Compact ePaper Business Card

Is your business card flashy? Is it useful in a pinch? Do they cost $32 each and come with an ePaper display? No? Well, then feast your eyes on this over-the-top business card with an ePaper display by [Paul Schow]. Looking to keep busy and challenge himself with a low-power circuit in a small package, he set about making a business card that can be updated every couple of months instead of buying a new stack whenever he updated his information.

Having worked with ePaper before, it seemed to be the go-to option for [Schow] in fulfilling the ultra-low power criteria of his project — eventually deciding on a 2″ display. Also looking to execute this project at speed, he designed the board in KiCad over a few hours after cutting it down to simply the power control, the 40-pin connector and a handful of resistors and capacitors. In this case, haste made waste in the shape of the incorrect orientation of the 40-pin connector and a few other mistakes besides. Version 2.0, however, came together as a perfect proof-of-concept, while 3.0 looks sleek and professional.

Continue reading “Compact ePaper Business Card”

Reverse Engineering An ATM Card Skimmer

While vacationing in Bali, [Matt South] walked into a nice, secure, air-conditioned cubicle housing an ATM. Knowing card skimmers are the bane of every traveller, [Matt] did the sensible thing and jiggled the card reader and the guard that hides your PIN when punching it into the numeric keypad. [Matt] found the PIN pad shield came off very easily and was soon the rightful owner of a block of injection molded plastic, a tiny camera, and a few bits of electronics.

The first thing that tipped [Matt] off to the existence of electronics in this brick of plastic was a single switch and a port with four contacts. These four pins could be anything, but guessing it was USB [Matt] eventually had access to a drive filled with 11GB of video taken from inside this PIN pad shield.

An investigation of the videos and the subsequent teardown of the device itself revealed exactly what you would expect. A tiny pinhole camera, probably taken from a ‘spy camera’ device, takes video whenever movement is detected. Oddly, there’s an audio track to these videos, but [Matt] says that makes sense; the scammers can hear the beeps made by the ATM with every keypress and correlate them to each button pressed.

Of course, the black hats behind this skimmer need two things: the card number, and the PIN. This tiny spy cam only gets the PIN, and there wasn’t a device over or in the card slot in the ATM. How did the scammers get the card number, then? Most likely, the thieves are getting the card number by sniffing the ATM’s connection to the outside world. It’s a bit more complex than sticking a magnetic card reader over the ATM’s card slot, but it’s harder to detect.

Hacking Oklahoma State University’s Student ID Cards

[Sam] took an information security class at Oklahoma State University back in 2013. For his final project, he and a team of other students had to find a security vulnerability and then devise a theoretical plan to exploit it. [Sam’s] team decided to focus on the school’s ID cards. OSU’s ID cards are very similar to credit cards. They are the same size and shape, they have data encoded on a magnetic strip, and they have a 16 digit identification number. These cards were used for several different purposes. Examples include photo ID, physical access to some areas on campus, charges to an online account, and more.

[Sam] and his team analyzed over 100 different cards in order to get a good sample. They found that all cards started with same eight digits. This is similar to the issuer identification number found in the first six digits of a credit card number. Th analysis also showed that there were only three combinations used for the next two digits. Those were either 05, 06, or 11. With that in mind, the total possible number of combinations for card numbers was mathematically calculated to be three million.

OSU also had a URL printed on the back of each card. This website had a simple form with a single field. The user can enter in a 16 digit card number and the system would tell the user if that card was valid. The page would also tell you if the card holder was an employee, a student, or if there were any other special flags on the card. We’re not sure why every student would need access to this website, but the fact is that the URL was printed right on the back of the card. The website also had no limit to how many times a query could be made. The only hint that the university was aware of possible security implications was the disclaimer on the site. The disclaimer mentioned that usage of the tool was “logged and tracked”.

The next step was to purchase a magnetic card reader and writer. The team decoded all of the cards and analyzed the data. They found that each card held an expiration date, but the expiration date was identical for every single card.  The team used the reader/writer to copy the data from [Sam’s] card and modify the name. They then wrote the data back onto a new, blank magnetic card. This card had no printing or markings on it. [Sam] took the card and was able to use it to purchase items from a store on campus. He noticed that the register reached back to a server somewhere to verify his real name. It didn’t do any checks against the name written onto the magstripe. Even still, the cashier still accepted a card with no official markings.

The final step was to write a node.js script to scrape the number verification website. With just 15 lines of code, the script will run through all possible combinations of numbers in a random sequence and log the result. The website can handle between three and five requests per second, which means that brute forcing all possible combinations can be completed in roughly two days. These harvested numbers can then be written onto blank cards and potentially used to purchase goods on another student’s account.

