Hello people,
So I recently was playing around with some NFC apps, and I found out my OV-Chipkaart (Dutch public transit card) was read by my phone. Unfortunately I got a lot of numbers and stuff I didn't understand. Does anybody know more about this?
The card is encrypted. If you get the key (there are a couple of articles on the internet which tell you how to get it), you should be able to read the entire card. Without the key you can only see the expiration date.
I saw it was possible to add your own MIFARE key in the TagInfo app. The only thing you need to get this key is an RFID-reader for your PC and some processing power (and the appropriate software).
cool
Thats so cool
My acces card for school does the same. Found this out because everytime i put my phone kn my wallet it made a sound.
Sent from my GT-I9300 using xda premium
UID
Each contactless chip (incuding the Mifare you have) has a unique id which is accessible to any contactless reader, in this case you phone. Unique id enables the reader to overcome collision for reading one chip at a time. This is is probably used as the id of your card by the system it is being used.
htcsnap93 said:
My acces card for school does the same. Found this out because everytime i put my phone kn my wallet it made a sound.
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
hey on they internet i found this :
http://www.youtube.com/watch?v=L7wyHfYDg4A
http://www.ov-chipkaart.me/forum/vi...sid=601115f083127a3a86069b25feebdb43&start=30
i tested it on my personal ov chipkaart but it didn' t work because i haven' t made a dump off the card. i haven' t got a reader for it so maybe if a xda that lives in Rotterdam/Cappele a/d Ijssel is kind enough to make a dump for me
I also recently checked my bus-card and the phone could read some of the info in the card, so i was wondering if it is possible to clone the info in the card to some other nfc tag, which would be cool, and also if i use the phone as rifid reader, mentioned above, connected to pc with usb then theoretically it would be possible to reprogram the card...?
And also another question, is it possible for the phone to send out same info which is on the card so i could use phone instead of bus-card at the bus?
EDIT: I read previous topics and realized that this is impossible.
The ov-chipkaart part is now available and working in the source of github/wandcode/farebot. I have tried and confirmed that this is working. You will need to crack the MiFare classic keys first, this is only possible on a ov-chipkaart by NXP-semiconductors (so not the Infineon version)
I don't have a RFID card reader... Is it possible to dump the chipkaart keys with the Samsung Nexus and then crack the keys with the PC?
Credit
Funny
Now to find out how to upload vitual cash
leto78 said:
I don't have a RFID card reader... Is it possible to dump the chipkaart keys with the Samsung Nexus and then crack the keys with the PC?
Click to expand...
Click to collapse
No that's where the power of chip-cards come in play. There are no keys on it who a external device will receive and decipher. A Mifare Classic card has a built-in authentication system which you will have to pass to read/write onto the card.
The only possible way i could think of is to take the known key from the card, generate a dictionary on a computer and then bruteforce with a phone. But i think that would be more time/hassle then buying a 20 dollar NFC reader.
Factionwars said:
The only possible way i could think of is to take the known key from the card, generate a dictionary on a computer and then bruteforce with a phone. But i think that would be more time/hassle then buying a 20 dollar NFC reader.
Click to expand...
Click to collapse
All the Mifare card readers I could find cost at least 40 euros... Do you recommend any cheap ones?
leto78 said:
All the Mifare card readers I could find cost at least 40 euros... Do you recommend any cheap ones?
Click to expand...
Click to collapse
Ah you have to take a look around, there are loads of people owning a acr122u(touchatag) who bought them when the ov chipkaart got cracked, prices have been rising i guess. Try second hand
Factionwars said:
Ah you have to take a look around, there are loads of people owning a acr122u(touchatag) who bought them when the ov chipkaart got cracked, prices have been rising i guess. Try second hand
Click to expand...
Click to collapse
Anyone heard about the news today? The OV got hacked again.
You guys know any of this?
dragonwith said:
Anyone heard about the news today? The OV got hacked again.
You guys know any of this?
Click to expand...
Click to collapse
Here a hidden post on the details http://www.totalov.nl/m/index.php?type=n&n=166
I have been on it all morning, and it seems to be more of a theoretical hack rather than a real PoC. I also still don't understand how you could attach a sticker to a nfc card and the reader will read the sticker instead of the nfc card, it will read both in my logic.
