This morning i got curious as to how easy it would be to theoretically modify the amount of money stored in my snapper transit card, I’ve seen this done before so I got to work, here is what I have so far and the issue im facing.

Hardware used –

Galaxy S21 Ultra (2x)

My Research –

I first wanted to see if the balance is stored on the card itself or in metlink’s servers, I got 2 phones, both with the mobile top-up app that uses NFC from the phones, one phone had its network connections all turned off, both WIFI and data

I first had $6.31 on the card, I used the internet connected phone, opened the snapper app and added $40 to my card, then switched over to the phone with network turned off and read the card with the snapper app and it showed my balance as $46.31, now this concludes that the data for the balance is stored on the card itself and not on metlink’s servers. I still do worry that this info isnt only stored on the card but also metlink’s servers to cross verify the balance info but I doubt each bus and train is fitted with an internet connection to allow for this.

Secondly, I checked what type of card this is using the RFID card reader app which showed this as a MIFARE Classic 4k card.

I found the tool MIFARE Classic Tool on the playstore, with this it will show me the bytes/data stored on the card, after reading the card it only shows me sector 0 here – https://imgur.com/DizzOIe

The Issue –

As the recording shows only sector 0 is being read (out of 40 sectors, so 0 – 39) and it has no data for balance as it reads identically even after a top up, im assuming this only stores the card identifier and no balance info.

So how can I read the other sectors in this MIFARE Classic 4k card?

I did find some external readers but they are quite expensive so I also want to ask will this cheap combo work?

PN532 NFC RFID Module V3

CP2102 to USB adapter