NFC based platforms in gaming. Reverse engineering Nintendos "Amiibo"

Bachelor Thesis 2015 62 Pages

Computer Science - Miscellaneous





1 Introduction
1.1 Motivation
1.2 State of the art
1.2.1 Gamification
1.2.2 Mixed reality gaming
1.2.3 “Toy to life”-concept

2 Near field communication
2.1 Radio frequency identification (RFID)
2.1.1 Active RFID
2.1.2 Passive RFID
2.2 Near field communication (NFC )
2.2.1 Evolution of NFC
2.2.2 Functional principle Power supply Data transfer Anti-collision Signaling technologies Communication modes
2.2.3 NFC Data Exchange Format (NDEF ) NDEF Record NDEF Message NFC Record Type Definition (RTD)

3 Reverse engineering Amiibo
3.1 NFC tag
3.1.1 NFC Type 2 tags Capability Container (CC ) TLV structure Commands
3.1.2 Amiibo Data Page Table
3.2 Password
3.2.1 Elliptic curve cryptography Definition of elliptic curves Computing with elliptic curves Key Exchange Message Encryption Message Decryption Signatures
3.2.2 Elliptic curve cryptography and Amiibos
3.3 Communication protocol
3.3.1 Transmission protocol
3.3.2 Communication principle of Amiibos
3.4 Software project
3.4.1 Emulating Amiibos
3.4.2 Backing up Amiibos Establishing a connection Reading the Amiibo’s data Writing data to the Amiibo

4 Conclusion
4.1 Conclusion
4.2 Future of NFC in gaming

A Content of the CD-ROM
A.1 Bachelor thesis
A.2 Project files
A.3 Amiibo files
A.4 Literature
A.5 Online sources
A.6 Images



As a gamer I like harsh challenges: no Super Smash Bros. opponent can be too strong, no Super Mario level can be too tricky and no zombie horde can be too big. The most I thus love about these trials is the satisfying mo- ment you get whenever the challenge is finally beaten. This bachelor thesis however has yet been my hardest quest so far. Luckily, I have had several teammates who accompanied me on this very long journey. Some of them whom I would like to thank a lot, now that this game is over.

First of all I would like to thank my brother Stefan, as without him I would probably have never started playing video games in the first place. Without this strong passion in my life I would also have never chosen the topic of “NFC based platforms in gaming” for my bachelor thesis.

Furthermore, I would like to thank my parents Albert and Ursula, as they constantly encouraged me to keep writing. Also I am really grateful that my close friends, Dominik and Manuel, distracted me from working on the bachelor thesis every time I already needed a break and some time off in order to play video games with them.

Moreover, I would like to thank my beloved girlfriend Melanie, as without her continual help and comfort I surely would have dropped out of university a long time ago.

And finally I would like to show a very special gratitude to my dear sister Karin, as she always contributed valuable advice, whenever I needed her help.


Near Field Communication (NFC ) gained more and more popularity over the past few years. As a result, the number of applications suitable for the daily usage increases continuously. With the gaming industry being one of the fastest growing markets nowadays, it was just a matter of time, until these two fields of research met.

This bachelor thesis hence gives an overview about the near field commu- nication technology and further tries to enlighten the concept of NFC -based platforms in gaming. In order to give a concrete example for this, a tech- nology called Amiibo is examined with the corresponding software project based on it.


1.1 Motivation

It feels as if it just had been yesterday that my elder brother compelled me to play a video game with him, though this happened back in 1996. The new concept of playing immediately fascinated me from the very beginning and ever since I contribute most of my leisure to the topic of video games. As an approximation I spend an average of about three to five hours per day playing games.

According to a recently published statistic of the Entertainment Software Association10 at least 155 million United States citizens are keen on the exact same passion. This results in the video game industry being one of the fastest growing markets worldwide. Therefore, it is hardly surprising that every year new technologies emerge within this segment.

This bachelor thesis hence is about one of the fastest growing of these technologies, combining near field communication (NFC ) chips with video- games.

1.2 State of the art

Near field communication has a wide variety of applications, but there is one that constantly gains more and more popularity amongst the public. It is the field of gaming, where NFC is nowadays frequently used.

1.2.1 Gamification

The term gamification describes the utilization of mechanics, logic or rules that are common in videogames in other non-game related applications. The purpose of this is mainly to encourage the user to interact with the given system, as otherwise the initiative of one’s own to do so would be nominal. Gamification therefore tries to make techniques or content more appealing and to further prolong the overall motivation. This is enhanced due to the fact that people tend to willingly perform tasks as part of a game, even though these tasks might be considered boring otherwise.

Taken from Erik Einebrant15, Nokia (a communications and information technology company from Finland) had been one of the first supporters of NFC and gamification. For this, he listed the example of Nokia Shakespeare Shuffle. Several cards with NFC tags (each storing a line of a famous Shakespeare quote) must be rearranged in the correct order. To do so, a NFC enabled phone must be touched to one of these cards, as this causes the corresponding part of the quote to be played.

1.2.2 Mixed reality gaming

Mixed reality is an environment in between of the real and the virtual world and is hence a combination of both. Taken from Hinske et al.19, Benford stated, that:

“Pervasive games extend the gaming experience out into the real world. While in the game, the player becomes unchained from the console and experiences a game that is interwoven with the real world and is potentially available at any place and any time.”

Therefore, pervasive games (a subset of mixed reality games) are digital goods with a strong connection to the real world and therefore they create a virtual reality. As an example for this, digital interfaces can be integrated within items of everyday life in such a way that they are hardly distinguishable. Based on that fact the “toy to life”-concept emerged.

1.2.3 “Toy to life”-concept

In 2007 Mattel, an American toy manufacturing company, tried to revolu- tionize their sector by inventing a completely new concept for toys. For this, they launched U.B. Funkeys, a series of small plastic figurines containing NFC tags within. The main idea behind this product was that every figure could unlock certain features (mini-games, characters, designs, etc.) within an online video game, once the toys are placed on a NFC -reader connected to the PC. Though this concept was of great potential, the series flopped and was discontinued in early 2010. Later on other companies took up this issue and launched their own products. Therefore, at the time of writing, three big franchises (and one - Lego Dimensions - being in development) exist within this segment.

- Skylanders

The video game publisher Activision learned from the mistakes of their predecessor Mattel and launched the Skylanders series. As Mattel mainly focused on their product being appealing to collectors, Activi- sion used their profound knowledge in the field of gaming in order to better adapt to the target group of gamers. Furthermore, Activi- sion employed the former iconic PlayStation figure Spyro the Dragon to their advantage, as becoming the new official mascot for the Sky- landers series. As of February 2015, the Skylanders series has sold a total number of 175 million toys since its initial launch in 2011. The Skylanders series is hence one of the top 20 highest-selling video game franchises of all time.

illustration not visible in this excerpt

Figure 1.1: Examples of Skylanders figurines

In order to connect the digital and the physical world, Activision wrapped a unique storyline around the Skylanders series. For this, a villain called Kaos invaded the kingdom of Skyland and banished its inhabitants, the Skylanders, to the human world as toys. Thus it is the player’s duty to send them back into the game and respectively to their homes. To do so, a Skylander -toy is placed atop the so-called Por- tal of Power (a NFC -reader connected to the videogame console via USB or Bluetooth) and immediately comes to life within the game. As the videogame itself takes the form of a traditional RPG (role-playing game)13 the player is now able to control the unlocked figurine. With the proceeding progress the character gains more experience and ac- quires more abilities, which however are all stored on the physical game piece rather than on the gaming console. As a result, the player can use the own game characters on any other device, irrespective of the used console type, with all their attributes and skills being intact.

