Just got back from a trip to Japan (hope to write much more about that in the near future). One of the stand-out experiences was using a [Suica] (https://www.jreast.co.jp/multi/pass/suica.html) card for transit, storage lockers, and a few other purchases.

If you setup the card on your iPhone, you can turn on “Express Transit” mode, which lets you tap your phone on the terminal without having to unlock your phone. It’s a super convenient, fast way to move through the system.

Using this all over Japan got me curious about some of the technology behind it all. I haven’t been able to sift through all the details, but here’s what I’ve found so far:

• Apple covers the security angle of Contactless passes in the Apple Platform Security Guide here.
• The Apple VAS (Value Added Services) protocol has been reverse engineered with details on GitHub here.
• If you want to use your own passes with hardware, you’ll need some certificates from Apple (see the security guide, above). Depending on who you are/what you’re doing, it might not be worth the hassle. There are companies like Pass Ninja who you can piggy-back off. (I have not used Pass Ninja and cannot recommend them; they might be great, they might be terrible.)
• You’ll need hardware that has compatible software for ECP (Enhanced Contactless Protocol). You can find the reverse-engineered details in this guide, which includes sample code you could use on an Arduino.
• You can probably make the software work with this NFC reader from Adafruit.
• This tech is used by much more than Suica. There are office badges, car keys, gym passes, and more.