Public transport smart card system

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Public transport smart card system

Post by fishtits on Thu Dec 02, 2010 12:57 pm
([msg=49813]see Public transport smart card system[/msg])

I'm fascinated by these smart card readers implemented into the public transport systems in my country (its the same technology in all countries that use it). I often buy these 5 day bus passes which are made of cardboard
Image
you just hold hold them up to the scanner
Image
for a second and it makes a bleeping sound to give the bus driver the go ahead to let you on the bus. From what I've gathered, this is just internationally standardised smart card technology. In my city you can also buy these plastic cards which work for the train and tram too, these ones don't expire, you just top them up when you need more credit and I think you need ID to buy them. If you dissolve these plastic cards in acetone, you'll be left with just the circuitry.
Image
Some people do this so they can attach the circuitry to their watch as an alternative to carrying a card around with them.
http://boingboing.net/2008/05/05/paying-for-the-londo.html
This is the same technology as Dublin smart cards, in London they're called Oyster cards.
Image

Since this forums about hacking, I'll dedicate this thread to the intellectual challenge of figuring out how to hack this system. How can one hack this system? As we all know, to be able to hack a system we must first understand it. Heres what I've gathered so far. The circuitry in the card contains a coil that powers the circuit when EM radiation induces currrent in it (in this case its radio waves from the scanner). I also heard that it contains a capacitor, what it would need that for I have no idea. The circuitry contains non volatile RAM for storing its info. The circuitry will only interact with the external EM field if it receives the correct encryption key. This encryption key is modulated into the radio waves emitted by every one of these smart card scanners. I'm not too sure if everything I said there is accurate, I only started researching this but if this is how it works then it would be in the hackers interest to be able to replicate this encryption key. The device to record this encryption key emitted by the scanner would be a handheld spectrum analyser but I don't know how much a device up to this task would cost. I know nothing about cryptography and I'm a layman when it comes to electronics but I'm fairly sure the combined knowledge of people on this forum is more than enough to figure out how to hack this smart card technology system.
fishtits
New User
New User
 
Posts: 33
Joined: Tue Nov 30, 2010 12:07 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by fabianhjr on Thu Dec 02, 2010 2:38 pm
([msg=49817]see Re: Public transport smart card system[/msg])

The capacitor must be a voltage smoother or part of clock.
Here in Mexico we also got them. Will get one and do some testing, tough, recharging would be hard since we need to actually insert the card to a machine(Halfway trough, no holding mechanism apart of the slot)

So, in resume:
Machine induces a charge or emits a signal.
This charge/signal causes the card to emit a key.
They scanner checks the key and if correct allows passage.

I don't have the equipment to make the dump of the card/scanner interaction. Tough, I will RE this baby as soon as possible.
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by fishtits on Fri Dec 03, 2010 2:59 pm
([msg=49892]see Re: Public transport smart card system[/msg])

I'm not entirely sure thats how it works, I need to do more research on this. I have a bus pass right now, I'm tempted to dissolve it but it cost me 15 euros and I haven't used it yet. Theres a little target symbol on it,
Image
I'm guessing thats where the circuitry is located. In fact I can feel bumps on the flat surface around this area. I need to find a volatile solvent that will dissolve the cardboard but won't damage the circuitry. I think ethanol might do the trick but I'm gonna ask about it on a chemistry forum to be sure.

UPDATE: The easiest way to do this is to just split the cardboard into 2 layers. This is pretty cool.
Image
Image
everything you can see there isn't visible without the light shining through it. Its obvious that this circuitry is different to whats inside Oyster cards. Theres a series of thin strips of conductor all the way around the perimiter of the card and when I tore the layers apart everything was still covered by a thin layer of paper apart from that little circle you can see on the right hand side. I was wrong, the only thing behind that target symbol is a square that isn't even connected to the circuit.

The manufacturers logo is watermarked in there.
http://www.ksw-microtec.de/
Last edited by fishtits on Fri Dec 03, 2010 3:57 pm, edited 3 times in total.
fishtits
New User
New User
 
Posts: 33
Joined: Tue Nov 30, 2010 12:07 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by fashizzlepop on Fri Dec 03, 2010 3:43 pm
([msg=49896]see Re: Public transport smart card system[/msg])

You would have to spoof your tracking number if you were to hack it and get free rides.

Also, this reminds me of Little Brother. Had to say.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by fishtits on Fri Dec 03, 2010 3:54 pm
([msg=49897]see Re: Public transport smart card system[/msg])

fashizzlepop wrote:You would have to spoof your tracking number if you were to hack it and get free rides.

Also, this reminds me of Little Brother. Had to say.

What tracking number? Whats Little Brother?
fishtits
New User
New User
 
Posts: 33
Joined: Tue Nov 30, 2010 12:07 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by fashizzlepop on Fri Dec 03, 2010 4:24 pm
([msg=49900]see Re: Public transport smart card system[/msg])

They have to keep track of what you paid for somehow, I'd assume they use a tracking number backed up by a database.

And google for Little Brother.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by Goatboy on Fri Dec 03, 2010 4:27 pm
([msg=49901]see Re: Public transport smart card system[/msg])

Not sure what he meant by a tracking number (maybe some sort of unique ID?) but Little Brother is a godly-amazing book by Cory Doctorow, made even more godly by the fact that he releases all of his books for free in PDF form (and some others).

http://craphound.com/littlebrother/download/

Now that it has been mentioned, thetan will appear and have multiple, simultaneous orgasms.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by fashizzlepop on Fri Dec 03, 2010 4:45 pm
([msg=49904]see Re: Public transport smart card system[/msg])

I'm sure it's not really called a "tracking ID" but I'm guessing they give you a unique ID that they track you with and keep track of your rides.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by fishtits on Fri Dec 03, 2010 6:02 pm
([msg=49909]see Re: Public transport smart card system[/msg])

I went all out and exposed as much of this circuitry as I could
Image
its all embedded in a thin sheet of plastic. Can't wait to see if this thing still works. All the metal strips are intact. Its hard to imagine how there are actually components in this thing. Highly impressive. Times like this I regret taking chemistry instead of electronics engineering cuz its insane how fast electronic technology is evolving.

EDIT: Holy shit, thanks for informing me about this Little Brother book.
fishtits
New User
New User
 
Posts: 33
Joined: Tue Nov 30, 2010 12:07 pm
Blog: View Blog (0)


Re: Public transport smart card system

Post by insomaniacal on Fri Dec 03, 2010 6:52 pm
([msg=49911]see Re: Public transport smart card system[/msg])

This thread is interesting, though I've never seen a card like that in real life. Call me an uncultured countryside resident, but I've only used a subway system once (Closest thing to Bus transportation), and at least in Boston, all I got from the machine was a small slip of flimsy plastic with a bar-code on it.

Keep us up to date on your experiments!

-- Fri Dec 03, 2010 6:56 pm --

This thread is interesting, though I've never seen a card like that in real life. Call me an uncultured countryside resident, but I've only used a subway system once (Closest thing to Bus transportation), and at least in Boston, all I got from the machine was a small slip of flimsy plastic with a bar-code on it.

Keep us up to date on your experiments!
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Next

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests