Doing Payments With a Sonic Screwdriver

18,164

116

19

About: https://twitter.com/maartenweyn

Intro: Doing Payments With a Sonic Screwdriver

This instructable explains how we removed the smartcard chip of our contactless payment card and adapted it to upgrade Lieven's Sonic Screwdriver for contactless payments.

Built by Lieven Scheire and Maarten Weyn
Helping hand behind the scenes: Kurt Beheydt

youtube link

Step 1: Contactless Payments???!

Most new debit and credit cards have the possibility to be used for contactless payments. These cards have a slightly different chip and antenna inside. They are recognized by the wireless logo, moreover you have to enable this option at your bank (some banks enable it by default). The amount you can pay without a PIN code is very limited and depending on the country. [floor limit]

The cards use RFID (Radio Frequency Identification) to communicate wirelessly with the payment terminal instead of using the contacts which are visible on the chip.

When the card is held in the very close proximity of the payment terminal the electromagnetic field of the terminal RFID reader powers the chip wirelessly, which enables the chip to modulate the wireless coupling between the card and the terminal in order to exchange information.

An XRay view of the card (courtesy of Jayefuu) shows the inside of a card with the antenna, the chip and the terminals where the antenna is connected to.

So you need a chip and an antenna which can work on 13.56 MHz, but no one says this antenna has to be inside the card....

Step 2: Removing the Chip From the Card

First we need to remove the chip from the card.

Using acetone you can easily remove the chip from the card, just put it in a glass container and wait one to two hours. Make sure you protect your hand and do not spill the acetone, there is a reason the card disintegrates in acetone...

Important disclaimer: this step is non-reversible!

Step 3: Create Your Own Antenna

WARNING!!! this is a very technical part, if you do not care about how and why things work, just skip this and go to the next step...

The operating frequency of the wireless communication is 13.56 MHz, most smartcards are tuned a bit above this frequency. This is because anything in the vicinity will impact the resonance frequency anyway.

The RFID standard which is used for this wireless communication is the ISO/IEC 14443 specification (Identification cards -- Contactless integrated circuit cards -- Proximity cards).

Two important implementations of this protocol are Mifare and MVP. The later one are the smart cards which are used for payments.

The size of a banking card is defined by the ISO/IEC 7810 standard and is normally the ISO/IEC 7810 ID-1 format, resulting the dimensions of 85.60 × 53.98 mm and part 1 of ISO/IEC 14443 defines different types of such the antenna coil as shown in the figure [source]. Typically class 1 is used, but smaller sizes (towards class 2 is also used). This depends on the card manufacturer. A nice breakdown of different cards can be found in this [technical report]. They also measured the resonance frequency, and most cards were tuned between 14 MHz and 18 MHz. The coil size, the resonance frequency and the quality factor are important parameters when designing the antenna coil.

The resonance frequency is dependent on the capacitance and the inductance of the coil. Every chip has a specific internal capacitance, but it is not that trivial to find the specifications of your chip. For a mifare plus chip e.g. of class 1, according to NXP 17pF is the recommended internal capacitance and 70 pF for class 2. The Micropass® 6323 smartcard chip of WISekey for example has a internal tuning capacitance of 95 pF.

If you would know the capacitance C you can calculate the ideal inductance L of your coil by

Fres= 1 / (2 . pi sqrt(L . C))

where Fres should be between 14 and 18 MHz.

Which would result in a inductance between 0.8uH and 1.4uH for 95 pF capacitance or 4.6uH and 7.6uH for 17pF. (note this capacitance can be adapted later with an external capacitor.)

Now that you could know your targeted inductance you could use a calculator, for example this one.

For the antenna for the Sonic Screwdriver we had to use a radius of 4.5 cm to fit in the screwdriver, we used enamelled coper wire with a diameter of 0.315 MM and 8 turns resulting in a calculated inductance of 5.9 uH.

With a Network Vector Analyser you could then calculated the resonance frequency and and adapt your coil or inductance, but we do understand that that is something which is by default not installed in every domestic house.... An easier way is discussed in the next step: Trial and error!

Step 4: Create Your Own Antenna: the Easy Way

The easiest way to find the right antenna size and number of turns, is to find you someone with an NFC enabled android smartphone and use an NFC app, for example NFC Tools.

When you read out a wireless enabled card you will be able to see the tag type and e.g the serial number.

The trial and error method is quite easy:

  1. Make a coil with much to many loops, e.g 15 loops and 4.5 cm diameter.
  2. Connect them to the right terminals of the chip (see next step)
  3. Check with your phone if you can read out the chip

If you can read out the chip, the chances are very high that you will also be able the read it with the payment terminal since the signal power of a payment terminal is much higher.

Step 5: Attach the Antenna to the Smartcard Chip

Ok now it is time to connect our antenna to the chip.

