Skip to content

Hf mfu esetblk#3404

Open
dangerous-tac0s wants to merge 8 commits into
RfidResearchGroup:masterfrom
dangerous-tac0s:hf-mfu-esetblk
Open

Hf mfu esetblk#3404
dangerous-tac0s wants to merge 8 commits into
RfidResearchGroup:masterfrom
dangerous-tac0s:hf-mfu-esetblk

Conversation

@dangerous-tac0s

Copy link
Copy Markdown
Contributor

Added similar functionality to hf mf esetblk but for ultralight memory structures. Previously, the pw/pack were handled outside of emulator memory for amiibo shenanigans, however, with a typical dump the pw and pack are unreadable so they're just zeroes. Which means the amiibo features reared their heads preventing changes without altering the dump and reloading... Now, if the dump is zeroes with regard to the pw and pack, the amiibo pw and pack are loaded into emulator memory (now eview works for these) and you can freely change them with esetblk.

[usb] pm3 --> hf mfu esetbl

Set emulator memory page(s). One page = 4 bytes; pass multiple
whole pages of data to set consecutive pages from --blk.

usage:
    hf mfu esetblk [-h] -b <dec> [-d <hex>]

options:
    -h, --help                     This help
    -b, --blk <dec>                page number to start at
    -d, --data <hex>               bytes to write, whole pages (multiple of 4 bytes)

examples/notes:
    hf mfu esetblk --blk 4 -d 04E10CDA
    hf mfu esetblk --blk 4 -d 04E10CDA993C8048        -> sets pages 4-5

You can actually set up to 127 pages at a time if you feel so inclined.

dangerous-tac0s and others added 6 commits July 2, 2026 13:57
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…om memory

For tagType 7, when the PWD page is unset (0000) the UID-derived Amiibo
password and its PACK (0x8080) are now written into emulator memory at sim
init, and the PWD_AUTH path reads PWD and PACK straight from emulator memory.
Removes the auth-time pwd substitution and the PACK 0x8080 override, so
eset/eview are authoritative (what's in memory is what the sim serves) while
Amiibo sims still work.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

You are welcome to add an entry to the CHANGELOG.md as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant