BIP / TranSantiago

jorge705 · November 17, 2022, 4:10pm

Would like to request support for BIP cards, those are commonly used as travel cards in Santiago - Chile.

There currently are android apps that fetch the content of such cards (reference: Zaldo - Consulta Bip! NFC )

Dump:
Bip840.nfc (4.0 KB)

Keys:

0263DE1278F3
A3F97428DD01
067DB45454A9
F124C2578AD0
937A4FFF3011
C4652C54261C
68D30288910A
B736412614AF
51284C3686A6
D49E2826664F
3A42F33AF429
32AC3B90AC13
2A3C347A1200
643FB6DE2217
4AD1E273EAF1
6338A371C0ED
6A470D54127C
63F17A449AF0
693143F10368
3DF14C8000A1
1FC235AC1309
64E3C10394C2
F59A36A2546D
15FC4C7613FE
82F435DEDF01
9AFC42372AF1
35C3D2CAEE88
324F5DF65310
682D401ABB09
16F3D5AB1139
E2C42591368A
243F160918D1

Filetype: Flipper NFC device
Version: 2
# Nfc device type can be UID, Mifare Ultralight, Mifare Classic, Bank card
Device type: Mifare Classic
# UID, ATQA and SAK are common for all formats
UID: 86 59 B6 F1
ATQA: 04 00
SAK: 08
# Mifare Classic specific data
Mifare Classic type: 1K
Data format version: 2
# Mifare Classic blocks, '??' means unknown data
Block 0: 86 59 B6 F1 98 88 04 00 C9 03 00 20 00 00 00 22 - UID *
Block 1: 00 00 00 00 D6 CB 4F 06 00 00 00 00 00 00 00 51 - ID BIP!
Block 2: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 3: 3A 42 F3 3A F4 29 78 77 88 00 1F C2 35 AC 13 09
Block 4: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 5: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 6: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 7: 63 38 A3 71 C0 ED FF 07 80 00 24 3F 16 09 18 D1
Block 8: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 9: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 10: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 11: F1 24 C2 57 8A D0 FF 07 80 00 9A FC 42 37 2A F1
Block 12: 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96
Block 13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F5
Block 14: 01 E1 CC E7 09 00 00 00 00 00 00 00 00 00 00 62
Block 15: 32 AC 3B 90 AC 13 78 77 88 00 68 2D 40 1A BB 09
Block 16: 11 22 20 52 DB 06 5F 19 20 B5 71 2F 00 40 00 23 - Month and day of last use
Block 17: F0 1C 02 00 00 00 00 00 00 00 00 40 08 44 06 C6 - Number of uses
Block 18: F0 1C 02 00 00 00 00 00 00 00 00 40 08 44 06 C6 - Number of uses
Block 19: 4A D1 E2 73 EA F1 7E 17 88 00 06 7D B4 54 54 A9
Block 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F5
Block 21: 40 5C BB 24 00 00 20 43 17 05 00 02 00 04 12 CD
Block 22: 40 5C BB 24 00 00 20 43 17 05 00 02 00 04 12 CD
Block 23: E2 C4 25 91 36 8A 7E 17 88 00 15 FC 4C 76 13 FE
Block 24: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F5
Block 25: 00 00 00 00 FF FF FF FF 00 00 00 00 19 E6 19 E6
Block 26: 00 00 00 00 FF FF FF FF 00 00 00 00 1A E5 1A E5
Block 27: 2A 3C 34 7A 12 00 18 77 8E 00 68 D3 02 88 91 0A
Block 28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F5
Block 29: 00 00 00 00 FF FF FF FF 00 00 00 00 1D E2 1D E2
Block 30: 00 00 00 00 FF FF FF FF 00 00 00 00 1E E1 1E E1
Block 31: 16 F3 D5 AB 11 39 18 77 8E 00 F5 9A 36 A2 54 6D
Block 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F5
Block 33: 48 03 00 80 B7 FC FF 7F 48 03 00 80 7C 83 7C 83 - Balance
Block 34: 48 03 00 80 B7 FC FF 7F 48 03 00 80 7C 83 7C 83 - Balance
Block 35: 93 7A 4F FF 30 11 18 77 8E 00 64 E3 C1 03 94 C2
Block 36: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F5
Block 37: 00 00 00 00 00 00 00 00 F0 09 91 12 37 00 00 8D - Last Recharge Data
Block 38: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 39: 35 C3 D2 CA EE 88 7C 37 88 00 B7 36 41 26 14 AF
Block 40: 1F 5C 7B CA 42 04 00 40 19 40 1F 00 5C 45 00 BF - Information Last Loads
Block 41: 9F 59 8B 54 47 04 00 40 19 40 1F 00 5C 45 00 E9 - Information Last Loads
Block 42: 9F 5B 8B 94 42 04 00 40 19 20 4E 00 5C 45 00 F7 - Information Last Loads
Block 43: 69 31 43 F1 03 68 78 77 88 00 32 4F 5D F6 53 10
Block 44: 41 5C 8B 24 20 C0 D0 45 45 19 80 0C 00 00 00 B1 - Information Last Uses
Block 45: C1 5B 4B 89 3A C0 B1 36 45 19 40 0B 00 00 00 3E - Information Last Uses
Block 46: 01 5C 8B CA 33 C0 D0 45 45 19 80 0C 00 00 00 74 - Information Last Uses
Block 47: A3 F9 74 28 DD 01 7F 07 88 00 64 3F B6 DE 22 17
Block 48: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 49: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 50: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 51: 63 F1 7A 44 9A F0 FF 07 80 00 82 F4 35 DE DF 01
Block 52: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 53: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 54: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 55: C4 65 2C 54 26 1C FF 07 80 00 02 63 DE 12 78 F3
Block 56: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 57: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 58: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 59: D4 9E 28 26 66 4F FF 07 80 00 51 28 4C 36 86 A6
Block 60: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 61: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 62: F5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 63: 3D F1 4C 80 00 A1 FF 07 80 00 6A 47 0D 54 12 7C

Analysis (in Spanish):
Analisis-de-seguridad-de-la-Tarjeta-Bip!.pdf (1.8 MB)

Content of the card include:

ID
Balance
Ride details
Top ups and transactions

Screenshot-20221117-124958

Bug on FlipperZero: Can’t emulate bip!, When I try to do it from any application it throws an error

Spildit · November 19, 2022, 4:09pm

You can save the original card with a payment on it, then use the card and then restore the original state with the function to write to initial card but if you do so be aware that you can go to jail by using the transport system with edited cards to avoid paying. DON’T DO THIS. Also what you are requesting is a “parser” that will allow you in an easy way to change the travels/money on the card so don’t expect for this sort of thing to be implemented. Ever.

jorge705 · November 20, 2022, 2:42am

no, the only thing I would like to do is that when emulating with Flipperzero it is detected in the android application :(, I may have made the post on wrong subforum, sorry for my bad english

Spildit · November 20, 2022, 3:36pm

Ok !!! No problem !

Ragnar_Lodbrok · March 27, 2023, 7:52pm

Hola bro, has avanzado en esto ?

byzard · May 17, 2023, 4:06pm

Existe alguna novedad?