A plastic card is a popular payment instrument that provides the opportunity to make payments by bank transfer. As a result, this significantly saves time when making payments for goods or services, and also reduces the likelihood of money theft. But there are situations when it is impossible to use plastic. Then the question arises, what to do if the card is demagnetized?

Possible problems

The main function of a bank card is the ability to make non-cash payments by debiting funds in a bank account. For this we use:

• Magnetic strip on the end.
• Barcode.
• Electronic chip.

Today, media equipped with a bar code are practically not used due to weak account protection from possible theft of money.

Reading from the card occurs due to special elements

The main methods of storing information are chips or magnetic stripes. They contain all the information about the owner, as well as the availability of funds on the plastic. Therefore, why the Sberbank card was demagnetized is determined by the presence of damage to such elements or incorrect use of the plastic. There are several reasons why problems with using a payment instrument are observed.

Demagnetized

The most common factor that makes it impossible to use a debit card is demagnetization of the magnetic strip. All such products are created according to the same principle, so their methods of damage are also the same. It is worth considering the main reasons why a card may become demagnetized:

1. Prolonged exposure to other metal objects that have their own magnetic field and also emit electric waves. Therefore, you should not store bank cards near electrical appliances such as a refrigerator, mobile phone, home computer or microwave. This is due to static electricity, which negatively affects the state of the magnetic stripe. But with short contacts, the properties of the plastic do not change.
2. Impact of iron objects on the map. This applies exclusively to mechanical damage, which includes abrasions and scratches that can physically damage the strip. A common situation of this kind is to carry plastic along with a bunch of keys in one pocket. As a result, the strip becomes scratched, making it impossible to use further.
3. Excessively high temperatures. So, when the card is exposed to direct sunlight for a long time or near heating devices, this negatively affects its condition. In this case, when considering the question of whether a bank card can be demagnetized, it is worth saying that in addition there is a possibility that the plastic itself will melt.

In a similar way, you can demagnetize the card yourself at home, when there is such a need.

Expiration

Each bank card has a limited time of use. This data is on the front side of the card in the form of the last month, as well as the year of possible use of the plastic. When this time comes, the owner needs to order a reissue of this banking product.

This procedure is free. However, if the payment instrument is not replaced in a timely manner, it will simply stop being read, making it impossible to make payments using it. On average, the service life of plastic cards is 3 years (for a MIR card - 5 years).

If the card is broken, it becomes invalid

blocking

The blocking process may be due to various reasons, but after this, the use of this banking facility becomes impossible, and it is also impossible to withdraw funds from an ATM. Blocking by the user is usually carried out when the card is lost or for other reasons. In addition, the bank itself can stop servicing plastic for the following reasons:

1. Violation of the rules of the agreement that was concluded between the client and the bank.
2. There was suspicious activity, which led financial security officials to suspect fraudulent transactions.
3. The wrong PIN was entered at the ATM three times.
4. Cashing money in suspicious places.
5. Making suspicious payments abroad.

When a person has not independently blocked his means of payment, he needs to contact the nearest bank branch.

Employees of the financial institution should check the reason why this situation occurs, and if possible, restore the card.

Breaking

Another common reason why payment terminals or ATMs no longer recognize a bank card is a breakdown. The reason for this may be ignoring the rules of storage and use of plastic. For example, when there was a mechanical impact on a magnetic strip or chip, which led to physical damage. As a result, you need to contact a bank branch where you need to order a reissue of the card. Due to the fact that such situations are caused by the fault of the plastic carrier, the owner will have to pay about 100 rubles to re-issue it.

Another common type of card failure is exposure to water. This often happens when they forgot to take the plastic out of their clothing pocket and threw it in the wash. As a result, the magnetic field is demagnetized, which turns a bank card into an ordinary piece of plastic. After this, it will no longer be possible to use it to withdraw funds from an ATM or pay for goods through a terminal.

When replacing a card, the old plastic is destroyed

Is it possible to use a non-working card?

Alas, there are no ways to magnetize a card yourself after it has been demagnetized, so that you can then use it for its intended purpose again. However, there are alternative methods of getting money from plastic, even if it is not in working condition. To do this, the carrier requires:

1. Go to the nearest bank branch with your passport.
2. Contact the cash department of the organization.
3. Provide a request to issue cash from a non-working card.
4. Get money.

