Changes

Jump to navigation Jump to search

Amiibo (edit)

Revision as of 21:31, 15 April 2015

321 bytes added ,  21:31, 15 April 2015
no edit summary
Line 34: Line 34:     
=== NFC pages ===
 
=== NFC pages ===
Each page is 4-bytes, there is a total of 0x87/135 pages. The following is the structure of the NFC pages:
+
Each page is 4-bytes, there is a total of 0x87/135 pages. Minus the configuration pages at the end, the total is 0x82/130 pages. The following is the structure of the NFC pages:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 43: Line 43:  
!  Description
 
!  Description
 
|-
 
|-
| 0
+
| 0x0
| 4
+
| 0x4
 
| 0x10
 
| 0x10
 
| 0x10
 
| 0x10
 
| Same as standard NTAG215: 9-byte serial-number, "internal" u8 value, two lock bytes then the "Capability Container (CC)" page.
 
| Same as standard NTAG215: 9-byte serial-number, "internal" u8 value, two lock bytes then the "Capability Container (CC)" page.
 
|-
 
|-
| 4
+
| 0x4
| 1
+
| 0x1
 
| 0x10
 
| 0x10
 
| 0x4
 
| 0x4
 
| Last 3-bytes here are used with the following HMAC. The first byte is normally 0xA5. The remaining bytes are initially(before the Amiibo is written to) all-zero. Byte[2] here is increased each time the Amiibo is written to.
 
| Last 3-bytes here are used with the following HMAC. The first byte is normally 0xA5. The remaining bytes are initially(before the Amiibo is written to) all-zero. Byte[2] here is increased each time the Amiibo is written to.
 
|-
 
|-
| 5
+
| 0x5
|  
+
| 0x8
 
| 0x14
 
| 0x14
|  
+
| 0x20
| The system crypts 0x1A0-bytes with a buffer containing data loaded from here.
+
| The system crypts 0x1A0-bytes with some data from here, see below.
 +
|-
 +
| 0xD
 +
| 0x8
 +
| 0x34
 +
| 0x20
 +
| SHA256-HMAC. The first 0x18-bytes of this hash is section3 in the encrypted buffer.
 +
|-
 +
| 0x15
 +
| 0xB
 +
| 0x54
 +
| 0x2C
 +
| Unknown, this is plaintext data.
 
|-
 
|-
| 0x20/32
+
| 0x20
| 8
+
| 0x8
 
| 0x80
 
| 0x80
 
| 0x20
 
| 0x20
 
| SHA256-HMAC over 0x1DF-bytes: first 3-bytes are from the last 3-bytes of page[4], the rest is over the first 0x1DC-bytes of the plaintext data.
 
| SHA256-HMAC over 0x1DF-bytes: first 3-bytes are from the last 3-bytes of page[4], the rest is over the first 0x1DC-bytes of the plaintext data.
 +
|-
 +
| 0x28
 +
| 0x45
 +
| 0xA0
 +
| 0x114
 +
| This is section1 in the encrypted buffer.
 +
|-
 +
| 0x6D
 +
| 0x15
 +
| 0x1B4
 +
| 0x54
 +
| This is section2 in the encrypted buffer.
 
|}
 
|}
   Line 72: Line 96:  
|-
 
|-
 
!  Encrypted buffer offset
 
!  Encrypted buffer offset
!  Byte offset in the actual NFC data, relative to page[5]
   
!  Raw byte offset in NFC EEPROM
 
!  Raw byte offset in NFC EEPROM
 
!  NFC page
 
!  NFC page
Line 78: Line 101:  
!  Notes
 
!  Notes
 
|-
 
|-
| 0x0
   
| 0x0
 
| 0x0
 
| 0x14
 
| 0x14
Line 86: Line 108:  
|-
 
|-
 
| 0x20
 
| 0x20
| 0x8C
   
| 0xA0
 
| 0xA0
 
| 0x28
 
| 0x28
Line 93: Line 114:  
|-
 
|-
 
| 0x134
 
| 0x134
| 0x1A0
   
| 0x1B4
 
| 0x1B4
 
| 0x6D
 
| 0x6D
Line 100: Line 120:  
|-
 
|-
 
| 0x188
 
| 0x188
| 0x20
   
| 0x34
 
| 0x34
 
| 0xD
 
| 0xD
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/12369"

Navigation menu