This topic is indeed quite interesting. I used to work a lot with this sort of thing.. ripping apart documentation on phones and working with people to reverse the protections on phone billing etc.
Back a year or two ago the proection on these sorts of things was extremely low. But over the past year they have greatly advanced their technology to hopefully allow for much less gaps to the point where you are only now able to do basically what the builtin functions offer in your debug mode of your particular make/model of phone.
This particular method though, now that you mention it, reminds me of a pay as you go plan a while back that one company had where only 1 size of the memory module was being used within the card and once bridged you were able to make unlimited calls as your time had spanned past the end point into the second memory module.. I will look around for my notes on this..
Another interesting thing is those phone cards that you use.. pay 5$ and get a phone card.. these in my experience are Extremely easy to assimilate.. I didn't have the time to look deeply into them though to crack the hahing routine on the money.. but if you do a raw data dump of teh card with a data reader you can rewrite the card with some writing of a chip and then just embed it in a card. Although we were successful in reading the raw data and dumping the hex and started preliminary inspections of the patterns, we weren't successful in actually rewriting the card.. the phone cards you get have something like a filiment... if you try to write to them they burn out and are rendered useless. so you need to make another chip which isn't as complicated as it sounds. But alas we had no time.
The bus system in my area also works off cards of this type.. only they run off the magnetic strip cards rather than embedded chip.. but would be just as easy to duplicate...
There is a very interesting mailing list I was on quite a couple years ago that dealt with a lot of these things.. hack-phreak on yahoo groups.. despite the lame location there was actually quite a lot of very useful information passed over that email network.. any information anyone has on this stuff.. post it here.. would be good to get a nice store of it..
Devine Right [RET]