The cryptographic algorithms used are robust and well-understood:
Understanding Amiibo Encryption Keys: The Core of NFC Customisation
: A standard amiibo .bin file is typically 540 bytes , representing a raw copy of the NFC chip's contents [16]. amiibo encryption key
It was the smart move. The key wasn’t protecting financial transactions—just plastic toys. And enthusiasts buying blank tags are often the same people buying real amiibo for display.
The Amiibo encryption key serves several purposes: And enthusiasts buying blank tags are often the
The global Amiibo encryption key is a master key that is shared across all Amiibo figures and compatible Nintendo games. This key is used to secure the data transmission between the Amiibo figures and the game consoles. The use of a single, global encryption key ensures that all Amiibo figures can interact with any compatible game, without the need for individual keys.
To understand why an encryption key is necessary, one must first understand the hardware inside an Amiibo. Embedded in the base of every official figure is a small, inexpensive NFC chip known as an , manufactured by NXP Semiconductors. The use of a single, global encryption key
The NTAG215 chip provides a few built‑in security mechanisms. One of them is the system: a 32‑bit password that must be presented via the PWD_AUTH command before the host device can write to the encrypted NFC pages. This password is derived from the 7‑byte UID (Unique Identifier) of the tag. The derivation algorithm takes specific bytes of the UID, performs XOR operations with the constants 0xAA and 0x55, and combines the results to form the final 32‑bit password. Because the password depends solely on the UID, it remains the same throughout the life of the tag, even when game data is updated.
For users with a homebrew-enabled Nintendo Switch, the keys can be dumped directly from their own console using tools like , which has an option specifically for dumping the key_retail.bin file. The MD5 hash of this key file is 45fd53569f5765eef9c337bd5172f937 , allowing users to verify the integrity of their own dump.