Is it possible to emulate a single NFC ticket on my cell phone?

I would say the best answer to this question is that it is not possible.

Why is this not possible?

To understand this you first need to know how the card used by them works.

I can not say with certainty the card model used for the single ticket, but for information that is on the internet it is most likely that they will use the MIFARE Classic 4K smartcard.

Simplifying the operation of the card let's just say that this is a card that has 4KB of memory that can have any data recorded on it, this memory can be read and recorded by compatible equipment, such as the machine used on buses, recharge points or even NFC phones.

But this data is protected, however much an NFC cell phone may be able to read and write this data you will not be able to do this with your cell phone.

You could try reading the data with some application such as NFC Mifare Classic Scanner , but as the description itself says it needs a key to be able to read and write, and it is this key that protects the data so they are not read and altered by anyone. >

How is the card used?

Contrary to what one might think the card does not only have a TAG that is used to identify the card, actually the credit information itself is stored on the card.

I can not say exactly how it was implemented, but it should read your balance directly on the card, subtract the value of the ticket and then record the information back into the card. This probably also includes the date and time it was last used to allow cases where they let you change buses for a certain amount of time without having to pay another one.

All this is done offline, I can not tell if at some point the system on the bus connects to another system to synchronize some information, but I would say it is very likely that this will never happen.

And it's not hard to understand that their system can actually work offline, however much one might think that it should connect to a central one, it's easy to see that this never happens. If he needed to check the balance in a central it would need some kind of connection with it, however much you could have a 2G or 3G connection, there will always be shaded areas, where network coverage is not good or even does not work, and the response time would be high, the cards usually respond in a few moments when they approach it.

So it really is not possible?

Perhaps it was possible if you had access to the key used by the card, as it would be necessary for your cell to emulate card operation, but in practice this is not possible as it would be very easy to defraud the system like this.

A person possessing this key can read and write cards, so it would be possible to copy all the data from the card, so it might be possible to create software that would emulate the card, but it would be a copy of the data, would be the easiest way to defraud their system, if you simply discarded the modifications made during the recording after using the card you would always have the same balance on the card.

Even a few years ago news ( tecnoblog , Info ) about a possible security breach in these tickets, where a hacker said have been able to read all the data on the card, and although he has not been able to change the value of the balance for example, he said he was able to back up the data, then used all the credits on the card and finally returned the card. backup to the card, as a result the credits were again available on the card.

Yes, it is possible. By the way, there are already implemented solutions .

Links:

• 'SPTRANS homologates the recharge of the single ticket by mobile phone' , sptrans.com.br
• Point Ticket One Ticket application on Google Play

Hello. After long nights of study on technology, I believe it is possible to copy the card! It is not possible through the phone, but through a read and write device of the same frequency of Mifare. The idea is to capture all the data from the original card, save it as a file. Then write the copied data to a second card with the same capacity. When you finish the credits you just have to reset the recorded card through the previous data image ...

I believe that the capture of the data in the magnetic field through the complete copy, "without needing any encryption" is possible.