samyk / magspoof Goto Github PK

It exists a way to measure it for other wires?

I want to use MagSpoof on attiny13a and want to know if that is possible.

It would be great to have a "for dummies" kind of guide teaching how to input your card data in the tracks variable. This would really help those who are only interested in using this as a personal gadget and not as a research/security testing tool.

Thanks =)

I've constructed magspoof according to the schematic here with all the same parts as the video, except that it is on a breadboard and running at 5v. (I also tried 3.3v with the same results.) I acquired information from one of my cards with the Android app Rhombus and was able to place a zip tie in the Coin reader to get both tracks off my card. After programming my microcontroller with the card data I am unable to get it to function with the coin app or Rhombus which also accepts some partial data. After listening to the audio output of the coin in regular usage (swiping my card) and while held near my magspoof coil the difference in sound is apparent. The real card has a much softer quality and sounds a lot like sliding a card along a surface. In contrast holding the reader above my coil has greatly varying results depending on the position and orientation of the reader. If I hold the coin reader centered above the coil there is a relatively faint signal, while holding the center over the extreme edge of the coil produces a signal several times greater. Both have a harsh "digital" sound which is very unlike the normal card swipe. Also I believe the signal from magspoof was longer than the card swipe, but that may be only related to how quickly I moved the card. Hopefully I will be able to gain access to an oscilloscope for further testing in two weeks or so, but in the meantime I was wondering if anyone had any suggestions for how I might troubleshoot this further.

I've got my MagSpoof running perfectly, but...

I want to know how to send ASCII control characters, such as (Win+R) or (Ctrl+C) or (Ctrl+V) as data on one of my tracks.

This is the code for my track array:

const char* tracks[] = {
"%B123456781234567^LASTNAME/FIRST^YYMMSSSDDDDDDDDDDDDDDDDDDDDDDDDD?\0", // Track 1
";123456781234567=YYMMSSSDDDDDDDDDDDDDD?\0" // Track 2
};

What should I set track[3] equal to in order to transmit ASCII control characters from my MagSpoof?

Is using something like this legal? (With your own cards ofc)

Line 31 of magspoof.c starts of with a string and line 33 ends with an closing semicolon that doesn't pair with anything.

Looking into the file history, it appears that the first line in this statement got deleted:

const char* tracks[] = {
"%B123456781234567^LASTNAME/FIRST^YYMMSSSDDDDDDDDDDDDDDDDDDDDDDDDD?\0", // Track 1
";123456781234567=YYMMSSSDDDDDDDDDDDDDD?\0" // Track 2
 };

hello, i am new to this and would like to understand what i am doing wrong. i just want to use track 2 and 3. the start sentinel of each are ";"
btw i am using the original magspoof.c of samyk.
// consts get stored in flash as we don't adjust them
const char* tracks[] = {
";672xxxxxxxxxxxxxxxxx=xxxxxxxxxxxxxxxxxx?\0", // Track 2
";01xxxxxxxxxx=xxxxxxxxxxxxxxx=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==x=xxxxxxxxxxxxxxxx?\0", // Track 3
};

it will only use the 2nd row beginning with ";01 blabla when i press the button. row 1 is ignored.
when i use "%672 blabla it works without any issues. but "%" is the start sentinel of track 1 which i dont need.

how do i have to change code to accept track 2 and track 3 only?

thank you and best reagrds

Hi, I tested magspoof works nicely, but I have tried the hotel entrance cards but I do not get any data, probably the reader will not read the data that is not according to the standard. How do I get my hotel card data? Thanks

I've found a 1$ programmer for the ATTINY85 to upload the code more easily:
https://aliexpress.com/store/product/DIYmall-Development-Programmer-Board-With-Pins-for-ATtiny13A-ATtiny25-ATtiny45-ATtiny85-ATTINY85-20PU-DIP-8-ATMEL/406986_32782151744.html

It seems as if all of the elements of the circuit (using the alternate motor driver, DRV8835) can run on 3V, and the button-cell has a significantly-higher mAh rating. Is there anything preventing the usage of a coin-cell battery to power this device? Would the field be so small, it'd be practically-unusable?

it can direct work With DRV8850EVM?

