Damn, thank you for the quick update mate
VivoKey Japan
äșșäœçšăă€ăŻăăăăă€ăłăă©ăłă
Damn, thank you for the quick update mate
yes⊠for now⊠muhahahaa mmmuuuuuHAHAHAHAHAHAHAHAHAAAAA
I am beginning to feel like you enjoy being asked
âAny updates on thisâ
Given how much you tease us
I actually hate that I have such a problem getting new things out⊠itâs probably the most fun thing I do around here - launching new things⊠but itâs more like, when someone asks⊠I start thinking about it and that gets me excited tooâŠ
Frankly Iâm very impressed with your turn around time give how âcutting edgeâ this market is.
We like that part too
Hi all! Thanks for checking in!
Before I give my update, let me make it very clear to anyone who is interested in copying an amiibo to their xNT implant â DONâT!
Hopefully that inkling of foreshadow doesnât spoil my storyâs unfortunate ending. Either way, letâs begin!
Unfortunately, I lost contact with Connor after June. In August or so, I decided to get serious about finding a way to crack this myself. I got an actual NFC Reader/Writer (previously I was only using my Android), along with a dozen NTAG216 stickers and a dozen NTAG215 stickers. I stumbled onto this site: https://nfc.toys which was an initiative for hacking amiibos to do other things. Perfect.
Now, my memory is a bit foggy (itâs been about a year now), so Iâll try to paint the picture in broad strokes. I cloned my xNT implant to an NTAG216 sticker and used this for experimenting â Iâve learned my lesson in playing with a âproductionâ environment, hehe. The creator of the NFC toys site has steps listed here for âhackingâ an amiibo: https://nfc.toys/workflow-ami.html
One of the first instructions is to calculate a password that Nintendo uses to protect all the pages of an amiiboâs memory. I generated the password for a Resetti amiibo (the awesome character trapped on my hand), and attempted to write to a few pages that I saw had nothing but zeroes. But this didnât work. Long story short, after hours of banging my head against the wall and cleaning off the blood, I discovered that even though these pages were showing as âpassword protected,â a password of an empty string allowed me to successfully write to these pages. Things got severely borked since amiibo was designed for NTAG215, while the xNT uses NTAG216. Iâve attached a screenshot of the very first glimmering hope of success I experienced â I wrote the defacto âHello worldâ to my hand and was successfully able to read it in a memory dump. But, scanning it with an actual NFC app did not work.
These were written without types. If I recall correctly, the NFC protocol follows the âNFC Data Exchange Formatâ (NDEF), which has different types for the data represented. So now, when I scan my hand, those pages donât appear with any kind of type. The âNFC Toolsâ app on my phone doesnât show a row with that text. The only way I can see it is by dumping the memory, scrolling down to the random handful of pages I wrote to, and then decoding them from hexadecimal to ASCII. I canât write my subway pass to it, nor my work badge, not even a simple âHi, thank you for scanning my handâ message that could be readable using a standard NFC phone app. Iâve been thwarted. I tried my hardest to find a way to write a message and specify the type, but it was not possible. (I think the bit or bits set for the type were locked and therefore immutable.)
So where do I go from here? Well, in the next few months or so, once I get a break from uni, Iâll spend some time on coming up with a little project of my own thatâll operate based on the serial ID of my xNT. Nothing crazy like unlocking my front door, but more in tune with waving my hand to turn on/off my living room lights.
Do I regret any of this? Not at all. I spent days studying the NFC protocol, NDEF, and basic system architecture (pages & memory). I learned from this experience, and thatâs more valuable than the $5 toy I would have had embedded on my hand.
Do I recommend anyone else do this? HELL NO. The emotional turmoil I went through in all of this was horrifying.
Learn from my mistake. Before you start experimenting with your new implant, do some research. Understand whatâs actually going on âunder the hoodâ â learn about the different types of NFC tags. And most importantly, experiment using tags that are outside your body. Had I just spent $5 on some NTAG216 stickers and tested with those beforehand, I really would have saved so much headache and even some heartache.
Hope that gives you all some closure.
