3dbrew

Amiibo: Difference between revisions

← Older editNewer edit →
No edit summary
Line 34: Line 34:


=== NFC pages ===
=== NFC pages ===
Each page is 4-bytes, there is a total of 0x87/135 pages. The following is the structure of the NFC pages:
Each page is 4-bytes, there is a total of 0x87/135 pages. Minus the configuration pages at the end, the total is 0x82/130 pages. The following is the structure of the NFC pages:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
Line 43: Line 43:
!  Description
!  Description
|-
|-
| 0
| 0x0
| 4
| 0x4
| 0x10
| 0x10
| 0x10
| 0x10
| Same as standard NTAG215: 9-byte serial-number, "internal" u8 value, two lock bytes then the "Capability Container (CC)" page.
| Same as standard NTAG215: 9-byte serial-number, "internal" u8 value, two lock bytes then the "Capability Container (CC)" page.
|-
|-
| 4
| 0x4
| 1
| 0x1
| 0x10
| 0x10
| 0x4
| 0x4
| Last 3-bytes here are used with the following HMAC. The first byte is normally 0xA5. The remaining bytes are initially(before the Amiibo is written to) all-zero. Byte[2] here is increased each time the Amiibo is written to.
| Last 3-bytes here are used with the following HMAC. The first byte is normally 0xA5. The remaining bytes are initially(before the Amiibo is written to) all-zero. Byte[2] here is increased each time the Amiibo is written to.
|-
|-
| 5
| 0x5
|  
| 0x8
| 0x14
| 0x14
|  
| 0x20
| The system crypts 0x1A0-bytes with a buffer containing data loaded from here.
| The system crypts 0x1A0-bytes with some data from here, see below.
|-
| 0xD
| 0x8
| 0x34
| 0x20
| SHA256-HMAC. The first 0x18-bytes of this hash is section3 in the encrypted buffer.
|-
| 0x15
| 0xB
| 0x54
| 0x2C
| Unknown, this is plaintext data.
|-
|-
| 0x20/32
| 0x20
| 8
| 0x8
| 0x80
| 0x80
| 0x20
| 0x20
| SHA256-HMAC over 0x1DF-bytes: first 3-bytes are from the last 3-bytes of page[4], the rest is over the first 0x1DC-bytes of the plaintext data.
| SHA256-HMAC over 0x1DF-bytes: first 3-bytes are from the last 3-bytes of page[4], the rest is over the first 0x1DC-bytes of the plaintext data.
|-
| 0x28
| 0x45
| 0xA0
| 0x114
| This is section1 in the encrypted buffer.
|-
| 0x6D
| 0x15
| 0x1B4
| 0x54
| This is section2 in the encrypted buffer.
|}
|}


Line 72: Line 96:
|-
|-
!  Encrypted buffer offset
!  Encrypted buffer offset
!  Byte offset in the actual NFC data, relative to page[5]
!  Raw byte offset in NFC EEPROM
!  Raw byte offset in NFC EEPROM
!  NFC page
!  NFC page
Line 78: Line 101:
!  Notes
!  Notes
|-
|-
| 0x0
| 0x0
| 0x0
| 0x14
| 0x14
Line 86: Line 108:
|-
|-
| 0x20
| 0x20
| 0x8C
| 0xA0
| 0xA0
| 0x28
| 0x28
Line 93: Line 114:
|-
|-
| 0x134
| 0x134
| 0x1A0
| 0x1B4
| 0x1B4
| 0x6D
| 0x6D
Line 100: Line 120:
|-
|-
| 0x188
| 0x188
| 0x20
| 0x34
| 0x34
| 0xD
| 0xD
Retrieved from "https://www.3dbrew.org/wiki/Amiibo"