swisskyrepo
/
HardwareAllTheThings
mirror of https://github.com/swisskyrepo/HardwareAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ZigBee + Amiibo

pull/24/head
Swissky 2023-07-30 23:05:11 +02:00
parent 9e89adbdde
commit e0c70c101f
3 changed files with 66 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
docs/protocols/ntag215-amiibo.md Normal file
View File

@ -0,0 +1,33 @@
# Amiibo
> Amiibo are small figurines or cards produced by Nintendo that contain Near Field Communication (NFC) chips. These chips allow the Amiibo to interact with various Nintendo gaming systems, such as the Wii U, Nintendo 3DS, and Nintendo Switch.
## Tools
* [socram8888/amiitool](https://github.com/socram8888/amiitool) - Reverse-engineered amiibo cryptography
## Amiibo Encryption
Nintendo added their own layer of encryption and digital signing to increase security. The digital signing prevents you from blindly altering the game data bytes because then the signature will no longer match. Additionally, the signature is also based on the **UID** of the tag, so you can't simply copy the bytes from an Amiibo to a blank NTAG215 to clone it.
## Password Reverse Engineering
The password is derived from the 7-byte tag UID (Unique Identifier) of the Amiibo. The algorithm used to generate the password is as follows:
```ps1
password[0] = 0xAA ^ (uid[1] ^ uid[3])
password[1] = 0x55 ^ (uid[2] ^ uid[4])
password[2] = 0xAA ^ (uid[3] ^ uid[5])
password[3] = 0x55 ^ (uid[4] ^ uid[6])
```
The algorithm takes specific bytes of the UID, performs XOR operations with constant values (0xAA and 0x55), and combines them to form the 32-bit password.
## References
* [Reverse Engineering Nintendo Amiibo (NFC Toy) - Apr 27, 2020 - Kevin Brewster](https://kevinbrewster.github.io/Amiibo-Reverse-Engineering/)
* [Amiibo encryption reverse-engineering - Apr 11, 2015 - Marcos Del Sol Vives](https://www.reddit.com/r/amiibros/comments/328hqz/amiibo_encryption_reverseengineering/)

29
docs/protocols/zigbee.md Normal file
View File

@ -0,0 +1,29 @@
# ZigBee
> Zigbee is a specification for a suite of high-level communication protocols using low-power digital radios. It's designed for use in areas like home automation, medical data collection, industrial control systems, and other applications that require secure and reliable wireless communication.
## Tools
* [riverloopsec/killerbee](https://github.com/riverloopsec/killerbee) - IEEE 802.15.4/ZigBee Security Research Toolkit
## ZigBee Default Trust Center Link Key
Zigbee includes several layers of security, including AES-128 encryption, to ensure that data is transmitted securely across the network.
The Zigbee Default Trust Center Link Key is a predefined cryptographic key used in Zigbee networks to secure the initial joining process of a new device to the network. It's part of the security measures implemented within the Zigbee protocol to ensure that only authorized devices can join a particular network.
When a new device wants to join a Zigbee network, it must first establish a secure connection with the Trust Center. To do this, the device and the Trust Center use the Default Trust Center Link Key to encrypt their communication.
For the profile "Home Automation" the default Trust Center Link Key is : `ZigBeeAlliance09` (`"5A:69:67:42:65:65:41:6C:6C:69:61:6E:63:65:30:39"`).
You can use it in Wireshark: Edit > Preferences > Protocols > Zigbee NWK, then "New" and write the key in hex format.
Example: [CVE-2020-28952 - Athom Homey Static and Well-known Keys](https://yougottahackthat.com/blog/1260/athom-homey-security-static-and-well-known-keys-cve-2020-28952)
## References
* [AN1233: Zigbee Security - Silabs](https://www.silabs.com/documents/public/application-notes/an1233-zigbee-security.pdf)
* [Zigbee Security 101 (Architecture And Security Issues) - February 11, 2023 - dattatray](https://payatu.com/blog/zigbee-security-101/)
* [Tout, tout, tout vous saurez tout sur le ZigBee / MISC n°86 - July 2016 - Kovacs Nicolas](https://connect.ed-diamond.com/MISC/misc-086/tout-tout-tout-vous-saurez-tout-sur-le-zigbee)

10
docs/secure-boot/todo.md → docs/secure-boot/README.md
View File

@ -1,4 +1,4 @@
# What is Secure Boot
# Secure Boot
- Secure Boot is a **security feature implemented in modern computer systems**, primarily in those using the **Unified Extensible Firmware Interface (UEFI) firmware.**
- Its main purpose is to ensure that **only trusted** and **authenticated software** is loaded during the boot process, protecting the system against unauthorized or malicious code that could compromise its integrity and security.
@ -8,8 +8,6 @@
### References
[**Windows UEFI Bootkit in Rust**](https://github.com/memN0ps/bootkit-rs)
[**AzureDocs - Secure Boot**](https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/secure-boot.md)
[**Awesome UEFI Security**](https://github.com/river-li/awesome-uefi-security#documentations-book)
* [Windows UEFI Bootkit in Rust](https://github.com/memN0ps/bootkit-rs)
* [AzureDocs - Secure Boot](https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/secure-boot.md)
* [Awesome UEFI Security](https://github.com/river-li/awesome-uefi-security#documentations-book)