If you’ve ever tapped an amiibo figure to your Nintendo Switch, you’ve witnessed a small miracle of wireless cryptography. That tiny plastic statue doesn’t just hold data—it holds secrets. For years, the most closely guarded of those secrets was the amiibo encryption key.
Here’s the story of how Nintendo locked down its toys, how the key was eventually found, and why it still matters today.
The security of an Amiibo relies on a master seed, often referred to in the modding community as the "Unfixed Inferno" seed. This is a static byte array used as the root secret for generating keys.
The system does not simply encrypt the data; it utilizes a Key Derivation Function (KDF) based on elliptic curve cryptography (specifically a modified version of the secp128r1 curve).
The process works as follows:
While the hardware encryption keys were compromised, Nintendo shifted
To use or create custom Amiibo, you must have the Amiibo encryption keys
. These are proprietary cryptographic files required by apps like Amiibo Editor to decrypt official data and write it to blank NFC tags. Essential Key Files
Most software requires two specific files, though they are often found combined as a single file: locked-secret.bin : Used to decrypt the rewritable data on an Amiibo. unfixed-info.bin : Contains static information about the character. key_retail.bin amiibo encryption key
: A combined version of the above two files, which is the standard format for modern Amiibo tools. Why are they hard to find?
Because these keys are the intellectual property of Nintendo, they are not included
in legitimate app downloads for legal reasons. Sharing or hosting these files can lead to copyright infringement claims. jamchamb.net How to use them If you are setting up an app like , follow these general steps: James Chambers - jamchamb's blog
In 2016, a member of the GBAtemp hacking community (known as “socram8888”) made a breakthrough. By analyzing how a 3DS communicated with an amiibo, they performed a RAM dump—capturing the console’s live memory while it read a figure. If you’ve ever tapped an amiibo figure to
Inside that memory dump, the AES key was sitting in plaintext.
Once published, the floodgates opened. Tools like TagMo (Android), amiitool, and Thenaya let anyone decrypt, modify, and re-encrypt amiibo data on a standard PC or phone.
Under Section 1201 of the DMCA, it is illegal to circumvent "technological protection measures" (TPM) that control access to a copyrighted work. Nintendo has successfully argued in the past (notably against rom site creators) that encryption keys qualify as TPMs.
Is it illegal to possess the key? Probably not. Keys are numbers. You cannot copyright a number. Is it illegal to use the key to write a blank card? Likely yes, in the US and Japan. You are circumventing the authentication measure to create an unauthorized derivative work (the digital data of the amiibo). In 2016, a member of the GBAtemp hacking