This is a proof of concept magnetic stripe card emulator. Adron embedded a thin strip of metal into track 2 of the magnetic stripe. The ends of that strip are wrapped with thin copper wire to create a solenoid. The solenoid is driven by a PIC microprocessor and some transistors to boost the signal. The software provided can pulse a test pattern and any additional card numbers you supply.
teenage-John-Conner can now hack ATM machines ;^)
I thought i would be the first to reply with the Teminator quip. hasta la vista, baby
Hah, thats exactly what came up in our conversation about this at work!
http://oldcomputers.net/pics/terminator.jpg
^look familiar?
Sorry to flood the comments, but thinking about it, that scene in the movie was (further) BS because the Atari Portfolio he used has no I/O built in really. You’d need the parallel or serial expansion port as seen in the link below for proper I/O.
http://oldcomputers.net/portfolio.html
Even if Serial or Parallel was bilt in, he would need some sort of devices to get the proper power levels and logic, etc for this to work… Would be cool though to get one w/ the I/O and make a “portable” version. Software to bruteforce electronic locks, etc would be not far off. Anyone messed w/ PocketPC I/O via bluetooth or CF?
This link on his site has much more information that i found more interesting as it covers more of the background on the tech the first link to the magstripe basics was a very interesting read.
here’s the links for those of you who are lazy like me
the linked-to page from the article:
http://www.gae.ucm.es/~padilla/extrawork/stripe.html
magstripe basics:
http://www.phrack.org/phrack/37/P37-06
If you want real information on magnetic cards head over to magtek.com and search there documentation archive for papers like this
http://www.magtek.com/documentation/public/99875063-4.pdf
http://www.magtek.com/documentation/public/99875148-6.pdf
Magnetic cards are fun to play with.
Thats a great idea! I never thought to do that.
So what exactly is this used for?
@xdox #9
It’s pretty obvious but basically this fools a card-accepting machine into thinking your actually swiping a card, while you’re actually using the device to generate whatever data you want. So if you were, say, at a university that uses a magstripe-based cash system for vending machines/public washing machines/dorm access/etc and you knew that all the card has on it is the students name, you could very well program this thing to generate someone else’s name and use their money. That’s just an example, but it just simulates a magstripe card for whatever reason. You could very well carry this thing around programmed with your credit card info and your student ID and all that, with one device! Yea, you’d get weird looks (or arrested) but it would work.
So what exactly is this used for?
my bad i didnt mean to post that twice just i kept getting emails
CaptSnuffy,
I followed his page. There’s some bad info on some of those links, “breaking Visa PIN” would be one of them. PIN data hasn’t been stored on Visa cards since the early 1980s. All authorizing is done on line (or offline at the full risk of the merchant.) The PIN, in conjunction with a secret key securely injected into an authorized PIN pad, is only used to encrypt some transactional info to send as a part of an authorization request.
What he mistakenly calls the P.V.V. is really the C.V.V. — card verification value. It’s a random nonce included in the auth request to convince the authorizing bank that your mag stripe was present, and that someone didn’t just invent a fake mag stripe by knowing your name, account number and expiration date. It has nothing to do with your PIN.
The real PIN Verification Value, P.V.V., is generated and stored securely only in the mainframe computer of the bank. It is only used to verify an authorization request, and never, ever leaves the bank.
The computer program he wrote to do the decryption will never return anything of value.
So with the new system you would have to obtain the PIN and the CVV to make it work? you could get the CVV from the actual card if you had physical access to it and a card reader, right? So where is the PIN and how does VISA pair a PIN and a person’s account?
My buddy ended up buying one of these a while back and we ended up only using it to copy print cards for the printers at school. So $5 worth of prints was saved on our computer and when we ran out on the card we would just reflash them. Sadly cards like starbucks and bestbuy cards are saved with a database number and will only work once. No matter how many copys you make. It is all system registered, not card. One way to tell is to check to see if the card is read, Then written too again. Lick on the copy cards. Once in, charge you $, then back out and it writes back to the card on the way out. Theres a great software for copying cards (and saving them) off this german site. ANd if you are too lazy to build your own circut then you can splurge and be ready to pay a nice 255.97 USD. (You want the reader/writer) the reader by it self is useless. But the app that you can get off there site works great.
http://www.makinterface.de/index_e.php3?frompage=/makstripee.php3
In response to Jaded:
He is right. The pin is not stored on the card. Interface on bank cards most of the information is encrypted. The card readers and writers are quite useless unless you know that your card is non-database driven (Like the copy card). You can though pull information off non-encrypted cards though. I scanned in my friends California ID and it showed everything. Name, Birth date, Social
I’ve been building something like this for shmoocon. My work so far, code, presentation, and whatnot, is at http://www.aculei.net/~ams/magcards/
I tried a version with the coil built into the card like that, but I couldn’t get a sufficient magnetic field to trigger a reader.
Mine is driven off the parallel port. So far, I’ve been able to fool the BG Micro Readers into reporting a stream of zeros, and by shmoocon, I should be able to bitbang a whole card worth of data.
If you see me at shmoocon, don’t lend me a card…
http://www.sephail.net/articles/metrocard/
slightly related is that link.. about the nyc metro card and how they are reading it/decoding it.
Why is it that EVERY TIME i have an idea that seems good and I think nobody has tried yet, it shows up an hour later on hackaday and has been done over a week ago?