- Disney Infinity

Thanks to the Skylanders series the way for a commercial application of NFC in gaming had been smoothed and so it was just a matter of time that Activision got its first competitor in 2013 with Disney Infinity.

Disney Infinity is an action-adventure open-world video game (the player is given significant freedom as being able to move freely through a virtual world and to approach any objective at any time). Thus the game has no specific storyline. However, by connecting a Disney Infinity figurine with the gaming console the specific character, as well as a campaign strongly connected to the corresponding franchise, will become unlocked and playable within the game. Altogether the available figures are all taken from existing Disney and Pixar licenses, and therefore the assortment is frequently extended.

illustration not visible in this excerpt

Figure 1.2: Examples of Disney Infinity figurines

- Amiibo

In 2014 Nintendo followed the trend of Skylanders and Disney Infinity with their own product line, called Amiibo. Until the end of 2014 ap- proximately 5.7 million Amiibo toys had been sold worldwide, whereas in May 2015 already 10.5 million units had been shipped. The characters represented by Amiibos are taken from different Nin- tendo franchises. As a matter of fact and in strong comparison to the two competitors, Amiibos are not bound to a single game and there- fore exhibit a wider variation of applications. For this, two types of video games need to be differed. The ones that only read data from the Amiibos and the others with saving permission as well. The first type mostly will unlock new content within a certain game, such as new skins (the character’s appearance or costume), new weapons, new playable characters and so on, whereas the second type however is a bit more complex. Taking the example of the beat ’em up Super Smash Bros. (for Nintendo Wii U and Nintendo 3DS ), with the aid of Amiibos, artificial intelligences (AIs) can be trained and stored on the NFC tag. As a result, one’s play style will be copied by the figurine.

A promotion tournament hosted by Nintendo had shown that the AIs are even capable of defeating real players with ease, as a Fox McCloud Amiibo almost had won the tournament and was ranked second place.

illustration not visible in this excerpt

Figure 1.3: Examples of Amiibo figurines

When Nintendo was founded back in 1889, the company solely retailed traditional Japanese Hanafuda playing cards. Hence with the lately announced Amiibo cards they somehow try to go back to their roots. In this context Amiibo cards are the much cheaper versions of their figure-based counterparts bringing along the exact same functionality. However, by selling them in packs of six random cards hidden from view, the end user is further conduced to collect and to swap cards with colleagues.

illustration not visible in this excerpt

Figure 1.4: Examples of Amiibo cards

Unlike their competitors in the “toy to life”-market, Nintendo shows to be more innovative in the variety of their product lines. Besides the profound plastic figure based Amiibos and the Amiibo cards the company started to offer a collection of Amiibos made of yarn. Shortly after their release almost the entire stocking of the yarn Amiibos had been sold and units can hardly be found in retail. Due to this rush and for the enormous fan-base, Nintendo revealed to even launch an oversized variation of the popular Green Yarn Yoshi Amiibo by the end of November 2015.

illustration not visible in this excerpt

Figure 1.5: Yarn Amiibos from the Yoshi’s Woolly World collection

Due to this bachelor thesis, as well as the corresponding software project being based on Amiibos, this technology and its functionality is described in more detail later on in chapter 3.

- Lego Dimensions

Besides the well-established product line of plastic construction toys, Lego branched out into the video gaming market since 1997. The enor- mous variety of cooperating partners enabled Lego to exhibit thou- sands of sets based upon all different kinds of franchises (like Star Wars, Jurassic Park, Batman, etc.). Hence this product diversity di- rectly reflects to their gaming segment as well and furthermore plays an important role within the upcoming (release date is set to Septem- ber 2015) “toy to life”-video game of Lego Dimensions. For this, Lego Dimensions follows the same format as Skylanders, Disney Infinity or as the Amiibo series, but with NFC -enabled Lego figurines that will, once scanned, unlock new content (level, vehicles, playable characters, etc.) within the game. As it is typical for Lego, these figures are sold as a set of several pieces which need to be connected first, in order to finally build the proper construct.

