Hey remember! It’s a proof of concept 🙂 Before publishing this article I verified that the company not use this technology anymore.
Some years ago I did some experiments with my rechargeable card used in my town. It was a Mifare Classic ISO/IEC 14443 Type A (you can find yourself how to easily “cook” this kind of card, I will not handle it).
After some hours I had access to the internal memory of the card, and I began to analyze it each travel I did, hoping to find something in communication between the reader/writer of bus and the card.
This card is “passive” RFID, its range of action is a bunch of millimeters from the reader/writer.
After some readings I could not believe my eyes…WTF THE DATA ARE ALL IN CLEAR!
Here we have a random dump of that memory
The data in green box changes all time you use the card, in the bottom the data covered is the serial number of the card (this info is printed on card itself).
After some dumps I realized that the bytes circled in purple represented my remaining credit…the bottom box the current credit, and the other the previous credit.
You can imagine how much money I had in the situation of the photo…18.79€!! The previous credit is 19.93€…and the price of bus trip was exactly 1.14€, not bad!
The blocks rounded in red I think are related to the date of the trip, one for the current travel and one for the previous travel.
Unfortunately I couldn’t proceed to analyze the dumps because of the company changed the type of card after a short time.
Ok, the data were in clear, but was there at least a checksum to protect modification of the data? And the aswers is……..
NO
Disclaimer
The author will not be held responsible in any action related with the content of this post, any activities related to the material contained here are solely your responsibility.
Leave a Comment