Reverse engineering

Reverse engineering tools

Metrodroid contains some Python scripts in the extra folder of the repository. This is used to help decipher card formats.

Working with export files

farebotxml_to_files.py

Takes a Farebot-Export.xml (complete dump) or single card XML export file, and converts it into a ZIP file containing raw files from the card.

This can then be extracted in order to browse cards as a series of files and folders with regular tools.

This will generally strip off most of the metadata associated with particular blocks on the card.

mfcdump_convert.py

This tool converts an mfc/mfd (raw Mifare Classic dump) from tools like mfoc or mfcuk to a number of different formats (with the command-line option -f):

md34: Metrodroid 2.9.34+ format (adds keytype)
md31: Metrodroid 2.9.31+ format (adds key)
farebot: Farebot / older Metrodroid format
mct: MIFARE Classic Tool format (not readable by Metrodroid)

It can also extract keys from a dump file (also with command-line option -f):

raw-keys: Raw keys format
json-keys JSON keys format (2.9.36+)
json-no-uid-keys JSON keys format, without UID (2.9.36+)
json-static-keys JSON static keys format (2.9.36+)
csv-keys: CSV key format (not readable by Metrodroid)

Deciphering the format

find_in_bitfield.py

This tool takes a raw binary file (such as one generated by mfoc, mfcuk, or farebotxml_to_files) and attempts to locate integers in it.

Instead of just reading byte-aligned integers, this will also search in bitfields for the files, with optional padding and different encoding methods.

This is useful for locating known values within the data which is accessible on the card, such as the card number or the balance.

multi_crc.py

Reads in an input file, and runs a bunch of different CRC16 checksums on its content, at user-specified offsets/lengths.

This was an attempt to understand which parts of a format were checksums and which were actual data.

Working with Mifare Classic keys

mfcdump_keys.py

This takes an mfc/mfd (raw Mifare Classic dump) from tools like mfoc or mfcuk, and extracts the keys into a .farebotkeys file.

textkeys_to_farebotkeys.py

This takes a newline seperated, base-16 encoded list of keys, and converts it to the .farebotkeys binary format. This is useful for entering keys for a Mifare Classic card.

Working with GTFS

compile_stops_from_gtfs.py

This tool allows you to create a stops database, based on mapping station IDs from the card to station IDs from the agency's GTFS data feed.

This is used to place pins on the maps shown in the application.

Working with dumps

base16_to_bin.py

Removed in PR#403. Use xxd -r -p instead.

This parsed a hexdump (base16 encoding) and makes a binary file out of it.

Metrodroid and its authors are not affiliated with any public transit agency.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly