Magnetic stripe card emulator

magnetic

This is a proof of concept magnetic stripe card emulator. Adron embedded a thin strip of metal into track 2 of the magnetic stripe. The ends of that strip are wrapped with thin copper wire to create a solenoid. The solenoid is driven by a PIC microprocessor and some transistors to boost the signal. The software provided can pulse a test pattern and any additional card numbers you supply.

53 thoughts on “Magnetic stripe card emulator

  1. Sorry to flood the comments, but thinking about it, that scene in the movie was (further) BS because the Atari Portfolio he used has no I/O built in really. You’d need the parallel or serial expansion port as seen in the link below for proper I/O.

    http://oldcomputers.net/portfolio.html

    Even if Serial or Parallel was bilt in, he would need some sort of devices to get the proper power levels and logic, etc for this to work… Would be cool though to get one w/ the I/O and make a “portable” version. Software to bruteforce electronic locks, etc would be not far off. Anyone messed w/ PocketPC I/O via bluetooth or CF?

  2. @xdox #9

    It’s pretty obvious but basically this fools a card-accepting machine into thinking your actually swiping a card, while you’re actually using the device to generate whatever data you want. So if you were, say, at a university that uses a magstripe-based cash system for vending machines/public washing machines/dorm access/etc and you knew that all the card has on it is the students name, you could very well program this thing to generate someone else’s name and use their money. That’s just an example, but it just simulates a magstripe card for whatever reason. You could very well carry this thing around programmed with your credit card info and your student ID and all that, with one device! Yea, you’d get weird looks (or arrested) but it would work.

  3. CaptSnuffy,

    I followed his page. There’s some bad info on some of those links, “breaking Visa PIN” would be one of them. PIN data hasn’t been stored on Visa cards since the early 1980s. All authorizing is done on line (or offline at the full risk of the merchant.) The PIN, in conjunction with a secret key securely injected into an authorized PIN pad, is only used to encrypt some transactional info to send as a part of an authorization request.

    What he mistakenly calls the P.V.V. is really the C.V.V. — card verification value. It’s a random nonce included in the auth request to convince the authorizing bank that your mag stripe was present, and that someone didn’t just invent a fake mag stripe by knowing your name, account number and expiration date. It has nothing to do with your PIN.

    The real PIN Verification Value, P.V.V., is generated and stored securely only in the mainframe computer of the bank. It is only used to verify an authorization request, and never, ever leaves the bank.

    The computer program he wrote to do the decryption will never return anything of value.

  4. So with the new system you would have to obtain the PIN and the CVV to make it work? you could get the CVV from the actual card if you had physical access to it and a card reader, right? So where is the PIN and how does VISA pair a PIN and a person’s account?

  5. My buddy ended up buying one of these a while back and we ended up only using it to copy print cards for the printers at school. So $5 worth of prints was saved on our computer and when we ran out on the card we would just reflash them. Sadly cards like starbucks and bestbuy cards are saved with a database number and will only work once. No matter how many copys you make. It is all system registered, not card. One way to tell is to check to see if the card is read, Then written too again. Lick on the copy cards. Once in, charge you $, then back out and it writes back to the card on the way out. Theres a great software for copying cards (and saving them) off this german site. ANd if you are too lazy to build your own circut then you can splurge and be ready to pay a nice 255.97 USD. (You want the reader/writer) the reader by it self is useless. But the app that you can get off there site works great.

    http://www.makinterface.de/index_e.php3?frompage=/makstripee.php3

  6. In response to Jaded:

    He is right. The pin is not stored on the card. Interface on bank cards most of the information is encrypted. The card readers and writers are quite useless unless you know that your card is non-database driven (Like the copy card). You can though pull information off non-encrypted cards though. I scanned in my friends California ID and it showed everything. Name, Birth date, Social

  7. I’ve been building something like this for shmoocon. My work so far, code, presentation, and whatnot, is at http://www.aculei.net/~ams/magcards/

    I tried a version with the coil built into the card like that, but I couldn’t get a sufficient magnetic field to trigger a reader.

    Mine is driven off the parallel port. So far, I’ve been able to fool the BG Micro Readers into reporting a stream of zeros, and by shmoocon, I should be able to bitbang a whole card worth of data.

    If you see me at shmoocon, don’t lend me a card…

  8. Why is it that EVERY TIME i have an idea that seems good and I think nobody has tried yet, it shows up an hour later on hackaday and has been done over a week ago?

  9. Why is it that EVERY TIME i have an idea that seems good and I think nobody has tried yet, it shows up an hour later on hackaday and has been done over a week ago?

  10. would this sort of thing work with hotel doors?

    if so, and anyone is in the columbus ohio area with a working one, let me know. there are 120 doors in the hotel i work at. plenty to fully test it out.

  11. @20 jason hazel

    from the magstripe basics text file by count zero:

    “Well, that’s all I’m going to put out right now. As you can see, the major
    types of cards (ATMs, CC) all follow the same rules more or less. I checked
    out a number of security passcards and timeclock entry cards..and they ALL had
    random stuff written to Track 2. Track 2 is by FAR the MOST utilized track on
    the card. And the format is pretty much always ANSI/ISO BCD. I *did* run into
    some hotel room access cards that, when scanned, were GARBLED. They most
    likely used a character set other than ASCII (if they were audio tones, my
    reader would have put out NOTHING…as opposed to GARBLED data). As you can
    see, one could write a BOOK listing different types of card data. I intended
    only to give you some examples. My research has been limited, but I tried to
    make logical conclusions based on the data I received. “

  12. Does this work on train tickets?

    In the UK they seem to use some kind of magnetic strip on the back, would be handy to change the date on your ticket, ticket collectors hardly ever come round / never check the date on the ticket and its just getting through barriers which is the problem?

    Is it a magnetic strip storing the data on the tickets? What about tube tickets? Tubes dont have ticket collectors so unlimited free travel on the london underground would be pretty sweet! Or is it done differently? What about those oyster card things? I should imagine they are tied into some central database…

    If anyones got any info at all please share it!

    Thanks a lot,

    Chris

  13. Well, I think it’s safe to say that chris has a good, but highly illegal idea, and it would be purely irresponisle to tell him that the best idea is to read the magnetic stripe on his tocket with a reader and see what it says. LOL.

    In all honesty, you’d probably get away with it for a wek or two before someone cottoned on. And if you got through a barrier, THEN had someone check the ticket, they’re gonna want to know how you got through the barrier at all. . . So. . . Don;t do it at Oxford station? hehehe

  14. Wold this work as a sort of magnetic lockbreaker, i.e. the one in Enemy of the State? A microcontroller could simply flash all possible combinations, but do magnetic locks place a delay between each read cycle, or freeze after X invalid reads? It seems worth investigating.

  15. I have a card i need to copy. I have the pin for the card but the card is starting to say card error. I want to copy the info on the card to put on a new one want to know what i need. PLEASE HELP

  16. I have a file that contains ex:
    :10001000A935E608A72390234987…
    I need a prgram to convert him to
    2345234523455=345453456365
    Can u help me?

  17. oyster cards are tied to a central database, but that information is NOT live. your travel information is stored on the chip itself. when you swipe your card, the card tells the reader how much money is on the card. the reader does not ping a central database, but rather merely trusts the card.

  18. B5404450419446032^BLASER/RUTH ^0807101094
    : 5404450419446032=08071010000000000094
    : EXPIRED: 07/08
    : Master Card GOLD EUROPAY (SWITZERLAND) S.A. WALLISELLEN Switzerland

  19. There are cards that use combined track info ie:
    Track 1)
    +
    Track 2)

    Track 3)

    Equals Card number =
    FYI
    Post Script:
    This is my real card number please do not use! ;@}
    !SIKDIDIT!

  20. thankyou for the deletion.I guss i shoulda never posted it anyway.
    i just got cought :( my parents cought me with thier reader and my grandfathers card! &

    i just got grounded for 3 weeks :(

    So i guss im no more into learning the hacking thing :\ Sorry to bother you all.. maby one day when i get older , ill look you guys up on this stuff , as i am very interested in learning things..
    cheers for now

  21. hi guys i cant find the schematics for this link it seems to have been taken down. can someone post the details of an alternative link?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s