With the Switch 2 looming, many wonder if the amiibo encryption key will become obsolete.
The challenge for Nintendo: They cannot retroactively change the chips in the 200+ existing amiibo figures. Those figures contain data signed with the old key. Therefore, any future Nintendo console must include the old, leaked key to maintain backwards compatibility.
However, they can add a second layer of security. Recent games like Tears of the Kingdom have begun using "session keys." The console and the amiibo perform a secondary handshake after the initial authentication. While your fake card passes the HMAC check, Nintendo can still look for "power drain signatures" or specific NFC timing delays that blank chips don't replicate perfectly.
In theory, Nintendo could release firmware updates that blacklist known "fake UIDs," but because blank chips use random UIDs, this is a cat-and-mouse game.
Nintendo has never sued an individual for using TagMo or the encryption key. However, they have: amiibo encryption key
Nintendo’s amiibo security relies on a 3DS-era cryptography system using AES-128. There are actually two critical keys:
Both were hardcoded into every 3DS, Wii U, and Switch system update. That was the vulnerability: the key had to be stored somewhere in memory or on disk.
Since 2016, the encryption key has been so widely distributed that it is now trivial to obtain.
If you buy a device like the Datel Powersaves or the N2 Elite, these devices contain the key internally. The N2 Elite, for example, is a Bluetooth NFC dongle that can emulate up to 200 different amiibo simultaneously. When you press a button on your phone, it reconfigures its internal memory, calculates a new HMAC using the leaked key, and broadcasts a perfect imitation of Princess Zelda. With the Switch 2 looming, many wonder if
The "Flask Method" (PowerSaves for Amiibo): In 2017, a physical dongle called the "Amiiqo" (later rebranded as N2) popularized the concept of "flashing" amiibo. Users discovered that by holding the figurine over the dongle, the device could dump the encrypted data, decrypt it using the key, store the "bin file" on an SD card, and rewrite it to a blank coin.
Today, a Google search for "amiibo bin dump" yields hundreds of repositories containing every figure released, from Super Smash Bros. to Tears of the Kingdom.
When the community talks about the "amiibo encryption key," they are technically referring to a specific 16-byte (128-bit) symmetric key: Blobfish (the nickname given by reverse engineers).
More formally, it is the Amiibo HMAC Key (Hash-based Message Authentication Code). This key is not stored on the amiibo chip itself. Instead, it is hardcoded into every Nintendo console capable of reading amiibo: The Switch, Wii U, and New 3DS. Both were hardcoded into every 3DS, Wii U,
How it works: When you tap an amiibo to a Switch, the console reads the user data and the appended "HMAC tag." The console runs the user data through the AES-128 algorithm using the internal secret key. It generates a new HMAC. If the generated HMAC matches the stored HMAC on the chip, the data is authenticated.
The key serves two purposes:
If you possess this key, you can generate valid HMAC tags for any data you want. In other words, you can create a virtual amiibo that the Switch believes is 100% genuine.