Any news or how to's available.
Hi guys any app or news available on how to do this.
If anyone in holland is willing to help me with a dumpfile of my 0V chip card for a reward, sent me a pm please.:good:
Factionwars said:
Here a hidden post on the details http://www.totalov.nl/m/index.php?type=n&n=166
I have been on it all morning, and it seems to be more of a theoretical hack rather than a real PoC. I also still don't understand how you could attach a sticker to a nfc card and the reader will read the sticker instead of the nfc card, it will read both in my logic.
Click to expand...
Click to collapse
Isnt it kinda obvious that you have a huge sticker on your OV. Like Checkers can just take of the sticker and they can see its fake.
dragonwith said:
Isnt it kinda obvious that you have a huge sticker on your OV. Like Checkers can just take of the sticker and they can see its fake.
Click to expand...
Click to collapse
No Mifare classic stickers can be very small, and then again you can also attach it to the card holder it's in and when you get asked to take it out you just have bad luck. Though i am more interested in the Tech and Security rather then abusing it.
Hey guys. I'm willing to help and work together to make this work. I've also noticed that the forum of the last hack, ov-chipkaart.me is down. Does anyone know anything about this?
Factionwars said:
Here a hidden post on the details ---
I have been on it all morning, and it seems to be more of a theoretical hack rather than a real PoC. I also still don't understand how you could attach a sticker to a nfc card and the reader will read the sticker instead of the nfc card, it will read both in my logic.
Click to expand...
Click to collapse
The sourcecode of Farebot is avalible on github if you didn't already find it.
Since it can already read the data it must not be hard to be able to write it back to a new tag..
If you need any help or a Mifare reader you can contact me.
---------- Post added at 12:42 PM ---------- Previous post was at 12:37 PM ----------
DamianSewo said:
Hey guys. I'm willing to help and work together to make this work. I've also noticed that the forum of the last hack, ov-chipkaart.me is down. Does anyone know anything about this?
Click to expand...
Click to collapse
Just visit archive (I cant link, since < 10 posts. Google it, 1st link) and use the Way Back Macine.
Related
i was wondering, since the launch of the official ics for our sony arcs is only around the corner, would there be a way to include the Google beam function into our phones,
Ive read that there is nfc adapters but i don't know if they would work for our devices or of any additional apps may be needed for then to function
http://thesmartsense.com/15701
would be sweet if we could make use of this function
any ideas, im a bit of a noob
I read that there is coming MicroSD cards with NFC... so if the software at some point wil support that, it is possible...
I don't see what's the point of nfc if it's not secure 100%, I saw a tv report about cyber robbery, which someone can steal ur credit card info with a small device hidden in a woman's hand bag or maybe jeans pocket.
zonetrooper90 said:
I read that there is coming MicroSD cards with NFC... so if the software at some point wil support that, it is possible...
Click to expand...
Click to collapse
That would be great news. Although NFC is still kinda of a gimmick right now, i can see it more widespread. Doesn't Visa Paywave also work with NFC?
I'm still kinda reluctant to use it though, looking at the security issues.
That's good news. I hope to see new sd cards soon, or another way to use nfc with arc
http://tinyurl.com/6sxqgwo
Sent from my SPH-D710 using xda premium
In theory, sure. It's along the same lines as SDHC cards that give Wi-Fi ability. The real issue is whether or not it's worth it to forgo the extra storage space of a memory card in favor of a NFC capability.
The concept of NFC is really cool, but isn't there yet in terms of practicality. I only use 1 credit card so, for me, having to use my phone to do transactions will more than likely take more time than just using my credit card. There are security benefits to NFC as thieves won't be able to steal information from the magnetic strip.
Megatr0n. said:
There are security benefits to NFC as thieves won't be able to steal information from the magnetic strip.
Click to expand...
Click to collapse
I actually am worried this would make things less secure than currently using your credit card.
Here is what I found on there site
Will I lose data on my original microSD?
No. The great thing about moneto is the fact that the microSD doubles as a storage source on non-iPhone smartphones. If you have any data or media, such as application folders, music, videos, or pictures on your microSD that you’d like to keep you can easily transfer that content to the moneto microSD.
* * Transferring data from my microSD to my moneto microSD
Load your microSD onto your computer. You can do this by using a microSD to USB converter, a microSD to SD card converter with an onboard SD slot, or by leaving your microSD in your phone and connecting your phone to your computer via USB cable.
Copy all desired files from your microSD card to the new folder. Simply drag and drop the files or folders you wish to transfer
Right click your microSD card and select “Eject” to safely remove it
Insert the second microSD card as you did in step 1
Copy the files you moved in step two and paste them in the moneto microSD, eject the drive to safely remove the card. Removing the microSD without ejecting on your computer or unmounting on your phone can damage any data stored on the card.
*
cds0699 said:
I actually am worried this would make things less secure than currently using your credit card.
Click to expand...
Click to collapse
How so?
Sent from my SPH-D710 using xda premium
My thoughts on it being less secure would be if someone has a receiver for NFC, they could access your chip. There was a news story here in Denver, I don't remember the station, where they went yo the airport with said receiver and started pulling up information from people with the NFC credit cards. I have no idea if that would be an issue on phones, as I have not done any research on it, so it may not be an issue...
mikey80021 said:
My thoughts on it being less secure would be if someone has a receiver for NFC, they could access your chip. There was a news story here in Denver, I don't remember the station, where they went yo the airport with said receiver and started pulling up information from people with the NFC credit cards. I have no idea if that would be an issue on phones, as I have not done any research on it, so it may not be an issue...
Click to expand...
Click to collapse
You have to actually load an app and do an authorization in order to make a payment with a wallet through NFC.
ddrt said:
How so?
Sent from my SPH-D710 using xda premium
Click to expand...
Click to collapse
I am trying to think about the hacking possibilities. Also when you think about credit card theft, cell phone theft is also pretty high. For example, if you have an NFC sd card, and your phone gets stolen, how easy would it be to hack in and get the pin and have access to everything?
I haven't learned enough about it though, I could possibly be mistaken/misunderstanding/paranoid.
How would you get the Google wallet app on your phone if u get this? I love Google wallet and use it all the time withmy nexus.
Sent from my Nexus S 4G using xda premium
cds0699 said:
I am trying to think about the hacking possibilities. Also when you think about credit card theft, cell phone theft is also pretty high. For example, if you have an NFC sd card, and your phone gets stolen, how easy would it be to hack in and get the pin and have access to everything?
I haven't learned enough about it though, I could possibly be mistaken/misunderstanding/paranoid.
Click to expand...
Click to collapse
Ya but u can track ur phone with avast and look out. So if anything its more secure
Sent from my SPH-D710 using xda premium
musclehead84 said:
How would you get the Google wallet app on your phone if u get this? I love Google wallet and use it all the time withmy nexus.
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
I believe it has nothing to do with google wallet. You have to download their own app in the market
mikey80021 said:
My thoughts on it being less secure would be if someone has a receiver for NFC, they could access your chip. There was a news story here in Denver, I don't remember the station, where they went yo the airport with said receiver and started pulling up information from people with the NFC credit cards. I have no idea if that would be an issue on phones, as I have not done any research on it, so it may not be an issue...
Click to expand...
Click to collapse
That's more likely with RFID chips (the kind new passports have), not NFC. NFC has a very short range (literally, a few cm's) and as another person mentioned, you need to initiate a transaction for it to even show up. The only way they'd be able to do that would be to try and hijack the payment terminal itself since the range is so short. And even then, I'd imagine someone would notice if the card didn't seem like it was going through, but the customer was showing that they paid or it looked like two charges were trying to be made.
Security wise, NFC shows a lot more promise than RFID. It's really going to come down to how fast it expands (currently only uses MasterCard PayPass system and not all stores have those) and whether or not it's more convenient to use compared to traditional payment methods.
I want to know if its possible to read my contactless work ID card with my phone and then use the phone as my ID by tapping it to the reader.
I don't know if this is even possible and my question isnt about the Nexus as much as it is about My ID card, but if anyone can help me figure out what kind of ID card I have and how that would or wouldnt work with the hardware in the Nexus, I'd appreciate it.
Thanks.