Figure 1.6: Examples of Lego Dimensions

illustration not visible in this excerpt

- Amiibo-Skylander crossover

The Electronic Entertainment Expo (commonly known as 3 ) as the world’s biggest annual exhibition for video games is generally used to announce upcoming video game product lines, consoles and games per se. Due to the tremendous and overall increasing demand for Skylan- ders as well as for Amiibos, Activision and Nintendo joined forces and revealed at 2015’s 3 that both will launch Amiibo-Skylander figures in a special crossover line-up. For this, Activision made the first move by introducing their latest Skylanders installment of Skylanders: Super Chargers, which is going to be released in September 2015.

Special about this product line is that a total amount of two near field communication tags is integrated within each figure. By twisting the bottom plate the figurines can either individually function as an Amiibo or as a Skylander.

illustration not visible in this excerpt

Figure 1.7: Examples of the Amiibo-Skylander crossover line-up

- Pokémon Rumble

Already one year before the initial rollout of Amiibos, Nintendo launch- ed their product line of Pokémon Rumble NFC figurines. As this hap- pened slightly before Disney Infinity emerged, the “toy to life”-concept was still a niche market back then. Therefore, and due to a lack of usages for these figures (by scanning, the Pokémon depicted by the figurine could be used in-game) in solely one mediocre game called Pokémon Rumble U, this technology never lived up to its expectations. Nevertheless a total amount of 24 different figures had been launched. As it is typical for the Pokémon franchise, the so-called pocket mon- sters are stored in separate capsules, the well-known PokéBalls. This is another marketing strategy, as the customer never knows which fig- ure will be received within the next purchase. The Pokémon fan base however is quite familiar with this concept, as within the Pokémon series, the gamers are also animated to swap their beloved Pokémon with each other. As a result this technology was not entirely consid- ered to be a flop, as at least the dedicated fan base pulled in sales. The Pokémon Rumble figures are, at the time of writing, not yet completely discontinued, whereas some units might still be sporadically found in retail. This is assumed to be a direct consequence of the market en- trance of Amiibos, as Nintendo clearly revisited this concept with the latter.

Figure 1.8: Examples of some Pokémon Rumble NFC figures

illustration not visible in this excerpt

Chapter 2 Near field communication

Near field communication (NFC ) is basically a short-range wireless connec- tion between two nodes used for information transfer. This technology is further based on the already existing and profound method of Radio Fre- quency Identification (abbreviated by RFID). Langer and Roland state in their publication that the first usage of RFID dates all the way back to the Second World War 24.

2.1 Radio frequency identification (RFID)

Radio frequency identification is a system for the contactless identifica- tion and data-transfer throughout electromagnetic waves. For this purpose tags (transponders for emitting messages) and corresponding readers are required.

In most cases a RFID tag contains an identification number, by which the RFID reader can identify the read object. Furthermore, tags might also store read- and/or writable memory within.

Depending on their electric power source, RFID tags can be generally divided into two groups.

illustration not visible in this excerpt

Figure 2.1: Scheme of a RFID tag including chip and coil14

2.1.1 Active RFID

Active tags have their own power source and hence they can transmit a stronger signal over a further distance (up to 20 or 100 meter). In exchange for these features the tag however is bigger and more expensive than their passive counterparts. For active tags it is either possible to constantly broad- cast a signal, or to stay dormant until a receiver comes within range. Due to having their own on-board power source, active tags typically operate at higher frequencies of about 2.45 - 5.8GHz, depending on the use case and memory requirements.

