E-Wallet data changes in card

Forum / MIFARE general topics and applications / E-Wallet data changes in card

Tagged: 

  • 29. May 2019 at 23:02
    Hello,

    I am using Mifare 1k Classic (M1) cards on a payment device (POS) running modified Linux OS.

    Below is my C code for converting raw block data into integer. I am not very good at C myself. I appreciate if someone can confirm if code is doing correct checks and conversion and everything. It maybe me that used pointers etc. in a way so there maybe a wrong cross check/conversion.

    void ConvertMifareDataToNumber(char *buffer, unsigned int *value)
    {
    char valuebuffer[8];
    long test;
    int inverted;
    char invertedbuffer[16];
    char buf[4096];
    char valuetext[128];

    sprintf(buf, "PAYMENT-(ConvertMifareDataToNumber) ");
    strcat(buf, "Incoming buffer: ");
    strcat(buf, buffer);
    Log(buf);

    *value = 0;

    // Check if backup values are same
    if ((buffer[16] != buffer[0]) ||
    (buffer[17] != buffer[1]) ||
    (buffer[18] != buffer[2]) ||
    (buffer[19] != buffer[3]) ||
    (buffer[20] != buffer[4]) ||
    (buffer[21] != buffer[5]) ||
    (buffer[22] != buffer[6]) ||
    (buffer[23] != buffer[7]))
    {
    ErrorPrompt("Data mismatch[1]", 60);
    return;
    }

    valuebuffer[0] = buffer[6];
    valuebuffer[1] = buffer[7];
    valuebuffer[2] = buffer[4];
    valuebuffer[3] = buffer[5];
    valuebuffer[4] = buffer[2];
    valuebuffer[5] = buffer[3];
    valuebuffer[6] = buffer[0];
    valuebuffer[7] = buffer[1];

    test = strtol(valuebuffer, NULL, 16);
    if(test < 0)
    {
    ErrorPrompt("Data mismatch[<0]", 60);
    return;
    }

    strcpy(buf, "PAYMENT-(ConvertMifareDataToNumber) ");
    strcat(buf, "Calculated value: ");
    sprintf(valuetext, "%d", test);
    strcat(buf, valuetext);
    Log(buf);

    inverted = ~test;
    memset(invertedbuffer, 0, sizeof(invertedbuffer));
    sprintf(invertedbuffer, "%08x", inverted);
    strcpy(invertedbuffer, myuppercase(invertedbuffer));


    strcpy(buf, "PAYMENT-(ConvertMifareDataToNumber) ");
    strcat(buf, "Inverted value: ");
    strcat(buf, invertedbuffer);
    Log(buf);

    if((buffer[8] != invertedbuffer[6]) ||
    (buffer[9] != invertedbuffer[7]) ||
    (buffer[10] != invertedbuffer[4]) ||
    (buffer[11] != invertedbuffer[5]) ||
    (buffer[12] != invertedbuffer[2]) ||
    (buffer[13] != invertedbuffer[3]) ||
    (buffer[14] != invertedbuffer[0]) ||
    (buffer[15] != invertedbuffer[1]))
    {
    ErrorPrompt("Data mismatch[2]", 60);
    return;
    }

    *value = (unsigned int)test;

    return;
    }


    Unfortunately, LOG records I tried to keep in a log file in POS device are not accessible and I do not have a chance to do more detailed analysis.

    My application only reading raw data and converting to integer. Number increase/decrease on card is done by library functions provided by POS device. These functions has input block and output block as parameters. They themselves read raw block data and do increase or decrease operation or let mifare card or chip (on POS or on CARD) to do that. I do not have access to codes, I just have libraries. As library function is reading raw data block value from scratch, basically all that can be wrong I think is that read number to be wrong.

    My problem is displayed in attached picture. Mysteriously, balance increased by 50.00 for that card without any LOAD transaction. Card relevant sector has read and write protection as "08 77 8F 00". People using these cards (there are about 50 or more) are not expected to crack code sector. Yet, this remains as possibility.

    We are started to think that my code above is wrong and that leads to wrong reading of card balance. However, I am not quite sure about that.

    I especially would like to read about real life experiences you have, please. Solution suggestions are welcome.

    Any help is appreciated.

    Thanks & regards,
    Ertan
    + 0  |  - 0

    Re: E-Wallet data changes in card

    30. May 2019 at 12:38
    BTW, buffer variable in above post holds HEX string like "87D612007829EDFF87D6120011EE11EE". It is not explained in above. Just wanted to clarify.
    + 1  |  - 0

    Re: E-Wallet data changes in card

    5. June 2019 at 9:46
    Hi Ertan,

    If your target system is very limited, you should think about to use a simple laptop to test your software. Usually, a third-party NFC reader is used via USB and a user manual is available. PC/SC is an official standard which was also adopted from Linux (as “pcsc lite”).

    The driver also defines the way you are communicate with the card. Usually you have to use wrapper APDU command were the card APDU commands are encapsulated. How this is done, is explained in the user manual of the reader.

    One note: the MIFARE Classic allows it to save integers as so called “value block”. There are commands for incrementing and decrementing values. Please refer 8.6.2.1 (page 9) at:

    MIFARE Classic EV1 datasheet

    for more information at value blocks.

    Without knowing the details of your system, it is very difficult to give an advice about what is your issue, sorry.

    The TapLinx team
    + 0  |  - 0
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.