There is some sort of chip in your ID or is just a bar code you're trying to scan?
Jmurph3 said:
There is some sort of chip in your ID or is just a bar code you're trying to scan?
Click to expand...
Click to collapse
Some sort of chip. I tap the card to the reader in the elevator and at the front door to the office.
I don't even need to tap the card directly, I keep the card in my wallet and tap my wallet to the reader and it picks it up fine.
Let me know if I can provide any more info.
Thanks
I can't think of anyway to extract the information from the chip, but you could always cut the chip out and tape it inside the battery door. I wouldn't think anything would interfere with the chip, but I guess would might need to have an undamaged ID card.
Jmurph3 said:
I can't think of anyway to extract the information from the chip, but you could always cut the chip out and tape it inside the battery door. I wouldn't think anything would interfere with the chip, but I guess would might need to have an undamaged ID card.
Click to expand...
Click to collapse
Yeah, that wouldn't work, it doubles as a picture ID as well so I would need to keep it undamaged.
I've seen apps that read and store data when tapped with a credit card, so I was hoping someone would be able to provide similar info for how to do it with an ID card. I don't know enough about the different NFC and RFID technologies and what the nexus is capable of. Was hoping someone on here might be able to help.
Check out this thread from a few months ago. People came to the conclusion that it isn't possible.
http://forum.xda-developers.com/showthread.php?t=1368907
gbenj said:
Yeah, that wouldn't work, it doubles as a picture ID as well so I would need to keep it undamaged.
I've seen apps that read and store data when tapped with a credit card, so I was hoping someone would be able to provide similar info for how to do it with an ID card. I don't know enough about the different NFC and RFID technologies and what the nexus is capable of. Was hoping someone on here might be able to help.
Click to expand...
Click to collapse
From what I understand, data that's on most RFID cards is encrypted and the NFC antenna on the Galaxy Nexus (and Nexus S) is not currently capable of interpreting the data. It certainly seems that the possibility is there though seeing as how they usually operate on the 13.56 MHz frequency.
Sent from my Galaxy Nexus using XDA App
El Daddy said:
Check out this thread from a few months ago. People came to the conclusion that it isn't possible.
http://forum.xda-developers.com/showthread.php?t=1368907
Click to expand...
Click to collapse
Thanks, that's a big help...indeed doesn't seem possible, at least not yet.
gbenj said:
Thanks, that's a big help...indeed doesn't seem possible, at least not yet.
Click to expand...
Click to collapse
I posted this on another thread, but I think it is worth it here also. HID is beta testing using NFC technology for card access with Blackberry devices. Youtube HID Global Pilot Arizona State. NFC uses 13.56Mhz frequency. The HID iClass readers should work ONCE HID gives the customer the ability to get the software used to tether the phone to your computer and connect to the "secure" part of the Android OS and create a credential. It is coming. Just waiting on HID Global to make it happen.
zombiehaven said:
I posted this on another thread, but I think it is worth it here also. HID is beta testing using NFC technology for card access with Blackberry devices. Youtube HID Global Pilot Arizona State. NFC uses 13.56Mhz frequency. The HID iClass readers should work ONCE HID gives the customer the ability to get the software used to tether the phone to your computer and connect to the "secure" part of the Android OS and create a credential. It is coming. Just waiting on HID Global to make it happen.
Click to expand...
Click to collapse
Thanks, cool video (http://www.youtube.com/watch?v=9VqnOiA20wg) for those that don't want to search.
I hope that will become available for the rest of us at some point.
gbenj said:
Thanks, cool video (http://www.youtube.com/watch?v=9VqnOiA20wg) for those that don't want to search.
I hope that will become available for the rest of us at some point.
Click to expand...
Click to collapse
Glad it helped. Hit me up on the thanks meter if you don't mind. I'm trying to get some credibility here.
I want to russia for a two week vacation last month... and i discovered something ultra cool about their train cards...
So now i have this huge pack of russian metro passes and they all have nfc chips in them...
unfortunately, these passes are all write protected...
is there any way to completely wipe these cards and get write permissions....
LOL! How did you get all those cards?
did you really ride the train THAT much? or did you just collect discarded ones along the way?
