On 30 May 2007 01:30:27 -0700, Boltar wrote:


This will be hacked eventually, but the hard part is not getting caught.
Duplicates and cards with false cash/travelcards will be easy to spot, and

Duplicates you could spot , not sure how you'd spot the fake balance
or period unless the gate communicates with a database containing that
info for every ticket which I don't think it does.

The fake balance would be easy to spot overnight when the transactions are
balanced together, but that would give the user a free day. I don't know
if the main tube readers are linked to the main system, they could be, but
the extra cost of handling a fast transactual system Vs a nightly batch
system might not make it worthwhile. Of course in commerical use the doors
are normally linked to a digital video system, so everyone using a door is
recorded on camera. Think of the fun Big Brother could have using that
system on the tube!

However even
duplicate id issues could be bypassed if you could update its software
- just use a rolling id system. Each time the card is used it rolls
over to another (hopefully valid) id. So if the gate won't let you out
first time just keep trying.

I was thinking of that, a pocket scanner/writer that keeps pulling the ID's
from other cards and updating your one with them, mifare has a range of
several feet so its possible. That would be a clever hack. Still having
heard about the roulette wheel laser scanner , I wouldn't rule it out.

Steve