The biohack.me forums were originally run on Vanilla and ran from January 2011 to July 2024. They are preserved here as a read-only archive. If you had an account on the forums and are in the archive and wish to have either your posts anonymized or removed entirely, email us and let us know.
While we are no longer running Vanilla, Patreon badges are still being awarded, and shoutout forum posts are being created, because this is done directly in the database via an automated task.
RF chip that will mimic a contacless card (W/O "a system")
Hi. I've been reading about implantable chips for a little bit and I am surprised to see very little in terms of successful DIY payment/ID stuff. I mean, the contactless credit cards that my wallet is full of, are nothing else than really small RFID chips, embedded in a plastic card. And they can be cloned (because e.g. you can get your card details stolen and written into a blank card). Sooo why am I not able to find a solution that would allow me to put a writable chip in my palm and copy my credit card's data into it? I know there are those walletmor chips out there but there is a few of huge buts! I mean, first of all, when implanting something I don't want to hear about any expiration dates! That's just crazy, even with the 8 years lifespan! Second thing - I am implanting my payment secure credentials subdermally to further FREE myself and NOT to sign-up for yet another banking service that I don't need, which, by the way does not have credit accounts and only supports a handful of currencies (mine not included, obviously)!
I'm positive that what I seek can be done, and I am pretty sure it has been done. A blank NFC/RFID card can be bought for 2$ in China, and even less if bought in bulk, so it's not especially pricey. A small-time crook can clone your card, so it's not especially hard to do, in theory. But it would seem that somehow, nobody does this yet!
Can anybody here explain why is that? Or if you heard/seen somebody who did that, can you please point me in the right direction? Thanks!
Comments
-
When you talk about cloning a credit card, you're confusing the old magstripe technology with the new secure element type cards (contact/contactless). Look up symmetric key and then asymmetric key encryption for some context.
Inside the secure element there are symmetric keys loaded on at special factories that allow MasterCard and Visa to digitally sign communication between the card and the network, and it cannot be cloned because the keys are never revealed in the clear. Some systems like the "tokenized" wearables also use asymmetric key encryption to sign a limited number of transactions before they basically have to be "topped up" by the payment network.
I work with VivoKey, and we're trying to enable "tokenized" payment implants in the form of the "Apex" that will never expire. It just gets pointed at your bank account with a new token intermittently. Unfortunately MasterCard will explicitly not allow the Apex to process payments because they're afraid of the PR backlash from Christian fundamentalists who think it's the mark of the beast. We are able to use the exact same chip in a ring and it's allowed, but the implant form factor is not.
That is why you are seeing all these payment conversions that expire like a normal card. We're trying to normalize payment implants and prove there is a market so that MasterCard will stop being obstructionists.
-
Oh. Thanks for the answer. So my feeling about this was at least partialy right - there are no real obstacles to a working solution, but those present are not what I thought they were.
BTW, really...? Card cloning is only possible as far as the magnetic strip goes? Isn't that tech so ancient that nobody even remembers using it? Why is it still implemented if it's the only real credit card vulnerability? I'm thinking of taking a neodymium magnet right now and destroying the magstrips of my cards as I NEVER ever use them.
PS... "mark of the beast" rly...? In 2021 when we're going on commercial space trips and such. Unbelievable.
-
True card cloning is only viable with the PAN data on the magstripe. In the US at least they're mostly on contact interface and just starting to get contactless, but they still have magstripe. The only security is the second factor of authentication (the PIN code).
You can technically perform "replay attacks" on cards with secure elements, but that is not cloning. You basically set up a phone as a phantom POS terminal and it requests several transactions from a card which it stores the data from. If the cards owner makes another transaction before those are used up they become invalid though, so often the transaction data is sent over the internet to other groups who rapidly make several online purchases. That's not useful for implants though.
Yes, mark of the beast. It's all the US's fault. They're such a big market but the influence of evangelical christians is unchecked there. MasterCard doesn't see the value proposition of what they view as a few thousand users (payment implantees) using their platform in a slightly more secure way (the credit card issuers themselves are the only ones who benefit from security because it lowers fraud and insurance premiums, MasterCard doesn't make anything). Whereas they see a huge potential PR nightmare that will lower their stock value if they raise the ire of irrational zealots by allowing us.
-
Sorry to repost in an old thread but I just wanted to clarify a couple things.
Since this thread has been posted has anyone been able to figure a way to clone their contactless card onto an injectable?
And allso are there any contactless gift cards or the like available that might be easier to clone?
Buy a card, rewrite your chip and once the card is depleted buy a new card.Just a thought.