Why is it that EVERY TIME i have an idea that seems good and I think nobody has tried yet, it shows up an hour later on hackaday and has been done over a week ago?
would this sort of thing work with hotel doors?
if so, and anyone is in the columbus ohio area with a working one, let me know. there are 120 doors in the hotel i work at. plenty to fully test it out.
@20 jason hazel
from the magstripe basics text file by count zero:
“Well, that’s all I’m going to put out right now. As you can see, the major
types of cards (ATMs, CC) all follow the same rules more or less. I checked
out a number of security passcards and timeclock entry cards..and they ALL had
random stuff written to Track 2. Track 2 is by FAR the MOST utilized track on
the card. And the format is pretty much always ANSI/ISO BCD. I *did* run into
some hotel room access cards that, when scanned, were GARBLED. They most
likely used a character set other than ASCII (if they were audio tones, my
reader would have put out NOTHING…as opposed to GARBLED data). As you can
see, one could write a BOOK listing different types of card data. I intended
only to give you some examples. My research has been limited, but I tried to
make logical conclusions based on the data I received. “
Does this work on train tickets?
In the UK they seem to use some kind of magnetic strip on the back, would be handy to change the date on your ticket, ticket collectors hardly ever come round / never check the date on the ticket and its just getting through barriers which is the problem?
Is it a magnetic strip storing the data on the tickets? What about tube tickets? Tubes dont have ticket collectors so unlimited free travel on the london underground would be pretty sweet! Or is it done differently? What about those oyster card things? I should imagine they are tied into some central database…
If anyones got any info at all please share it!
Thanks a lot,
Chris
Well, I think it’s safe to say that chris has a good, but highly illegal idea, and it would be purely irresponisle to tell him that the best idea is to read the magnetic stripe on his tocket with a reader and see what it says. LOL.
In all honesty, you’d probably get away with it for a wek or two before someone cottoned on. And if you got through a barrier, THEN had someone check the ticket, they’re gonna want to know how you got through the barrier at all. . . So. . . Don;t do it at Oxford station? hehehe
Wold this work as a sort of magnetic lockbreaker, i.e. the one in Enemy of the State? A microcontroller could simply flash all possible combinations, but do magnetic locks place a delay between each read cycle, or freeze after X invalid reads? It seems worth investigating.
i nead some serial credit cards numbers if is possible: 64578239236723466=0102569023152657
I have a card i need to copy. I have the pin for the card but the card is starting to say card error. I want to copy the info on the card to put on a new one want to know what i need. PLEASE HELP
I have a file that contains ex:
:10001000A935E608A72390234987…
I need a prgram to convert him to
2345234523455=345453456365
Can u help me?
yeah so what about that oyster cards then ?:)
I NEED CARDS AND THEIR FULL BILLING
is posible to help mee to fiind some like that.thank you
Can anyone help me find a track 1 and 2 generator :)
how about the oyster card ticket ?is there a machine who can change the details from inside ?
Do you think you could use this to get unlimited credits at places like Dave & Buster’s?
can I find the pin PIN from track1 and track2 from the cvv ?
oyster cards are tied to a central database, but that information is NOT live. your travel information is stored on the chip itself. when you swipe your card, the card tells the reader how much money is on the card. the reader does not ping a central database, but rather merely trusts the card.
y need to buy cc trak 2 stuff for write it to plastic mail my ford@fan.com
U need these i give you:
: B4552181343644011^GUNTHER/SIEBENS^08082010101000409000000
: 4552181343644011=08082010101040900008
: EXPIRED: 08/08
: Visa CREDIT GOLD Bank Card Company Brussels Belgium
Contact me: espearlyzhang@yahoo.com
B5404450419446032^BLASER/RUTH ^0807101094
: 5404450419446032=08071010000000000094
: EXPIRED: 07/08
: Master Card GOLD EUROPAY (SWITZERLAND) S.A. WALLISELLEN Switzerland
There are cards that use combined track info ie:
Track 1)
+
Track 2)
-
Track 3)
Equals Card number =
FYI
Post Script:
This is my real card number please do not use! ;@}
!SIKDIDIT!
help! i need help with track2 algorithms. ive been away for some time . i used to just biuld tracks but now it seems alot different. any help would be good. pursellearl@yahoo.com
Any ideas ? thats a card of my grandfathers.
im only 14 and i just started to learn this stuff
that is my grandfathers card so please dont use !
thankyou for the deletion.I guss i shoulda never posted it anyway.
i just got cought :( my parents cought me with thier reader and my grandfathers card! &
i just got grounded for 3 weeks :(
So i guss im no more into learning the hacking thing :\ Sorry to bother you all.. maby one day when i get older , ill look you guys up on this stuff , as i am very interested in learning things..
cheers for now
why cant you just write your own crd with ne data so that your id always suits the card…..??????
How to generate track3 ABN bank or elsse europe model knows someone?
THX!
hi guys i cant find the schematics for this link it seems to have been taken down. can someone post the details of an alternative link?
Can anyone give me the trick of copying the magnetic cards of set top boxes used in cable / dishes TVs
Atulbrown
Hey, ok, so there’s a fun park-type thing about 10min. from my house, and they use a Magsripe card to hold all of your money and tickets, Can this be used to be an artificial card with, say, 1,000 tickets on it?
Hack a Day serves up fresh hacks each day, every day from around the web as well as hacking related news.
thats dangerous, sounds fun though…