Honestly i haven’t looked into it yet, i think my pi zero w is dead but been too busy with setting up students finals to confirm it
i’m hitting up the electronics supply store friday so i’ll grab some stuff n see if i can at least get a proof of concept going and send it over to you for review
so far i’ve only looked into emteria but it’s rather buggy without proper power supply, we’d most likely need a lite version of android or strip the software down to just the wallet itself with a GUI that can be SSHd into or VNC/RDP for card updates
Even better would just be an implantable BomberCat or Magspoof V3
To choose an NFC reader: To use NFC for payments, we’d need the PN532 or the RC522.
Install the necessary libraries: Depending on your NFC reader, you may need to install additional libraries to communicate with it. For example, if you’re using the PN532, you can install the libnfc library.
Write the code: Use Python to write the code that will handle the NFC payments. You’ll need to use the appropriate library to communicate with the NFC reader and retrieve the data from the card.
Integrate with a payment service: To process payments, you’ll need to integrate with a payment processing service, such as PayPal, Stripe, or Square. These services provide APIs that you can use to handle transactions.
Test the code: Once you’ve written the code, test it thoroughly to ensure it works as intended.
As far as my skills go, i have no idea how to write code
A: it is a borderline/illegal device which, once implanted, classifies as both “carried with purpose”*, and “concealed carry”. And since you cannot just “quickly get rid of it”, it puts you in a tight spot if someone finds out about the device and wants to go after you.
B: it runs on 3.7v and requires continuous energy. even a slight fluctuation out of the field is enough to interrupt it’s functionality.
*I might be mistranslating the exact term here. but it’s that aspect of Law in UK where you are allowed to carry a knife with you if you just bought it, or if you are bringing it to a place where you have reason to use it. So carrying a bread knife if camping, or carrying a steak knife if you have all the rest of a barbecue kit with you. In any other circumstance, it is considered a crime.
Even the Arduino Teensy, which has a lower power consumption than the RasPi 0 line, still requires not only 3.3v, but it requires it constant. a 10th of a second interruption on the field, such as a shaky hand, is enought to cause it to restart.
And despite 3.3v being enough, you’ll also need a PN532, which will increase further the energy consumption.
Plus you don’t connect both these boards together without some extra diodes and whatnots, otherwise they don’t work as expected.
Spot on! but you’ll need a few more bits and bobs to prevent the PN532 from causing the Raspi/Teensy to reboot.
And then this issue:
Here what would be the plan?
either you use…
something with active and fast internet connection, so the chip (PN532) would generate a virtual card on the fly from the payment service, and then present that to the user… (so the whole thing must be internet able)
the chip (PN532) will present a registered and valid token which will then be checked by Visa’s network to then allow your request to be “redirected” to the payment service…
Asking because I’m interested in a solution! ^^
If you go with a Raspi0 + PN532 we are talking 5.5v, constant. So you’ll need an alternate power source.
With a Teensy you might get away with 3.3V… but PN532 might make it peak at 3.5 and if that fails it reboots. Still you might be able to optimise it a tiny bit better.
I live in Canada not the UK but yeah i see your point, could be avoided by not saying what it is and only using it for small purchases with your own card details.
The 3.7V is definitely an issue, someone could maybe rebuild as a new pcb and change out parts for lower V substitutes?
The integrate part was from ChatGPT, i gave it the prompt to write a python script of Cards (apk) and it gave me an error so not entirely sure what it’s refering to but i assume it’s to confirm security tokens like in a mobile phones wallet app as you mentioned.
Unfortunately none of that is under my skillset yet as ive had no time to work with card transactions aside from MAG cloning software with the MSR650X.
From what im seeing so far; just melting a debit card with acetone, resoldering the antenna and coating, then implanting seems like the fastest and easiest route aside from expiry dates.
For what we’re all wanting i think we’d need to create our own payment service like Square or SumUp and create an NFC card that can be reflashed with EMV credentials.
Or, go the same route as Walletmor and remove monthly fees.
Id love that, i’ll get stuff together to try out a rpi02 and arduino teensy version together.
Currently saving up for a Hack RF so it might be a bit before i get what i need together to work on a prototype.
I also had the idea of using blank EMV cards and EMV cloning software to create implants that can be rewritten but the EMV software i know that works best is $2000 USD worth of bitcoin. (same software scammers use so i dont trust buying it from anyone)
I’ll look for the software i’ve used before, it’s only a 30 day trial so i’ll just use a VM and revert the state back to the first install day.
I’ll order some blank J2A040 Java cards at some point to mess around with to see if they can be rewritten.
I’ll keep everyone updated, but could be awhile before i have more info.
If you’re going to go that route I would be careful with the level of specificity you go into on a public forum. If you’re just manipulating cards that you own then that act is likely not a crime, but describing the process in detail is definitely something that can get censored or possibly prosecuted in some jurisdictions.
I’m keeping adding remarks about UK’s particularities because this Thread is “about UK”, so I’m concerned someone can parachute here and read only a few posts and reach wrong conclusions.
Also, I think even in Canada you would find yourself in trouble with the combo of:
“Carrying a device designed for illicit activities” + “concealed carry”
Even in some forsaken corners of the world (cough cough 'Murica!) you find places where you’re allowed to carry guns in a holster in broad daylight… but if you carry an intentionaly concealed gun you may go to Jail.
But as soon as someone finds out… I personally don’t like to live in fear of blackmail, neither I like having to lie every time someone asks me what my implant is.
