The secret code is a QR code you can scan, accessed by pressing B on the status screen. This code currently redirects to a page where you can acquire a serial code for Tamagotchi Party on Roblox, in which the serial code presented is based on the character you are currently raising.
The code consists of a URL prefix, base-36 encoded fields, and an HMAC code.
The prefix is HTTPS://TMGCP.TYB.JP/. Visiting on its own, it redirects to
http://tamagotchi-official.com/paradise-select/. If a path is provided, it
will redirect to http://tamagotchi-official.com/us/series/paradise/serial/,
followed by the path and a two-character country code of the visitor. The query
portion and any slashes in the path are stripped for the redirect URL.
Each field is encoded in base-36 using the alphabet
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ with a specific width. If there are not
enough characters encoded for the width, the resulting base-36 value is
left-padded with 0s. Any fields that are too wide are truncated from the left
side. The fields are then concatenated in order.
The following fields are encoded:
- Device UID: consists of three pieces; these UIDs remain constant once set
- Save data UID: set after planet name is confirmed; a 32-bit value, with the top 16 bits the checksum of the save data at the time the UID is set, and the lower 16 bits being the SysTick value at that point. 6 characters long.
- QR UID 1: 32-bit value, where the top 16 bits is the SysTick value at time of generation, and the lower 16 bits from a counter value related to the TFT update time. 6 characters long.
- QR UID 2: 32-bit value generated by hashing a random number with a secret and taking the first four bytes as the value. The hashing details and secret are not important. 7 characters long.
- The device type: 2 characters long
- 1: Land
- 2: Water
- 3: Sky
- The character ID: 16-bit value; 4 characters long
- The character ID the eyes are from: 16-bit value; 4 characters long
- The body color: values 0-15 for built-in color, 16 for custom color; 1 character long
- The planet level: values 0-10; 1 character long
- Number of friends registered: values 0-12; 1 character long
- Random number: values 0-46655, generated in a similar way to the save data UID, but because no more than the lower 16 bits are used, is effectively based on the current SysTick value. 3 characters long.
The concatenated fields string is fed through the following process:
- HMAC-SHA-256 is ran over the concatenated fields string using the first secret.
- The binary result of the previous step is run through HMAC-SHA-256 with a second secret, and converted to an uppercase hex string.
- The result from the previous step is munged. The munging is mapping the
characters
0123456789ABCDEFto the charactersF1E2D3C4B5A69780in the corresponding position. - The munged result from the previous step is run through HMAC-SHA-256 with a third secret, and converted to an uppercase hex string.
All parts of the code are then concatenated, and converted to a QR code. When you scan the QR code, the data encoded is most likely being kept track of for analytics purposes. At the time of this writing, the URL redirected to will decode the data, validate it, then generate a token and save it into a cookie. It then redirects to the page where the serial code is displayed, which consumes the token and invalidates it, so you will get an error if you refresh the page.
A Python script is available for encoding and decoding the secret code. Please supply your own secrets.