After building a USB magnetic stripe reader, [David Cranor] has found a way to fool a magnetic stripe reader using a hand-wound electromagnet and an iPod. The data on a card is read and stored on a computer, then encoded as a WAV file using a C++ program. The iPod plays the WAV file with the data through a single-stage opamp amplifier connected to the headphone jack. The amplifier is used to drive the electromagnet. Video embedded after the jump.
By no means is this a new idea. There have been a lot of mangetic stripe projects and software. This project in particular references the 1992 Phrack article “A Day in the Life of a Flux reversal” by [Count Zero].
[via Hackszine]
Major malfunction was working on something very similar a couple of years ago. He showed an early prototype at Defcon 14.
Also, he pegged the correct inspiration for this hack: terminator 2 (john connor uses something like this to hack an ATM)
So who’s working on the parabolic microphone version (just aim it at someone’s pocket from 1/2 mile away)? We need an excuse to recycle the plastic and go back to cash, right?
At least at my secure site, you’d need the PIN number associated with the badge.
>Also, he pegged the correct inspiration
>for this hack: terminator 2
T2 was the first thing i thought of. second (maybe this shows my age), i thought of getting free groceries.
This seems like a fun project to play with on a saturday or something. (going to radio shack tomorrow.)
(mainly for showoff purposes)
Lol, thank you YouTube for linking good videos. I now know what to use this device for: http://www.youtube.com/watch?v=FnIf0JJWekU
The device in T2 was real. The FBI had some in evidence in a documentary I seen a long time ago.
It was a brute force tool for locks there though. Although it probably would of worked on the ATM machines in the 80s. It’d probably take a while for a 8 bit chip to brute force anything involving 16 bytes.
It probably still works on all the above, but ATM machines probably have some alert system; they are on VPNs now usually running embedded XP. In any case there’s no info on it. It’s obscure like casino cheat computer algorithms, auto passive transponder crypto etc..
You could drive this with a microcontroller instead of an ipod – that would make the whole process a lot simpler because you could just send the bitstream out one of the pins and into your amplifier. Then you could hook up a card reader to the microcontroller too, and voila, instant card copier. I know you can copy card really easily with a mag-writer if you’re willing to spend a couple hundred bucks, but that seems so obvious… this seems like it has its advantages.
-Taylor
Old hack put to a new use. I used to build these and attach a 10 ohm resistor, a headphone jack and put it in a cassette tape shell and you had aux input input for your car stereo.
Kudos to the Phrack article. I cited that as a reference for my Senior project where I built from scratch a magnetic card decoder.
From this it wouldnt be inconceivable to have a fake housing that covered the original card reader…
It would be card reader> data logger > data spoofer coil > original card reader. That way the user would be unaware of the card data being taken hostage. The card would be read, recorded, and immediately repeated to the real card reader to give the user access while stealing the goods.
I hate it when people mix an ipod into their hacks as an attempt to sound “hip”. any crappy portable audio device could have been used. even a cassette walkman if you really want to be ghetto. as Taylor mentioned, a microcontroller would be ideal for this step.
The device used in the Terminator 2 movie was an Atari Portfolio.
While parallel/serial add-on ports did exist, I doubt very much that the “crack” (fuck you hackaday) was real.
http://en.wikipedia.org/wiki/Atari_Portfolio
http://www.atari-portfolio.co.uk/library/pf-demos/pin.zip
(When the hell will you guys allow capital letters? do they infect your Wind0wz systems?)
This page is a gold mine of info!
Many thanks for making it simple to understand.
kruzer
Been done plenty of times before, but good collection of info and howtos.
I once make something like this except I used a needle and my PDA. I wrote a custom “phonebook” style app for my PDA that would allow me to play people’s university IDs into card readers (all I ever used it for was getting into my friend’s buildings without them having to run down and open the door for me).
You still need the pin number….
It has been happening here in NZ, the theif will put a card reader over the original card slot, so that the card will pass through it and into the original card reader on the ATM. It would store a copy of the card, while a camera up above recorded the pin number the user entered.
@Geek505: Yeah, because even the old ATM machines required human intervention. You couldn’t control anything from bit states on mag stripes; and still can’t.
The t2 device was suppose to be a brute force tool I guess. Even if human intervention wasn’t required, the 8 bit chip would take at least a few hours to find something seeing as the numbers where so long, and bytes.
It’d still work on mag stripe locks though.
@Geek505 if you really hate the lack of caps you should install greasemonkey (assuming you’re using firefox) use a custom CSS to overwrite the sites style and display caps in the comments (they’re there, just displayed in all lowercase through CSS).
c’mon man… where’s the hacking spirit, if you don’t like how something works hack it… websites shouldn’t be exempt. ;)
For caps, just get Firebug for Firefox.
Lets you edit a website’s HTML, CSS, etc etc > on-the-fly < . It’s really powerful for web development ideas, or just plain turning off lowercase letters in the CSS style ;)
If you actually read the tutorial, you’ll see that I refer to a “personal music player” and not an iPod throughout the steps. It just so happens that an iPod is all I had at the moment, and so thats what ended up in the pictures.
Also, I had been toying with a design involving a microcontroller and an H-bridge, which should be even better than the current setup, but chose to go with this one because I want to write an iPhone app that lets me key in arbitrary data streams to be transmitted to the coil. Yes, that too could be done completely digitally, but going out through the headphone jack of the iPhone is a lot easier than taking apart a data cable.
:p
mate walter ipod it is a bit of a hip as playstation 1, 2 & 3 were and are.
It is all in the hacking spirit as mentioned!! I think it would be a better laugh if he is running ipod linux!!!
Very cool. I am going to try this :).
i didnt convert the c++ archive (audio.wav) into wav archive, because itunes dont recognize. just it is the only part of this project that i need to put in practice. thanks for help…
please send me the debit card or the PIN number for all ATMs nationwide I agree to pay you 40 percent of the profits generated from ATMs in my area Rocking place the clothes in the machine I put the magnetic strip in the machine and get some fun South Mill all materials to my mailing address which is 1349 West 135th Street based in Gardena California thank you very much sincerely Mr Joseph Jacob garner your partner in business
The website changed for the link. I found the new one via Internet Archive: http://makezine.com/2008/08/03/magnetic-stripe-card-spoofer/