: Once authenticated, the game console and the Amiibo figure engage in a secure data exchange. The encryption key ensures that the data transmitted remains confidential and tamper-proof.
The encryption key embedded within the amiibo ensures that:
Because the hardware inside the figurines is static and cannot receive over-the-air firmware updates, the encryption algorithm chosen at launch must remain active for the lifespan of those figures. If Nintendo changed the master keys via a Switch system update, millions of legitimately purchased, older Amiibos would instantly stop working.
The first key is the , commonly known among reverse engineers as locked‑secret.bin (an 80‑byte binary file). Its purpose is to derive an amiibo‑specific tag key that signs the fixed, locked‑in information of the figure. This includes immutable data such as the UID, the character ID (which identifies the specific amiibo, e.g., “Mario,” “Link,” etc.), and the series it belongs to. The tag master key is used to generate keys that authenticate this static payload, ensuring that the fundamental identity of the amiibo cannot be forged or altered.
Nintendo’s amiibo security relies on a 3DS-era cryptography system using . There are actually two critical keys:
in legitimate app downloads for legal reasons. Sharing or hosting these files can lead to copyright infringement claims. jamchamb.net How to use them If you are setting up an app like , follow these general steps: James Chambers - jamchamb's blog
: This is the primary retail encryption key required by most amiibo-writing applications. unfixed-info.bin
Disclaimer: This article is for educational purposes only. Always comply with local regulations and intellectual property laws. If you're interested, I can also provide: A guide on how to clone an Amiibo step-by-step Where to find the best blank NTAG215 cards Reverse Engineering Nintendo Amiibo (NFC Toy)
With the two master keys in hand, Nintendo implements a multi‑stage cryptographic scheme that combines symmetric encryption, hashing, and signing to protect the entire amiibo data payload.
This is a crucial distinction: by using homebrew to dump the keys from their own hardware, users are not distributing copyrighted material, but rather generating it from a console they own. This practice treads a fine legal and ethical line, which will be discussed in the final section.