2.1.2 Passive RFID

On the other hand passive RFID tags do not possess their own power source, so these tags are rather cheap in production (according to Weinstein less than $0.2 per piece32 ) and as a result established as a standard in RFID implementations. In addition passive tags are rather small, compared to the active ones. As for the signaling distance, there is a very general rule of thumb: “The larger the tag, the larger the read range.”32

2.2 Near field communication (NFC )

2.2.1 Evolution of NFC

According to Langer and Roland24, the NFC technology had been invented by Sony and NXP Semiconductors (former Philips Semiconductors) back in 2002. Later on in 2004, the NFC Forum was founded by the former and Nokia with the purpose to uniformly standardize the NFC technology worldwide. At that time, Nokia had been one of the biggest and well established manu- facturers for mobile-phones, and therefore, with the implementation within several of their devices, near field communication started its triumph. Ever since, many field trials had been launched worldwide in order to exhibit and test new fields of application. By way of example, Langer and Roland refer to the field trial in the University of applied Sciences Hagenberg in 2006. For this, the participants (mostly students and teachers) were, under the usage of NFC -enabled phones, able to purchase meals in two canteens on the one hand, and on the other the subscribers could gain access to lecture halls and laboratories.

Over the long term many applications for NFC in everyday life could be established. The most common for this are service initiation (NFC tags are located within ordinary items and by connecting a corresponding reader bits of information about the given object can easily be obtained), peer-to-peer connections, mobile NFC payment and, as already listed in the first chapter, small plastic figurines used for gaming.

2.2.2 Functional principle Power supply

The near field communication technology is based on radio frequency identi- fication and hence NFC tags also either possess an active or a passive power supply.

illustration not visible in this excerpt

Figure 2.2: Magnetic field of a current-carrying conductor24

Hans Christian Ørsted had proven in 1820 that every current-carrying conductor produces a magnetic field(figure 2.2). As coils are numerously curled conductors, the generated magnetic field hence is heavily amplified within. Contradictorily, in case a particle of charge enters an electromagnetic field, it will experience a force orthogonal to the direction of the magnetism and electricity - the so-called Lorentz force. Michael Faraday postulated that vice versa changes in the magnetic field might affect the electrons to flow within a conductor, as the raised Lorentz force drives them within a certain direction. The therefore generated power is known to us as induced current. One use of the induced current that is essential for passive RFID (and respectively for passive NFC ) are transformers. For this, one coil running on alternating current is located right next to another coil. Due to the constant flux alteration, potential is inducted within the second choke. The gained voltage is direct proportion to the coils’ windings (1 : 2 = 1 : 2).

The basic structure of a RFID or NFC system using induction is dis- played in figure 2.3. For the power allocation the reader feeds its antenna (coil 1) with a sinusoidal current and as a matter of fact the transponder an- tenna therefore receives inducted electricity. In order to access the received alternating current as a direct one, a rectifier is then used. As due to slight changes in the inductive coupling (distance between reader and transpon- der increases/decreases or the transponder gets repositioned) the received inducted current, within the transponder, changes enormously. But the tags and their integrated circuits mostly operate only within a smaller voltage range (currently from approximately 0.8 to 5 volt). Thus a voltage limiter is required in order to either amplify or limit the voltage.

Figure 2.3: Structure of a RFID/NFC system using induction24

illustration not visible in this excerpt Data transfer

Depending on the power supply (active or passive) there are two kinds of data transmission for RFID- and NFC -systems. For passive systems, the tags’ roles (one is the reader and the other one is the transmitter) are fixed and hence two channels are used. Whereas for active systems, the currently transmitting device always acts as the reading and writing unit, but the roles are not predefined whereby these can be switched. In this case, only one channel is used for the data transfer. But in comparison to RFID, NFC always operates on the frequency band of 13.56MHz.

The uplink (transfer from reader to the transponder) is equal to the direction of the power supply. Therefore, it seems obvious to modulate the carrier signal which is used for supplying the energy with the data stream. Most commonly amplitude-shift-keying and phase-shift-keying are used for this.

