Breath of the RF Field: Hacking Amiibo with Software-Defined Radio

Presented at The Circle Of HOPE (2018), July 21, 2018, 11 p.m. (60 minutes).

Amiibo are Nintendo's "toys to life" product line, supported by the 3DS, Wii U, and Switch. Interested in seeing whether these figures could be used to exploit games or consoles, James decided to make an Amiibo simulator and fuzzing tool using software-defined radio. This talk will provide an in-depth look at the technology and proprietary security system behind Amiibo, as well as the process of reverse engineering it. He'll also explain the development of the simulator using a Proxmark3, and how he used it to find a bug in the NFC protocol used by the Switch and Wii U.

Presenters:

• James Chambers
  **James Chambers** (@jamchamb_) is a security researcher at Red Balloon Security and formerly worked as a security consultant at NCC Group. He enjoys reverse engineering and hacking video games, as well as other topics in low-level hardware and software security.

Links:

• https://xii.hope.net/schedule.html#-breath-of-the-rf-field-hacking-amiibo-with-software-defined-radio-
• https://infocon.org/cons/2600/The Circle of HOPE (2018)/The Circle of HOPE (2018) Breath of the RF Field Hacking Amiibo with Software-Defined Radio.mp4
• https://infocon.org/cons/2600/The Circle of HOPE (2018)/The Circle of HOPE (2018) Breath of the RF Field Hacking Amiibo with Software-Defined Radio.eng.srt (subtitles)
• https://www.youtube.com/watch?v=-ZdkYLRydoI

Similar Presentations:

• 30C3 (2013) / Console Hacking 2013: WiiU
• 30C3 (2013) / Reverse engineering the Wii U Gamepad
• REcon 2018 / Breath of the RF Field: Hacking Amiibo with SDR