The relative security of key generation algorithms

We've looked at three types of toys, each with a different key generation algorithm protecting read and/or write access to the NFC token inside.

Is this level of security necessary? And, if so, is one algorithm better than another?

XOR

Nintendo Amiibo figures use a custom XOR scheme.

If you listen in on the conversation between a Wii U console and an Amiibo figure using standard RFID testing equipment, you can get the password for each figure. If you collect enough of them, you can figure out the pattern, no reverse-engineering of game code necessary.

Discovered within a year of their first release, the XOR generation scheme was solved perhaps the fastest of any toy.

CRC

Activision Skylander figures also use a custom scheme, a pseudo-48-bit CRC, based on a standard 64-bit CRC.

Launched in 2011, researchers didn't begin working on the problem in earnest until 2014. Generation methods (more complex than the algorithm presented here) weren't worked out until 2015.

CRC, like XOR and other algorithms, has attributes that are recognizable across multiple data points. While the pseudo-48-bit CRC was more difficult to work out, it was understood to be workable.

SHA

Disney Infinity figures use a standard SHA-1 hash, with a public or reused salt.

It was fairly apparent that the Infinity key A was created with a hash algorithm, as patterns were not recognizable across multiple UID/password collections, even for synthetic IDs like 00000000000000. Alternatives, like connecting the Disney Infinity USB portals to the internet, so UID requests could be made remotely of actual hardware, were available at one time.

Released in 2013, it wasn't until 2017 that reverse engineers were able to discover the algorithm used and its salt.

Pokemon Rumble U

Before Amiibo, Nintendo released a line of NFC toys for the game Pokemon Rumble U. These used a different type of tag, the Broadcom Topaz 512.

They also used no passwords at all.

About a third of the blocks were locked (read-only), but all blocks were readable, and the remaining blocks were writable without a password. (The game data, although readable, was encrypted.)

With both single-player and local multiplayer, Pokemon Rumble U's lack of additional protections suggests that the protection and key generation of later figures might not be necessary.

Right to repair

While a given key generation algorithm may be appropriate from a technical perspective, there's another perspective that NFC toy designers should consider: that of the consumer.

When a consumer purchases an NFC toy, whether it's for use with the intended video game or not, the consumer owns that object. There's no licensing of the physical object as there is with the video game software. Patent enforcement is exhausted. If you sell a toy with an NFC chip inside, but without the ability to read and write the token, you haven't fulfilled the expectations of the consumer.

Right to repair legislation underway in many states seeks to protect consumers' rights to fully own and operate the objects they purchase, and may compel NFC toy designers to release the algorithms for key generation in the future.

As the Pokemon Rumble U figures show, however, it's viable to consider not having passwords in the first place.