9

I have the equivalent of an Oyster card (proximity based public transport card).

Oyster card

I'm interested in having the information stored in another way so I don't have to carry around yet another card, perhaps stored on a ring or an NFC enabled smartphone.

Can this be done?

I know there are NFC rings and you can get NFC implantable chips, but can the information be removed from the Oyster card and transferred into the ring, smartphone or implant?

Coomie
  • 367
  • 4
  • 11
  • I feel like I should add that my intentions are legal and not to somehow exploit the system. I'm happy to pay for my transport. I just want to do it with my own (superior) technology. – Coomie Feb 23 '15 at 07:04
  • 1
    Take a look at this question on Electronics SE but the general premise there is no it can't be done. – MrPhooky Feb 23 '15 at 09:01
  • 1
    And also any tampering with the card itself is a breach of the conditions of carriage as they must not be intentionally damaged, altered or tampered with in any way. – MrPhooky Feb 23 '15 at 09:13
  • @dmcdivitt The question is about transferring the information (and along with it, the functionality) from one NFC device to any other device. Whether that device is an internal chip or external ring, it doesn't matter. The question is not about the implant but the information on the NFC chip. – Coomie Feb 24 '15 at 03:05
  • @dmcdivitt Edited per your request. – Coomie Feb 24 '15 at 03:44
  • close withdrawn – subjectivist Feb 24 '15 at 03:46
  • 2
    I think copying the information to another device will not be legal as this way it will make it possible two persons to travel with the same card (the original one and the other which will be copied to a new device) – vladiz Feb 24 '15 at 13:21
  • Someone managed to transfer it into a sonic screwdriver.... http://angryfeet.com/forum/viewtopic.php?f=3&t=1826 – Bowen Mar 20 '15 at 21:10
  • To any with arguements about this being potentially a breach of terms of use (or even the law, though this would be fairly usual to have a law about). The asker said an "equivalent of an Oyster card". Considering there must be hundreds (or even thousands), of transit systems using NFC cards. Let along the thousands more businesses/Universities/schools (even households? cars?) that use them. I'm sure there are at least some where it is not disallowed. – Frames Catherine White Jun 07 '15 at 06:57
  • Of course, in the time since this question was asked… you can now just use your phone ;) – Tetsujin Aug 12 '23 at 13:11

2 Answers2

2

According to Engadget it should be able to work, as the Oyster cards seem to operate by NFC. The article also mentions the ability to use other kinds of cards and other NFC tag based trinkets (NFC sticker, NFC wristband). However, these are all issued by financial institutions, so they would reasonably contain some kind of encryption that might be hard to integrate with off the shelf NFC tags.

If I were you I'd try scanning an Oyster card using an NFC reader application, like this one. If you find that the card returns a fixed value for each reading, then go ahead and try to program this value into a custom NFC tag, essentially copying the card. If this new "card" can be used with the official Oyster readers then you are all set. However, it probably won't work, but there is still hope (see next paragraph).

This video suggests that the Oyster cards use some kind of security chip (Mifare Classic Smartcard Chip). This is reinforced by Wikipedia too. It seems to be possible to buy this kind of chip from this website.

zovits
  • 224
  • 2
  • 6
  • 1
    A well-designed contactless card performs cryptography using a secret key when you access information. An NFC reader information only returns public information, not the information that the fare gates verify. A badly-designed card returns a fixed value; these are common in building access but not so much in transportation. In between, you have low-end Mifare cards which use encryption but with algorithms that can be broken. – Gilles 'SO- stop being evil' Feb 24 '15 at 16:56
  • Look at what @MrPhooky posted above. It might be more complicated because of the unique UIDs – s3v3ns Feb 25 '15 at 07:18
2

A well-designed contactless card performs cryptography using a secret key when you access information. An NFC reader information only returns public information, not the information that the fare gates verify. A badly-designed card returns a fixed value; these are common in building access but not so much in transportation. In between, you have low-end Mifare cards which use encryption but with algorithms that can be broken.

So the upshot is that it depends on the precise model of transportation card.

In any case, if your transportation authority doesn't offer a way to replicate the card information, then even if you manage to transfer the information to a phone or to an implant, that won't make your phone or implant a valid fare medium and you would likely face fines if inspected.

Gilles 'SO- stop being evil'
  • 849
  • 1
  • 7
  • 21