Cloning a Banapassport Card

I recently spoke to a client who wanted me to try to help him clone his “Arcade Card”. I immediately rejected him as I wasn’t into illegal stuff like cloning stored value cards. Besides, I was highly doubtful that modern stored value cards are that easily duplicated. He went on to explain that the card has no stored value and was simply sort of an identification card for the Wangan Midnight series of racing games in the arcade. The card authenticates the user to his/her Banapassport account which stores the cars acquired through the game. 

After speaking to a few players, I found out that the common reasons why they would want to clone their original cards are:

  • Convenience. The Banapassport card can now exist also in the form of a key tag or even sticker. Hanging the key tags with your other keys seems like a great idea. 
  • Backup. While players with Banapassport cards that are properly linked to their email address can recover the data in the event of the loss of the original card, there is a cost involved as a new original card needs to be obtained. Also, if the player’s Banapassport card is not linked to an irrecoverable account, there is no way to recover the data. Having a physical clone will solve the problem. 
  • Security. Leaving the original card at home and only going to the arcade with the generic looking cloned tag makes it unlikely that anyone knows what the tag is for if it gets lost. 
  • Sharing. While one cannot log in to two machines simultaneously, two or more players who are not staying close to each other can each hold on to a card/tag to play at different times. 

After doing some research, I managed to crack the keys and successfully clone a Banapassport card into a generic RFID key tag:

 

Interested? Head over to Carousell : Banapassport Card Cloning

What happens to your Facebook account after you die?

Social media has allowed us to know of more deaths around us than ever before. So much so that we start to think if the death rate of human beings has increased. Have you ever wondered what happens to your Facebook account after you die? Facebook’s policy on this may change over time but as of now, there are a few possible scenarios:

  • No one has access to your account and no one put up a memoralisation request to Facebook

This is the least ideal situation. Your account sits in limbo. Acquaintances who don’t know of your passing might still post Happy Birthday wishes to your timeline yearly making your family and friends cringe and face palm every single time.

  • You die and your significant other/ family member has access to your password / access to an open session of your Facebook

This is really not the best way to maintain your account after you’re gone. It’s very freaky to have new posts coming from a deceased person. The correct way is to get your Facebook profile memoralised.

  • You die and your significant other / family member knows how to contact Facebook to memoralise your account 

This is good but without a legacy contact, Facebook has no one to hand over (limited) control of your Facebook profile.

  • You die and your nominated legacy contact helps to memoralise and manage your Facebook account

If you do not want to disappear from Facebook upon passing, this is the best way to handle things. Your legacy contact will get limited access to manage your Facebook profile. Read on to find out more about legacy contacts.

  • You die and Facebook deactivates your profile once they are notified of your death.

You have final say on whether you want your Facebook account to be around after your passing. Once you have made this decision, no one else (even your legacy contact) can override this decision. The only exception is if someone has your login credentials and goes in to turn off this setting before Facebook gets notified of your death. For this to work, someone must report your death to Facebook. Otherwise, your account remains active. Having a legacy contact whom you have briefed to inform Facebook about your passing as soon as possible will greatly hasten the process to execute your wish to deactivate your profile once you are no longer around.

Legacy Contact

Facebook introduced a feature that allows you to nominate a legacy contact who will manage your Facebook profile when you’re gone. This person will not be able to logon to your account. read your private message, compose new posts or initiate friend requests but can do the following:

  • Change your profile and cover photos
  • Pin a post to your timeline that can include a final message from you, provide information for the wake/funeral/memorial service, etc (Your setting must allow people to post to your timeline for this to work!)
  • Accept friend requests. Initiating friend requests to others from your profile is not possible for obvious reasons.
  • Request deactivation of your Facebook profile

How to nominate a Facebook legacy contact?

Go to your Facebook settings by clicking on the down arrow on the top right corner of your Facebook page and choose Settings (The way to get there may change over time as Facebook updates their user interface)

Facebook Legacy contact

From there, choose Manage Account and you will see the full settings. You can optionally allow your legacy contact to download a copy of your Facebook data and/or request to deactivate your account when you die instead of memoralising it.

Facebook Legacy contact

How to memoralise the profile of someone who passed away?

