Uninformed: Informative Information for the Uninformed

Vol 1» 2005.May


Introduction

If this whitepaper looks a little familiar to you, I'm going to admit off the bat that it's based a bit on Phrack 48-10/11 (Electronic Telephone Cards: How to make your own!) and is using a similar format to Phrack 62-15 (Introduction for Playing Cards for Smart Profits). I highly recommend you read both of them if you're trying to learn about smart cards.

I'm sure that many of you that live near a major city have seen parking meters that require you to pay money in order to park in a spot. Upon initial analysis of these devices you'll notice there is a slot for money to go in. On some, there is also a slot for a Parking Meter Debit Card that you can purchase from the city. This article will analyze these Parking Meters and their Debit Cards, show how they tick, and show how you can make your own.

The end goal however is to provide enough information so you can create your own tools to learn more about smart cards and how they work. I have no intention of having people use this article to rip off the government, this is for educational purposes only. My only hope is that by getting this information out there, security systems will be designed more thoroughly in the future.

                         PARKING METER

                           _,-----,_
                        ,-'         `-,
                       /  ._________.  \
                      / , |  00:00 <+-,-+------ Time/Credits Display
    Meter Status ----+>'-''---------''-'<+----- Meter Status
                     |   ,-------,       |
                     |   |\    |<+-------+----- Coin Slot
 Smart Card Slot -----\--+->\  | |      /
                       \ '----\--'     /
                       \               /
                        \             /
                        \             /
                         \-----------/
                         | ,-------, |
           Money --------+-+-->o   | |
                         | |       | |
                         | |       | |
                         | '-------' |
                          \---------/
                            |     |

For those not familiar with these devices, you can go to various locations around town and purchase these Parking Meter Debit Cards that are preloaded with $10, $20, or $50. To explain how to use these, I will quote off of the instructions provided on the back of the cards:

  .--------------------------------------------------------------------.
 /                                                                      \
 |                       PARKING METER DEBIT CARD                       |
 |                                                                      |
 |     1. Insert debit card into meter in direction shown by arrow.     |
 |        The dollar balance of the card will flash 4 times.            |
 |     2. The Meter will increment in 6 min. segments.                  |
 |     3. When desired time is displayed, remove card.                  |
 |                                                                      |
 |                      DID YOU BUY TOO MUCH TIME?                      |
 |                      TO OBTAIN EXTRA TIME REFUND                     |
 |                                                                      |
 |     * Insert the same debit card that was used to purchase time      |
 |       on the meter. Full 6 minute increments will be credited to     |
 |       card. Increments of less than 6 minutes will be lost.          |
 |                                                                      |
 |        Parking cards may be used for ************** meters           |
 |                      which have yellow posts.                        |
 |                                                                      |
  \--------------------------------------------------------------------/

NOTE: The increments are now 4 min due to raising prices

I'm not including a lot of information that's provided in those Phrack's that were mentioned, so if things look a little incomplete, please read through them before emailing me with questions.

Here's a list of all of my resources:

- The ISO7816 Standard

- Phrack 48-10/11 & 62-15

- Towitoko ChipDrive 130

- Homebrew Synchronous Protocol Sniffer (Schematics Included)

- A few Parking Meter Debit Cards

- A few Parking Meters

- Computer with a Parallel Port

- A business card or two