Rick's b.log - entry 2025/01/10

More on English sucking - numbers

French numbers suck.

English numbers, so much more logical.

Oh... yeah...

...about that...

We're good from one to ten. Then we have some special numbers for the next two - eleven and twelve (which can also be called a dozen). Following on from this, we "sort of" take the best number and add "teen" to it (French, by contrast, has individual words up to and including sixteen).
I say "sort of" in quotes, because it's thirteen rather than threeteen and fifteen rather than fiveteen. There is some precedent, it's using the root of the fraction names (third, fifth, etc) rather than the number name. No idea why, but it isn't like they're plucking something out of their backside that sounds vaguely similar.
Not like twenty, which should perhaps be twinty if based upon the word twice (or spoken by a Kiwi), or twoty (tooty) if based upon the number.
For the next increment, it's thirty rather than threety, which seems to derive its name from third. Next is oh so close. It's said like fourty but spelled without the 'u' just because. Then like the teens, it is fifty. And, also like the teens, from that point on it's just the number with ty stuck to the end. Sixty, seventy, and so on.

Unfortunately, like so much of English, this nonsense falls into the category of "just learn it and don't ask why". Don't ask why the onest month of the year has threety-one days.

Oh, and there are some common suffixes given to numbers. These are st, nd, rd, and th. They stand for first, second, third, and all the rest ending th. Any number ending with a '1' can have st affixed - like 1st and 61st... except for when the number prior is a 1 (the 'teen' block). These all take the th suffix, like 11th or 12th.
Why is it like this? Just learn it and don't ask why.

So as much as French numbers suck, it's not as if British ones suck less. At least, thank god, I'm too young to have dealt with £1/10/-, an archaic monetary system that used normal numbers in extraordinary ways.

Vending machine hacking

The hot chocolate was, actually, rather nice. Yesterday all of the drinks were free because the payment system had not yet been set up. There are three types of hot chocolate - regular, extra strong, and with milk, though having tried extra strong and with milk, the only difference seemed to be that the extra strong didn't dose out any sugar. <shrug>
The problem is, your €0,35 gets you next to nothing. It nicely filled the little cup at the top of my thermos. Hang on a mo, I can go measure out some water and tell you how much it gave me.

120ml, that's what I thought.

But this isn't what interested me. What interested me was the little payment keys that we could claim, to load with "money" (up to a maximum of €30) to use with the machine without faffing around with change.

It's just a generic NFC key.

The form factor, being rather large and round, screamed "NFC key" to me. Sure enough, I held it up to my phone and the MiFare tool was able to read it. Like the MiFare Classic tags, it holds 1024 bytes split up into 16 sectors. Each sector contains four blocks of 16 bytes. The first three (48 bytes) are for user data, the fourth block holds two secret keys and access conditions for the sector.

This is, for most users, a reasonable way to provide easy 'credit'. Everybody gets a little key, and that key stores some sort of value that represents the amount of credit on the key. When you feed money into the machine, the credit is increased. When you buy something, the credit is decreased. This all happens automatically and rapidly, so it's not really any different to the pay-by-bonk of bank cards.
The problem is that when the key itself holds the credit, the system needs to be bulletproof in order to stop casual people with half a clue fiddling around.
The previous vending machines used a little chunky NFC key, but it was a weird protocol at an equally weird frequency that would have required special hardware to hack - which is why I never bothered.
This thing? It seems to be using generic parts. It was trivially easy to dump the data from the key using my phone...

My key has no credit on it at the moment. As such, sector zero block zero contains the read-only manufacturer ID. Sectors 1 to 7 are empty.

Then comes some data...

