How to duplicate a metro card

Hello PiicoDev team,

We’re trying to see if it is possible to duplicate a MTS “Pronto Card”. The code that I’m using to read the data from the MTS card is below and the hardware setup we have is as follows. When I read the card data, it outputs= >>> 04:97:4E:B2:FD:6A:80

However, I am not sure if this data can be written to another card using your module.

Read a number from a tag and do some simple math

from PiicoDev_RFID import PiicoDev_RFID

from PiicoDev_Unified import sleep_ms

rfid = PiicoDev_RFID()

print(‘Hold tag near the PiicoDev RFID Module to read a number’)


while True:

if rfid.tagPresent():

data = rfid.readID() # read a number from slot0


#print('Number in tag: ’ + str(data))

#newData = data + 1 # it’s a real number, we can use it for math and stuff!

#print(str(data)# +’ plus 1 is '+ str(newData))



What are you trying to achieve with this? You can write any number you want into another card, but it won’t read back as the number you write (or at all, probably), so the card won’t work. The number you are reading is not contained within that card. It is generated by code within the card, based on another number that you cannot read, using a ‘trapdoor’ or one-way algorithm. It is that other number you need to program in order to get the new card to read out the same number as the original. So if you are trying to duplicate the card and make it work like the original card did, that’s not possible.

1 Like

Hi All
It is also probably very illegal (consider jail time)
Cheers Bob

This project is for our Capstone project for our MS Cybersecurity degree.

1 Like


There have been instances of people successfully duplicating Opal (NSW transport) cards onto NFC tags implanted in their body, in that case they got hit with some non-trivial legal fees but that’s it:

I think Jeff’s on the money with an internal algorithm. Maker use cases tend to use older card formats like MIFARE Classic, whereas apparently MTS Pronto uses the newer DESfire system with more security controls.

For our reader to support all that, we’d need to use a specific IC and write it into our libraries, and even then there may be some private key used internally by the MTS developers/

Hi all,

If theyre hiding keys in the card then clearly they dont want us copying them. We wont go in that direction. I had originally believed that the mts card had the number printed on the card in the chip for convenience but it makes sense that there would be a layer of security. Since this could also violate the tos, ill also stop pursuing in this direction.

Joshua and i are trying to use this kit in a cybersecurity related project in order to complete our MS inCybersecurity. The professor knows about the kit were using but if you have any suggestions on what we could do that involves the kit, we would love your feedback. The other team is also running into a brick wall. Working with an organization is also nearly impossible since we have 1 and 1/2 months. Its a fast pace program.

Thank you,

Jeremiah O’Neal

Hi Jeremiah

I don’t think you would like your credit card so easily copied would you. I think a similar situation applies.
Cheers Bob
Interesting task though. would be interesting to find out how easy it is.

I do appreciate this information and understand the concerns. However, at the moment, the team is a little under pressure to get our project done for the capstone. The project has to be project based so we can’t simply research about RFID and write a 20-page paper about it. Also, the project really needs to be cyber-security related so I cant for example demonstrate how we’ve taken 20 of the blank RFID cards and written employee ID numbers so employees can swipe in instead of manually entering their EID numbers to show when they arrived/left the building. That’s more of an Information Technology project. The project that my team is doing has to be related to something that involves a threat or vulnerability or something else in the field of cyber security. So for example, I was talking to my team about maybe getting a cheap RFID enabled door lock (the kind you replace your front doors with and are typically seen on ABNBs) but would their tech use the same hashing algorithm or would it simply broadcast the number printed on the card? I would hate throwing more money into this project to get nothing out. Basically, what I’m asking is if there’s any cyber-security related project that we can use to show a vulnerability or if there’s no vulnerability by using the RFID kit provided by core-electronics?

Thank you and I really appreciate all the knowledge and information you have all given us.

Jeremiah O’Neal

Hi Jeremiah
Personally I don’t know much if anything about Cyber Security (I leave that to BitDefender etc) to be able to offer any constructive information so will have to bow out of this conversation. Will keep on reading with interest though.

However I am a bit confused. You say you have been tasked with a project involving Cyber Security but you have not (I don’t think) said what the specific object of your project is.

Are you trying to establish just how a certain level of security is accomplished.

Are you trying to break or compromise the security of a particular system (your Pronto card).

Are you trying to come up with your own system which is as secure as you can make it.

It may help your cause if you clarified a bit more.
Cheers Bob