Student card hacking help

[GreenHorse]

Hi everyone,

A friend of mine asked me for help "to mess around" with his student card. The card he has is an ISIC card (isic.org). He has a credit which he re-charges through a machine in order to pay the cafeteria. That card is also used to unlock doors around campus. The readers they use: https://www.nedapsecurity.com/component/...s-readers/

I wanted to explore the dump data of the card but I can't even get my RFID-RC522 to detect it. I'm pretty sure the card's credit is stored on a db server-side but the data which indicates what doors it can unlock it's on the card itself.

So my question is, what technology is the card using and what do I need to use to read it? Any aliexpress links will be greatly appreciated. Also, any ideas of what you'd do in this situation are greatly appreciated.

I guess the end goal would be to have access to all doors. Infinite money would be nice but the only way I have thought of that would be through cloning other people's card and using their UID whenever he'll pay.

Many thanks.

[poppopret]

hmm ok i actually studied rfid fairly extensively so i can maybe shine some light on this

after a few google searches, i managed to work out that isic cards TYPICALLY use mifare chips of some sort, which matches with what the convexs doorlock things are configured for.

this means that in theory, anything that follows the iso14443 standard should be able to read (or at the very least detect) some kind of chip/data when scanned. the (mf)rc522 you mentioned should, in fact, be able to read it (rather the 'mf' at the start of the model number stands for MiFare iirc)

are you sure its set up properly?

when testing stuff i always just use my bank card, honestly. cool party trick with my phone to show people i can skim their card from their wallet without any physical contact. also, i just know the card always works.

if you have another card you can try, try it with your reader.
if you have access to an android phone, get NXP TagInfo installed on it and try reading the cards there
(you might need to remove the phone case and shift the card around on the back, sometimes theyre finicky, but they should work 99% of the time.)

whatever you do afterwards will depend on the specific type of mifare chip inside.

---

something else i noticed is that there are resellers of (probably counterfeit) isic cards that are using the em4305, which is NOT iso14443, but iso11784/11785, meaning they operate on 125khz instead of 13.56mhz like typical mifare chips.

although its unlikely, there's a chance that the card is actually dualchip. it might use 13.56mhz for stuff like payments (what mifare is usually used for,) and the convexs might be custom for 125khz (my school personally used 125khz for door access, although i dont think we used those exact model of readers and we didnt use our student cards, they just gave us fobs to get into residence or whatever.)

it's probably not the case, since what i found were presumably counterfeit, but it might be worth looking into as a possibility.

[Lewis]

Hi everyone,

A friend of mine asked me for help "to mess around" with his student card. The card he has is an ISIC card (isic.org). He has a credit which he re-charges through a machine in order to pay the cafeteria. That card is also used to unlock doors around campus. The readers they use: https://www.nedapsecurity.com/component/...s-readers/

I wanted to explore the dump data of the card but I can't even get my RFID-RC522 to detect it. I'm pretty sure the card's credit is stored on a db server-side but the data which indicates what doors it can unlock it's on the card itself.

So my question is, what technology is the card using and what do I need to use to read it? Any aliexpress links will be greatly appreciated. Also, any ideas of what you'd do in this situation are greatly appreciated.

I guess the end goal would be to have access to all doors. Infinite money would be nice but the only way I have thought of that would be through cloning other people's card and using their UID whenever he'll pay.

Many thanks.

hak5 have a cool gadget. 

link: https://shop.hak5.org/products/keysy