The main feature and disadvantage of this method is the ability to use it exclusively during working hours. Due to this, it will be impossible to get your own money from demagnetized plastic at night.

Although a bank card is easy to use, it also needs to be used correctly. Otherwise, it will quickly fail (demagnetize) without the possibility of recovery. Next, we will talk about the reasons for card demagnetization, what to do about it, and how to avoid it.

Reasons for card demagnetization

Since their inception, bank cards have greatly simplified people's lives. These include discount, advertising, and savings cards that are easy to carry and use. At the same time, users on the Internet constantly have a format question - what to do if a bank card is demagnetized?

Plastic media are produced according to a standard algorithm, so the reasons for their damage are also identical. For example, they can become demagnetized if they are in prolonged contact with metal surfaces. The latter emit electromagnetic waves that violate the integrity of the card chip. Therefore, you should not place plastic payment media near electrical household appliances - smartphones, computers, microwave ovens, washing machines, etc. The magnetic stripe of the card loses its properties under the influence of static electricity. If you carry a card, for example, in a mobile phone case, the consequences will not be long in coming.

Other reasons for demagnetization include:

1. Prolonged contact with iron objects. We are talking exclusively about mechanical effects in the form of abrasions and scratches. Such damage spoils the card strip, becoming an obstacle to normal recognition in the terminal. Therefore, fans of carrying a card in their pocket with keys should reconsider their habits. Otherwise, you will soon have to visit the bank with an application.
2. Effect of high temperatures. Contact of the card with heating devices and exposure to direct sunlight negatively affects the media itself. The plastic surface may locally melt, causing permanent damage to the card.

How to avoid the card demagnetization problem

All bank cards have a certain service life, regulated by the bank. As a rule, we are talking about 3-5 years of operation. The period of use depends on the recommendations of the direct manufacturer of the plastic media. Manufacturers, in turn, are guided by international standards and feedback from direct users. Today's popular cards demagnetize faster than their traditional counterparts. This is due to the fact that the individual design is applied by the bank, not the manufacturer.

To extend the life of your payment card, you should:

• carry the card in a special section of your wallet;
• do not throw plastic media into a pocket where it will come into contact with foreign objects;
• Do not leave the card near heating elements and heating devices.

What to do with a demagnetized card

This problem is by no means uncommon. The reasons, as already mentioned, can be different, ranging from incorrect operation to manufacturing defects. If the payment medium refuses to work, you must immediately contact the servicing bank. The same must be done if the card has expired. If a bank employee detects demagnetization, the owner will need to write an application to replace the card. usually takes no more than 10 days. In the case of cards, you don't have to wait at all.

Reading 6 min. Views 131 Published 03/22/2019

Any Sberbank card has its own expiration date. It is established based on the expiration date of the card elements - the plastic base, the electronic chip and the magnetic tape. As a rule, a payment instrument withstands the 3–5 years allotted to it without any complaints. What happens if, due to improper use or storage, a Sberbank card is demagnetized ahead of schedule? What should a plastic holder do in such a situation? Let's try to figure it out.

Why do you need magnetic tape on bank plastic?

Plastic cards usually use several elements to protect the owner’s data:

• embossing of the holder's name and card number;
• an electronic chip on which information about the holder is stored;
• a magnetic strip in which data about the card owner and the account attached to it is encoded.

These mechanisms appeared gradually, and were also gradually added to the plastic carrier. Why weren’t the old ones removed when a new security element was introduced? It's simple - replacing cash terminals and ATMs that accepted old payment instruments was more expensive than updating them.

Today, the main element with which readers recognize bank cards is the magnetic strip. Data is written to it and read by terminals according to the same principle as on a computer hard drive. If the magnetic tape is damaged, the receiving device will not be able to recognize the card.

The main reasons for card demagnetization

What can cause a Sberbank card to become demagnetized? The main reasons for violation of the plastic storage regime are as follows.

Firstly, this is the interaction of the payment instrument with magnetic wave emitters(for example, the card was in your pocket for some time next to your cell phone, or was left on the microwave). Secondly, these are sudden temperature changes– plastic left for a long time in the sun or worn in the outer pocket of outerwear in winter can easily become demagnetized. Thirdly, this is interaction with the magnetic surface– Under no circumstances should you attach the card with a magnet to a refrigerator or metal cabinet.

The readability of the card is affected not only by demagnetization of the tape, but also by its mechanical damage. Creases, scratches, abrasions - all this will not allow the reading device to recognize information on a magnetic medium. That is why it is recommended to store cards in a cardholder to prevent them from coming into contact with small items in your pockets that can scratch the surface. And, of course, you should not bend the plastic (for the same reason, it is not recommended to carry it in the back pocket of your trousers, where it will inevitably become deformed when sitting).

Is it possible to use a savings card with a demagnetized tape?

So, the answer to the question whether a Sberbank card can be demagnetized, as we found out, is positive. It's quite easy to damage the card. On forums on the Internet you can find a lot of different tips on how to restore the magnetic strip yourself. But, having decided to follow them, the card holder acts at his own peril and risk.

Firstly, magnetic tape can be completely destroyed. And, if, when the card is reissued, the examination shows that some destructive actions were carried out with it, the owner will be charged a commission for the production of new plastic, and in some banks also a fine.

Secondly, demagnetized plastic can be used, albeit in a limited manner. It all depends on what the Sber client needs the card for. If he uses it for everyday purchases, he will have to order a reissue. But if the card is required only for access to the Internet bank and purchases in online stores, it is quite possible to wait until its expiration date and make a new plastic card as planned.

When using ATMs

The magnetic stripe on the card is necessary when conducting card account transactions at ATMs, self-service terminals and POS terminals at store checkouts. These devices use data from a magnetic tape to identify a payment instrument. If the latter is damaged, the device will not be able to recognize the card. Accordingly, the client will not be able to pay for the purchase at the checkout or withdraw money from the account.

When making online purchases

To make payments in online stores or pay bills through web banking, a plastic carrier is not required. All you need is the card details, which the holder enters manually when conducting a transaction. Accordingly, in these situations, the demagnetized card will work without interruption.

The client will also have access to the web account on the Sberbank website and its mobile application, and SMS service. No physical media is required to use all of these tools. Therefore, the cardholder will be able to:

• pay invoices;
• replenish deposits or withdraw interest from them;
• repay loans;
• receive and send transfers.

If there is an urgent need for the money on the damaged card, you can withdraw it to any other payment card (for example, to the card of someone close), and then withdraw it from an ATM. You can also get cash at a bank branch. To do this, you will need to go there with a passport and a damaged card. The operator will verify that the card belongs to the client and will issue the required amount from his account.

Reissue of a demagnetized savings card

What to do if a Sberbank card is demagnetized, but it is needed in physical form? The answer is simple - we go to the bank and fill out an application for reissue. It is better to contact the same branch where you ordered the damaged card. You will need to have your passport and damaged plastic with you.

First of all, the bank employee will check the status of the card. If, as a result of the mini-examination, it is determined that the payment instrument has failed due to poor quality or manufacturing flaws, a new carat will be produced free of charge. If Sber employees determine that the client is to blame for the damage to the magnetic tape, they may be charged the cost of producing new plastic (the amount is determined by the tariff plan connected to the user).

You can also order a card reissue in your personal account in Sberbank Online: find the card you need in the list, click the “Operations” button and select “Card reissue”

Important! It usually takes 10-14 days to produce a new card. The old plastic is blocked for this period, that is, it will be impossible to use it in any way.

Important rules for using bank cards

To avoid unnecessary hassle with a bank card due to its failure, you should follow the basic rules for storing it:

• carry the card only in a holder or in a special compartment of your wallet;
• do not put plastic in pockets, especially in the back pocket of trousers, where it can easily become deformed;
• during the cold season, carry a payment instrument in a bag or in the inner pockets of clothing;
• do not allow plastic to come into contact with objects that emit magnetic waves - cell phones, microwave ovens, etc.;
• do not spill caustic chemical liquids or sugary drinks on the card;
• Monitor the integrity of the magnetic strip - the absence of abrasions, scratches and other physical damage.

