I was interested in the idea of fuzzing save data on Amiibo to find save game bugs or exploits. To do that I’d need some way to supply arbitrary Amiibo data to Nintendo consoles, including the Switch, which had not been released yet at the time I began this project. I decided to use software-defined radio to make a tool that could rapidly transmit mutated Amiibo data over NFC.
The Proxmark3 code is available at https://github.com/nccgroup/proxmark3-amiimicyou, and the slides from my talk explaining the creation of this tool can be found here. The talk also provides an in-depth explanation of how Amiibo work and what kind of cryptographic protections they use.