Amiibo: Difference between revisions
Create table for nfc page 0x4 |
|||
| (9 intermediate revisions by 4 users not shown) | |||
| Line 38: | Line 38: | ||
| 0x4 | | 0x4 | ||
| style="background: green" | Yes | | style="background: green" | Yes | ||
| Last 3-bytes here are used with the following HMAC where the size is 0x1DF-bytes. The u16 starting at byte1 is used for the first two bytes in the 0x40-byte input buffer for Amiibo [[Process_Services_PXI|crypto]] init. | | Last 3-bytes here are used with the following HMAC where the size is 0x1DF-bytes. The u16 starting at byte1 is used for the first two bytes in the 0x40-byte input buffer for Amiibo [[Process_Services_PXI|crypto]] init. | ||
{| class="wikitable" border="1" | |||
|- | |||
! Offset | |||
! Size | |||
! Description | |||
|- | |||
| 0x0 | |||
| 0x1 | |||
| Magic (Always 0xA5) | |||
|- | |||
| 0x1 | |||
| 0x2 | |||
| Incremented each time the Amiibo is written to. | |||
|- | |||
| 0x3 | |||
| 0x1 | |||
| Figure version (always 0x00) | |||
|} | |||
|- | |- | ||
| 0x5 | | 0x5 | ||
| Line 119: | Line 137: | ||
|- | |- | ||
| 0x0 | | 0x0 | ||
| | | 0x8 | ||
| Amiibo Identification Block | |||
|- | |||
| 0x8 | |||
| 0x4 | |||
| ? | | ? | ||
|- | |- | ||
| Line 125: | Line 147: | ||
| 0x20 | | 0x20 | ||
| Probably a SHA256-(HMAC?) hash. | | Probably a SHA256-(HMAC?) hash. | ||
|} | |||
===Structure of Amiibo Identification Block=== | |||
{| class="wikitable" border="1" | |||
|- | |||
! Offset | |||
! Size | |||
! Description | |||
! Notes | |||
|- | |||
| 0x0 | |||
| 0x2 | |||
| Game & Character ID | |||
| First 10 bits are the Game ID and last 6 bits are Character ID. | |||
|- | |||
| 0x2 | |||
| 0x1 | |||
| Character variant | |||
| | |||
|- | |||
| 0x3 | |||
| 0x1 | |||
| Amiibo Figure Type | |||
| | |||
|- | |||
| 0x4 | |||
| 0x2 | |||
| Amiibo Model Number | |||
| | |||
|- | |||
| 0x6 | |||
| 0x1 | |||
| Amiibo Series | |||
| | |||
|- | |||
| 0x7 | |||
| 0x1 | |||
| Format Version | |||
| Always 0x02 | |||
|} | |} | ||
| Line 195: | Line 256: | ||
| 0x1 | | 0x1 | ||
| 0x1 | | 0x1 | ||
| | | Country Code ID, [[Config_Savegame|from]] the system which setup this amiibo. This is copied to the struct used with [[NFC:GetAmiiboSettings]]. | ||
|- | |- | ||
| 0x2 | | 0x2 | ||
| Line 309: | Line 370: | ||
| Yes | | Yes | ||
| No | | No | ||
| | | 0x0014F000 | ||
| N/A | | N/A | ||
| The initial AppData handling doesn't appear to have any vuln(s), going by manual code-RE for update v2.0. Fuzzing wasn't attempted. | | The initial AppData handling doesn't appear to have any vuln(s), going by manual code-RE for update v2.0. Fuzzing wasn't attempted. | ||
| Line 316: | Line 377: | ||
| Yes | | Yes | ||
| No | | No | ||
| | | 0x00152600 | ||
| The entire AppData is read by the game, but only the first 0x10-bytes are actually used. | | The entire AppData is read by the game, but only the first 0x10-bytes are actually used. | ||
| No crash ever triggered via AppData fuzzing. | | No crash ever triggered via AppData fuzzing. | ||
|- | |||
| Mario & Luigi: Paper Jam | |||
| Yes | |||
| No | |||
| 0x00132600 | |||
| Starts with the process-name("MILLION"). The rest seems to be bitmasks maybe? | |||
| No crash ever triggered via AppData fuzzing, when viewing "character cards"(just unlocks various cards). | |||
|- | |||
| The Legend of Zelda: Twilight Princess HD | |||
| No | |||
| Yes | |||
| 0x1019C800 | |||
| Unknown. | |||
| No crash/hang ever occurred when using amiibo in-game for "Cave of Shadows". | |||
With the amiibo quick-start option at the title-screen, only errors ever occurred(<quick-start data not found> / <quick-start data is for another user>). | |||
|} | |} | ||
= External links = | = External links = | ||
* [http://wiiubrew.org/wiki/Wii_U_GamePad Wii U Gamepad and Amiibo information on WiiUBrew]. | * [http://wiiubrew.org/wiki/Wii_U_GamePad Wii U Gamepad and Amiibo information on WiiUBrew]. | ||