Jun 22 2012

Recently there has been much press coverage of the security flaws around contactless credit and debit cards and how the card details can be read without your knowledge.

I wanted to find a simple and effective solution that disabled this contactless feature.

Today I read that this task has been made simple for Android phone owners with a convenient app to read these cards.

There are many forums and threads out there about people asking their banks to provide cards without this feature to no avail.

You even have STUPID people drilling out or damaging the chip used for ‘Chip and PIN’ purchases – not very clever if you live in the UK since just about all in-store purchases and ATMs use this chip. Also this leaves the contactless feature intact! (OK, he is an Aussie I suppose – maybe they still use the magnetic stripes there).

If you really are a paid-up member of the tin-foil-hat brigade then you could use some to shield your cards in your purse or wallet. Yes, this mostly works but it’s too much trouble for my liking and there is a risk that a fat wallet without foil coverage at the sides might ‘leak’ enough to allow the card to still be read up-close.

I decided to do some research of my own. I had cards from Santander, Barclays and MBNA to play with.

Normally these cards have a second chip for the contactless feature that is independent from the chip-and-PIN chip. This chip must have a loop antenna connected to it to allow remote energisation from an RFID reader. This loop in normally a coil of 4-5 wires.

I thought it would be easy to find this second chip and drill it out but on my cards there was no indent or easy way to determine where it was hidden without totally destroying the card. And of course it could be different on each card.

So plan B was to break the loop antenna. I started by cutting some of my debit and credit cards. I then looked for any severed wires inside of the cuts. I found one place where all my cards had these wires and it was at the top centre of the card approximately 4-7 mm below the top edge. Incidentally, I could find no place on the card where the antenna was closer to the edge.

So all you need to do is to use a pair of scissors and make a vertical cut at the top approximate centre of the card. It only needs to be around 7mm. You can check by closely looking for severed wires in the cut. If your eyesight is good and you cannot see any shiny cut wires then there is a chance your card is different from all of mine. The Chip-and-PIN part still works for me and so do ATM transactions.

If you are totally paranoid I recommend you test the effectiveness of your work by going to the nearest ‘wave and pay’ outlet to see if it can detect your card.

Jul 27 2010

Firstly I must apologise to all of those people who have posted information regarding the continued development of get_iplayer which I hadn’t approved on the comment threads. Well, here is the information which I have summarised below:

  • get_iplayer appears to have been taken over by several other developers. One of the strengths of free open source software is that anyone can ‘fork’ a project as long as they abide by the license conditions (get_iplayer was released under the GPLv3).
  • The most active and up to date fork, which seems to work the best, is maintained by David Woodhouse at: http://www.infradead.org/get_iplayer/html/get_iplayer.html
  • There is a mailing list at http://lists.infradead.org/mailman/listinfo/get_iplayer
  • A windows installer is available at this site.
  • Fedora users will be pleased to know that get_iplayer is now available in RPM Fusion repos.
Mar 10 2010

The events of the past two weeks (here, here, here, here and here) have clarified the BBC’s stance on allowing interoperability with open-source iPlayer clients. I have therefore decided to withdraw get_iplayer with immediate effect.

Ian Hunter’s post (Managing Editor, BBC Online) provided very clear guidance on the way the BBC feels about open-source applications accessing iPlayer streams. I have no desire act against the BBC’s wishes in this respect.

The BBC iPlayer is built on many open-source products and yet, in this case, they have failed to let open-source clients access the very same service. The BBC have clearly not followed the spirit of open-source here.

From the outset, exactly 2 years ago when I developed get_iplayer, my intentions have been to never harm the BBC but to just provide a convenient way for me to watch iPlayer programmes on my TV with the hardware that I own. However, the BBC clearly considers such methods to be somehow detrimental to their service and therefore with great regret I have decided to cease development.

I sincerely hope that, in the future, the BBC will make steps to support open source given that they have gained so much from it.

Mar 02 2010

Please answer the new poll on the right hand side of this page. It would be interesting to gauge what and why get_iplayer is used. Not all of the answers are legal or condoned but please be honest with your answers! You can check one or more answers.

Jan 19 2010

At last, I’ve caved in to public demand and opened a proper forum for get_iplayer.

I’m going to close the old blog *PAGE* comments threads and retain the current contents. Blog posts will still allow commenting.

Although anonymous posting is allowed, If you don’t want to be always-moderated please register first.

If you wish to continue a current discussion from the blog threads please just open a new topic here and we’ll do our best to pick up where we left off.

Please read the ‘Forum Rules’ sticky post first.

Have Fun!

Jan 03 2010

Update: A new get_iplayer automated installer has now been released. It has a new version of VLC and it now allows you to selectively update, install or remove the components. AtomicParsley is also in there for good measure. Let me know how it goes.

A new get_iplayer automated installer has been pre-released. Please can you test it and kindly report your experiences below.

The new installer will put the recorded audio/video files, by default, into ‘Desktop\iPlayer Recordings’ as opposed to the old location which caused problems on Vista and Win7. You are now also able to select the recordings folder during installation. The new pre-released installer can be downloaded from here.

Happy New Year!

Dec 20 2009

I’ve just released a fixed get_iplayer v2.50 so that you can now get the iphone streams once again. This is because the BBC appear to have changed (simplified) the method for iphone http streaming as of a few days ago. The freeze still stands so hopefully this will be the only critical fix before next year.

Nov 19 2009

get_iplayer development is taking a seasonal break. I’d like to call it a ‘winter freeze’ but actually I’m just going to stop development until next year. After 20 months of solid development and almost 250 releases I think deserve a well earned break! Feel free to post bug reports and comments as usual but please don’t expect to get a personal reply. The comments are moderated so please don’t expect to see them published too quickly. I plan to pull all the bugs reported together in January 2010 and follow-up where required then also. Now go and enjoy all your stored masses of recordings over Christmas when the BBC don’t broadcast much worth watching.

Nov 14 2009

A new major version of flvstreamer has been released. After some testing it would seem that it fixes quite a number of problems that get_iplayer users have been experiencing for the past few weeks since Akamai (one of the BBC’s content delivery network providers) started upgrading all their Flash Media Servers to v3.5.x. BBC Live TV now works better and many other bugs are reported to have been fixed. It also now auto-retries failed streams and fixes the bug where recording 1+ hour BBC radio flash streams always had to be resumed.

If you are using the Windows Installer for get_iplayer then just download it again and re-run it to get the new flvstreamer and ensure you choose the cygwin based flvstreamer.

Oct 20 2009

A new windows Automated Installer v2.4+ has been released for get_iplayer. Most notably it installs a version of flvstreamer that uses cygwin libraries rather than the version compiled using mingw32. This reportedly helps resolve the notorious ‘10060’ flvstreamer error that many users were getting. The non-cygwin flvstreamer is still available as an install-time option.

WordPress Themes