And, of course, you should not try to bend the card, roll it up, or deform it in any other way. Even a sudden drop from a height onto a hard surface can damage the media.

conclusions

Bank cards themselves are demagnetized extremely rarely. Damage is usually caused by incorrect actions of their owners - neglect of storage and operation rules. If the card fails, its account can be used in remote applications and when making online purchases. But at a store checkout or at an ATM, such a payment instrument will not work. If the card is needed mostly for “real” use, you should contact a Sberbank branch to have it reissued.

Are you familiar with the desire to solve all the mysteries and reveal all the defenses of the Moscow Metro? For example, make yourself an “eternal ticket”? But metro specialists are constantly finding more and more sophisticated methods of protection. Metal tokens were replaced by plastic ones, which in turn were replaced by magnetic tickets, and magnetic ones were replaced by contactless cards. Many researchers have given up - it seems as if the Metropolitan has become an impregnable fortress. But any protection can be bypassed. And often, opening it turns out to be much easier than building it...

How it all began

I became interested in subway systems a long time ago, one might say, from my school days, when magnetic stripe tickets were still in use. At the same time (a dozen years ago) a contactless social card for students was introduced. I began to wonder what it is and how it works. But in those days, I didn’t have enough skills, and there wasn’t much information, especially on these technologies, in the public domain. I had to shelve the idea of ​​research, but I promised myself that I would definitely return to it... About three years ago, my interest in the topic of the metro awoke again. I actively studied magnetic tickets (there was plenty of information on this topic on the Internet) and even assembled a small machine for making duplicates from two heads from reel-to-reel tape recorders and a small amount of loose powder. I didn’t forget about my social card (already a student card). But after studying the documentation, it became clear to me that the system is practically impenetrable - the MF1S50 Mifare Classic 1K chip, on the basis of which social cards are made, is protected by two 48-bit keys. At the hardware level, it won’t be so easy to hack, and you can sort through the keys until the end of the solar system. And card readers that supported Classic cost some exorbitant money at that time (I somehow didn’t think about Ebay, alas). Interest in magnetic tickets quickly cooled down, and the social card had to be postponed again until better times.

Meet: “Ultralight”

Ultralight tickets appeared in our metro recently, but immediately aroused great interest among the public. They began to smoke them, tear them, stick them apart with an iron, and use other methods of thermorectal cryptanalysis. I must admit, the thirst for knowledge forced me to kill a couple. As a result of studying them and searching on the Internet, it was established that this is nothing more than Mifare Ultralight, a “lightweight” compatible version of Mifare Classic. A quick look at the documentation for chips of this standard made it clear that these cards do not have built-in protection systems. On top of that, I came across an article detailing the successful hacking of a similar transport system by Dutch students. All together pushed me to new research.

Go!

To begin with, of course, it was simply necessary to get somewhere a wireless card reader that supports Ultralight. There were two options: either assemble it yourself (which would take a lot of time), or buy a ready-made device. Thinking about the second option, remembering the prices three years ago, gave me goosebumps. But I still decided to look at the current prices. And not in vain! I was pleasantly surprised to learn that you can buy a fully functional device (OmniKey CardMan 5321), which supports a bunch of wired and wireless cards at an attractive price of 4,000 rubles. Of course, not a little, but on the other hand, it’s not 10,000; Moreover, purchasing a ready-made reader made it possible to immediately focus on ticket research, rather than on designing and debugging hardware, which could drag on indefinitely. Together with the reader, a very convenient original SDK of local production was purchased from the same company (ISBC). Again, it allowed us not to waste time and energy on writing low-level code and debugging the software with the reader, but to focus directly on tickets.

