Glass Encapulation for Uncommon / Secured tags
As much as I dig Boston's Charlie Card system, I'd dig it a lot more if I could interface with it with an RFID implant. Issue is security, specifically I'm not sure how I'd be able to clone the details onto a new clear chip (Mifare classic 1k). Not only that, but I have a feeling I'd piss off some folks I'd rather avoid drawing attention from.
It's basically impossible to carve the chip out of the card because of the way this super thin wire is pressed between plastic, but I'm thinking some form of an acid bath might be a viable way to extract it. It's not unheard of. Sounds like there's a method using basic nail polish remover, already. Once extracted, I need to encapsulate it. Are there currently any services that provide glass encapsulation? Or a kit of some form I can order? Right now I'm checking out Schott's transponder glass (http://www.us.schott.com/epackaging/english/glass/transponder.html) but I'm not sure if there's another better-known option (or if I'm even able to order from these folks as an 'independent researcher'. Never ordered from a large company like this). They also come with a fire-polished open end, and I have no clue how I'd close that up. The product manual suggests "a clean room atmosphere using laser or infrared" but I don't exactly have such resources.
Guidance in the right direction would be super rad! Thanks!
It's basically impossible to carve the chip out of the card because of the way this super thin wire is pressed between plastic, but I'm thinking some form of an acid bath might be a viable way to extract it. It's not unheard of. Sounds like there's a method using basic nail polish remover, already. Once extracted, I need to encapsulate it. Are there currently any services that provide glass encapsulation? Or a kit of some form I can order? Right now I'm checking out Schott's transponder glass (http://www.us.schott.com/epackaging/english/glass/transponder.html) but I'm not sure if there's another better-known option (or if I'm even able to order from these folks as an 'independent researcher'. Never ordered from a large company like this). They also come with a fire-polished open end, and I have no clue how I'd close that up. The product manual suggests "a clean room atmosphere using laser or infrared" but I don't exactly have such resources.
Guidance in the right direction would be super rad! Thanks!
Comments
Once the chip is free, I'm still at a loss on encapsulation. Feeling pretty safe in assuming that DIY glassblowing / torching the hole shut could ruin the biocompatability (And cause issues with the texture, giving contaminates a foot-hold).
In terms of glass, I think you can seal those schott tubes with a blowtorch and a spin. Kind of like playing with glass capillary tubing but a bit thicker.
The more complex cards are a whole 'nother ball game. To learn more about them, breeze through this old Defcon presentation that was blocked from actually presenting by an injunction: http://tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf
This kind of card would need encapsulation.
@ElectricFeel everything you said is correct, but why do you think we can't clone the Boston Charlie Card system?
The cards also expire after five years, so your implant has a defined obsolescence, unless it's rewritable and you can flash it while implanted.
Also, you might want to try getting in contact with these guys : http://www.ringtheory.com/
They sell MTBA RFID's embedded in a ring. They might be able to provide more specifications, or a raw chip. It could be easier than dissolving a card.
Further reading suggests cloning is totally feasible, and this : https://dangerousthings.com/shop/13-56mhz-s50-glass-nfc/ would be perfect for the implant. It's the same chip in the card.
Dangerous Things' FAQ has a different point:
Now let’s talk about transit and laundry cards (token systems).
Typically these systems use their own method of leveraging memory blocks
and access keys (Mifare Classic and DESFire access keys), meaning even
if you could get your implant added to their system, it would require
formatting your tag and setting up access keys in such a way that it
would become totally dedicated to that purpose. You could no longer
access memory blocks on your own tag or use it for any other purpose.
This might be ok for some of you, but for many I could see that as being
a problem.
See if you can encapsulate a known working card.
yeah, I read the Ring Theory page before, having their help would make things easier, but it is still doable without them.
The DT mifare chip may or may not allow cloning of the card in question. If the Boston system uses only the data on the card, then yes, the DT chip could be used to clone it, however if the Boston system also uses the chip UID, then the DT chip cannot be used to clone it, since the first block of the DT chip is read only, and cannot be changed.
AlexSmith
I will absolutely reach out once I get a card or few boiled down, thanks! I tried getting data from the card using nfc tools on android, but I mostly get read errors (https://blackboxjack.com/charlie.xml). I have a bundle of 'cancelled' cards I can send to you or anyone else who wants to examine them in depth. If you can clone it, that would be exceptionally rad! (Especially since the ones I get through work are discounted. Buying my own replacement is full price.)
Good to know a torch is a viable sealing method. Think the Artists Asylum nearby has one (super good to know if, ah, I need to make multiples for friends and such. Or other chips I may want to try!) Thanks!
funds are on the card itself, I've hacked transport systems like this in the past ;)
The waiting period between synchronizations may cause some cards to
report lower funds than are actually on the corresponding Clipper
account. In order to alleviate this problem, Clipper allows riders to go
as low as −$11.25 on the card before funds need to be added, and/or the
card needs to be scanned at an internet-enabled or recently
synchronized device.
Every system has the database on it. The only question is how long out of date is it. You would still hit the negative balance and be declined within a day once you were negative. The server has your balance on it, and the card is synced to the server. Changing the card doesn't change the server. Even if you spoof a balance increase, you will still be caught out when the server catches the discrepancy.
Nearly every subway has moved to this since 2006, due to the publicizing of how to easily hack their systems.
One of these is busted, and one is valid but at a 0.00 balance. Can't tell which is which, so let's reduce both of em!
This is the stuff I'll be using. Turns out there are multiple kinds these days.
I was originally going to dump them into some tupperware, but then I figured hey... if this is supposed to use the power of acid to reduce a charlie card to a bundle of wires and ex-plastic goo... a ziplock probably wouldn't survive. Pyrex it is!
Enough to cover em, but we're not filling the entire thing up. Please ignore the dirty pots in the background.
It's always wise to label your work, yo.
So, I don't have a lab yet, sadly. So no lab storage. I do have a room, but it has my bird kids and they both have quite sensitive lungs. Plus my liz kid who likes to eat stuff he shouldn't. So my room is out. Have to keep this thing somewhere though. So for now I have it tucked away on top of the fridge where hopefully I can quasi forget about it (to avoid constantly impatiently poking at it) and my roomates won't pry.
Will eventually post more pictures on https://blackboxjack.com/visual/index.php?/category/10
Science!
It seems to have done the trick! There's still plenty of liquid left as of last night, and I got too curious to leave one alone.
Got a little ahead of myself and against judgement, just had to pry one open...
it was a bit hard to split, but eventually gave way. Letting it continue to cook along with the other unopened card, so here's hoping that thin array of wires along the rim comes off easily.
Hello there charlie :)
The next step is to removed the wires from the remaining plastic, which needs to be done somewhat carefully to avoid breaking the wire.
But now the hard part. that casing on the chip is too big to fit in these capsules, which have an inner diameter of 2.5mm. if it is to fit, you need to cut/sand the metal connectors down until it no more than 2.5mm wide. it can be longer though.