|
Written by Robo
|
|
Thursday, 27 August 2009 22:13 |
The OV-Chipkaart is a new, electronic ticket to be used in public transport in the Netherlands. The core of this system is an RFID card that can be used to gain access to buses, trains, trams etc, without having to buy paper tickets for each journey. Even before its nationwide rollout (scheduled for 2010 or so), it's been criticized in the media for being too expensive, too complicated, or too easy to abuse. Several hackers have publicized severe flaws in the chips' security features, that could be used to get bus rides without paying, or even worse, by making someone else pay!
This is an OV-Chipkaart. It's been issued by RET, the transport company serving the port city of Rotterdam. There are actually several different versions to be bought: two versions that can be topped up from vending machines, and a disposable version that can be used only once or twice. The card on the picture is a disposable card, and unlike the (more expensive) rechargeable cards, is made from paper.
If you peel off the paper outside, this is what you find inside. It's an RFID card made by KSW Microtec. It contains a metal coil on the outside that picks up the radio waves emitted by card readers and converts them into an electrical current. The actual chip is the little black square above the KSW logo.
The chip is really tiny: just 0.7 mm on each side! It has two contacts that connect it to the coil.
And this is what we find on the other side, after it's been separated from the card. It's a Mifare Ultralight card, made by NXP (formerly Philips). There are many different versions in the Mifare family, with different amounts of memory and security features. The Ultralight is the cheapest version with little memory and no security features at all.
The two large squares on the lower left and upper right are the contacts that connect to the coil. The two smaller squares are used for testing purposes.
The chip uses the standard 13.56 MHz RFID frequency as defined by an ISO standard. It contains 512 bits of EEPROM, which includes a unique 56-bit serial number, 384 bits of general storage area, and 32 bits that can be changed only once (in this case, for keeping track of the number of rides used).
This is the interface to the outside world. The incoming signals are converted into power and data, and the outgoing signals are transmitted, all by these finger-like circuits.
The grid on the right is probably the EEPROM area. Note how small the other circuits are, even at this 400x magnification!
|
