Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi,
anyone know how public transport system works? I mean there is millions cards which all have different secret keys, so how reader reads it? reader have database with millions secret keys and for every card it search secret key from database? if anyone have experience with it please share thanks
Offline
hahahahaha se equivoco de foro .... lea por aparte esa informacion no la encuentra aqui, pero si el como !
(Google translated)
hahahahaha .... the wrong forum read by separate this information not found here, but if your like!
Offline
? don't smoke too much. Maybe there is noob question but...
I mean there is ticket networks like Octopus, Oyster which handle more than few millions cards so each card can't have different secret keys, becouse it would be big lag to search keys for every card (maybe there is I am wrong so please someone correct me)
If READER search for CARD and found it
1. Select with UID
2. Try to authenticate with secret key (how much secret keys can have?) to read sector
So if READER have 50 - 100 secret keys so it's big security hole in ticket networks, becouse there is possibility to collect secret keys using sniffing or emulating uid.
So please some one explain are am I wrong or not?
Offline
@kra: This is an english forum. There's no point in posting messages in spanish (although I have no problem in understanding it).
@domasc: Each card can have a different secret key that could be calculated from UID using a secret algorithm, so no need for a big database, only the algorithm is needed. Usually the algorithm is very difficult to deduce from UID/key pairs.
Other possibility is using encrypted comunication cards (as Mifare Desfire for example). The key can be the same for all cards, but the communication is encrypted and the key can not be deduced easily by snooping.
Offline
Thanks Cex
Offline
domasc
Which public transportation system do you interested in?
Offline
I have a RFID bus card that I can read with the pm3. I am 100 % sure it uses Mifare technology.
Can I copy this card to another Mifare card with the PM3 ?
Last edited by o0o0o0o (2012-04-06 08:31:19)
Offline
@ vivat
I am not interested in one specific system I am interested of all maybe you know how OV-chipkaart, Oyster, Octopus work? Or any one of them?
@ o0o0o0o
Yes, you can use command 'hf mf dump1k' to copy original and then 'hf mf restore1k' to make clone to new card
Offline
I am interested of all maybe you know how OV-chipkaart, Oyster, Octopus work?
http://www.code.google.com/p/mfcuk/wiki/MifareClassicKnownCardsDataFormat
For OV-chipkaart there is independent forum:
http://www.ov-chipkaart.me/forum/
Offline
Sorry dude
My intention is not to offend, but your question is very general, asking for this information I do not think so to give you it is no legal, at least in my country, the only way you can find such information in nxp semiconductors but I don't think so those reveal that information because it is your business.
Since I found out that nxp semiconductors did everything possible to stop the students who developed cripto1 be quiet.
Regarding mifare I imagine that each company changes these keys, because that is their 'secret' and not covenient exept nobody knows them and that could create an illegal market
Offline
Thanks Kra for respond,
but how could knowledge be illegal? I don't do any crime, I just want to know security systems, them holes, think about it updates researches and etc... If some company do everything to do people quiet they do crime. It's one of main things of LIBERTY - LIBERTY OF KNOWLEDGE.
Offline
Thank You Vivat for information
Offline
Pages: 1