If the encryption really has been cracked and the protocol documented
then it should be straightforward construct a device that can
impersonate a legit card, with a random-but-plausible serial number
and balance and journey history, and make it indistinguishable from
the real thing. The Oyster technology is low tech enough that it
should be possible to do with cheap off the shelf parts, or by
repurposing an existing mass-produced device (possibly even Oyster
cards). If it didn't have a fixed serial number there'd be no way to
block it, short of catching someone in the act.
That said, how widespread are fake magstripe tickets? They don't have
any encryption as far as I know.
U
--
http://londonconnections.blogspot.com/
A blog about transport projects in London