I think if memory serves, the amiibo tags do not use an NFC capability container (also called CC, page 03 that uses 4 OTP or One Time Programmable bytes) and the data is binary, not written in NDEF format⊠so cloning page 03 from an amiibo to a generic NTAG216 is not going to be able to include page 03 because the bit flips required to go from an NFC capability container to an amiibo capability container is not possible with the OTP bits already being set for NFC⊠however, it might not matter at all if the Nintendo game doesnât even bother to check page 03. The point here is, donât fuck with page 03 because you canât change it to the necessary byte data anyway and changing it will definitely destroy the ability to use the tag with NFC smartphones (and other NFC devices that comply with the NFC Forum specification).
The binary data issue means that your run-of-the-mill NFC apps for Android or iPhone will be totally unable to deal with the data on the tag. It is possible to issue direct commands to the tags to directly manipulate each memory page one at a time and write whatever binary data you want to each, but none of the NFC apps do that⊠they all leverage the Android NDEF library to 1) automatically wrap the data into an NDEF record within an NDEF message for you, and 2) automatically split that data up into a series of write commands that properly splits the data across all the required memory pages⊠but because the NDEF library on the phone must work with NDEF encapsulated data, it just borks when you want to try working with raw or binary data.
So⊠in short⊠to clone data you will need to get down to the binary folks⊠which is what it looks like the amiibo hacking link is doing⊠though donât do anything with page 03⊠skip that page if itâs in the instructions.
Is there any NTAG215 implant?
U know, people can clone their Amiibos on blank cards or stickers. Perhaps is a 1 time only deal, but some might not mind having an implant with their favorite amiibo forever.
Sort of The FlexMN can emulate NTAG215
A list of NFC chips that can be emulated by the Magic NTAG chip
Ahhh a flex
Yes, but you can get the FlexMN in the FlexWedge form factor
You can install that with a custom needle
The whole procedure is VERY similar to an xSeries installation
Remember that julio is in Japan needles are a tough get in Japan I.e. cant import it from dt or would be difficult.
I thought so too, But Not so much anymore, due to Julio and Amals work
Oh yes, weâve been working together on this for months ⊠got it all sorted out.
Hey man! Thank you so much for the heads up. As @amal mentioned, we have been working and establishing a whole system and network for months to make it as smooth and completely legal in Japan. We are ready to start selling and doing implants in Japan now!
So YAY
The Vivokey Japan site looks amazing btw.
The Vivokey Japan site looks amazing btw.
äșșäœçšăă€ăŻăăăăă€ăłăă©ăłă
I got an NeXT a few weeks ago and had some questions regarding all of this (and yes, I do plan to ask a stupid question).
You said you can go through and manually edit all pages in binary? Does that include locked pages? What is the best hardware/software to use to do these binary writes? Anything recommended on arduino?
Now for the stupid question, Iâm surprised there isnât a way to completely wipe a chip to factory, no matter what âstateâ the chip is in. Is there any way a feature like this could be built into future implants?
I got an NeXT a few weeks ago
Tha was very Impulsive of you James
Iâm surprised there isnât a way to completely wipe a chip to factory
You mean like this?
Hey there⊠sorry to say your chip is toast now.
More in regards to issues like this
You said you can go through and manually edit all pages in binary? Does that include locked pages? What is the best hardware/software to use to do these binary writes?
You can easily send raw commands to your chip using the free version of NFC Tools on Android. Just be very careful about the config bytes at the beginning and the end.
Here is a scan of my NExT before an edit
Here is the correct option on NFC Tools
Here is the command interface. The syntax is A2[write]0F[memory page] 01020304[whatever data bytes]
Hereâs my NExT after the successful write
The problem your talking about has nothing to do with the user memory. Itâs an inescapable part of the chip. There are config bytes you can change, and then there are some One-Time Programmable (OTP) bytes that if you change they can never be changed back.
Luckily on the NExT DT has password protected all the vulnerable config bytes with the password âNExTâ so that users wonât accidentally brick their chip by locking in an undesirable configuration. The post you are referencing was relating to an xNT, which is older and was not protected by default (to give users more flexibility). Users have to opt in to the protection by using the DT app on their chip. If you do that thereâs nothing to worry about.
Sadly I learned this very lesson years ago and have had a zero suit samus permanently locked in my forearm for about 10 years now⊠I should habe picked bayonetta ⊠if its any comfort you can scan it with the tagmo amiino scanner app and see who youâve chained yourself to lol