Breath of the RF Field: Hacking Amiibo with SDR

Presented at REcon 2018, June 15, 2018, 2 p.m. (60 minutes)

Amiibo are Nintendo's "toys to life" product line, supported by the 3DS, Wii U, and Switch. Interested in seeing whether these figures could be used to exploit games or consoles, I decided to make an Amiibo simulator and fuzzing tool using software-defined radio. This talk will provide an in-depth look at the technology and proprietary security system behind Amiibo, as well as the process of reverse engineering it. I'll also explain the development of the simulator using a Proxmark3, and how I used it to find a bug in the NFC protocol used by the Switch and Wii U. The simulator will be demonstrated and released after the talk.

Presenters:

• James Chambers
  James Chambers is a Security Researcher at Red Balloon Security. He enjoys reverse engineering and hacking video games and consoles, as well as other topics in low-level hardware and software security. James previously worked as a Security Consultant at NCC Group, who sponsored this research.

Links:

• https://recon.cx/2018/montreal/schedule/events/132.html

Similar Presentations:

• 30C3 (2013) / Reverse engineering the Wii U Gamepad
• 30C3 (2013) / Console Hacking 2013: WiiU
• The Circle Of HOPE (2018) / Breath of the RF Field: Hacking Amiibo with Software-Defined Radio