FareBot – Android NFC Proof of Concept

farebot_logo

Upon learning that the Nexus S smartphone was equipped with a Near Field Communications NFC) radio, [Eric Butler] decided he would put the newly released Gingerbread SDK to good use.  Focusing initially on ORCA fare cards used by several Washington state transit systems, he built an open-source application he calls FareBot, which can read data from any MIFARE DESFire branded cards.  Utilizing the NFC radio in the Nexus S, he was able to dump all of the unprotected information from the fare cards, including  the remaining card balance and the last 10 locations where the card was used.

The author hopes that his proof of concept application encourages other developers to expand on his project and to explore the data stored on transit cards around the world. While it is in its early stages, [Eric] would ultimately like to see this project expanded to allow the use of NFC-enabled smartphones as transit cards themselves via downloadable apps.  He suggests that helping people understand the amount of data which can be freely obtained from these cards will eventually force the manufacturers to better inform consumers of the existing system’s shortcomings, which in turn might spur on smartphone-based transit initiatives.

Comments

  1. Anonymous says:

    Hold on.
    An RFID reader, in a cellphone?
    How’s the range, and can it penetrate jeans if close enough?

    Our school uses a keyless entry system, guessing from what I’ve seen, it’s RFID.

  2. alan says:

    love this concept.
    keep it up, eric.

  3. yosh says:

    site hack-a-day DDoSed?

  4. Mikey says:

    @Anon — it can read and emulate RFID cards to my understanding (this is old news, Android added this SDK over a month ago.)

    The more important part is that this is a specific software application that utilizes it.

    As for the range I can’t comment. But in an emulation environment, I assume it would be better, since the phone is powered, and cards are powered by electricity they pick up via radio waves… for reading, I would assume it’s less range since it’s powered by battery and not directly connected to power like most card readers are…

    Again though, that’s just speculation, so someone correct me if I’m off base here.

  5. cde says:

    Better yet, can it WRITE to these cards?

  6. John says:

    So basically, what can you do with this? Steal other people’s hard-earned on fare cards? Cheat metro/subway/etc out of money needed to make using it affordable to the rest of us? Seems like this is kinda shady to me.

  7. Maave says:

    @cde – right now it’s read-only but that’s because of software/firmware. It will be updated in the future to support write-capabilities.

  8. dgrey says:

    Actually, Nexus S can write tags with some hidden functionality, this post explains how http://www.nearfieldcommunicationsworld.com/2011/01/25/35758/

  9. cde says:

    @Maave That means you can do a quick test to see if the subway uses server side verification or not. Hahaha.

  10. rasz says:

    entry systems usually implement fail Unique 125 kHz tags, identification is by TAG number only, tag cloner was here like a week ago

    PN544 mounted in Nexus talks 13.56 MHz

  11. Sitwon says:

    Is the Nexus S the only phone (or consumer accessible device) that has the necessary hardware?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,288 other followers