This topic was briefly discussed back in May.<div>I shared a bit of information back then:</div><div><br></div><div><a href="https://www.noisebridge.net/pipermail/noisebridge-discuss/2010-May/thread.html#14104">https://www.noisebridge.net/pipermail/noisebridge-discuss/2010-May/thread.html#14104</a></div>
<div><br></div><div>Since writing that, the Clipper card has been released, and now is entirely a concactless smartcard (the TransLink cards, which operate identically and still work, had contacts).</div><div><br></div><div>
The Charlie card is a MIFARE card, the same as London's Oyster cards and many other systems. It's a standard card that you can purchase for under a dollar each, and the classic cards contain up to 1kb in storage (effectively less, as there are a couple headers and keys that use part of that 1kb). </div>
<div>They may use a modified version of 14443, but with 35mhz -- something I presume is to prevent more casual hacking as the 13.56mhz readers are readily available (I have one sitting here).</div><div><br></div><div>As to why they're "so slow", I can guess. In my experience with MIFARE cards, the datarate was somewhere around 140cps. That means on a 1kb card, to read the entire card would take 7+ seconds. The data is stored on them in sixteen 64-byte sectors, each sector containing up to two 4-byte keys/access control data (thus up to 56 bytes per sector). Assuming the clipper card works like this, I would bet at minimum of two sectors are used, and probably three to four.</div>
<div>Maybe they're able to squeeze a faster datarate with their hardware, and maybe their design is more efficient for their exact use than MIFARE. But I would guess this is the reason for the ~1s lag of swiping a card, and is likely not going to change anytime soon.</div>
<div><br></div><div>Presuming the TransLink card's contacts offer the same exact data and encryption as the contactless interface, they would be the ideal method of attack methinks. Otherwise, go find yourself a USRP or some bizarre 30mhz rfid reader...</div>
<div>I'll be very curious to see what more can be learnt.</div><div><br></div><div>Jeffrey</div><div><br></div><div><br><div class="gmail_quote">On Mon, Oct 4, 2010 at 8:40 PM, Ryan Rawson <span dir="ltr"><<a href="mailto:ryanobjc@gmail.com">ryanobjc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Here is what I know:<br>
<br>
- Clipper is a smartcard, with stored information, presumably encrypted.<br>
- According to wikipedia: "The Clipper card was developed by<br>
Australlian-based ERG Group and Motorola under the ERG-Motorola<br>
alliance in April 1999"<br>
- According to my coworker: ERG is a typical systems integrator,<br>
meaning we can count on jr and ineffective teams being put to work on<br>
the project<br>
- Will need hardware readers, perhaps clipper card is<br>
<a href="http://en.wikipedia.org/wiki/ISO/IEC_14443" target="_blank">http://en.wikipedia.org/wiki/ISO/IEC_14443</a><br>
- Encryption might become an issue<br>
<br>
Some basic experimenting indicates that the terminals seem to have the<br>
possibility of operating standalone w/o network connection, they were<br>
able to tell me pretty quickly that my card was still good for a<br>
transfer, etc. This information presumably stored back to the card.<br>
<br>
Still trying to figure out more. I should look at those MIT students<br>
who researched charlie card.<br>
<div><div></div><div class="h5"><br>
On Mon, Oct 4, 2010 at 7:34 PM, aditya bhargava <<a href="mailto:aditya@wefoundland.com">aditya@wefoundland.com</a>> wrote:<br>
> This sounds very cool. I have software experience, although no hacking<br>
> experience. Does that count?<br>
><br>
><br>
><br>
> On Mon, Oct 4, 2010 at 6:56 PM, Ryan Rawson <<a href="mailto:ryanobjc@gmail.com">ryanobjc@gmail.com</a>> wrote:<br>
>><br>
>> Anyone interested in doing some hacking on the clipper card? I'm not<br>
>> interested in free trips, but I would like to do things like read my<br>
>> card, understand how it works, get to the root cause of why it is<br>
>> slow, etc.<br>
>><br>
>> I have no hardware, but plenty of software expertise and I can solider :-)<br>
>><br>
>> -ryan<br>
>> _______________________________________________<br>
>> Noisebridge-discuss mailing list<br>
>> <a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
>> <a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
><br>
><br>
><br>
> --<br>
> <a href="http://wefoundland.com" target="_blank">wefoundland.com</a><br>
><br>
_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
</div></div></blockquote></div><br></div>