By: admin On: June 06, 2016 In: Uncategorized Comments: 0

The MIFARE Classic 1K offers 1024 bytes of data storage, split into 16 sectors; each sector is protected by two different keys, called A and B. Each key can be programmed to allow operations such as reading, writing, increasing value blocks, etc. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.

As you can see the Go Card is nothing more than a dumbed down USB key. The readers on at the train station, on the bus or ferry can read and write to your Go Card when they need too.

The encryption that secures your balance, trips and other pieces of information like where you tap on and off is apparently only protected by a key that is 50bits. This means the card can theoretically be cracked by a modern PC in a matter of minutes (we’ll get into that later too).

Presumably the Go Card uses the cheaper MIFARE Classic 1k because it was cheaper and they’re willing to take the risk of potentially small amounts of fraud over replacing all of commuters cards or buying the more expensive and fancier MIFARE cards that NXP produce.

Trackback URL: