Good test tontol1 but even solving that problem there is another one to make it "full raw compatible": the ability to send 7bits commands insted of 8bits. 26 (or 52) is a 7bits command that is part of the mifare standard command set managed by the NXP chip. If you want, for example, "talk" with a magic 1st gen mifare card you must send another 7bits command [it is 40] that is not coded inside NXP chip so even with your method it will be not possible to achieve a full raw.
It is something like SRIX4K support: they are not supported by Android because they are not full ISO14443B and have specific commands not supported by the chipset (at least this is what came out by tests) but maybe with your method this one can be solved because those specific commands (SRIX) are 8bits [the command is exactly 0600 = INITIATE]. Let us know if you find a way (also for ISO14443B commnds) !
In theory the tag should start answering with something like an UID while just entering the magnetic field (if it does not want any specific wake-up command).
The answer must be in ISO14443 format to be shown in pm3; if it is ISO14443A, as iceman said, you need to test all the 256 bytes possibilities using the following commands:
hf 14a raw -p 00
hf 14a raw -p 01
hf 14a raw -p 02
hf 14a raw -p 03
hf 14a raw -p 04
hf 14a raw -p 05
hf 14a raw -p 06
hf 14a raw -p 07
hf 14a raw -p 08
hf 14a raw -p 09
hf 14a raw -p 0A
hf 14a raw -p 0B
hf 14a raw -p 0C
hf 14a raw -p 0D
hf 14a raw -p 0E
hf 14a raw -p 0F
hf 14a raw -p 10
hf 14a raw -p 11
hf 14a raw -p 12
hf 14a raw -p 13
hf 14a raw -p 14
and so on until FF value (=256).
It is supposed to be a modified pm3 hardware with support for offical pm3 firmware (the site is linking to my compiled firmware releases). Version 2.0.0 does not support pcf write but the site it calims it is supported but it is not if you do not update firmare to the latest revision available (that is NOT 2.0.0) so I don't trust sites that says something that is not real (to show better compatibility only) even if the stuff they sell seems to be good.
Thanks to some great help Amiibo can be considered almost understood.
The auth password can be found looking at "Inkling Boy" and "Squid" data posted in the previous page (a little hint: xor !).
About encryption it was really really hard and long to find the needed data (those data, as stated in the previously linked thread on reddit, are Nintendo properties so cannot be shared).
VERY VERY interesting !
Thanks for sharing the link !!
He says "we have developed an open source library for custom and proprietary RFID communication schemes that operate at an frequency of 125kHz": is it possible to see this open source library ? Any link ? Or is he referring to this forum ?
Don't ask "US" ? This is your 1st post and your nick is too similar to mine... I don't think you are part of "US" (nobody can be considered as "US"); if you are a member of this community with a different username please use your real nick to make this kind of charges taking your responsabilities... or better... do not post here, this is a tech forum and people here are free to help others if they like to without any constraints. If you personally (or "digitally") know mnelson please solve your differences outside.
I read your feedback experience, I'm not afraid about IDA/Odbg/SoftICE
I trust you blindly, we seem to share same taste for hacking device !
I'll take this one, thanks a lot for your advice .
You seem to be smart my friend !
Do you have an account where we can get in contact (mail, msn, skype, fb, etc) ?