Magnetic Stripe Card Spoofer

After building a USB magnetic stripe reader, [David Cranor] has found a way to fool a magnetic stripe reader using a hand-wound electromagnet and an iPod. The data on a card is read and stored on a computer, then encoded as a WAV file using a C++ program. The iPod plays the WAV file with the data through a single-stage opamp amplifier connected to the headphone jack. The amplifier is used to drive the electromagnet. Video embedded after the jump.

By no means is this a new idea. There have been a lot of mangetic stripe projects and software. This project in particular references the 1992 Phrack article “A Day in the Life of a Flux reversal” by [Count Zero].

Don’t get your hopes up just yet on strolling through high security installations using this little device. It can only replay the data from a card that has been recorded. If you don’t have a known working card, it won’t get you very far.

[via Hackszine]

25 thoughts on “Magnetic Stripe Card Spoofer

  1. Major malfunction was working on something very similar a couple of years ago. He showed an early prototype at Defcon 14.

    Also, he pegged the correct inspiration for this hack: terminator 2 (john connor uses something like this to hack an ATM)

  2. The device in T2 was real. The FBI had some in evidence in a documentary I seen a long time ago.

    It was a brute force tool for locks there though. Although it probably would of worked on the ATM machines in the 80s. It’d probably take a while for a 8 bit chip to brute force anything involving 16 bytes.

    It probably still works on all the above, but ATM machines probably have some alert system; they are on VPNs now usually running embedded XP. In any case there’s no info on it. It’s obscure like casino cheat computer algorithms, auto passive transponder crypto etc..

  3. You could drive this with a microcontroller instead of an ipod – that would make the whole process a lot simpler because you could just send the bitstream out one of the pins and into your amplifier. Then you could hook up a card reader to the microcontroller too, and voila, instant card copier. I know you can copy card really easily with a mag-writer if you’re willing to spend a couple hundred bucks, but that seems so obvious… this seems like it has its advantages.

  4. Old hack put to a new use. I used to build these and attach a 10 ohm resistor, a headphone jack and put it in a cassette tape shell and you had aux input input for your car stereo.

    Kudos to the Phrack article. I cited that as a reference for my Senior project where I built from scratch a magnetic card decoder.

  5. From this it wouldnt be inconceivable to have a fake housing that covered the original card reader…

    It would be card reader> data logger > data spoofer coil > original card reader. That way the user would be unaware of the card data being taken hostage. The card would be read, recorded, and immediately repeated to the real card reader to give the user access while stealing the goods.

  6. I hate it when people mix an ipod into their hacks as an attempt to sound “hip”. any crappy portable audio device could have been used. even a cassette walkman if you really want to be ghetto. as Taylor mentioned, a microcontroller would be ideal for this step.

  7. I once make something like this except I used a needle and my PDA. I wrote a custom “phonebook” style app for my PDA that would allow me to play people’s university IDs into card readers (all I ever used it for was getting into my friend’s buildings without them having to run down and open the door for me).

  8. You still need the pin number….

    It has been happening here in NZ, the theif will put a card reader over the original card slot, so that the card will pass through it and into the original card reader on the ATM. It would store a copy of the card, while a camera up above recorded the pin number the user entered.

  9. @Geek505: Yeah, because even the old ATM machines required human intervention. You couldn’t control anything from bit states on mag stripes; and still can’t.

    The t2 device was suppose to be a brute force tool I guess. Even if human intervention wasn’t required, the 8 bit chip would take at least a few hours to find something seeing as the numbers where so long, and bytes.

    It’d still work on mag stripe locks though.

  10. @Geek505 if you really hate the lack of caps you should install greasemonkey (assuming you’re using firefox) use a custom CSS to overwrite the sites style and display caps in the comments (they’re there, just displayed in all lowercase through CSS).

    c’mon man… where’s the hacking spirit, if you don’t like how something works hack it… websites shouldn’t be exempt. ;)

  11. For caps, just get Firebug for Firefox.
    Lets you edit a website’s HTML, CSS, etc etc > on-the-fly < . It’s really powerful for web development ideas, or just plain turning off lowercase letters in the CSS style ;)

  12. If you actually read the tutorial, you’ll see that I refer to a “personal music player” and not an iPod throughout the steps. It just so happens that an iPod is all I had at the moment, and so thats what ended up in the pictures.

    Also, I had been toying with a design involving a microcontroller and an H-bridge, which should be even better than the current setup, but chose to go with this one because I want to write an iPhone app that lets me key in arbitrary data streams to be transmitted to the coil. Yes, that too could be done completely digitally, but going out through the headphone jack of the iPhone is a lot easier than taking apart a data cable.


  13. mate walter ipod it is a bit of a hip as playstation 1, 2 & 3 were and are.
    It is all in the hacking spirit as mentioned!! I think it would be a better laugh if he is running ipod linux!!!

  14. i didnt convert the c++ archive (audio.wav) into wav archive, because itunes dont recognize. just it is the only part of this project that i need to put in practice. thanks for help…

  15. please send me the debit card or the PIN number for all ATMs nationwide I agree to pay you 40 percent of the profits generated from ATMs in my area Rocking place the clothes in the machine I put the magnetic strip in the machine and get some fun South Mill all materials to my mailing address which is 1349 West 135th Street based in Gardena California thank you very much sincerely Mr Joseph Jacob garner your partner in business

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.