From edf987e7f2c75d888569cc3d6917d2b22b98493d Mon Sep 17 00:00:00 2001 From: Ordim3n Date: Thu, 26 Jan 2017 17:39:02 -0500 Subject: [PATCH] Add files via upload --- README.md | 8 +- source/LED.c | 109 +++++++++++++++++ source/LED.h | 4 +- source/common.h | 9 +- source/main.c | 319 ++++++++++++++++++++++++++++++++---------------- 5 files changed, 337 insertions(+), 112 deletions(-) diff --git a/README.md b/README.md index ce3bbe0..a5aefc9 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,14 @@ Based off the libctru NFC example ## Menu Hack: Simple and quick way to buff your amiibo's stats to 200 everywhere -Restore backup: Restore a backup if previously backed up by the `Hack` function or the `Only dump appdata function` +Restore Backup / Bruteforce appdata writing: Restore a backup if previously backed up by the `Hack` function or the `Only dump appdata` function / Writes a modified appdata to the bruteforced amiibo -Only dump appdata: Only dumps a backup file +Only dump appdata / Bruteforce appdata dump: Only dumps a backup file / Dumps the appdate of the bruteforced amiibo Custom file writing: Writes `/Smash amiibo cheat tool/write.amiibo` to the amiibo +Appdata Randomizing: Randomizes the appdata of your amiibo (bruteforcing supported), this can be used for grinding rewards in smash for example + ## Tagstates 1: Stopped scanning for Amiibos/NFC tags @@ -40,3 +42,5 @@ MarcusD: Helping me with some code issues Thunder Kai: All the graphics Yudowat, CloudedSun, Fug/leni, jasgx, Karma, LinkSoraZelda, Swiftloke and Y2K: Testing and ideas + +## IT IS IMPOSSIBLE TO MODIFY THE AMIIBO'S IDENTITY \ No newline at end of file diff --git a/source/LED.c b/source/LED.c index c9763d6..343e85b 100644 --- a/source/LED.c +++ b/source/LED.c @@ -43,6 +43,115 @@ void fixcolor(u8 r, u8 g, u8 b) ptmsysmExit(); } +void rave() +{ + RGBLedPattern pat2; + + //marcus@Werkstaetiun:/media/marcus/WESTERNDIGI/dev_threedee/MCU_examples/RGB_rave$ lua assets/colorgen.lua + pat2.r[0] = 128; + pat2.r[1] = 103; + pat2.r[2] = 79; + pat2.r[3] = 57; + pat2.r[4] = 38; + pat2.r[5] = 22; + pat2.r[6] = 11; + pat2.r[7] = 3; + pat2.r[8] = 1; + pat2.r[9] = 3; + pat2.r[10] = 11; + pat2.r[11] = 22; + pat2.r[12] = 38; + pat2.r[13] = 57; + pat2.r[14] = 79; + pat2.r[15] = 103; + pat2.r[16] = 128; + pat2.r[17] = 153; + pat2.r[18] = 177; + pat2.r[19] = 199; + pat2.r[20] = 218; + pat2.r[21] = 234; + pat2.r[22] = 245; + pat2.r[23] = 253; + pat2.r[24] = 255; + pat2.r[25] = 253; + pat2.r[26] = 245; + pat2.r[27] = 234; + pat2.r[28] = 218; + pat2.r[29] = 199; + pat2.r[30] = 177; + pat2.r[31] = 153; + pat2.g[0] = 238; + pat2.g[1] = 248; + pat2.g[2] = 254; + pat2.g[3] = 255; + pat2.g[4] = 251; + pat2.g[5] = 242; + pat2.g[6] = 229; + pat2.g[7] = 212; + pat2.g[8] = 192; + pat2.g[9] = 169; + pat2.g[10] = 145; + pat2.g[11] = 120; + pat2.g[12] = 95; + pat2.g[13] = 72; + pat2.g[14] = 51; + pat2.g[15] = 33; + pat2.g[16] = 18; + pat2.g[17] = 8; + pat2.g[18] = 2; + pat2.g[19] = 1; + pat2.g[20] = 5; + pat2.g[21] = 14; + pat2.g[22] = 27; + pat2.g[23] = 44; + pat2.g[24] = 65; + pat2.g[25] = 87; + pat2.g[26] = 111; + pat2.g[27] = 136; + pat2.g[28] = 161; + pat2.g[29] = 184; + pat2.g[30] = 