Chat GPT is fun, but it has an uncanny ability to make bullshit seems perfectly reasonable and logical, even when it’s absolute malarkey.
So I would reccommend avoid using it to get instructions on technical stuff you’re not able to validate, least you end up wasting time and money on a deadend…
And if you do know how to validate it… then it takes longer to make sure that ChatGPT didn’t gave you false information than to think of it yourself.
Yes. That’s what a bunch of people have done.
But (again, for the sake of parachuters), Credit/Debit card conversions are not viable in the UK.
As soon as your NFC card can be reflashed it’s no longer compliant to the rigid standards set by Visa/Mastercard, therefore your whole payment service can no longer be accepted in their terminals.
That’s not the problem here.
Writing the code is solvable.
Building a whole new chip/pcb is solvable.
Make it compliant with Visa/Mastercard so you can actually use it in any Point of Sale… AND being implantable… AND not requiring a power source… AND not expiring… That’s the hard part!
As I said before… there are ways, but which could potentially be a one-way to watching the sun rise square…
Even if your usage is legitimate, the combination of your actions to achieve that might not be.
As for the carrying anything illegal thing, canada has different laws, we can carry knives and such in public for any reason EXCEPT self defense, if you say it’s a tool you’re good so having a device that’s capable of illicit activity would just be hearsay in the same sense that i could use a phone to beat someone.
As the EMV thing goes; i wouldn’t be flashing valid card numbers, only generated ones. If someone else goes the route of flashing valid card numbers that’s on them.
I use Chatgpt for info and then fact check, only reason i mentioned it was because i know it’s correct in the sense of needing a payment service connection to verify security tokens.
As the “public forum” thing goes, in canada it doesn’t matter, even pirating is legal as long as it’s not for monetary gain so me explaining something that’s available to anyone with a simple google search is no issue. Using it for illegal issues would be. Fraud is a huge issue around the world but in canada it’s very difficult to prosecute unless someone admits it. In my case, it’s research with invalid non-active cards, so i’m good.
Others in different areas might get into trouble which is why i offered to deal with it that way no one else gets into trouble with it.
But when you travel to another country you become subject to the that country law.
And the lack of ease to remove an implant before travelling does get to me there…
Plus even in Canada… You can carry a knife for any reason except in two cases: Self defence or… if you try to hide it. (or at least according to my cousin who lives there)
It has something to do with “attempting to hide it shows malevolent intent” or something along those lines…
And a dubiously gray area piece of hardware under the skin might be seen as “being concealed carried”…
Regardless, take my words as a heed of caution, not as naysaying.
If you want to do that, all power to you! happy to offer any technical help as well.
Concerned only that anyone reading this might misinterpret that and follow suit without fully acknowledging the potential implications.
If you have fun, go for it!
I personally feel like it takes me longer to fact check it than to come up with the plans myself.
Especially now that internet has gone full circle… Even Wikipedia is being indirectly updated by ChatGPT:
Person A uses ChatGPT to ask about a topic.
ChatGPT replies something wrong but in a plausible manner.
Person A writes a blog taking ChatGPT as truth
Person B googles about the same topic… finds Person A’s blog. Reads it and takes it as Truth
Person B updates Wikipedia and writes it on it’s own Blog
Person C uses ChatGPT… Receives the same wrong but well presented info.
Person C decides to fact check ChatGPT
Person C finds 2 blogs and a Wikipedia Entry corroborating what ChatGPT wrote
Now Person C believes ChatGPT’s wrong info, goes on and writes a third blog propagating the same error.
So now, when fact checking chatGPT I also got to fact check the sources and double check when was the Wikipedia entry last updated… etc…
My point here is that this being a public forum, if we’re not very clear that something is potentially illegal, might lead to someone in another country trying to copy you and then getting into big trouble.
As I said, I personally don’t think that obsolete and arbitrary laws bear any relevance.
So ultimately, I personally do find it great what you want to do!
But I do care about how other people might take on from reading these posts, so I try to be very clear about all these warnings.
Plus, might bring implications to the forum maintainer…
Ah yeah i get it, i feel like people should do their own research regardless of what information is posted.
The whole knife thing is a grey area but as long as there’s no intent to use it as a weapon or if it’s under 3 inches it doesnt matter where you carry it, hidden or not. (Im ex private government sector security)
The research thing is most of what i do and a skill that’s used in my career field (medicine) so i have no issue doing it, i actually enjoy it.
Wikipedia is cool and all for mindless scrolling but it’s not a legitimate source, at least in my eyes. I see it the same way as others see google, just a starting point.
Im going to go the route of EMV Java cards because that’s what i currently have the most parts/resources for but i do get your point.
It’s definitely not something people should go about doing just for fun without doing research on laws in their area and shouldnt be used to clone other peoples cards.
I think the biggest takeaway from support threads or any public forum would be to research it yourself and apply your own knowledge of laws in your specific area. If you dont know, you can always search your countries government website for specific laws.
I SO wish most Journalists, Bloggers, Podcasters and Writers would listen to you!
Completely agree with you. Wikipedia is mostly the “quick check”, also because it’s usually part of my “google” (DDG) first page.
My concern goes more aroung… if someone reads something that sounds correct.
They google it, and it says the same thing (because google’s first results come from Wikipedia and a couple other blogs, all repeating that same thing)… how much deeper you think would they dig?
That’s at least as cool and interesting as it’s potentially illegal.
Please keep me updated!
If only they were written in any logical sense! or they used a language the average joe is able to comprehend!
It’s sad when laws are worded in an intentionally obscured way just to preserve power…