SilicaAndPina

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

27 Excellent

2 Followers

About SilicaAndPina

  • Rank

  • Birthday August 29

Profile Information

  • Gender
    Not Telling
  • Interests
    Reverse Engineering ..?

My Tamagotchis

  • My Collection
    V5, TamaGo(v7)
  • Favorite Tamagotchi
    v5 (because childhood)
  • Favorite Tamagotchi Character
    MAME tchi

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. you suck at embedding flash files... http://famita.ml/friends/
  2. i prefer 5555 5555 - its ez to remember and is counted as a V5.5 Clebrity so royal ship games work too *though bandai actidentally made any non-region 0 famitama be able to play v5.5's games. though i doubt the item codes would work from them GP should though ...*
  3. UPDATE: You can now use login password created by actural connections v5 tamagotchi to "login" to the games - it will give you a logout password from that so you can unlock items & gotchi points - if you dont have a connections V5 you can use the password "0000 0000" or "5555 5555" for games on the royal ship, since apparently bandai made it so japanese famitama's cannot connect to the royal ship games..
  4. it seems more like a stage:index type thing to me, like how futabachi is 0:5 (because 0 = baby tamagotchi & 5 is the index, basically its the 6th baby (because we count from 0)) when it evolved into toddler status it became 1:1 which sorta backs up the theroy either way what it means doesnt matter, we have the 2 digits for what tama you have in login password, and we can use the smae 2 digits for creating logout ANYWAY~ my work here is done: v5 Password Generator: https://github.com/KuromeSan/V5-Password-Generator/tree/v1.0 Famitama.cgi re-write: https://github.com/KuromeSan/TamaTown/blob/master/V5/pc/cgi/Famitama.cgi btw my Tama & Earth EXPO rebuild now uses this code and you can login / logout with any v5 or v5.5
  5. I need to try this code on other regions.. if you have a famitama from another region please send me login password .-. also u forgot that region 5 is v5.5 / cleb according to this chart binary did:
  6. based on the "multiple variations" theroy- i wrote this python3 code: https://pastebin.com/Q15QFTGp there are some variables im not quite sure are for (maybe integretity checking?) but there not important lel it works anyway without knowing what they are still not entirely sure how items work (only item id 01 is valid apparently (maybe its acturally a quantity?)) it can generate login passwords from my logout passwords consistantly (atleast for me) anyone else wanna give it a try?, my tama's evolved from there baby state and it still worked. (went from 0,5 to 1,1 btw which backs up the stage:tama list theroy~) . i really just need ppl with other-region v5's to try it .
  7. Finally had the chance to try this on my V5 and well it seems i was right about the prize amount being specified by a single number for example (if you have a male futabatchi) 21000 00452 gives you 700GP 21000 00351 gives you 500GP Also, yes i was right about the "2" being a type identifier. 31000 00550 gave me a food item erh a cinamon roll sort of thing. idk its actural name. but anyway, first digit is type- 1 = no prize 2 = gotchi points 3 = gift / item ahahah next thing i need to work out is *login password* in theroy. login password should contain all the information needed to create a logout password, which is. what tam you have, and your region. (00, 01, 02, 03 etc) Login password is different every time, luckily we can still create them today here are some examples from my Futabatchi(M) in Oceiana Region (1) 10070 01540 10060 01530 01035 01000 01085 10500 01035 01000 Notice how they all have those required values? my V5 is region 1 and the tamagotchi i have is 0,5 all these passwords have a 5 and a 0 somewhere just in differnet places, also the checksum is different (if there even is a checksum on login password, 0+0+1+5+5+1+0+2+0 = 14, 14 mod 10 = 4. soo thats wrong) looking at this i allready have an idea, it seems like theres 2 3 formats if the first digit is 1 then the tama index'es are on the 2nd part in position 0 and 1 see how on these (both begin with 1) 10070 01540 & 10060 01530 both have "015" which gives us the current tamagotchi (0,5) and also the region "1" however if its 0 then its on the first part with 01035 10x5 again has all the information it would need atleast thats what i thought until i got 01000 00157 but wait a minute.. 0+1+0+0+0+0+0+1+5 = 7 mod 10 its still 7 wew maybe thats anoher format where if the check byte matches then its got like "015" right at the end :-: IDK this is complicated but im guessing that was to stop people using tamaown without a tamagotchi honesly i need more login codes from other tama's and regions so with that. if you have a V5 (thats not oceania region or a Futabatchi) please just go generate a bunch of login passwords so i can see better how region is encoded
  8. I worked a bit out about the v5 password generation using this list tells me alot, first that only thing that matters is what tamagotchi you have (and its gender) 21000 < this is obviously your tamagotchi region where 0 = japan, 1 = oceania 2 = america 3 = europe (i think v5 celebrity had like 4?) maybe 2 is like type "give GP" or something. 10554 < the pattern i noticed here was x05x maybe 05 is the prize number (05 being 1000GP) and its like x05x where the 2 x's represent what tama you have. so "15" (another theroy i had is this is some sort of list maybe the first is like what stage its in (baby, toddler, teen, adult, etc) and then the 2nd one is which of those it is . not sure) now then whats this 4 at the end? well its a checksum of the rest of the code, like a litteral checksum it is the sum of the entire code (minus the check digit) modulo 10 2+1+0+0+0+1+0+5+5 = 14 14 mod 10 = 4 check byte is 4, so the code is 21000 10554 :0 thou hast been reversed? maybe im wrong about how "your current tamagotchi" is encoded it seems like a weird way to do it