205; + pat2.g[31] = 223; + pat2.b[0] = 18; + pat2.b[1] = 33; + pat2.b[2] = 51; + pat2.b[3] = 72; + pat2.b[4] = 95; + pat2.b[5] = 120; + pat2.b[6] = 145; + pat2.b[7] = 169; + pat2.b[8] = 192; + pat2.b[9] = 212; + pat2.b[10] = 229; + pat2.b[11] = 242; + pat2.b[12] = 251; + pat2.b[13] = 255; + pat2.b[14] = 254; + pat2.b[15] = 248; + pat2.b[16] = 238; + pat2.b[17] = 223; + pat2.b[18] = 205; + pat2.b[19] = 184; + pat2.b[20] = 161; + pat2.b[21] = 136; + pat2.b[22] = 111; + pat2.b[23] = 87; + pat2.b[24] = 64; + pat2.b[25] = 44; + pat2.b[26] = 27; + pat2.b[27] = 14; + pat2.b[28] = 5; + pat2.b[29] = 1; + pat2.b[30] = 2; + pat2.b[31] = 8; + + pat2.ani = 0x20; + + if(ptmsysmInit() < 0) return; + ptmsysmSetInfoLedPattern(pat2); + ptmsysmExit(); +} + void stfuled() { RGBLedPattern pat; diff --git a/source/LED.h b/source/LED.h index 3be2f63..ab7c834 100644 --- a/source/LED.h +++ b/source/LED.h @@ -2,4 +2,6 @@ void fixcolor(u8 r, u8 g, u8 b); -void stfuled(); \ No newline at end of file +void stfuled(); + +void rave(); \ No newline at end of file diff --git a/source/common.h b/source/common.h index 70fb9b5..53dc249 100644 --- a/source/common.h +++ b/source/common.h @@ -6,11 +6,12 @@ #include #include #include <3ds.h> +#include #include "menu.h" #include "LED.h" -#define VERSION "1.3" // Version string +#define VERSION "2.0" // Version string #define FB_SIZE 230400 // Bottom framebuffer size static SwkbdState swkbd; @@ -18,11 +19,9 @@ char input_str[4]; int MenuIndex; -u32 amiibo_appid = 0x10110E00; // Hardcoded for Super Smash Bros. See https://www.3dbrew.org/wiki/Amiibo for more details +u32 amiibo_appid = 0x10110E00, bruteforce = 0x10000000, seconds; static char *fb_buffer = NULL; -u8 attack=201; -u8 defense=201; -u8 speed=201; \ No newline at end of file +u8 attack=201, defense=201, speed=201; \ No newline at end of file diff --git a/source/main.c b/source/main.c index b54ecc0..2a73436 100644 --- a/source/main.c +++ b/source/main.c @@ -29,21 +29,17 @@ void wait_for_start() u32 kDown = hidKeysDown(); if (kDown & KEY_START) - { - break; // break in order to return to hbmenu - } + break; } } -int load_splash(char *buffer, const char *path) +int load_splash(char *buffer, FILE *f) { if (!buffer) { printf("Memory not allocated!\n"); return -1; } - FILE *f = fopen(path, "rb"); - if (!f) return -2; fseek(f, 0L, SEEK_END); size_t sz = ftell(f); rewind(f); @@ -80,7 +76,7 @@ const char *get_model_string(uint32_t id) Result nfc_main() { Result ret = 0; - FILE *f = NULL, *backup = NULL; + FILE *f = NULL, *backup = NULL, *Scan = NULL; fb_buffer = malloc(FB_SIZE); if (!fb_buffer) @@ -92,44 +88,56 @@ Result nfc_main() u8 model; CFGU_GetSystemModel(&model); - if ((model == 2) || (model == 4)) + Scan = fopen("/SACT/Scan.bin", "rb"); + + if (!Scan) { - if (load_splash(fb_buffer, "romfs:/scan_n3ds.bin")) - { - printf("Failed to load splash!\n"); - return -4; - } + if ((model == 2) || (model == 4)) + Scan = fopen("romfs:/scan_n3ds.bin", "rb"); + else + Scan = fopen("romfs:/scan_o3ds.bin", "rb"); } - else + + if (load_splash(fb_buffer, Scan)) { - if (load_splash(fb_buffer, "romfs:/scan_o3ds.bin")) - { printf("Failed to load splash!