Tamagotchi v5 Familitchi hack – Codes exploited and revealed!

I don’t have a Tamagotchi, but the way it works intrigued me, so (because sudoku it’s interesting, but reverse engineering codes is more) I tried to figure out how does it works.
There are two types of code:
1. Codes generated by the Tamagotchi
2. Codes generated by the site.

The way it works is similar, but not really simple, but I’ll’ try to explain it as best as I can:
– Data are sent in clear format, no encryption.
– Data are organized in a complex way, so it seems the codes are generated random, but they’re not.

First of all, the code is generated from your Tamagotchi using a key for the “encryption” (it’s not an encryption, but only a way to organize data), then data are put into the right sequence and then there’s a counter to prevent people modify data.
There’re 5 different “encryptions”, but 10 different values for it; values 0-1, 2-3, 4-5, 6-7, 8-9 have the same “encryption”, so it’s the same using key 0 or 1, 2 or 3 etc.
Actually I don’t have a code for the encryption keys 6 (or 7), so I don’t know how does it organizes data, and I would like somebody to send me a valid code to find out.

Let’s start seeing the structure:
– LoginMode: L, l (2 digits, don’t know what does it is for)
– Version: V (1 digit, it’s the version of your Tamagotchi. Obviously for the Familitchi is always 5)
– CharacterCode: C, c (2 digits, it’s your character!)
– FamilyCode: F, f (2 digit, I think it’s about your type of family…)
– TiesCode: T (1 digit, don’t know what does it is for)
– EncryptionKey: E (1 digit, it’s the “encryption” key)
– Counter: K (1 digit, it’s the counter, we’ll see this later)

If the EncryptionKey (E) is 0 or 1, this is the structure:



6,7: Unknown

So… what does it means?
I have a Familitchi and ask for a code.
It says 15131 21000.
Now, first of all, I will check the EncryptionKey. It’s 3.
Then, I’ll read every digit to get the data.
– The first digit is f, the second of FamilyCode. It has value 1, so the FamilyCode is x1. (x is still unknown!)
– The second is V, out Tamagotchi version; it is 5.
– The third is C, the first digit of CharacterCode, so it has value 1x.
– The fourth obviously is 3, our Encryptionkey.
– The fifth is c, the second digit of CharacterCode; it has value 1, so now we know CharacterCode is 11.
– The sixth digit is K, a counter. There’s no use for it except try to avoid people changing data. It’s only the sum of all the other digits. When it reaches 10, it becomes 0 again. Let’s check it: 1+5+1+3+1+1=12 > So it has value 2 (and it’s correct ;))
– The seventh is F, the first digit of FamilyCode; it has value 1, so FamilyCode is now 11.
– The eighth is T, TiesCode and has value 0. I don’t know what does it means.
– The nineth is L, so the first digit of LoginMode. It is always 0 and I don’t know its use.
– The tenth is l, the second digit of LoginMode. It could be not 0, but I don’t know its use.

So, now we know what the Familitchi sent to the site:
– LoginMode: 00
– Version: 5
– CharacterCode: 11
– FamilyCode: 11
– TiesCode: 0
– EncryptionKey: 3
– Counter: 2.

The other keys works in identical way, but the order is scrambled.

And now… what does the server tells the Familitchi?
The way it’s identical, but data are sent in another scrambled way and informations are not the same (obviously… how could it tell our points? :P)

Now… we have this structure:
P = Points (Money are Points x 150)
E = Encoding
K = Counter
X,Y = CharacterCode (2 digits)
V = Tamagotchi’s Version
M = Mode (1 = Get nothing, 2 = Get money)

And the encryption keys organize the data in this way:
Keys 0, 1:
MvKeK x0pyK
Keys 2, 3:
Kvxey KpK0M
Keys 4, 5:
K0vey pMKxK
Keys 6, 7:
vKMe0 xpyKK
Keys 8, 9:
0pKeK vMyKx

You can see there’re *more* counters. Just set one and leave the other as 0.
Another thing you can see is that there’s a 0. It’s only a 0 and I don’t know what does it do.

For example, if I would send to my character (I know my CharacterCode is 11 because I saw it in the code it gave me) 300 dollars, I would create a packet with there informations:
Points (P) = 2
Encoding (E) = 0 (any encryption key is good, I’ll use 0)
CharacterCode = 11
Version (V) = 5
Mode (M) = 2
Counter = To be calculated

So the data is of this type: MVKEK X0PYK.
Let’s fill my data: 25000 1021K. Now let’s calculate K: 2+5+1+2+1=11=1.
So, the code is 25000 10211.

Easy isn’t? 😛
Yes… now you know how to cheat with the Tamagotchi 😛
Ah… and another thing: yes, codes can be used more than a time 😀

PS: Yes, I enjoyed studying it and it’s really *more* cool than sudoku 😀
If anyone wants my notes, ask for it 😀
I found many informations racking my brain with this page .
Here you can see how the server reads the values and try to figure out what are you sending him.

PPSS: Thanks to Alessandra, the girl who game me her Tamagotchi’s codes 😀