# Introduction # Summarizes known/publicly implemented Mifare Classic cards - default keys, data storage format, known-plaintexts on card, etc. # How to contribute # If you legally own a publicly available Mifare Classic card, which **is not** listed here or which you think **is more accurate/updated** than presented one, we would like to hear from you. Please DO NOT contribute: * private card dumps (examples: office building, fitness centers, etc.) * card dumps which do not legally belong to you (examples: a test dump made by a friend on your computer, dump you made from your friend's card, etc.) # Legal disclaimer # This information is presented in good faith and for informational purposes only. It is not intended to disclose private/sensitive information nor to affect in any other ways holders or issuers of such publicly available cards. The information is gathered from personally and legally owned cards. The information presented here is intended to raise awareness to the possible security threats and privacy implications when using Mifare Classic cards. # Details # | **Country** | **City** | **Card Name** | **Estimated number (date)** | **URL/Photo** | **Card type** | **Default keys** | **Reused keys patterns** | **Data format** | **Known plain-text** | **Risk level** | |:------------|:---------|:--------------|:----------------------------|:--------------|:--------------|:-----------------|:-------------------------|:----------------|:---------------------|:---------------| | Romania | Bucharest | RATB SAT Card Activ | ? | http://card.ratb.ro/

1K	None	Sector_0_A=Sector_1_A Sector_0_B=Sector_1_B	Unknown encoded/mangled/in-house crypto? encrypted? block/stream cipher?	0xFF sequences in blocks: 1, 2, 32, 33, 34, 36, 37, 38	low
Romania	Timisoara	RATT Acces Card	?	http://www.ratt.ro/taxare/	?K	?	?	?	?	?
Bulgaria	Sofia	SKGT	?	http://www.skgt-bg.com/index_en.htm	4K	FFzzzzzzzzzz A0zzzzzzzzzz	Default keys heavily reused Sector_5_A=Sector_6_A	Sector 1 (administration code 0x00 0x04) contain card holder information (Run-Length-Encoded) Sector 2 contain card publisher information (code 0x00, 0x15) Sector 3 electronic purse, city traffic These sectors do not change during card usage Sector 4 Block 0,1 = unknown data Sector 4 Block 2 = last travel Example: 00 04 00 01 01 00 e1 05 58 12 c2 00 00 70 00 93 00 04 = line number 4 05 e1 (hex) = 1505 (dec) = car number 00 c2 12 58 (hex) = 1100 0010 00 01 0010 0101 1000 (bin), lower 14 bits = number of days since 01.01.1997, higher bits = number of minutes since the start of the day Sector 5 Block 0,1 = Value blocks	Hex password for last sector key B represents string "SofiaM"	HIGH
U.K.	London	Oyster card	?	https://oyster.tfl.gov.uk/oyster/entry.do	1K	None	None	Unknown encoded/mangled/in-house crypto? encrypted? block/stream cipher?	0xFF sequences in blocks: 2, 17, 56, 57, 58, 60, 61, 62 "–ABCDEFGHIJKLM" string at block 1	.
Netherlands	Amsterdam	OV Chipkaart	?	http://www.ov-chipkaart.nl/	?	?	?	?	?	.
Taiwan	Taipei	EasyCard	18.2 millions (Apr 2010)	http://www.trtc.com.tw/	1K	?	?	Unknown encoded/mangled/in-house crypto? encrypted? block/stream cipher?	?	.
Czech	Czech Technical University in Prague, Institute of Chemical Technology Prague	Student CVUT/VSCHT Card	?	http://www.techlib.cz/en/customer-account/registration/id-cards-of-cvut-and-vscht/	1K	FFzzzzzzzzzz	Sectors 0 to 3 have equal key A Sectors 0 to 3 have equal key B	Cleartext Block1 = National ID (?) Block2 = Passport No (?) Block4 = Name (space padded) Block5 = Surname (space padded) Block8 = Valability (?) in format DD.MM.YYYY Block12/13 = Telephone numbers (?)	None	HIGH
Czech	Czech	Czech ISIC Card	?	http://www.isic.cz/	1K	FFzzzzzzzzzz	None	Cleartext (?) Block4 = some kind of serial number	None	HIGH
Czech	Liberec	Liberec City Card	?	http://www.mikroelektronika.cz/custom-made-electronics/novinky http://www.mucl.cz/mestska-autobusova-doprava/opuscard/karta-opuscard.html	4K	A0zzzzzzzzzz	Block 0x5F to 0xFF have equal key A Block 0x5F to 0xFF have equal key B	Partially cleartext Block4 = Surname Name (seem null terminated C strings) Rest encoded/encrypted (?)	Block 1 and 2 = lots of every second byte is 0x18	MEDIUM
Luxembourg	Luxembourg	Luxembourg (Public Transport) Card	?	?	1K	FFzzzzzzzzzz	Block 0x00 to 0x33 have equal key A Block 0x00 to 0x33 have equal key B	Encoded, seems no encryption or dynamic keys	Block 0x34, 0x35, 0x36, 0x38, 0x39, 03a, 0x3c, 0x3d, 0x3e = filled with 0xFF	MEDIUM
Russia	Moscow	Бесконтактные транспортные карты	5-30 millions (1998-2007)	http://www.metro.ru/fare/contactless/	?K	?	?	?	?	?
Russia	Russia	Rossiyskie Zheleznye Dorogi/Russian Railways (RZhD)	?	Forum notes News notes	?	?	?	?	?	?

Links

http://www.dib.com.br/dib%20cd/C2007/Palestras/Palestra%20Francimar%20Santos%20Cards%202007.pdf
http://www.skyscrapercity.com/showthread.php?p=39116178
http://www.ratt.ro/forum/index.php?showtopic=157&st=0