Hi, since Disney announced that they will stop producing the Infinity line of games and since they will drop support and online services on March 2017, will you be considering releasing some sort of program that would allow us do the same? Thanks
This is absolutely real. He must've captured the packets sent from the powerbase when a real figure was placed on it, and used the two teensy's to emulate is via serial. RX -> TX, TX -> RX, GND to GND. It's actually very simple, and with the correct knowledge this could be replicated relatively easily. Great job, man!
The security handshake on the Xbox just shows that they realize people will clone these things. It is only a matter of time before someone finds a way around that if they did not already.
Great video buddy! Is there away to make the new light up versions (infinity 3 darph Vader fx light) light up without putting it on the Base? I don't have the Base or even game but I collect the figs to photograph! 😊
I'm the Skylanders guy you're referring to. I figured out the encryption that protects the figure data, so no, I can generate any figure (including ones you're not supposed to see yet) by changing the bytes the game uses to determine the figure type. I just didn't bother to find such a figure in the video. As far as using it personally, no, I just study the game, not play it. :)
ha ha, i was thinking "i wish i had time to do the same", but i'm not interested by the game, just by the challenge ^^ btw i don't own any infinity reader, just an old Wii with Mario kart.
I was almost successful in emulating a Skylanders power base + a Ninja Stealth Elf Figure! I did this using an Arduino Micro and a USB to TTL converter. I had to heavily modify the Keyboard.h library but it (sorta) works. There's one part that I'm stuck at. The Skylanders portable won't always be looking for a figure. If you place a figure on a Skylanders portal that's just, say, powered from a USB power Bank, it won't read the figure. Maybe I ask what data did you send to the Skylanders Portal to get it into the "read" mode, a la the same thing the game sends to the portal when it's ready to read a figure? I've already gotten the Arduino to emulate the Portal successfully (the game will recognize it as a portal).
Interesting video and concept. Do you use the original base to capture an image then play it back? Read a post which stated it could be possible to create your own characters. Do you think this has any merit?
I read one or two actual figures to understand the format of the data. After that, I knew how to derive the rest of the figures -- a couple of bytes define what type of figure it is, so if you change that, you can pretend to be any figure the game supports. You can't create your own characters from scratch.
Brandon W Guess it has been a while since this game came out. Now have an android phone which can read these RFID tags. They are of course encrypted with a key so I can't get anything other than the tag make and its id. My interest was sparked by the same technology being used in debit/credit cards. The worrying this is my own card is not as well protected as these toys. There are free apps on Google play that can read off the type, number and expiry. Think real damage can be done with these. Now I wrap my cards in tin foil till I can get a special wallet. My library don't have any protection with their book tags so anyone with a NFC phone can change what the checkout machines think the book is. I would not be so cruel though. Wonder what you make of these issues.
So yes, I know this is only for Disney Infinity 1, but I may have a small theory based on this that may do something in Disney Infinity 3.0: So potentially, could you create custom characters and send them in game perhaps?
The concept works with any version of Disney Infinity. But no, you can't create custom characters with this. It only convinces the game that you have the figures it's already coded to understand. Adding new figures would require patching the game, which is not impossible but definitely not worth it.
Hey dude, I know this is a late reaction but I'm trying to do something like this myself. Which program did you use to capture the packets, and how did you decrypt the data? If you don't want to answer those questions could you at least give me a source to start? Awesome work and thanks in advance!
I used a Beagle USB protocol analyzer and its software to capture the packets. I decrypted the data by disassembling the game to find the decryption algorithm.
@@jubliano2261 You can make one yourself with the Teensys by writing custom code on both to forward the packets between console and a PC with the base attached, and simply log the traffic.
Also am I right in thinking that the origonal figure is placed and cloned, so only the figures the laptop owner has can be played. Unless those codes are not unique and are released else where and shared to others.
Why don't you simulate Power base on XBOX 360 ? What is the security protocol used ?? I mean if you can make the data pass through your computer, you can record it and replay the same data no ? Good job anyway :)
+Vincent Bourdon I documented it at brandonw.net/360bridge/doc.php. Replay attacks do not work on challenge/response setups (which are specifically designed to prevent it).
