Originally Posted by grippa
This is great stuff. I've been waiting for something like this for a while. are you in the UK? If so do you have any idea about the oyster card? I have a visa paywave card as well. It is it possible to read these cards from the nexus s and then emulate them? Also, can the nfc chip in the nexus read 125khz cards? I know that's out of the nfc standard range, just curious. sorry for the number of questions, but if we could get this to work it would be the best use of this underused nfc chip! I'm on 2.3.6 though, I heard they enabled access to the secure element on this version.
Sent from my Nexus S using XDA App
Well, answering to your questions ... No I am not in UK, but I have heard about Oyster card. In fact I work developing ticketing systems. It used to be a plain Mifare Classic 1K but Wikipeda states it has been replaced by Mifare DESfire. The embedded secure element of the Nexus S sports a Mifare 4K, which is backwards compatible with Mifare Classic 1K. Mifare DESFire is a different story. Classic Mifare Cards are memory cards divided into sectors that requiere a key authentication against each sector. Every sector has two keys, one usually configured for reading and the other one configured for writing. Real world ticketing systems usually configure different keys for every card. These keys could be derived from CSN of the card using hardware encryption modules (such as SAMs). However I have seen real systems working with prefixed keys for all the cards (which is just insane).
All that being said, you could theoretically configure the embedded Mifare 4K card to work as a plain old Oyster card, which is nowadays useless. I said theoretically because you should know the map of the key (how to write the correct values in the correct blocks) and the matching keys for your card. If you knew how to get the matching keys (read and write keys) obviously the security of the system would be broken.
You said something about reading cards. Nexus S can act as a reader and in card emulation mode. To read cards you need to know the read keys, which usually are not public either.
I do not know how Visa Paywave works, but I guess it is a command (APDU) based card. The same happens here. You wont even have access to card application to copy it to other card. In fact card applications (cardlets) can not be extracted from cards, only replaced or deleted.
Paypass can work with Google's Wallet because Visa itself installs its cardlets on the embedded element of the Nexus S surely via some kind of TSM service provided by Google (who owns the access keys to load new cardlets)