Join
Заметки Lizard'а
@li0ard
proxmark3
June 29, 2022

Эмуляция Amiibo через proxmark3

Конвертация файла образа Amiibo

Для использования Amiibo с proxmark3, его необходимо преобразовать в файл .eml . Это делается с помощью инструмента под названием pm3_amii_bin2eml, который можно найти в каталоге инструментов внутри репозитория Proxmark. Вывод будет перенаправлен в новый файл.

$ tools/pm3_amii_bin2eml.pl ~/prj/amb/DetectivePikachu.bin > DetectivePikachu.eml

Character / info: 01 41 00 00 03 5c 09 02
Game     :   Detective Pikachu
Character:    1 --
Variation:   00 --
Type     :   00 Figure
Amiibo   :   Detective Pikachu
Series   :   Detective Pikachu
Last     :   02 (should be 02)

Looks like encrypted file but setting preventing us from decrypting
PWD is blank, recalculating
ACK is blank, fixing
Does not contain header, adding
UID: 0480c72aea4c80
PWD: 0078cc3f
ACK: 80808080

Загрузка образа в память эмулятора

[usb] pm3 --> hf mfu eload --ul -f DetectivePikachu.eml
[=] 255 blocks ( 1020 bytes ) to upload
[+] loaded 540 bytes from text file DetectivePikachu.eml
[=] detected plain mfu dump format
[+] plain mfu dump format was converted to 135 blocks
[=] MFU dump file information
[=] -------------------------------------------------------------
[=]       Version | 00 00 00 00 00 00 00 00 
[=]         TBD 0 | 00 00 
[=]         TBD 1 | 00 
[=]     Signature | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[=]     Counter 0 | 00 00 00 
[=]     Tearing 0 | 00 
[=]     Counter 1 | 00 00 00 
[=]     Tearing 1 | 00 
[=]     Counter 2 | 00 00 00 
[=]     Tearing 2 | 00 
[=] Max data page | 133 (536 bytes)
[=]   Header size | 56
[=] -------------------------------------------------------------
[=] block#   | data        |lck| ascii
[=] ---------+-------------+---+------
[=]   0/0x00 | 04 52 59 87 |   | .RY.
[=]   1/0x01 | C2 ED 4C 81 |   | ..L.

...

[=] 134/0x86 | 00 00 00 00 | 0 | ....
[=] ---------------------------------
[=] MIFARE Ultralight override, will use 149 blocks ( 596 bytes )
[=] Uploading to emulator memory
[=] ......................................................................................................................................................
[?] You are ready to simulate. See `hf mfu sim -h`
[=] Done!

Эмуляция Amiibo

[usb] pm3 --> hf mfu sim -t 7 -n 149
[=] Press pm3-button to abort simulation

Видео-демонстрация

Video by Tom van Veen
June 29, 2022, 05:20
0 views
0 reactions