So, in a couple of days of leisurely coding, a small program was born, with the help of which it was possible to conveniently observe and edit the entire internal structure of the Ultralights. Then I started studying tickets.

blank wall

During the process of studying, a lot of tickets passed through my reader. Some I rolled up my sleeves and took out “from the trash”; I bought some and looked at what was written on them, then walked through and looked again. These were tickets of almost all types, with the exception, perhaps, of the Ultralight pass for 70 trips. After a couple of weeks, I had accumulated a large and sorted database of dumps of different tickets and in different states. There were also dumps taken from the same ticket after each trip, and several tickets with consecutive metro numbers. My collection even included several dumps of two different temporary unified social tickets (one was issued for a period of 5 days, the other for 30), taken after a certain time interval. These turned out to be very interesting copies, and at the same time very rare (I got them first-hand with immediate return, only for “read”). In fact, this is almost the only type of “Ultralight” that works not only in the subway, but also on ground transport. In addition, only this type of ticket has no limit on the number of trips at all. Subsequently, it was they who served me a great service...

I collected this entire zoo for one purpose - to clearly define the structure and format of recording data on the ticket. Of course, some fields were immediately visible to the naked eye, but some were not. For example, I didn’t immediately understand where the metro ticket number was written (the same one that was printed on it). The realization came completely by accident. The fact is that I (like, I think, most of us), looking at hex, got used to aligning information for myself by bytes and thinking, at least, in bytes. It turns out that this approach is wrong here. When looking at a ticket dump, you need to think in smaller units - tetrads, and sometimes bits. I realized this when I finally “saw” the ticket number - it turned out to be shifted by 4 bits relative to the beginning of the byte, and the remaining 4 bits on either side of the number were occupied by other service information.

After some time, the format for recording data on tickets became almost completely clear. It became obvious where and how all dates, counters, and identifiers are stored. There were only a couple of fields left, the purpose of which was unclear simply because the data in them was the same from dump to dump.

But that’s where all the joy ended - it would be stupid to assume that such tickets could be left unprotected. Each dump contained 32 bits of miscellaneous information that did not correlate in any way with the rest of the content. I assumed it was some kind of checksum, a "hash" of the data written on the ticket. All attempts to estimate or calculate these 32 bits turned out to be a complete failure (in particular, there was an assumption that this was some kind of CRC32, with a non-standard polynomial and starting value). If you tried to change even one and a half bits of information inside the ticket, the check terminal in the subway displayed “BAD TICKET,” hammering the last nails into the coffin with a heavy jack. Of course, there were attempts to bypass the system in other ways, for example, trying to copy a ticket to a blank card one-to-one (here, alas, the factory serial number got in the way, which, as it turned out, also participated in the generation of the “hash”) or setting the blocking bits like this to prevent the turnstile from changing the contents of the ticket. The verification terminal recognized such an “eternal” ticket, but the turnstile refused to let me in... Thus, I hit a wall. Into that big, strong concrete wall, against which many have the habit of killing themselves from a running start. Having not found any information on forums and boards, I decided that my research was over - there were no more ways, and I put an end to it. As it turned out, in vain...

Strange acquaintance

The September evening was no different from others. It was almost night, it was cool and damp outside. I sat in front of the monitor screen, and, drinking warm, slightly sweet green tea, peacefully set up the circuit board for my next craft. DipTarce, a little bashorg, ICQ... Someone called on Skype - they are distracting! Again ICQ, again DipTrace - in general, everything is as usual. Once again, the ICQ window fell into the foreground - someone, hitherto unknown to me, wrote “Hello.” Without hesitation, I responded in kind. The next message was a turning point in the whole story: “You seem to be interested in the metro, I have some junk here. If you’re interested, let’s meet and I’ll tell you.”

At first I was a little confused and wary (maybe it was a scam or a set-up, or maybe the “special services” were interested - paranoia takes its toll), but then I thought: why not? The intelligence services would hardly be interested in me, and there seems to be no grounds for divorce, and even more so, for a setup. After a short conversation, we agreed to meet in the afternoon, in the center of the hall of one of the Moscow metro stations. The stranger turned out to be a tall young man, wearing glasses, with a large black plastic bag in his hands. We said hello, then he handed me the package with the words: “Here, here. It wasn’t useful to me anyway, maybe it will be useful to you.” Looking inside, I saw two metro terminals lined with newspapers, several chaotically scattered white plastic cards and a blank in a box. In response to my question about how much I owe (money) for this, the guy shook his head, smiled and said: “What, no one owes anyone anything, get busy... So, I already need to run, there’s my train.” once! OK Bye!". With these words, he ran away, jumped into the already closing doors of the carriage and drove off. And I admit, I went home a little confused.

