Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unlocking The Power Of the Magstripe

Posted by timothy on from the slurp dept.

Acidus writes "While researching for an embedded systems project (a magstripe enabled Coke machine), I was shocked by the lack of magstripe information: Programs/code that would run on a modern OS were all but nonexistant, articles that were 6-10 years old, etc. Further research proved hard, because I had become google's authoritative source. So Stripe Snoop was born, and is now at 1.5 . Stripe Snoop is a suite of research tools that captures, modifies, validates, generates, analyzes, and shares magstripe data, with an ever-growing database of card formats. Decoding everything from driver's licenses to banking cards, its features can analyze non-standard cards, such as NYC's Metrocard."

6 of 224 comments (clear)

  1. Working link by Zorilla · · Score: 5, Informative

    Here's the real link to the article:

    Linky.

    --

    It would be cool if it didn't suck.
  2. Re:Good link checking, well done the mods... by LiquidCoooled · · Score: 5, Informative

    http://www.yak.net/acidus/magstripe/coke.html

    --
    liqbase :: faster than paper
  3. Re:So wait, how do i hack my metrocard? by bellevueGeek · · Score: 5, Informative

    Actually it is a federal offense since it would be considered counterfeiting, but what is even more interesting is the security that have in place to stop that.

    Remember when it first came out and the cards were blue? Apparently a bunch of people figured out that you could dupe 50$ of value to used ones, and sell them to idiots on the platform. They would swipe it to show the dope there was a value and get cash for it.

    I sat in on a security lecture once where the expert discussed the complexities of preventing unauthorized use in a system that big. Basically every time you swipe it writes back to your card and a log at that turnstyle. Every 5 minutes or so that log is uploaded to a regional center and that in turn is uploaded to a central location. They then can detect detect things like if a card is used in more than one location, or if more than once in n minutes. If one of these potentially illegal conditions exist the system can add your card to a blacklist and push it back out to the turnstyles all in under 11 minutes.

    The cooler thing is that then when you use a modified card that was blacklisted the little color lights on the opposite side flash yellow or red instead of green. Alerting the police who like to stand and watch people try to jujmp or squeeze by to pick you up.

    I thought it was a brilliant use of a relativly old and low-security technology.

    --

    All ye all ye outs in free!
  4. Better interface? by no_such_user · · Score: 5, Informative

    This project would open up to many more people if a more simplistic way of interfacing to the card reader was introduced. How 'bout via the soundcard?

    I was poking around the links provided on the site, and found this: The simplest magnetic stripe reader. He wrote software to analyze the audio generated by the card when passed over the read head. This means that any old cassette player has a chance at being used to hack magstripes! Any comments on how accurate this method is, versus the F2F decoder chips?

  5. Re:Storage capacity by Orne · · Score: 5, Informative
    Here's a summary, but to recap:

    There are three tracks on the magstripe. Each track is .110-inch wide. The ISO/IEC standard 7811, which is used by banks, specifies:

    Track one is 210 bits per inch (bpi), and holds 79 six-bit plus parity bit read-only characters.

    Track two is 75 bpi, and holds 40 four-bit plus parity bit characters.

    Track three is 210 bpi, and holds 107 four-bit plus parity bit characters.

  6. Re:What is REALLY on your card? by zempf · · Score: 5, Informative

    This was done by an art museum in Pittsburgh: see this article at Wired for details.