corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » "Smart" Cards - tamperable?


New Topic

New Poll
  Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author "Smart" Cards - tamperable?
dan_m1les
Member

Registered: 8th May 06
Location: Burnham, Buckinghamshire
User status: Offline
14th Apr 11 at 13:44   View User's Profile U2U Member Reply With Quote

Hi All,

I have a card that I top up for the self service sun bed shop i go to You get double minuete etc if you do it this way.

However the card has like a sim card bit on it, and i assume the system is quite simple as it has to work with the machine and then the machines on the doors to adjust the time etc?

Are these easily "hacked" via a pc with a car reader?

[Edited on 14-04-2011 by dan_m1les]
dan_m1les
Member

Registered: 8th May 06
Location: Burnham, Buckinghamshire
User status: Offline
14th Apr 11 at 13:49   View User's Profile U2U Member Reply With Quote

Turn out its a smart card, can easily optain a smart card reader online.

I would assume the information on the card can easily be changed?
Brett
Premium Member

Avatar

Registered: 16th Dec 02
Location: Manchester
User status: Offline
14th Apr 11 at 14:12   View Garage View User's Profile U2U Member Reply With Quote

Hacking sun beds
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
14th Apr 11 at 14:13   View Garage View User's Profile U2U Member Reply With Quote

What about if you do it wrong and the sun bed comes alive and starts attacking people with a UV laser?
dan_m1les
Member

Registered: 8th May 06
Location: Burnham, Buckinghamshire
User status: Offline
14th Apr 11 at 14:16   View User's Profile U2U Member Reply With Quote

Whats wrong with hacking sun beds
Ian
Site Administrator

Avatar

Registered: 28th Aug 99
Location: Liverpool
User status: Offline
14th Apr 11 at 14:32   View Garage View User's Profile U2U Member Reply With Quote

Depends if the balance is stored on the card or the card merely identifies you and the balance is held in a list at the shop.

If the balance is on the card and you have the means to write then yes, you can increase your balance.

If the balance isn't on the card then you could probably present a different id and exhaust other people's balances.

If it's done properly it'll have an encryption hash stored alongside your id number so you can't just change one and not the other. When you present the id, the reader does some maths on your id number and checks the result with hash result which is already stored on the card. If they match, boom you're in. If they don't, you fail.

Problem being you won't know which hashing algorithm is used and they will probably use a salt which you won't know either.
adiohead
Member

Registered: 28th Sep 01
User status: Offline
14th Apr 11 at 14:34   View User's Profile U2U Member Reply With Quote

I have an old Elvis card reader
DaveyLC
Member

Registered: 8th Oct 08
Location: Berkshire
User status: Offline
14th Apr 11 at 14:45   View User's Profile U2U Member Reply With Quote

The card will generally just have an ID stored on it, the time allocated etc. will be in a database somewhere.
dan_m1les
Member

Registered: 8th May 06
Location: Burnham, Buckinghamshire
User status: Offline
14th Apr 11 at 14:49   View User's Profile U2U Member Reply With Quote

The car machines on teh doors are simply plugged in to the mains, so I assume the information is stored on the card.

Its a polish operation, so I doubt they have any form of top end encryption.
Dom
Member

Registered: 13th Sep 03
User status: Offline
14th Apr 11 at 14:51   View User's Profile U2U Member Reply With Quote

Purchase a reader/writer and have a look...
dan_m1les
Member

Registered: 8th May 06
Location: Burnham, Buckinghamshire
User status: Offline
14th Apr 11 at 14:55   View User's Profile U2U Member Reply With Quote

Does anywhere on the high street sell card readers?
Chris
Premium Member

Avatar

Registered: 21st Sep 99
User status: Offline
14th Apr 11 at 16:25   View Garage View User's Profile U2U Member Reply With Quote

you will be able to alter the value field, but will no doubt be checksums to the value carnt just be hacked.

Doug
Member

Registered: 8th Oct 03
User status: Offline
14th Apr 11 at 17:05   View User's Profile U2U Member Reply With Quote

Do you know the make/model of the sunbeds? Maybe we can look at some tech info about the card units attached to them

 
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
"LOWER THAN YOUR GRANNYS NIPPLES" stickers am4nf Parts Offered 51 2660
28th Feb 11 at 18:33
by am4nf
 
Usually hate these "What car?" threads.. Chrissy General Chat 6 290
23rd Apr 10 at 10:01
by daymoon
 
Even Audi themselves go "euro"/stance/scene jr General Chat 22 783
10th May 10 at 20:55
by Jonny Ingham
 
Popped over to the 'Darkside' mx5 content... (Fresh MOT...Fresh PICS) Minty_Fresh Projects and Builds 224 15941
13th Jun 11 at 18:12
by Minty_Fresh
 
"Tow" stickers.... Twiggy General Chat 7 1282
12th Dec 10 at 22:14
by IvIarkgraham
 

Corsa Sport » Message Board » Off Day » Geek Day » "Smart" Cards - tamperable? 29 database queries in 0.0188720 seconds