I am not very familiar programing in C I have tried to add the ability to hold and use more than one card if you could offer some guidance that would be great. I have the full code on the Arduino Community forums.
https://forum.arduino.cc/index.php?topic=532381.0
Thank you very much

With the current implementation of the code, the first time you press the button, it will call playTrack(1), then next time you press the button, it will call playTrack(2) (because of how it keeps track and increments curTrack)

This doesn't make a lot of sense, because when calling playTrack(1), it will actually play BOTH tracks because of this if statement within the method:

  if (track == 0)
  {
    // if track 1, also play track 2 in reverse
    // zeros in between
    for (int i = 0; i < BETWEEN_ZERO; i++)
      playBit(0);

    // send second track in reverse
    reverseTrack(2);
  }

Then after playing both tracks, next time you press the button it will call playTrack(2) which will ONLY play the 2nd track because that if statement isn't satisfied.

Essentially this means that every other time you press the button, the magspoof will ONLY play track 2. All other times it will play both tracks.

This doesn't make a lot of sense, and it should probably be changed by either:

1. Getting rid of curTrack entirely, and simply replace the line
   playTrack(1 + (curTrack++ % 2)); with playTrack(1)

OR

2. Remove the reverse track implementation entirely, then simply call playTrack(1) and playTrack(2) sequentially.

Do you have a KiCAD PCB folder like the KiCAD PCB folder for the new version with TC4424, but for the old version with the L293D?

Hi @samyk

Nice job!

I would appreciate if you can define a license for all of this information; whatever you want, but it would be useful to know which one that leaving it under people and laws interpretations.

Thanks so much to release this information.

Hi,

Sorry if this isn't the appropriate place to ask questions. As I mentioned in a previous issue, I have successfully created a magspoof. I used a USB card reader to grab the tracks off of one of my cards. The Track 1 data begins with the usual '%' sentinel and Track 2 with a ';'. The track information was added to the magspoof code and uploaded to an Attiny85. However, when I attempt to use the magspoof on my card reader, everything comes back correctly, except the sentinels for both tracks. In both cases, they are replaced with a '+' symbol. Is this intentional? I'm wondering if I have some sort of timing glitch on the first characters. I have also, thus far, been unable to read both tracks simultaneously with the card reader, using magspoof. I am still digesting the code, and it is possible that these are separate issues, but I was wondering if you might have some helpful input.

Hi Samy & GitHub community

For the most part, I have it working. This seems to work on about 70% of the terminals I have used it on. I have been using it for about 3 weeks now non stop (poor bank account).
But at some terminals, it just wont work. It says, "Error Reading Card". Do you know what might be causing this problem?
I think could be one of these:

• Coil
• Code
• Motor Driver (DRV8833)
• Power output

I have tested with the original card it has cloned and the card works fine on the specific terminal.
Have you or anyone else run into this issue before and would you have any ideas on what the issue could be and how to fix it?

Looking forward working past this issue so I can leave my credit card in my wallet.

If anyone has any questions, I would be happy to answer.

I also have videos of it working and a video of it failing if that would help anyone.

Hi All

So I have just built my first magspoof and seem to be have a few issues.

I brought a magnetic card reader to dump my card details. When I swipe my card with the reader I get:
%B4548605864141234^JAMES SMITH ^2107205100000000000000208000000?;4548605864141234=21072051000000000208?
(I have altered the data, THIS IS NOT MY ACTUAL CARD DATA)

Now when I use my MagSpoof I have just created I get this:
Push button once:
%B4548605864141234^JAMES SMITH ^2107205100000000000000208000000?;E?+B4548605864141234^JAMES SMITH ^2107205100000000000000208000000?
Push button again (2nd time)
%E?;4548601577143445=21072051000000000208?+4548601577143445=21072051000000000208?

I would assume I just need to press the button once for it to print out just like it did when I originally swiped my card, but when I press the button the first time, it seems like it just prints Track 1 two times. once I press the button for a 2nd time, it seem to type Track 2 two times.

Does this seem like the correct behaviour, or have I done something wrong here?

Looking forward to getting this working 👍

it is possible to read card wirelessly using magspoof its self ? how ?

