing.
+|-
+| Mario & Luigi: Paper Jam
+| Yes
+| No
+| 0x00132600
+| Starts with the process-name("MILLION"). The rest seems to be bitmasks maybe?
+| No crash ever triggered via AppData fuzzing, when viewing "character cards"(just unlocks various cards).
+|-
+| The Legend of Zelda: Twilight Princess HD
+| No
+| Yes
+| 0x1019C800
+| Unknown.
+| No crash/hang ever occurred when using amiibo in-game for "Cave of Shadows".
+With the amiibo quick-start option at the title-screen, only errors ever occurred(<quick-start data not found> / <quick-start data is for another user>).
 |}
 = External links =
 * [http://wiiubrew.org/wiki/Wii_U_GamePad Wii U Gamepad and Amiibo information on WiiUBrew].