\n"); return -4; - } } - - + NFC_TagState prevstate, curstate; NFC_TagInfo taginfo; NFC_AmiiboSettings amiibosettings; NFC_AmiiboConfig amiiboconfig; u32 pos; + u32 index = 0; u32 appdata_initialized; + u32 secret_code[] = + { + KEY_UP, + KEY_UP, + KEY_DOWN, + KEY_DOWN, + KEY_LEFT, + KEY_RIGHT, + KEY_LEFT, + KEY_RIGHT, + KEY_START + }; u8 appdata[0xd8]; uint8_t Name[0x16]; - char uidstr[16], tmpstr[262], backupstr[262], path[262], Info[512]; + char uidstr[16], tmpstr[262], backupstr[262], path[262], Info[512], bruteforce_appdata[262]; const char *menu_entries[] = { - "Hack", - "Restore Backup", - "Only dump appdata", - "Custom file writing", - "Change custom moves" + "Hack", // Menuindex 0 + "Restore Backup / Bruteforce appdata writing", // MenuIndex 1, MenuIndex -6 if bruteforcing + "Only dump appdata / Bruteforce appdata dump", // MenuIndex 2, MenuIndex -5 if bruteforcing + "Custom file writing", // MenuIndex 3 + "Change custom moves", // MenuIndex 4 + "Appdata Randomizing" //MenuIndex 5 }; snprintf(Info, sizeof(Info) - 1, @@ -161,7 +169,7 @@ Result nfc_main() prevstate = curstate; - MenuIndex = display_menu(menu_entries, 5, Info); + MenuIndex = display_menu(menu_entries, 6, Info); consoleClear(); if(MenuIndex==-1)return MenuIndex; @@ -185,12 +193,23 @@ Result nfc_main() nfcStopScanning(); nfcStartScanning(NFC_STARTSCAN_DEFAULTINPUT); stfuled(); - MenuIndex = display_menu(menu_entries, 5, Info); + index = 0; + MenuIndex = display_menu(menu_entries, 6, Info); consoleClear(); if(MenuIndex==-1)return MenuIndex; - fixcolor(255, 125, 0); } + + if(kDown & secret_code[index] && MenuIndex==0) + { + if(index==8) + { + MenuIndex = 99; + printf("Cool, you discovered the 'secret' code :P\n"); + } + else index++; + } + nfcGetTagState(&curstate); if(curstate!=prevstate)//See nfc.h for the TagState values. { @@ -251,7 +270,38 @@ Result nfc_main() appdata_initialized = 1; - ret = nfcOpenAppData(amiibo_appid); + if(MenuIndex != 1 && MenuIndex != 2 && MenuIndex != 5) ret = nfcOpenAppData(amiibo_appid); + else + { + ret = nfcOpenAppData(amiibo_appid); + if(ret==NFC_ERR_APPID_MISMATCH) + { + if(MenuIndex == 1) MenuIndex = -6; else if(MenuIndex == 2) MenuIndex = -5; + clock_t t = clock(); + printf("AppID isn't Sm4sh, currently bruteforcing AppID\n"); + stfuled(); + rave(); + while(bruteforce != 0xFFFFFFFF) + { + ret = nfcOpenAppData(bruteforce); + nfcGetTagState(&curstate); + if(ret==NFC_ERR_APPID_MISMATCH) bruteforce++; + else if(curstate == NFC_TagState_OutOfRange) + { + printf("Why did you remore your amiibo >:3\n"); + return 0xC0FFE1; + } + else + { + clock_t t2 = clock() - t; + seconds = t2 / CLOCKS_PER_SEC; + printf("AppID match found\nThe AppID of your amiibo is: 0x%X\nIt took %u seconds to find the AppID\n", bruteforce, seconds); + break; + } + } + } + + } if(R_FAILED(ret)) { printf("Failed to open the appdata.\n"); @@ -275,6 +325,7 @@ Result nfc_main() printf("Reading appdata...\n"); ret = nfcReadAppData(appdata, sizeof(appdata)); + if(R_FAILED(ret)) { printf("nfcReadAppData() failed.