  9. it fails to load normally because it tries to GET http://famitama.com/pc/cgi/Famiif.php at startup it expects a webform-encoded response with "ResponseCode=OK" ^ if littearlly any request fails (not 200/OK status) it goes to the "Tamatown is experiencing downtime" message- (btw- that address is hardcoded into the SWF file and is not a realitive address .-. i had to change the assembly to point to famata.ml instead~ though you can also just edit your hosts file to make famitama.com point to your own server. but thats not noob-friendly.) side note, it acturally was GET-ing /crossdomain.xml first which drove me mad. i had no idea why it was trying to download crossdomain.xml nowhere in the actionscript does it say to do that. but it turns out its just Adobe's answer to cross-origin policys i kept looking thorugh the code wondering wtf was wrong until i eventurally just googled "crossdomain.xml" and i felt really stupid XD- Oh btw i just updated the site to give """logout password"""s (realy it just randomly selects one of the "special" codes from this list: but hey its something right? XD) the v5 logout password doesnt look that complicated tbh.
  10. So i noticed that nearly all of the FamiTama SWF's where on the web archive. (with the exception being the ones related to the Tama Theater and annoyingly chara/*) with that i rebuilt the site and got it mostly-functional i put the files on my webserver: you have to enable flash player for it to work though http://famita.ml/pc/index.html Only thing that doesnt work is login/logout passwords with the actural V5 Tamagotchi, (it just accepts every login password as valid and doesnt give anything for logout) as the passwords where generated on the server side. you'd need to dump the V5's ROM to reverse how it worked and just learn the secrets in general ... the only modification is to famitama_shell.swf which was to change "famitama.com" to "famita.ml" though the original files are also on there and can be used if you edit your etc/hosts file . oh, i also rewrote some of the server-side scripts (such as game_rollarcoaster.php - used for saving images from the "Perfect Rollarcoaster Image" game. i might try implement the survey's too, should be possible... i thought of giving out the V5's "special" promo codes (the v5 codes that can be used regardless of username or login password..) in place of logout passwords (atleast.. until its known how logout is generated) .. but have not done that yet.. EDIT: the survey votes are now counted. (nerds can see my terrible php code here) :-: anyway~ go say who best tama is
  11. the "special" ones where not, i think tamatown codes still needed your login password which was different every time. it even said it on the Tamatown & Earth EXPO
  12. V5's passwords acturally wherent tied to your username (atleast, there where a few that where not. i remember having a DVD that had a bunch of passwords on it (the wiki says this was only for the original release of the famaletchi, "Tama DVD", probably super rare now. i no longer have it though).. though it seems TamGo is definitely based on the username. anyway obviously with a ROM dump you can just reverse the code that generates the passwords easily. (also! i found a nice money dupe on TamaGo -> enter amount of $$$ u want onto the PC connection -> enter login code as logout code -> enter PC connection again but enter 0 points this time -> enter old login code(from last one) as logout again, repeat for infinite points) its probably allready known but whatever thought it was interesting that they use the same algorithm :?
  13. So i read how that person mannaged to dump the Tama-go's ROM, they used a vulnerability in the software, tbh i have a tama-go too which i got more recently-ish. *just not any figures which are needed to trigger the exploit* the idea of homebrew development on a tamagotchi just sounds awesome though. Anyway more interesting is that they foundGeneralPlus have whats basically a backdoor on all there ROM's that allows you to do arbitary code execution (and thus dump the ROM) via there "GeneralPlus Test Program" so maybe dumping ROM wont be so hard after all, i thought it would require decapping the chip and reading it out under a microscope
  14. yea i was reading stuff here after posting. it seems V4 is the most popular? also from what i gather yes code generation was server side, meaning you would have to dump the ROM of the tamagotchi device itself in order to work out how its generated .. it also might be possible to dump it via exploits instead of hardware hacking
  15. Sorry if this is the wrong place to post this, im new to the fourm. So. i was feeling very nostellgic when i found my old tamagotchi v5 (surprisingly, it still works!) i remembered there was a TamaTown Website thing you could goto to send your Tamagotchi data (it used like some password system) and then it would generate a code based on what you did, unfortunately this website does not exist anymore (doesnt even load on the web archive (except for V3 which gets to the login screen, but it cant get much further than that) Now, these days i do alot of Software Reverse Engineering (mostly of the PlayStation Vita OS..) Which got me thinking about how this thing probably works behind the scenes: Obviously the Tamagotchi device itself doesnt have an internet connection, which means there is probably some password generation algorithm on TamaTown (as well as a inverse of it on the device itself but, mainly due to lack of hardware knowledge and also because this is my *original* tamagotchi, im not about to open the thing up to try dump out the ROM (though i could maybe get another one..) (as nice of a resource that would be for static analysis) i did a quick google search for "Tamagotchi ROM Dump" it seems some people have mannaged to dump the rom of some of the older devices (but i couldnt find any downloads) its possible the password stuff was done server-side in which case reversing the ROM would be the only way to get the secrets. i figured the clock is probably how it does everything, it seems its even used for login password generation since changing the clock also seemed to change the password. im guessing your tamagotchi probably had to have the right time (to some degree) to be able to login to the server? besides that i havent been able to find much about how the device works internally, so i assume id have to take a look at the TamaTown Binaries at first i wondered if anyone ever made a private server for TamaTown (simular to the club penguin private servers) i came across this (also dead) site http://tamagotch.org/tamatown/ and this GIT repository https://github.com/loociano/tamatown which has a link to a few SWF files and goes over how the authentication worked for a few of them, so it seems like attempts where made? (though there was just a post with some more swfs for v4 posted just a few ago here) So basically im posting here, what (if any) progress has been made on reversing and hacking tamagotchi in general, what has allready been done ?