[Sam’s] team offers several recommendations to improve the security of this system. One idea is to include a second form of authorization, such as a PIN. The PIN wouldn’t be stored on the card, and therefore can’t be copied in this manner. The primary recommendation was to take down the verification website. So far OSU has responded by taking the website offline, but no other changes have been made.

Simple Hack Puts an RFID Tag Inside your Mobile Phone

RFID security systems have become quite common these days. Many corporations now use RFID cards, or badges, in place of physical keys. It’s not hard to understand why. They easily fit inside of a standard wallet, they require no power source, and the keys can be revoked with a few keystrokes. No need to change the locks, no need to collect keys from everyone.

[Shawn] recently set up one of these systems for his own office, but he found that the RFID cards were just a bit too bulky for his liking. He thought it would be really neat if he could just use his cell phone to open the doors, since he always carries it anyways. He tried searching for a cell phone case that contained an RFID tag but wasn’t able to come up with anything at the time. His solution was to do it himself.

[Shawn] first needed to get the RFID tag out of the plastic card without damaging the chip or antenna coil. He knew that acetone can be used to melt away certain types of plastic and rubber, and figured he might as well try it out with the RFID card. He placed the card in a beaker and covered it with acetone. He then sealed the beaker in a plastic bag to help prevent the acetone from evaporating.

After around 45 minutes of soaking, [Shawn] was able to peel the plastic layers off of the electronics. He was left with a tiny RFID chip and a large, flat copper coil. He removed the cover from the back of his iPhone 4S and taped the chip and coil to the inside of the phone. There was enough room for him to seal the whole thing back up underneath the original cover.

Even though the phone has multiple radios, they don’t seem to cause any noticeable interference. [Shawn] can now just hold his phone up to the RFID readers and open the door, instead of having to carry an extra card around. Looking at his phone, you would never even know he modified it.

[Thanks Thief Dark]

An attempt to replace multiple RFID cards with a single hacked-together tag


It’s kind of a convoluted title, but [Hudson’s] attempt to replace multiple HID Prox cards with one AVR chip didn’t fully pan out. The project started when he wanted to reduce the number of RFID access cards he carries for work down to just one. The cards use the HID Proximity protocol which is just a bit different from the protocols used in most of the hobby RFID projects we see. He ended up taking an AVR assembly file that worked with a different protocol and edited it for his needs.

The device above is the complete replacement tag [Hudson] used. It’s just an AVR ATtiny85 and a coil made of enameled wire. The coil pics up current from the card reader’s magnetic field, and powers the chip through the leakage on the input pins (we’ve seen this trick a few times before). The idea he had was to store multiple codes on the device and send them all in a row. He was able to get the tag to work for just one code, but the particulars of the HID Prox reader make it difficult if not impossible to send multiple codes. The card must send the same code twice in a row, then be removed from the magnetic field before the reader will poll for another combination.

RFID emulator card includes a learning mode


This RFID card has a lot of nice features. But the one that stands out the most is the ability to learn the code from anther RFID tag or card.

You can see that the board includes an etched coil to interact with an RFID reader. This is the sole source of power for the device, letting it pick up enough induced current from the reader to power the PIC 12F683 seen on the upper left of the board. The underside of the PCB hosts just three components: an LED and two switches. One of the switches puts the device in learning mode. Just hold down that button as you move the board into the magnetic field of the reader. While in learning mode a second RFID tag is held up to the reader. It will identify itself and the emulator will capture the code sent during that interaction. This is all shown of in the video after the break. We wonder how hard it would be to make a version that can store several different codes selected by holding down a different button as the emulator is held up to the reader?

If you want to build your own card reader too here’s a project that does it from scratch.

Continue reading “RFID emulator card includes a learning mode”

Edge-lit musical birthday card

[Monirul Pathan] decided to make the card as unique as this gift when getting ready for a birthday. He designed and built his own musical card with LED edge-lit acrylic to display the message.

The electronic design seeks to keep things as flat as possible. The card-shaped acrylic panel has a void to fit the PCB exactly, and the components are relatively flat. One thing we found quite interesting is that the ATtiny85 which drives the device is surface mounted, but it is not a surface mount component. The layout includes though-hole pads, but instead of drilling holes [Monirul] clipped off the excess of the DIP legs and soldered the remainder directly to the copper. We suppose this isn’t going to get a lot of use so it just needs to hold together for one day.

As you can see in the video after the break, the speaker plays ‘Happy Birthday’ followed by ‘Under the Sea’. At the same time, four blue LEDs pulse to the music, lighting up the words that are engraved in the plastic.

Continue reading “Edge-lit musical birthday card”