+Sector: 8
C5AXXXXXXXXXXE5FB9FXXXXXXXXXX356
56BXXXXXXXXXXD8A752XXXXXXXXXX064
CC2XXXXXXXXXX3BAE83XXXXXXXXXX98F
A0AXXXXXXXXXXF00FFFXXXXXXXXXXB4D
+Sector: 9
570XXXXXXXXXX79B7676FD5CF4164183
00000000000000000000000000000000
00000000000000000000000000000000
A0AXXXXXXXXXXF00FFFXXXXXXXXXXB4D
+Sector: 10
00000000000000000000000000000000
242XXXXXXXXXX8087676FD5CF4164183
00000000000000000000000000000000
A0XXXXXXXXXXXF00FFFXXXXXXXXXXB4D
+Sector: 11
00000000000000000000000000000000
00000000000000000000000000000000
570XXXXXXXXXX79B7676FD5CF4164183
A0AXXXXXXXXXXF00FFFXXXXXXXXXXB4D

[sector 12 is empty]

+Sector: 13
242XXXXXXXXXX8087676FD5CF4164183
00000000000000000000000000000000
00000000000000000000000000000000
A0AXXXXXXXXXXF00FFFXXXXXXXXXXB4D

Sectors 14 and 15 are empty.

I'm guessing that there is some sort of scrambled information here. That being said, there was a sequence "676FD5CF4164183" that was repeated four times.
The first thing that occurred to me was, maybe this is some sort of time stamp? And, sure enough, &676FD5CF is a valid recent timestamp - it is for 10:41:19 on Saturday 28^th December 2024. It looks valid...

But...

(there's always a "but")

If we break one of these lines into bytes (hex pairs), the problem will become clear.

24 2X XX XX XX XX X8 08 76 76 FD 5C F4 16 41 83

In terms of "security", well, sectors zero to seven and fifteen can be read and written using key A (which is the default all bits set). Sectors eight to fourteen can be read and written with key B (which is a known cracked key).

As for the little blue key? That's mine. It is an almost-clone of the vending machine key. The blue key is a cheap crap NFC key which, unlike the proper MiFare keys, does not permit the manufacturer identification to be overwritten. Everything else is as for the vending key. If I'm in the break room when nobody is around, I'll whip it to one of the machines to see if it is recognised. I'll have to take some change with me in order to put €0,35 on it in order to buy myself a nice-but-miniscule hot chocolate, and then put €0,35 on it again. Oh, and, of course, snapshot the key each time so I can look to see what changes from empty to thirty five to empty to thirty five. If I'm lucky, there will be some sort of similarity that would stand out. But I'd be astonished if it was that easy.
That being said, this thing was effortlessly read using the MiFare Classic Tool on Android because, well, it uses one of the assorted secret keys built into the app. Like, duh.

Your comments:

Please note that while I check this page every so often, I am not able to control what users write; therefore I disclaim all liability for unpleasant and/or infringing and/or defamatory material. Undesired content will be removed as soon as it is noticed. By leaving a comment, you agree not to post material that is illegal or in bad taste, and you should be aware that the time and your IP address are both recorded, should it be necessary to find out who you are. Oh, and don't bother trying to inline HTML. I'm not that stupid! ☺ ADDING COMMENTS DOES NOT WORK IF READING TRANSLATED VERSIONS.
 
You can now follow comment additions with the comment RSS feed. This is distinct from the b.log RSS feed, so you can subscribe to one or both as you wish.

Gavin Wraith78812, 11th January 2025, 12:41

> English numbers, so much more logical.    You should try Danish numbers. Much weirder. See   https://www.scandikitchen.co.uk/countindanish/  for example. Welsh is another language with a vigesimal system. I guess number words probably originate from a time when people used parts of their body to count with: fingers?, fingers and toes?, joints of the fingers? etc.  In Indo-European languages the word for 9 is usually related to the word for 'new'.

Rick, 11th January 2025, 15:14

The best line in that article is:  "So, four-and-half-twenty-times-four-and-a-half-kill-me-now."    I take it there's no such thing as dyscalculia in Denmark. They've all given up and moved to Sweden, yes?

Gavin Wraith, 11th January 2025, 15:25

Rick, do you read zompist.com?

Add a comment (v0.11) [help?] . . . try the comment feed!
		Your name
		Your email	(optional)
		Validation	Are you real? Please type 38531 backwards.
		Your comment