Then again the downlink is the transponder’s response passed on to the reader generated by load modulation. Changes in the transponder’s impedance result in a different amplitude or even phase of the potential at the receiving antenna which will then get demodulated as the responded signal. In order to simplify, one could assume that the receiving tag al- ters the magnetic field generated by the reader, as it uses up energy. As a matter of fact less power is retransmitted and, due to this deviation, the reader is hence capable of reconstructing the received data. In RFID- and NFC -systems there are two possible types of load modulation. For one thing ohmic load modulation, whereas for another thing capacitive load modula- tion exists. The former causes merely ASK (amplitude-shift-keying) for the receiving antenna’s voltage, as an additional modulation resistor is wired parallel to the transponder’s own transistor. The latter in comparison how- ever induces ASK as well as PSK (phase-shift-keying) on the retransmitting potential, as an additional modulation capacitor is wired parallel to the transponder’s own condenser. Anti-collision

As simultaneously more than one tag can be in the RFID/NFC -reader’s range, and furthermore all of them even transmit on the same frequency band, the sent data streams interfere and are hence damaged by collisions. To avoid this behavior multiplexing is applied. Due to the fact that only one frequency band is utilized, FDMA (frequency-division multiple access) can- not be used. CDMA (code-division multiple access) is not suitable either, as the upcoming streams are transmitted at staggered intervals, due to the var- ious distances between tag and reader. Consequently, TDMA (time-division multiplexing) and SDMA (space-division multiplexing) are commonly avail- able for RFID- and NFC -systems. In addition to these procedures, several anti-collision methods can be used for increased reliability.

- Collision avoidance

One of the easiest, but not less target-aimed, models for this purpose is the concept of collision avoidance. For this, every communication node checks beforehand if no other communication has yet been es- tablished. Taking the example of a NFC -based system, a node only activates its own carrier signal once no other radio frequency field has been detected over a certain, but randomly chosen, timespan.

- Binary search

On the other hand, NFC -systems can benefit from using a binary search algorithm to detect every transponder within reach. As every tag has its own identification, the reader first gathers every one of these. In case the reader receives multiple IDs a collision is detected. Therefore, the reader starts a recursion in order to ask for the first half of the obtained identifiers. This is performed several times while the reader receives more than one ID at a time. Assuming that only one value is returned however, the reader can now access the correspond- ing transponder throughout the newly received identifier. Whereas if nothing is returned, the reader will start another recursion for the sec- ond half of the ID-array. Throughout the entire search process all tags will get enumerated.

- Slotted ALOHA

At first sight the ALOHA protocol seems to be the complete opposite of collision avoidance. Whenever a communication node has data to send, the information will be transmitted at a randomly chosen point. Taking the case that by hazard more than one node simultaneously broadcast their data, a collision is detected. In this scenario every communication participant will be requested to try to resend the collided data packages after a short, but yet once again, randomly chosen timespan.

As it is most likely that the repeated data streams will interfere again after the aforesaid intermission, discrete timeslots were introduced in the improved slotted ALOHA protocol. For this, the receiver forwards further details about the duration of the pausing process (in multi- ples of timeslots) as an extra parameter to the communication nodes, alongside the query for resending collided data. Therefore, with the usage of timeslots, the collisions are overall reduced and hence as a result the maximum throughput is increased significantly. Signaling technologies

For NFC devices three signaling technologies exist, in order to ensure that various types of near field communication can communicate with each other. Whenever a tag comes within a reader’s range, they first communicate about the used technology and transmit data based on the specified protocols1.

- NFC-A (ISO/IEC 14443 Type A)

As the name already implies, NFC-A only corresponds with the com- patible RFID Type A communication. In Type A communication delay encoding (Miller encoding) is used. For this set-up a sent signal needs to change from 0 to 100 percent, in order for the device to register the difference between sending a 12 or a 02 bit. Data rates of approx- imately 106/ can be achieved by using this signaling technology1.