DreadApex said:
LOL! How did you get all those cards?
did you really ride the train THAT much? or did you just collect discarded ones along the way?
Click to expand...
Click to collapse
lmao.. all of those are single ride cards... we were never sure how many rides we would need to get to places and back so we decided to just buy single ride cards during the entire vacation...
I don't think there's anyway.
Anyway, what kind of cards are these?
Beamed from my Maguro.
most of the time, you don't hafta rewrite them to be useful...depending on what you use them for.
if you want to use them to share specific info, you might be out of luck.
If you want to use them to initiate things (like with tasker), you can simply have it trigger when it reads those specific cards, no writing required!
DreadApex said:
most of the time, you don't hafta rewrite them to be useful...depending on what you use them for.
if you want to use them to share specific info, you might be out of luck.
If you want to use them to initiate things (like with tasker), you can simply have it trigger when it reads those specific cards, no writing required!
Click to expand...
Click to collapse
yeah, thats what happens but it still isn't what i want as i want to program the card on one device and be able to use it on another device as well... instead of having every device memorize the tag id... i want them to recognize the code...
unfortunately, I don't think you can unlock tags once they have been locked.
I don't think there is a way either
Sent from my SCH-I545 using xda app-developers app
davidmargolin said:
I want to russia for a two week vacation last month... and i discovered something ultra cool about their train cards...
So now i have this huge pack of russian metro passes and they all have nfc chips in them...
unfortunately, these passes are all write protected...
is there any way to completely wipe these cards and get write permissions....
Click to expand...
Click to collapse
I think you should sell me one c;
What tech are they ?
MiFare? DesFire? NTAG203?
CountParadox said:
I think you should sell me one c;
What tech are they ?
MiFare? DesFire? NTAG203?
Click to expand...
Click to collapse
mifare
DreadApex said:
unfortunately, I don't think you can unlock tags once they have been locked.
Click to expand...
Click to collapse
:'(
davidmargolin said:
mifare
:'(
Click to expand...
Click to collapse
god damnit s4 stop accepting only nfc forum tags >>
This makes me wonder why more company's don't implement this into things. Would'nt it be awsome to scan your phone to get in a building or on a bus, or an ID/Drivers Lisnce that can just be scanned to ID you in a traffic stop or to get in a bar or whatever?
Sent from my HTC-PG762 using xda app-developers app
So the country I'm visiting has these nfc bus fare tickets and they're pretty cheap and I'd like to use them after they're useless as nfc tags. Problem is they seem to be write protected. Does that mean there's no way to write to them or can they be overwritten? I'm a total noob at this whole nfc thing but I did manage to figure out that it's mifare ultralight. Any program I could use on Win7? And if there is can I use my phone (S4) as some usb nfc reader?
Write protected means you can't override them. However, you can use your phone and NFC Retag to do some cool stuff
you can't overwrite them, but there's already something written on them that you can use to identify that tag. so you could still use it to let your phone do something when you put it near it
I-TensE-I said:
Problem is they seem to be write protected. Does that mean there's no way to write to them or can they be overwritten?
Click to expand...
Click to collapse
How do you know they are write protected ?
Ive used an android app to read nfc tags which also claims to be able to write to them... I dont remember its name, but there's a few that do.
They have introduced NFC bus cards here in Australia over the past 12-18 months and ive become curious.
Stores have the ability to 'add credit' to them via some device they posses so I doubt they are (at least the ones here) write protected... just probably encrypted.
I only have a galaxy S2 which has no NFC so I havent had much chance to investigate, but I did have a quick look at a few cards with my friends S5, which reads the cards fine.
I would be curious what happens if you 'cash up' a card... read and store the nfc data, then write it back to the same card once the card runs low. Though in all honesty I doubt it is that easy... but who knows... maybe it is
We've had these cards in England... Since... Forever?
Shops can top them up, but I think that it doesn't actually write anything to them. Instead, it gets the cards ID then looks it up on the bus companies database, tops it up. And probably charges something from the guy in the shop.
I don't know for sure, but I think this is what is going on. Or someone would have cracked the encryption on these already.
there are different versions of cards, and also different security settings.
there is a soft protection, a permanent protection and it is also possible to password protect some cards
Re-Tagging the tags should do the trick, i guess