Just in case, I deleted the contact from ICQ, at the same time cleaning the contact list on the server and tidying up the logs (hello again, paranoia). In the end, he will write again, if anything happens. But he never wrote to me again...

The phenomenon of software to the people

When I got home, I took apart the package. The second of the terminals turned out to be a bus validator (heavy, damn it!); the cards were Mifare Classic 1K (blank), and there was only one archive on the disk. After a quick look at the contents, it turned out that this is the software that is used at metro ticket offices. Putting the terminal and validator aside, I decided to get serious about studying interesting software. In about an hour, from the mess that was unpacked, I managed to build and run this program on my computer. It took another hour to figure out its structure. Having combed through all the ini files (with comments kindly left by the developer), I already had a complete idea of ​​what it is, how it works and what it is used with. They eat, as it turned out, with a Parsec PR-P08 reader, so, in the absence of one, it was not possible to try the software in action.

The developer was the company Smartek, a large government contractor developing systems of this kind (you can read more on their website). The program was written in Delphi using runtime bpl. Moreover, the software had a modular structure, and all subroutines, classes and components were located in separate DLLs or bpls with self-explanatory names (this was the main file of the developers). After a quick analysis of the software’s internals, I found out that, firstly, information about all issued tickets is transferred to a centralized database (by the way, this is Oracle) and, secondly, the program uses a certain key mechanism. The program could communicate with the database not only in real time. We draw conclusions: all operations in the system can occur with a certain delay. In theory, this gives us a head start. But first of all, I was interested in the key mechanism (I had already begun to guess why it might be needed).

So, I picked up the disassembler and got to work. The mechanism consisted of two files - CryptKeyRef.dll and keys.d (the only “cunning” file in the entire program, which, except for the file with the keys, does not resemble anything else). And I used all this good runtime-bpl’in SmLayout.bpl. This library turned out to be a godsend for my research - it contained classes for working with the internal content of tickets. Since this is a runtime bpl, it was enough to just look at its export table to understand 60 percent of what’s what. A more detailed analysis put everything in its place. Do you remember at the beginning of the article I said that there were still several fields left in the Ultralight structure, the purpose of which was unclear? One of these fields is the so-called "layout identifier". Essentially, all metro tickets are built from a fixed header part and a variable data part. So, this “Layout” field in the header precisely determined how and what data was located in the rest of the ticket. There are several such layouts (each for its own type of ticket), and in SmLayout.bpl each of them had its own class (plus a common parent class, which had methods for working with the header part). Therefore, it was easy to figure out which fields in each layout were responsible for what (even with the descriptive method names in the export!).

Having completed all of Layout 8 (which is used in Ultralights) and double-checked whether I had the correct idea of ​​all the fields in the ticket structure, I took up the key mechanism. Indeed, he was responsible for generating the "hash". How the mechanism works became completely clear after studying the operation of the method responsible for calculating the “hash”.

First, the correct key is selected from the keys file (keys.d). The system is designed in such a way that each type of ticket has its own identifier (the kit included a complete table with ticket identifiers and names, in the form of a text file with values ​​separated by commas). It consists of a zone (application) identifier and a card type identifier. So, based on these numbers, a keying is selected in the key file, within which there may already be several keys (in case a new key has been entered, but old tickets are still in use). A new ticket is written using the very first one, and validity is checked using all the keys in the keying. Next, the selected key is decrypted using CryptKeyRef.dll (why they are stored encrypted, I have no idea). After that, the decrypted key and almost all the ticket data, as well as its hardware serial number and number (the “hash” generation method, which is specified for keying in keys.d) are transferred to the ckCalcHashCode function, located in the same CryptKeyRef.dll. At the output we get the value that I was “stuck” on at one time - that same “hash”. Of course, I wrote a small program that, using these functions from CryptKeyRef.dll and the keys.d file, could check and, if necessary, recalculate the “hash” inside any dump. I rechecked everything on several dumps, and, having received a positive result, went to bed, satisfied.

Rotten keys

Despite the theoretical success, I wanted to test everything, so to speak, “in battle.” The next day, returning from work, I specifically bought a fresh Ultralight for one trip to see if my keys were working or not (apparently, they were old). I could, of course, immediately try to write down the “fabricated” “Ultralight” and go check it out, but at that moment I ran out of empty cards, and it was a little scary to go “at random” - what if what happened? When I arrived home, the first thing I did, without even washing my hands, was impatiently rushing to check the fresh ticket with my keys. And then a big bummer awaited me - the “hash” written on the ticket did not go through any of the keys. Therefore, the keys were indeed already rotten and were replaced by new ones. This completely negated all my work. I felt a little sad. I made some green tea, played a little piano (yes, yes) and sat down to continue wiring my unfinished board...

All is not lost

The idea came to me unexpectedly when I was once again looking inside the file with the keys for some reason. I noticed that in the “running” keying (which is used to calculate 1-, 2-, 5-trip and other “Ultralights”) there were two keys - a new one (at that time, of course) and, apparently, an old one. But there was also a keying, which contained only one key. Previously, I did not pay attention to it, but concentrated on the “running” one. I didn’t know what tickets this key was used to calculate. When I looked at what type of ticket was associated with the keying, a small spark of hope flared up in me. The fact is that this type of ticket was WESB. Yes, exactly that rare type of ticket - a temporary pass for all types of transport. I figured that if there is a single ticket, then this key should be used not only in the metro, but also on ground transport, where it is very difficult and time-consuming to replace it with a new one. In addition, there is only one key in the keying, which indirectly confirmed my guess. On top of that, I remembered that when I cleaned out various “garbage” from the metro program, there was something similar to an archive of old key files. Having dug up and opened the original archive, I saw that this was indeed the case. And most importantly, after looking through all the old key files, I discovered that this particular key remained unchanged!

Without a single drop of doubt, I riveted my own WESB (fortunately, I had dumps of this type, which simplified the task many times over - I simply changed the date and number in the dumps), and calculated the “hash” using this key. So, it's time to check (especially since I just bought some more clean plastic).

Upon entering the lobby, I first swiped my “ticket” onto the security terminal. The expiration date of the ticket that I indicated was displayed on the board, and the green LED turned on. So it works. Making a simpler grimace and hiding the snow-white plastic in my sleeve, I went up to the turnstile, put my hand to the validator and... calmly walked to the cheerfully lit green one. This marked the final victory.

And what's next?

And then experiments began, during which many interesting things were discovered. For example, you can walk along such a “left” VESB for only two or three days. The fact is that the number, which I indicate “from the bald” inside the ticket, is saved in the memory of the turnstile head with each pass, and after some time it is sent along with the rest to the data processing center. There, the system does not find an actually issued ticket with that number and adds it to the stop list, which is then sent to all metro turnstiles. And this should happen with all types of tickets, not just with VESB - in addition to the “hash” and frequently changing keys, this is very good protection. For obvious reasons, it is not possible to bypass it. It was also noted that setting or not setting the blocking bits does not play any role in whether the ticket works or not. The only exception is the OTP zone blocking bit, which the turnstile apparently always checks, even though it is not going to write to the OTP.

Later I took on the metro and bus terminals, put them in order, studied them and launched them on the stand. Now, in order to check another guess, you no longer had to run with a freshly baked mutant ticket to the subway, but it became possible to check them “without leaving the ticket office.” Moreover, the metro terminal turned out to be as old (and buggy as well) as my keys. So I could try “in work” and any other types of “Ultralight” tickets - something that I would never be able to do “live” on the metro.

In parallel with these experiments, I continued to work on software. Since there was a lot of debate about what kind of algorithm is used to calculate the “hash”, I decided to completely restore it, rewriting the algorithm from scratch in a “human” programming language, and in the process I was hoping to understand what kind of algorithm it was - what something widely known or some kind of internal development. Along the way, many different thoughts came to my mind (including that it could be AES), but upon a detailed study of the already working code without using Smartek libraries, it turned out that this algorithm is “just-for-all” GOST - the domestic encryption standard (all you can easily find the necessary information about it on the Internet). Specifically, a 16-3 cycle was used to calculate the hash. “Hash”, in fact, is nothing more than an imitation GOST insert.

The End, or Let's Summarize

The metro systems, and in particular the new Ultralight tickets, contrary to opinions and guesses, turned out to be well protected. I am very glad that the developers used reliable and time-tested GOST, and did not reinvent the wheel. With such protection, it is simply impossible to fake an Ultralight ticket without having access to confidential data (key information). Both the system of replaceable keys and the stop list mechanism are well thought out.

Of course, there were some shortcomings and mistakes. The biggest one is software that is not protected in any way. It would be enough to abandon the use of runtime-bpl, and this would complicate the analysis tenfold! Alternatively, processing particularly important parts of the program with AsProtect or ExeCryptor, followed by packing all files with MoleBox, would reduce the possibility of analysis to almost zero. The tools are inexpensive. And the use of good (preferably little-known or custom-made) protection of this kind, but with hardware keys, would make parsing the program completely impossible. Of course, the Metropolitan is a sensitive enterprise, but we should not forget about the human factor. After all, Kevin Mitnick also said (and not only spoke, but also demonstrated by his own example, for which he sat down, gee), that sometimes it is easier and more effective to use “social engineering” to achieve a goal than to try to break an impenetrable defense.
Well, on this note I will end my story. And to you, reader, I wish you more interesting and successful research!

Plastic cards have become an integral part of the life of a modern person. Among such products, banking, savings, and discount products are popular. The most popular are cards from financial institutions. Their operating principle, regardless of type, is similar. And the problematic situations that may arise are also similar to each other. One of the questions asked is what to do if a Sberbank card has become demagnetized.

Why can a bank card become demagnetized?

Demagnetization of a bank product can occur for various reasons, the most common are:

1. Being near metal objects that emitter electrical waves. Therefore, when plastic is kept close to objects such as a microwave, cell phone, or computer for a long time, the user should be prepared for the fact that the card will not last for a long time.
2. Interaction of the card with the iron surface. Since metal is much stronger than plastic, this leads to microscopic scratches. Therefore, carrying credit cards next to keys and metal key fobs is highly not recommended.
3. High temperatures affecting it can demagnetize the card. Direct sunlight that hits the product issued by the bank leads not only to demagnetization of the plastic card, but also to the cessation of the functionality of the card.

What to do if the Sberbank card is demagnetized?

If a client is faced with a situation where his bank plastic has become demagnetized, the question arises, what to do? It is recommended to contact the bank immediately. Under no circumstances should you try to magnetize a card at home.

When the card falls into the hands of a bank employee, he immediately finds out the reason why the plastic stopped functioning. If the reason is the poor quality of the material from which the card is made, or the technology turns out to be imperfect, it is possible to re-magnetize the plastic in the jar. If such a procedure is not possible, the same credit card is ordered a second time. This service is free.

These conditions are the same for all types of plastic cards issued by the bank. But not all banking organizations have the advantages to perform such actions.

It depends on the prestige of the bank and the level of work of the institution. If a bank employee is unable to magnetize the product, the user will need to write an application for reissue of the plastic card. In this case, the card and front number will remain unchanged.

Each bank sets its own price for this type of service. But it varies within two hundred rubles. The waiting period for receiving a repeat card takes up to ten days. If a client orders an instant card, he receives it in his hands on the day of order.

How to reissue a bank card?

Reissuing a bank card is a standard procedure associated with the actions of replacing old plastic with a new one when the old one becomes faulty.

A similar procedure can be ordered if the following indicators occur:

1. The client changed his last name.
2. The plastic has been stolen or lost.
3. In the case when a bank card, namely its data, falls into the hands of fraudsters.

How to use a non-working card?

It is impossible to use a non-working card to pay for various goods and services. But there is a way to get cash in your hands. The instructions for withdrawing funds from non-working plastic are as follows:

• pay a visit to a bank branch, you must have a passport with you;
• contact the operator, who will check the product’s attachment to this particular user and issue a receipt;
• go to the bank cash desk to receive money;
• take money.

This operation takes place only during opening hours of the banking institution.

How often are bank cards demagnetized?