Security of RFID/NFC card Payment

Question

You are standing in front of a building with 3 rooms and have a NXP Mifare Classic 1k card.

In the first room is a device (device1) that can do the following things:

In the second room is a device (device2) which can do the following things:

If you have enough money on the card, you can enter the third room.

Is the amount saved on the card or at other places?
When the whole system is online, is it possible to change the amount, without access to the program?

I don't want to break the law. I'm only interested in the possibilities. I am looking forward to your opinions and some thought-provokings!

Your questions are unanswerable. It entirely depends on how this custom program was programmed. — schroeder, Oct 24 '18 at 18:50
I was just in the middle of writing an answer when this question got closed. I think this question is actually quite good, as not many people understand what smartcards (like debit cards) actually do. — , Oct 24 '18 at 18:58
@Securist I'm not sure that NXP Mifare Classic 1k cards are used for payment cards, though — schroeder, Oct 24 '18 at 19:05
@Securist if you have opened the answer editor and the question is closed, you should still be able to submit it. Were yo ublocked? — schroeder, Oct 24 '18 at 19:05
It kinds sounds like the situation is an Escape Room and the OP is trying to find a way around the puzzle. — schroeder, Oct 24 '18 at 19:06
@schroeder MIFARE was designed for stored value systems, hence the "FARE" in the name. Minus the story about the doors, it's a valid question about how online/offline stored value cards work. — user71659, Oct 24 '18 at 19:45
@user71659 I considered that it might be a good question about cards, but 1) the scenario is so specific along with a mention of a "program", which lends me to believe there is a specific implementation being asked about, and 2) "how online/offline stored value cards work" really isn't a security question. — schroeder, Oct 24 '18 at 20:10

0 Answers0