- NFC-B (ISO/IEC 14443 Type B)

Similar to NFC-A, NFC-B solely corresponds with RFID Type B com- munication. However, a Type B communication uses Manchester en- coding, instead of Miller encoding utilized by the NFC-A counterpart. By any definition, the amplitude modulation is at 10 percent, resulting in a falling edge (from 100% to 90%) being represented by a logic 12, whereas a rising edge (from 90% to 100%) is resembled by a logic 021.

- NFC-F (JIS X 6319-4 - FeliCa)

In strong comparison to the other two signaling technologies, this one however is normalized by the Japanese Industrial Standards Committee. NFC-F further refers to a faster form of RFID transmission (data rates with up to 212/) known as FeliCa24. Communication modes

For NFC -devices it is possible to operate within three standardized commu- nication schemes: Peer-to-Peer, Reader/Writer Mode & Card Emulation2.

- Peer-to-Peer Mode

Two NFC enabled devices can communicate with each other, in order to exchange information or to share files, while they both operate in Peer-to-Peer Mode. For this, at least one partner uses active NFC and both make use of the Logical Link Control Protocol (LLCP); a protocol that supports the bi-directional communication.

- Reader/Writer Mode

The Reader/Writer Mode enables the communication between an ac- tive NFC -device and a passive tag, whereas data can be read from or written to the tag. In order to grant a successful transmission, the used data format needs to come up to the standard of the NFC Data Exchange Format, as it will be described later on(see 2.2.3).

- Card Emulation Mode

In the Card Emulation Mode a NFC enabled device can act as, and therefore tries to emulate, a NFC tag. Instead of the bi-directional communication used in Peer-to-Peer Mode, a direct one (only the reader gets bits of information stored on the virtual NFC tag) is established, as the emulated tag uses passive NFC.

Figure 2.4: NFC -communication modes14

illustration not visible in this excerpt

2.2.3 NFC Data Exchange Format (NDEF )

The NFC Data Exchange Format specification defines the format, as well as the rules, of the required data structure that is used in order to exchange bits of information between two NFC enabled devices or a NFC -reader and the corresponding tag. Therefore, NDEF is a simple binary data-format con- taining application-specific data. The application-specific data, as well as meta information (information about the possible interpretation, the struc- ture of one NDEF Record, etc.) are packed into so-called NDEF Records. Then again several NDEF Records might be grouped as a NDEF Message. As an example take the case of two NFC -devices sharing contact informa- tion with each other. The entire contact is therefore submitted as one NDEF Message containing several NDEF Records (the contact’s name/phone num- ber/etc.). Hence based upon different underlying transfer protocols (e.g. Logical Link Control Protocol (LLCP)) a unified format for the data trans- mission is granted24.

Figure 2.5: NDEF Message structure5

illustration not visible in this excerpt NDEF Record

As already mentioned before, a NDEF Record consists out of meta infor- mation, as well as the actual application-specific data. Respectively the NDEF Record is subdivided into a header (the meta information) and a payload (the data). Moreover the header has Boolean flags, length specifi- cations of certain fields (Type Length, Payload Length & ID Length), information about the used data type (TNF (type name format) & Pay- load Type) and optionally a unique identifier for the data packet stored within (Payload ID). The flags in questions are further categorized as: MB (Message Begin), ME (Message End), CF (Chunk Flag), SR (Short Record) and IL (ID Length Present). MB and ME typically mark the first and last NDEF Record within the entire NDEF Message, whereas CF indicates whether this entry is complete or separated and continued within (at least) the following NDEF Record. SR on the other hand signalizes a shorter NDEF Record, as the payload’s length is reduced from 32 bits (flag set to 02) to 8 bits (flag set to 12). Finally the value of the IL flag resembles the state of the NDEF Record’s identification information. In case this flag is not set to true, the record does neither contain the ID Length nor the ID field. Otherwise an ID Length value is set which moreover defines the bit length of the ID Field per se. NDEF Message