  1. To solder the enamelled wire to the chip you have to remove the coating, this can be done under a small flame or using a knife (watch out not to cut the wire).
  2. If you haven't done so, remove the old antenna, when you start soldering the two metal plates which are glued to the chip will probably also come apart. Take good notice to which terminals they are connected to.
  3. Solder your antenna to the side terminals, make sure you only link to the ones which were connected to the metal plates.
  4. Test with a multimeter if the two terminals are connect.
  5. Test with your smartphone is you can read out your tag, if not adapt the antenna (only loosen 1 side and solder again).

Step 6: Go Pay!

Put your antenna in something useful -- or very unuseful and ridiculous -- and enjoy yourself !

Electronics Tips & Tricks Challenge

This is an entry in the
Electronics Tips & Tricks Challenge

Share

    Recommendations

    • Electronics Tips & Tricks Challenge

      Electronics Tips & Tricks Challenge
    • Plastics Contest

      Plastics Contest
    • Audio Contest 2018

      Audio Contest 2018

    19 Discussions

    0
    None
    ERICOSCAR

    3 days ago

    My bank introduced this function a year ago, and when i found out i asked for an immediate blocking of the function in my card.

    Why ?

    The limit in Sweden is 200:- sek = roughly 21US$.

    Any one that finds or steals a card with this function can steal for 200 sek as many times as they like.

    This summer a police told me that one man lost 5000:- sek during the medeival festival in Gotland !

    Tens of cards where lost and the sums stolen ranged from 0 to 5000 with many thefts in the 1000-2000 sek range.

    So my simple advice is, make sure that this function is blocked on your cards.

    The idea behind the "invention" is to get rid of money in the form of coins and banknotes. Then we are completely in the hands of the banks. Each WIFI blip will be charged by a small sum at each transaction.

    Take Care

    Wille Börlin Stockholm

    P.s. This does not mean that i don´t enjoy a well written project, thanks for that ! D.s.

    1 reply
    0
    None
    tyamatERICOSCAR

    Reply 3 days ago

    You are correct that when your card is stolen people can get a certain amount (in Belgium 25€). But that is the same amount as what could be retrieved from the old system what is called Proton here. Moreover you can loose much more in cash when you loose your wallet... Besides that if you can prove that the card is stolen, bank do reimburse it.

    1
    None
    WailinSoul

    6 days ago

    Hilarious, wel made.
    What's next? a lightsaber public transport card?

    1
    None
    Antzy Carmasaic

    7 days ago

    Stop screwing around with alien tech no one understands. Who knows what might happen?
    Cool project though :)

    1
    None
    lcroisez

    7 days ago

    wow, this screwdriver is definitely a must have

    1
    None
    winneremerald12

    7 days ago

    WAAAAAH, THIS IS SO AMAZING! There should be a Doctor Who Contest, cuz I would totally vote for this! And even though there isn't, I already voted for the contest this is currently in.

    Thumbs up to you, bro!

    0
    None
    gralan

    7 days ago

    Thanks for letting me know how to get at the chips in cards. My main concern regarding broadcasting payments involve a little thing about folks carrying around little devices that will pick up the broadcast on their own. I'm thinking your sonic screwdriver probably is a safeguard against that. Correct?

    1 reply
    0
    None
    tyamatgralan

    Reply 7 days ago

    To get money from a contactless card you need a payment terminal which is connected to a banking institution to validate codes. Besides the amount is limited. So if Someone would be able to get a payment terminal to your card your bank can always find out who did this and reimburse you.

    1
    None
    Parky1972

    8 days ago

    I love the idea.
    I just wonder how many shop owners are going to go...

    "Woah woah there?! What are you going?!"
    :)

    0
    None
    Juan C Walls

    8 days ago

    I wonder if this would work using an nfc label instead of creating your own antena. I mean, you remove the chip from the label and replace it with the chip from your credit card.

    1 reply
    0
    None
    tyamatJuan C Walls

    Reply 8 days ago

    Yep should work. Could be that you have to add a capacitor to tune it since the capacity of the MasterCard chip is different than the nfc chip.

    1
    None
    tr0lldr0id

    8 days ago

    Dude, that's sweet! Now we just gotta wait for those arm chips and do it with those, then the screwdriver can do it all.

    Pity I'm underage and don't have a bank card of any sort...

    1
    None
    liquidhandwash

    8 days ago

    Dare you to pay a parking fine at the cop shop

    1
    None
    Alex in NZ

    9 days ago

    Fantastic (and ridiculous) idea! I love it. Thank you so much for sharing this :-)

    1
    None
    Kink Jarfold

    9 days ago on Step 6

    Brilliant. Who but a Whovian would've thought of this. KJ

    Dr Who.jpg