If you live in Illinois, you know that we have an automatic tollway payment system called I-Pass. What I'm wondering is how it works, if anyone has cracked one open, and why when I try and search it, I find nothing. The way I assume it works is as an RFID (most likely semi-passive to reserve battery), but is there a way to clone one? Is there a way to emulate one so that you can have free access? Does it have any encryption or anything? I know I'm too cheap to crack one open b/c I haven't used all of the cash on mine and don't want to waste the rest if/when I break it. Also, I know little to nothing about hardware hacking. So I leave it to you, Rorta, to find these answers for me and anyone else who's curious.

Lots of information about this system can be found in the FCC filing for the transponder device.

See:
http://tinyurl.com/2ta3rm

to be honest i doubt its worth the trouble, itd be very difficult to do, but if u find someone who has actually managed to do it, let me know

hey if u guys are still looking for a "hack" for this u can check out some1 tht knows how to countrfit stuff.. most likely a high end countrfittin businessss. thy would kno how tah copy somthin lik tht

hey if u guys are still looking for a "hack" for this u can check out some1 tht knows how to countrfit stuff.. most likely a high end countrfittin businessss. thy would kno how tah copy somthin lik tht

And how to speak english properly?

On topic: This might contain some of what you are looking for: http://hackaday.com/2009/02/16/shmoocon-2009-chris-pagets-rfid-cloning-talk/

I'll see if i can find this other site that i used to have which had actual cloning kits on it for things like this.


-XIII

hey if u guys are still looking for a "hack" for this u can check out some1 tht knows how to countrfit stuff.. most likely a high end countrfittin businessss. thy would kno how tah copy somthin lik tht

For the good of mankind, please leave the internet.

I can't comment on the electronic aspect of it, but I've heard you can tailgate the shit out of people going through the tolls and it will register as one vehicle.

If it's RFID you can grab an existing pass and write whatever you want onto another RFID chip.

If it's RFID you can grab an existing pass and write whatever you want onto another RFID chip.

Depends on the RFID protocol; there are many types. Trying to find out could end up being a pretty costly experiment.

That's true.

An element of cost/benefit analysis would need to take place.

I-Pass can be compared to the Oyster card system in the UK, which has been anally fucked, courtesy of RFID.

http://en.wikipedia.org/wiki/Oyster_card

I'm familiar with I-Pass (now AKA as I-Zoom, etc). There are several systems across the U.S. that operate on the same technology (and many of which have interlinking databases). But the database is where the complexity of hacking it comes in.

Well... it might not be that difficult if you have the know-how but... First, you're going to need an I-Pass box. No problem, you can buy one from the I-Pass website. When your initial funds run out, you're going to want to reprogram the chip. But you can't just use generic information; each box is programmed to be associated with an account. When the box is scanned, a computer which is hooked into a broadband connection queries the mainframe which contains all of the account information such as the owner and how much funds they have left.

So you will need to re-write the chip in your box to contain a valid account number. That may be challenging in itself but you also have to get an account number before you can even do that. So you will have to go to Radio Shack and buy (or piece together) a receiver operating on the same frequency as I-Pass. God help you if the data is encrypted somehow. If the designers were intelligent and security conscious, then the account information stored within the user box is encrypted and de-crypted on I-Pass's end with the key.

If they don't have encryption, then it's likely you could just go to a booth and scan the frequency while cars drive through. Compare the data on the scans to the data contained in your own chip to learn the programming, then re-write your chip with someone else's data.

Like someone already said here, this may be a lot of work to rip off a few tolls but I guess if you're a daily driver on the toll road, and you have the technical skill to do this without hanging yourself, maybe it's worth it.