A NDEF Message contains at least one NDEF Record, but in most cases several entries are grouped within. Throughout bits in the single NDEF Records’ headers the beginning and the end of the messages are marked (with flags for Message Begin & Message End). NFC Record Type Definition (RTD)

With NDEF Messages and the underlying protocols all different kinds of data formats can be transmitted. However, no bits of information about how the NFC enabled device should interpret and handle the newly re- ceived data are given. Therefore, the NFC Record Type Definition clearly defines basic structures and guidelines for the further proceeding and repre- sentation of the data on the NFC device. For this, RTD has on the one hand a basic specification, mostly in order to handle essential parameters, such as naming conventions, the proceeding of defective or unknown RTDs, as well as rules for the conjunction of several NDEF Records and NDEF Messages. On the other hand RTD has further specifications regarding the different record types as these are already declared in the NDEF Records’ TNFs and Payload Type fields. On the basis of the TNF exactly two types of NDEF Records can be defined and thus are marked by Uniform Resource Names (URN )24:

- NFC Forum Well-known Types

NFC Forum Well-known Types are reserved by the NFC Forum and fit the scheme urn:nfc:wkt:<Name>. In order to keep the used memory consumption low, solely the URN <Name> is saved within the NDEF Record’s type field. Basically there is a separation between global and local types. The global types are declared and predefined by the NFC Forum and hence must not hardly differ from the pristine RTD- definition, whereas the local types can be freely defined within the context of one actual field of application. The most common examples for NFC Forum Well-known Types are: Text Record types ( : ), URI Record types ( : ), Smart Poster Record types ( : ), Generic Control Record types ( : ) & Signature Record types ( : ).

- NFC Forum External Types

By contrast NFC Forum External Types must not fit the specifica- tions through the NFC Forum at all, whereas organizations can define their own arbitrary record types. In order to distinguish between Well- known Types and External Types, urn:nfc:ext:<Domain>:<Name> is used as the URN pattern for the latter ones. Like for the NFC Fo- rum Well-known counterparts, only the URN <Domain>:<Name> is saved within the NDEF Record.

Chapter 3 Reverse engineering Amiibo

For the University of Applied Sciences Hagenberg, especially for the bachelor degree course Mobile Computing, it is most common to submit a software project alongside the bachelor thesis. At first an Android library for the basic Amiibo integration, as well as an Android application for the emula- tion of Amiibos, had been targeted. But several difficulties arose within the development phase, whereas the scope of the software project was changed to the Android library in question and an Android application in order to backup Amiibo data.

Hence within the following chapter Amiibos and their functionality, the research results of analyzing Amiibos, the development phase and the difficulties within and last, but not least, the software project per se will be described in more detail.

3.1 NFC tag

The International Organization for Standardization (ISO), as well as the NFC Forum, defined a broad variety of technical specifications that should be met by all NFC-systems (readers and tags). Therefore, within the near field communication technology four different types of tags (NFC Forum Type 1-4 tags) exist. As for this, the RFID tag used for Amiibos is categorized as a NFC Forum Type 2 tag.

3.1.1 NFC Type 2 tags

NFC Type 2 tags are tags based on the NFC-A technology and further- more are heavily oriented towards MIFARE Ultralight tags manufactured by the company NXP Semiconductors. Hence they are merely used for sav- ing data24. Several Type 2 tags can operate simultaneously within a single reader’s range rather unproblematically, as anti-collision methods are used for this.



ISBN (eBook)
ISBN (Book)
File size
5.2 MB
Catalog Number
Institution / College
University of Applied Sciences Oberösterreich, Hagenberg
NFC gaming Amiibo Toy to life Skylanders Disney Infinity Lego Dimensions NFC videogames near field communication Nintendo reverse engineering




Title: NFC based platforms in gaming. Reverse engineering Nintendos "Amiibo"