This is an awesome find and so soon, if you can find it I'm sure someone who will be happy to shun ciest and decist letters to release code :) I wonder if this will also work with future figures that include a download. I know someone reversed the skylanders and the reader and got a letter, but thanks for sharing that it is possible :) Will this be something you will be using personally, might make a good legal backup of figures for storage purposes.
Hi Brandon, nice Job you did. Could you explain the steps you did ? I mean how did you find out the communication between the portal and the xbox? could it be donw with the USB Simulator ?
+Thomas Kusch I disassembled the 360 version of the game and studied the code that sent/received USB portal data. Yes, this was done with USBSimulator.
+Brandon W ... hmm... to take apart the game would be not the problem ;). but to "sniff" the Data or how to plug the usbsimulator in between could be a pain for me... (theoretical i know how the decryption would work etc. but i actually have no clou how to set up everything :( )
+Thomas Kusch I took a shortcut and used a hardware USB protocol analyzer, but you could do without by using USBSimulator to blindly forward traffic between the console and portal. Then it's just a matter of logging and interpreting what you're forwarding.
Ah ok ... i understand. Is it possible with your Poc that you can inject more than one figure? Beause the Base has 3 "spaces". I wonder if it yould work with the new Lego Dimensions :)
@@ti83programmer Omg i've just found this video after i started my own version (with my own tools!) . For now im just seeing the init packet being sent by the PS4 but its a start ;). I have two tech specific questions: The figure data that the base sends is already decrypted (compared to the data that can be read with an NFC reader)? And what did you use to dissasemble the xbox binary? (Im guessing IDA). Thanks in advance!
Since this was posted years ago do you think you could do this with a ps4? I just got the game and I had no clue you needed a base and figures. Id just like to play the game...
Legal implications. I also believe anyone that could accomplish it already knows how to do it and doesn't need my help except perhaps a technical question or two to help speed things along, which I'm willing to answer.
do you know how to clone only the figures like amiibos? because i saw many of them but i don't know how to use it. ( i have all the bases for all consoles )
Hi Brandon, why don't you share this code ( Yeah, I read description ). Disney stoped supporting infinity and you still keep this code. Please, share It cause the figures are still very expensive even in Ukraine & Russia ( I am from Ukraine ). Sory for caligraphic
Diy in the Ghetto You could write code that communicates with the USB base and reads and decrypts the character data, yes. If you reverse engineer the game or otherwise figure out the USB protocol and encryption algorithm, that is.
would you ever be releasing the code or how to behind this? I've seen a character mod where you can make the game think your a different character but only rgh
I searched for this thinking it could be done and wanted to see if someone actually did it. Good job! It would be great to have a usb infrared light/cable and a file set for every figure, world, and power disc. Anyone seen a hack which can be purchased?
Hey. I started tobreverse engineer tue usb portal too and on my way to identify the packets. its just working although. including a linux driver to use the portal on pc with all possibilities like led switching. led waves ajd so on. you can find a led demo on my youtube channel for an example.
Antonio Suggs No. If you watch the video, it explains that it uses two Teensy boards connected together and custom (unreleased) software, not just a USB cable.
en portugues.... voce e muito bom mais isso esta complicado entender e parese muito complicado ...mais parabnes vc conseguil oque eu emaginava que os hacher poderia fazer..como conseguir com um pendrive poder descargar todas figuras..
jokerererer I'd love nothing better than to do that, and if circumstances were different, I would. Every word of what I said is plausible and if he or anyone else wants to question something specific about the implementation, I'll be happy to go into detail about how I dealt with it. But since he hasn't, I'm left to conclude he doesn't understand what he's complaining about.
Brandon W Don't get me wrong, I believe you 100% and can see that it is plausible. Especially since it was also done with Skylanders a while back. All I was saying is that because there is no release, that's probably why he is skeptical.
That's what we hear from everyone "If circumstances were different" anytime there's a failure to release anything, be it a hack, a program, Duke Nukem forever, etc. But to a person who knows what a teensy is and what they're capable of... we'll also ignore the almost stupid length of usb cable which the vdrop alone would prevent a usable signal, laying a device on top of carpet and introducing static into the equation, etc. So no, my replies had nothing to do with understanding, but more about calling you out on view/subscription whoring. te.