HI,
I have built my magspoof but it steel doesn't word: every time my readers ( i have 2) say read error
even if the information of the track is correct. I don't understand why. A wrong coil can do this sort of errors?
Thanks for your answer

I tried to extract card information using a card reader and free magstripper software. Apparently squareup card readers are now encrypted, but the encryption can still be disabled using the method described in this paper.
https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.blackhat.com/docs/us-15/materials/us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader-wp.pdf&ved=0ahUKEwj3t-6d87_SAhVM6yYKHeSqBfAQFgglMAA&usg=AFQjCNFbDMjJWY5kEg5f2woOva9P5ZSdmQ&sig2=JkCWC4zcodQeX2Cg55w4Kg

I'd like to replicate this build / project but I have a few questions (so this is not really an "issue"):

First, I have found this web page http://www.idogendel.com/en/archives/507 which states that the motor driver is not really needed, because you don't necessarily have to switch the polarity of the magnetic field, turning it on and off with a transistor would be enough. Is that actually true?

Second, what about powering the circuit with a CR2032 cell? (I am aware of #17 ) The current project doesn't seem to have any discharge protection to protect the Lipo cell from over-discharge, does it?

A typical CR2032 has >200mAh, and the ATtiny needs almost nothing (0.3 µA = 0.0003 mA is what I've read, so, a battery standby time of basically infinity.

Can I just replace the Lipo battery cell with a CR2032 or does that not provide enough power for the coil? Does anyone happent to have schematics for that mod? Should / Do I need to increase the capacity of C1?

Hello I tried to emulate track1 and track2 at a time. I know you have emulated same but you emulated it in back n forth fashion. I want to emulate it in a single one direction swipe. I did a minor tweak in code but it doesnt work.

`if (track == 0)
{

// zeros in between
for (int i = 0; i < BETWEEN_ZERO; i++)
  playBit(0);

track++;

for (int i = 0; tracks[track][i] != '\0'; i++)
{
crc = 1;
tmp = tracks[track][i] - sublen[track];

for (int j = 0; j < bitlen[track]-1; j++)
{
  crc ^= tmp & 1;
  lrc ^= (tmp & 1) << j;
  playBit(tmp & 1);
  tmp >>= 1;
}
playBit(crc);

}

// finish calculating and send last "byte" (LRC)
tmp = lrc;
crc = 1;
for (int j = 0; j < bitlen[track]-1; j++)
{
crc ^= tmp & 1;
playBit(tmp & 1);
tmp >>= 1;
}
playBit(crc);
}`

I reproduced the circuit on a breadboard and I uploaded the code provided. I am testing it with a Magtek card reader and when I try to have magspoof send a track of data my card reader says it is sending the data 3 times in a row. I had the arduino print the data being sent over serial and it seems to only be sending the data once. Am I making a mistake somewhere?

Thank you

I'm testing magspoof with a reader and writer MSR605X but is just ignored. I tried to send data to both heads but nothing the reader detect no signal.
Is there a special technology in other readers or maybe my self build magspoof is bad?
Thank you for the support.

Please consider adding this as it sounds really awesome and I'm sure everyone would love to see it!

I wish to compile the archive magspoof.c

Hi,

The schematic shows that the LED is hooked to physical pin 3 of the ATtiny85, however, the code intializes ENABLE_PIN (which is the LED) to PB3. According to my testing, and the ATtiny85 testing sheet, PB3 is on physical pin 2. So either the code is wrong or the schematic.

Not a big deal, but it would be nice to have it corrected.

Maybe this is a dumb question, but the photos (protoboard) show two LEDs but the diagram only has one? (Also, photos of the backside of the board would be awesome). I'm just trying to recreate it for fun.

Hi,

I've successfully built a magspoof, but I substituted the L9110H H-Bridge drivr 8 pin DIP package for your L293D H-Bridge driver. My choice seems to work just fine, and seems to be a much better fit as it is considerably smaller, designed to function on 3.3v inputs, and contains exactly the number of pins needed for the magspoof. I'm submitting it as a suggestion. Here's the datasheet: http://www.elecrow.com/download/datasheet-l9110.pdf