Upon learning that the Nexus S smartphone was equipped with a Near Field Communications NFC) radio, [Eric Butler] decided he would put the newly released Gingerbread SDK to good use. Focusing initially on ORCA fare cards used by several Washington state transit systems, he built an open-source application he calls FareBot, which can read data from any MIFARE DESFire branded cards. Utilizing the NFC radio in the Nexus S, he was able to dump all of the unprotected information from the fare cards, including the remaining card balance and the last 10 locations where the card was used.
The author hopes that his proof of concept application encourages other developers to expand on his project and to explore the data stored on transit cards around the world. While it is in its early stages, [Eric] would ultimately like to see this project expanded to allow the use of NFC-enabled smartphones as transit cards themselves via downloadable apps. He suggests that helping people understand the amount of data which can be freely obtained from these cards will eventually force the manufacturers to better inform consumers of the existing system’s shortcomings, which in turn might spur on smartphone-based transit initiatives.
12 thoughts on “FareBot – Android NFC Proof Of Concept”
An RFID reader, in a cellphone?
How’s the range, and can it penetrate jeans if close enough?
Our school uses a keyless entry system, guessing from what I’ve seen, it’s RFID.
love this concept.
keep it up, eric.
site hack-a-day DDoSed?
@Anon — it can read and emulate RFID cards to my understanding (this is old news, Android added this SDK over a month ago.)
The more important part is that this is a specific software application that utilizes it.
As for the range I can’t comment. But in an emulation environment, I assume it would be better, since the phone is powered, and cards are powered by electricity they pick up via radio waves… for reading, I would assume it’s less range since it’s powered by battery and not directly connected to power like most card readers are…
Again though, that’s just speculation, so someone correct me if I’m off base here.
Better yet, can it WRITE to these cards?
So basically, what can you do with this? Steal other people’s hard-earned on fare cards? Cheat metro/subway/etc out of money needed to make using it affordable to the rest of us? Seems like this is kinda shady to me.
@cde – right now it’s read-only but that’s because of software/firmware. It will be updated in the future to support write-capabilities.
Actually, Nexus S can write tags with some hidden functionality, this post explains how http://www.nearfieldcommunicationsworld.com/2011/01/25/35758/
@Maave That means you can do a quick test to see if the subway uses server side verification or not. Hahaha.
entry systems usually implement fail Unique 125 kHz tags, identification is by TAG number only, tag cloner was here like a week ago
PN544 mounted in Nexus talks 13.56 MHz
Is the Nexus S the only phone (or consumer accessible device) that has the necessary hardware?
No, apparently all phones with NFC *should* be able to do it. Not 100% sure though
Please be kind and respectful to help make the comments section excellent. (Comment Policy)