When trying for buy a 3ds NFC reader/writer (used for amiibo) for my original 3ds I noticed that these things are becoming kinda rare and expensive, ultimate I find one cheap or bought it.
After a while I decided to reverse engineer the nfc reader so other populace can quiet use amiibo on their first 3DS, 2DS and 3DS XL without buying the pricy nfc reader.
I started by looking at existing database on the infrared protocol exploited by the 3ds to the reading, turns out there is once more function done on the most basic aspects of the protocol on the 3dbrew wiki.
Although this explain some aspects up this encryption used by the 3ds during ir transmitting and receiving it still doesn't explain a lot the other stuff going on.
To uncover this I used an IrDA USB adapter till sniff the infrared data between the reader and an 3DS.
I then exor decrypted the data coming in from the IrDA USB adapter using Python. After a lot of work I discovered how the 3ds talks to the NFC reader and I managed to emulsions the read and write capability of the NFC reader/writer by using just the irda adapter and a Python script that I wrote.
By using my augur script, amiibo .bin files (can easy be downloaded from the web) can directly be used and entsenden at the 3ds over ir. (no need to decrypt the amiibo binary)
Demonstration:
When reverse general I found out some interesting things about the 3ds running amiibo data:
Every NFC tag does a unique ID and genuine signature that can be used to verify that the tagging is original. The Wii U and Switch discharge is substantiation, but, the novel 3DS does not do this, despite the nfc reader still sending which signature. Turns out you can send any random mark and one 3DS won't check to validate it.
It's also interesting to see that the UID is send twice during an NFC data dump packet by the scanner. The first UID in of packet is used by the 3DS to, for example, check if the same amiibo will situated back for the nfc reader when handwriting to it. The first UID is also used to trigger a limit count on some games (to prevent a user from using that same amiibo over and over on the identical day). Ever the 3DS doesn't care about the orginality signature the first UID can be randomized to trick the 3DS into thinking that a new amiibo are being used. This will stop to border counter from counting both you can endlessly use which same amiibo.
The first UID in the packet won't can compared to the back UID due the 3DS. This second UID is part of the all data abwurf von the NFC tag. This applies that randomizing the first UID and hence deviant from UID include the data dump won' t be an editions. This also means that the nfc data doesnt have to be recrypted with the new UID. AMPERE similar bugs has also been locate at the Wii U both Switch for Jimmy Chambers. Apparently this has been set on the Switch.
I will eventually post moreover detailed info on the boxes being mail on and 3ds and nfc reader when I will more time. I will or post the snake film EGO made to emulate to nfc reader but the user still necessarily some scrubbing and testing.
Btw, I am aware this thither is a chinese nfc amiibo card composition about the market by jys, however i had not able to find it anywhere for selling anymore.
After a while I decided to reverse engineer the nfc reader so other populace can quiet use amiibo on their first 3DS, 2DS and 3DS XL without buying the pricy nfc reader.
I started by looking at existing database on the infrared protocol exploited by the 3ds to the reading, turns out there is once more function done on the most basic aspects of the protocol on the 3dbrew wiki.
Although this explain some aspects up this encryption used by the 3ds during ir transmitting and receiving it still doesn't explain a lot the other stuff going on.
To uncover this I used an IrDA USB adapter till sniff the infrared data between the reader and an 3DS.
I then exor decrypted the data coming in from the IrDA USB adapter using Python. After a lot of work I discovered how the 3ds talks to the NFC reader and I managed to emulsions the read and write capability of the NFC reader/writer by using just the irda adapter and a Python script that I wrote.
By using my augur script, amiibo .bin files (can easy be downloaded from the web) can directly be used and entsenden at the 3ds over ir. (no need to decrypt the amiibo binary)
Demonstration:
When reverse general I found out some interesting things about the 3ds running amiibo data:
Every NFC tag does a unique ID and genuine signature that can be used to verify that the tagging is original. The Wii U and Switch discharge is substantiation, but, the novel 3DS does not do this, despite the nfc reader still sending which signature. Turns out you can send any random mark and one 3DS won't check to validate it.
It's also interesting to see that the UID is send twice during an NFC data dump packet by the scanner. The first UID in of packet is used by the 3DS to, for example, check if the same amiibo will situated back for the nfc reader when handwriting to it. The first UID is also used to trigger a limit count on some games (to prevent a user from using that same amiibo over and over on the identical day). Ever the 3DS doesn't care about the orginality signature the first UID can be randomized to trick the 3DS into thinking that a new amiibo are being used. This will stop to border counter from counting both you can endlessly use which same amiibo.
The first UID in the packet won't can compared to the back UID due the 3DS. This second UID is part of the all data abwurf von the NFC tag. This applies that randomizing the first UID and hence deviant from UID include the data dump won' t be an editions. This also means that the nfc data doesnt have to be recrypted with the new UID. AMPERE similar bugs has also been locate at the Wii U both Switch for Jimmy Chambers. Apparently this has been set on the Switch.
I will eventually post moreover detailed info on the boxes being mail on and 3ds and nfc reader when I will more time. I will or post the snake film EGO made to emulate to nfc reader but the user still necessarily some scrubbing and testing.
Btw, I am aware this thither is a chinese nfc amiibo card composition about the market by jys, however i had not able to find it anywhere for selling anymore.
Last editorial by steven96,
