

FareBot: Read data from public transit cards w/ your NFC-equipped Android phone - EricButler
http://codebutler.com/announcing-farebot-for-android

======
eik3_de
If you're interested in reverse engineering RFID payment systems in public
transfer, I can recommend you this talk from 27c3:
[https://events.ccc.de/congress/2010/Fahrplan/events/4036.en....](https://events.ccc.de/congress/2010/Fahrplan/events/4036.en.html)
Video: [http://mirror.fem-
net.de/CCC/27C3/mp4-h264-HQ/27c3-4036-en-r...](http://mirror.fem-
net.de/CCC/27C3/mp4-h264-HQ/27c3-4036-en-
reverse_engineering_a_real_word_rfid_payment_system.mp4)

------
estel
Awesome app. I've been looking for some small nfc hacking projects, and might
look at getting this working properly with Oyster or something (provided I can
get my hands on an updated DESfire one rather than my existing Mifare
Classic).

~~~
EricButler
Thank you! Although probably not as interesting, it would be great to add
Mifare Classic support to FareBot, if you're looking for stuff to work on.

------
zitterbewegung
This is great! I was wondering if you could read data from RFID chips using
the NFC since the protocols are nearly identical. I wonder if you could create
an app that just indiscriminately reads data raw from the NFC chip?

~~~
EricButler
Thanks!

Many RFID cards are basically tiny computers with each with a proprietary
command protocol, so you can't read everything generically. MIFARE DESFire
cards (ORCA, Clipper, newer Oyster) for example have a command protocol and
basic filesystem. FareBot asks the card for a list of all its files and dumps
them out one by one.

I do believe there's a standard way to read NDEF data (used to store URIs,
etc.) from different types of cards but haven't looked into this much yet. I
think this is what the "Tag" app that comes with the Nexus S does.

------
pirko
Tried with my transit card from SL (Stockholm Public Transport). Got
"Unsupported card type: Mifare4k". I'm going to look into it more tonight.

~~~
onlydnaq
You can find a presentation about the cards used by SL from last years SEC-T
conference here <http://www.sec-t.org/2010/presentation-videos.html>

The name of the presentation is Hacking the RKF ticket system, it can be found
at the bottom of the page.

------
wgrover
Very cool - tried it with my MBTA Charlie Card and it returns "Unsupported
card type: Mifare1K". Are we Bostonians out of luck?

~~~
EricButler
For now, but support for Mifare Classic is a high priority.

------
megaframe
This is a serious security problem for San Francisco public transit... "in
addition to being able to read cards, also have the capability to emulate a
card". I had considered duplicating a card, since it's a tag based system. So
two or more people could share things like a month Caltrain pass, or two
people riding together on the bus could both tag and only pay once. Using this
program would be certainly easier, than what I was thinking.

~~~
davidmathers
How is it a security problem? The article doesn't say anything about a
security problem. On the contrary it says _the security of some older fare
cards has been compromised possibly allowing someone to alter their balance,
though I am unaware of any attacks against DESFire._

~~~
megaframe
I don't believe card in SF carry the balance information I thought that was on
their side, issue is if people duplicate cards then they could share unlimited
month passes.