Click here to fill up the form: Facebook Memoralisation Request Form

 

 

Singapore Airlines Free First Class Tickets WhatsApp scam

Lately, I kept receiving the following message from contacts on my business WhatsApp number:

Hello, Singapore Airline is giving away 2 Free FirstClass Tickets to celebrate 45th anniversary, Now you can get your tickets too ! go here to get it: http://www.singaporeaır.com/firstclass Enjoy your flight!.

singapore air free business class tickets whatsapp scam

It is surprising how careless people can be when forwarding such messages around. There are a few things in the message above that clues one in on its authenticity:

  1. The English. Singapore Airlines was spelled without an “s” at the back, Inconsistent and unnecessary capitalisation of letters, inappropriate spaces and punctuation.
  2. The hyperlink might appear to be singaporeair.com but if you take a closer look, you will notice that there’s something wrong with the letter “i” in the word “air”. We’ll elaborate below.

So what happened to the dot in the “i”? Turns out that the letter is actually:

ı

The letter i without a dot above.

Source: Wikipedia

This is a visual trick used by people with malicious intention to lower the guard of people who have learned to be suspicious of obviously dubious URLs. These people will go “Hey the URL looks legit” and proceeds to click on it.

By the time I found some time to write this post, the site has been taken down. However, I still want to explain more about the web technologies used to bait people to the site.

How did the scammer do it?

Scammers have been using internationalized domain names (IDN) to create resemblance to leigitimate domain names for some time now. But because DNS servers cannot handle the unicode characters of IDNs, Punycode is used to convert the unicode back to ASCII characters. For the above domain, www.singaporeaır.com actually converts to www.xn--singaporear-8zb.com. And if you were you look up the domain name, it claims to be registered in the Bahamas:

Domain Name: XN–SINGAPOREAR-8ZB.COM
Registry Domain ID: 2182998491_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.internet.bs
Registrar URL: http://www.internetbs.net
Updated Date: 2017-11-04T05:16:54Z
Creation Date: 2017-11-04T04:45:22Z
Registrar Registration Expiration Date: 2018-11-04T04:45:22Z
Registrar: Internet Domain Service BS Corp.
Registrar IANA ID: 2487
Registrar Abuse Contact Email: abuse@internet.bs
Registrar Abuse Contact Phone: +1.5167401179
Reseller:
Domain Status: clientTransferProhibited – http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Domain Admin
Registrant Organization: Whois Privacy Corp.
Registrant Street: Ocean Centre, Montagu Foreshore, East Bay Street
Registrant City: Nassau
Registrant State/Province: New Providence
Registrant Postal Code:
Registrant Country: BS
Registrant Phone: +1.5163872248
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: xn--singaporear-8zb.com-owner-ysp5@customers.whoisprivacycorp.com
Registry Admin ID:
Admin Name: Domain Admin
Admin Organization: Whois Privacy Corp.
Admin Street: Ocean Centre, Montagu Foreshore, East Bay Street
Admin City: Nassau
Admin State/Province: New Providence
Admin Postal Code:
Admin Country: BS
Admin Phone: +1.5163872248
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: xn--singaporear-8zb.com-admin-85n9@customers.whoisprivacycorp.com
Registry Tech ID:
Tech Name: Domain Admin
Tech Organization: Whois Privacy Corp.
Tech Street: Ocean Centre, Montagu Foreshore, East Bay Street
Tech City: Nassau
Tech State/Province: New Providence
Tech Postal Code:
Tech Country: BS
Tech Phone: +1.5163872248
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: xn--singaporear-8zb.com-tech-qfid@customers.whoisprivacycorp.com
Name Server: ns-canada.topdns.com
Name Server: ns-uk.topdns.com
Name Server: ns-usa.topdns.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-11-07T06:47:31Z <<<

Registrar: Internet Domain Service BS Corp
Whois Server: whois.internet.bs
Creation Date: 2017-11-04T04:45:22Z
Updated Date: 2017-11-04T05:16:54Z
Expiration Date: 2018-11-04T04:45:22Z

Nameserver: NS-CANADA.TOPDNS.COM
Nameserver: NS-UK.TOPDNS.COM
Nameserver: NS-USA.TOPDNS.COM

The profile of the registrant has been anonymised as part of a value-added service provided by the registrar but even then, we should take the above information with a pinch of salt. One important point to note is that the domain was only registered 3 days ago and we don’t know what else this person plans to do.

Be very careful even if the link was sent by someone you know

Whatever you do, please be very careful even when friends forward links to you via WhatsApp, Facebook or any other platform. There are two main possible scenarios:

  1. Your friend/contact knowingly forwarded the link to you but didn’t know that the link is fake
  2. Your friend/contact’s device sent the link to everyone in the contact list without his/her knowledge. This can happen to a compromised device.

Do your friend/contact a favour and alert him/her about the link instead of just clicking on it. Together, we can foil the plans of these scammers.