\n"); @@ -284,15 +335,29 @@ Result nfc_main() memset(tmpstr, 0, sizeof(tmpstr)); memset(backupstr, 0, sizeof(backupstr)); memset(path, 0, sizeof(path)); + memset(bruteforce_appdata, 0, sizeof(bruteforce_appdata)); - snprintf(path, sizeof(path)-1, "/Smash Amiibo Cheat Tool/%s_%s", uidstr, Name); + snprintf(path, sizeof(path)-1, "/SACT/%s_%s", uidstr, Name); snprintf(tmpstr, sizeof(tmpstr)-1, "%s/Modded.amiibo", path); snprintf(backupstr, sizeof(backupstr)-1, "%s/Backup.amiibo", path); - mkdir("/Smash Amiibo Cheat Tool", 0777); + snprintf(bruteforce_appdata, sizeof(bruteforce_appdata)-1, "%s/%X.amiibo", path, bruteforce); + mkdir("/SACT", 0777); mkdir(path, 0777); - - if(MenuIndex==0) - { + + if(MenuIndex!=1 && MenuIndex!=2 && MenuIndex!=3 && MenuIndex!=-6) + { + if(fopen(tmpstr, "r") != NULL) + remove(tmpstr); + else + if(bruteforce!=0x10000000 && fopen(bruteforce_appdata, "r") != NULL) + remove(bruteforce_appdata); + } + if(MenuIndex!=1 && MenuIndex!=3 && MenuIndex!=-5 && MenuIndex!=-6) + if(fopen(backupstr, "r") != NULL) + remove(backupstr); + + if(MenuIndex==0) + { printf("Modifying the %s's data\n", Name); f = fopen(tmpstr, "w"); backup = fopen(backupstr, "w"); @@ -312,75 +377,126 @@ Result nfc_main() fclose(f); f = fopen(tmpstr, "r"); - } - else if(MenuIndex==1) - { - printf("Restauring backup\n"); - f = fopen(backupstr, "r"); - } - else if(MenuIndex==2) - { - backup = fopen(backupstr, "w"); - fwrite(appdata, 1, sizeof(appdata), backup); - fclose(backup); - printf("Finished, appdata dump is located at '%s'\n", backupstr); - } - else if(MenuIndex==3) - { - printf("Writing '/Smash Amiibo Cheat Tool/Write.amiibo' to %s\n", Name); - f = fopen("/Smash Amiibo Cheat Tool/Write.amiibo", "r"); - if(f==NULL) - { - fclose(f); - ERRF_ThrowResult(0xFFFFF); - } - } - else if(MenuIndex==4) + } + else if(MenuIndex==1) + { + printf("Restauring backup\n"); + f = fopen(backupstr, "r"); + } + else if(MenuIndex==2) + { + backup = fopen(backupstr, "w"); + fwrite(appdata, 1, sizeof(appdata), backup); + fclose(backup); + printf("Finished, appdata dump is located at '%s'\n", backupstr); + } + else if(MenuIndex==3) + { + printf("Writing '/SACT/Write.amiibo' to %s\n", Name); + f = fopen("/SACT/Write.amiibo", "r"); + if(f==NULL) ERRF_ThrowResult(0xFFFFF); + } + else if(MenuIndex==4) + { + printf("hello"); + f = fopen(tmpstr, "w"); + backup = fopen(backupstr, "w"); + fwrite(appdata, 1, sizeof(appdata), f); + fwrite(appdata, 1, sizeof(appdata), backup); + fclose(f); + fclose(backup); + f = fopen(tmpstr, "r+b"); + void *buffer = (char*) malloc (sizeof(char)*2); + char Info2[255]; + const char *MoveEntries[] = { - printf("hello"); - f = fopen(tmpstr, "w"); - backup = fopen(backupstr, "w"); - fwrite(appdata, 1, sizeof(appdata), f); - fwrite(appdata, 1, sizeof(appdata), backup); - fclose(f); - fclose(backup); - f = fopen(tmpstr, "r+b"); - void *buffer = (char*) malloc (sizeof(char)*2); - char Info2[255]; - const char *MoveEntries[] = - { - "1", - "2", - "3" - }; - fseek(f, 9, SEEK_SET); - snprintf(Info2, 254, "Neutral: %u", fread(buffer, 1, 1, f)); - int MoveIndex = display_menu(MoveEntries, 3, Info2); - WriteValTo(f, 9, MoveIndex); - fseek(f, 10, SEEK_SET); - snprintf(Info2, 254, "Side: %u", fread(buffer, 1, 1, f)); - MoveIndex = display_menu(MoveEntries, 3, Info2); - WriteValTo(f, 10, MoveIndex); - fseek(f, 11, SEEK_SET); - snprintf(Info2, 254, "Up: %u", fread(buffer, 1, 1, f)); - MoveIndex = display_menu(MoveEntries, 3, Info2); - WriteValTo(f, 11, MoveIndex); - fseek(f, 12, SEEK_SET); - snprintf(Info2, 254, "Down: %u", fread(buffer, 1, 1, f)); - MoveIndex = display_menu(MoveEntries, 3, Info2); - WriteValTo(f, 12, MoveIndex); + "1", + "2", + "3" + }; + fseek(f, 9, SEEK_SET); + snprintf(Info2, 254, "Neutral: %u", fread(buffer, 1, 1, f)); + int MoveIndex = display_menu(MoveEntries, 3, Info2); + WriteValTo(f, 9, MoveIndex); + fseek(f, 10, SEEK_SET); + snprintf(Info2, 254, "Side: %u", fread(buffer, 1, 1, f)); + MoveIndex = display_menu(MoveEntries, 3, Info2); + WriteValTo(f, 10, MoveIndex); + fseek(f, 11, SEEK_SET); + snprintf(Info2, 254, "Up: %u", fread(buffer, 1, 1, f)); + MoveIndex = display_menu(MoveEntries, 3, Info2); + WriteValTo(f, 11, MoveIndex); + fseek(f, 12, SEEK_SET); + snprintf(Info2, 254, "Down: %u", fread(buffer, 1, 1, f)); + MoveIndex = display_menu(MoveEntries, 3, Info2); + WriteValTo(f, 12, MoveIndex); - fclose(f); - f = fopen(tmpstr, "r"); - } + fclose(f); + f = fopen(tmpstr, "r"); + } + else if(MenuIndex==-5) + { + backup = fopen(bruteforce_appdata, "w"); + fwrite(appdata, 1, sizeof(appdata), backup); + fclose(backup); + printf("Finished, appdata dump is located at '%s'\n", bruteforce_appdata); + } + else if(MenuIndex==-6) + { + printf("Writing %s to %s\n", bruteforce_appdata, Name); + f = fopen(bruteforce_appdata, "r"); + if(f==NULL) ERRF_ThrowResult(0xFFFFF); + } + if(MenuIndex==5) + { + printf("Randomizing %s's data\n", Name); + if(bruteforce == 0x10000000) backup = fopen(backupstr, "w"); else backup = fopen(bruteforce_appdata, "w"); + f = fopen(tmpstr, "w"); + fwrite(appdata, 1, sizeof(appdata), f); + fwrite(appdata, 1, sizeof(appdata), backup); + fclose(f); + fclose(backup); + f = fopen(tmpstr, "r+b"); + for(int ind = 0; ind<=215; ind++) + if(ind==0) + WriteValTo(f, 0, ind); + else + { + srand(time(NULL)); + WriteValTo(f, ind, (u8)rand()); + } + fclose(f); + f = fopen(tmpstr, "r"); + } + else if(MenuIndex==99) + { + printf("Modifying the %s's data\n", Name); + f = fopen(tmpstr, "w"); + backup = fopen(backupstr, "w"); + fwrite(appdata, 1, sizeof(appdata), f); + fwrite(appdata, 1, sizeof(appdata), backup); + fclose(f); + fclose(backup); + f = fopen(tmpstr, "r+b"); + u8 val = 0x7F; + WriteValTo(f, 16, val); + WriteValTo(f, 17, val); + WriteValTo(f, 18, val); + WriteValTo(f, 19, val); + WriteValTo(f, 20, val); + WriteValTo(f, 21, val); + + fclose(f); + f = fopen(tmpstr, "r"); + } - if(MenuIndex!=2) - { + if(MenuIndex!=2 && MenuIndex!=-5) + { fread(appdata, 1, sizeof(appdata), f); if(appdata_initialized) { printf("Writing the modifications...\n"); - + ret = nfcWriteAppData(appdata, sizeof(appdata), &taginfo); if(R_FAILED(ret)) { @@ -408,23 +524,18 @@ Result nfc_main() break; } } - - - if(MenuIndex!=2) + } + if(MenuIndex!=2 && MenuIndex!=-5) { printf("Writing finished.\n"); fclose(f); } if((model == 2) || (model == 4)) printf("You can now safely remove %s from the touchscreen\n", Name); else printf("You can now safely remove %s from the NFC reader/writer\n", Name); - fixcolor(0, 255, 0); - } - + fixcolor(0, 255, 0); } - } } - } return ret; nfcStopScanning();