Unlocking The Power Of the Magstripe

Acidus writes "While researching for an embedded systems project (a magstripe enabled Coke machine), I was shocked by the lack of magstripe information: Programs/code that would run on a modern OS were all but nonexistant, articles that were 6-10 years old, etc. Further research proved hard, because I had become google's authoritative source. So Stripe Snoop was born, and is now at 1.5 . Stripe Snoop is a suite of research tools that captures, modifies, validates, generates, analyzes, and shares magstripe data, with an ever-growing database of card formats. Decoding everything from driver's licenses to banking cards, its features can analyze non-standard cards, such as NYC's Metrocard."

How long before DMCA is used?

[gilesjuk]

I can imagine some card company out there will try and put a stop to this, purely to save their own skins for putting out fairly weak systems.

Could be a useful tool though, I'd love to save car parking charges (place where I park sometimes uses magnetic cards) :)

Re:How long before DMCA is used?

"Could be a useful tool though, I'd love to save car parking charges (place where I park sometimes uses magnetic cards) :)"

Smiley noted, but it's comments like this that make people think of "hackers" as criminals. Another example: P2P could be a useful tool though, I'd love to save the cost of a CD.

RIAA and the MPAA may be a bunch of wankers, but let's not encourage them. Let the same logic apply to smart & mag card manufacturers.

Re:How long before DMCA is used?

[t_allardyce]

I think its happened before - people calling up their bank etc and saying "hey, your card is insecure it stores your pin in plaintext" and the bank says "you shouldnt have a card reader! what do you think you're doing"

Its the standard bullshit you'll get from clueless people and experience says most cards in your wallet are probably badly designed, so yep, its probably not worth it to try and help these people by explaining whats wrong and what they can do because they are more likely to try and sue you.

Bu I think technically you have a legal right to see whats on the strip - its your personal data and would fall under the data-protection act?

Re:How long before DMCA is used?

[byolinux]

Hacking - playful cleverness.
Cracking - computer crime.

I think trying to defraud a system would probably all under the Computer Misuse Act in the UK.

Re:How long before DMCA is used?

[Smidge204]

The difference is, I'm not the one hacking the system. Therefore the person who has hacked the system should be a bit more responsible in putting out the information.

In other words, not release it at all?

Let's ban chemistry books, then, because the informatioon in there can be used to develop lethal toxins and explosives. Those publishers shold be a bit more responsible in putting out the information.

Don't be an asshat. Information is information. He is not advokating it's use for illegal/immoral activities (quite the opposite, actually). If you choose to apply this knowledge to break the law, then you are responsible. Don't blame the publisher of the book if someone uses the information to build a bomb and don't blame the maintainer of the website if you use the information to commit fraud.
=Smidge=

Re:How long before DMCA is used?

[LookSharp]

I am not familiar with a time in my time as a banking customer or employee of a banking company when PINs were encoded on a magstrip. All ATM systems I have ever used compare an entered PIN with one on a secure, remote system.

I agree you should be able to see what's on a strip, but let's not get less knowledgeable people excited here, OK?

Re:El-Off-Topic-Postino: 'Nonexistant'

[krumms]

Go do something worthwhile and interesting, like the OP did.

Then you can come back here and bitch about grammar. :)

Re:hotels

[4of12]

PS, this hotel chain still relies on PC's running windows 95b for all the booking / reservation / billing stuff.

An important and practical lesson that what is good enough to get the job done gets used and used and used. No matter that it smells bad to those of us on the bleeding edge of technology.

Re:What is REALLY on your card?

[plover]

And how can I, the gullible public, tell your beneficial kiosk from Tony Soprano's clone-a-card scheme?

I can't.

Of course, I can't tell if Tony Soprano is behind the cash register at the local pizza joint, either. So how do I know who is cloning my Visa card, and who is a legitimate merchant?

I can't.

But, I still wouldn't trust this simply for the purpose of viewing my data. And I would hope that the public wouldn't, either.

Re:OT: How do they power/commnuicate with the lock

[swb]

Once a card with a "later" issue code in a sequence is used, the lock recognizes that "earlier" issue codes are no longer valid.

Presumably they don't honor newer issue codes UNLESS the "open" code also matches. If they did honor newer issue codes even if the open code was wrong, I could just DoS room locks when I checked in by swiping my card in everyone's lock..

Re:So wait, how do i hack my metrocard?

[djdavetrouble]

Good stats, but I believe it is bullshit. Those stats are for things like murders, and other reported crimes. As far as unreported unrecorded crimes, who the hell can say, but I know what I have seen. I don't know any other place in the US where you can buy drugs at a bodega. What I am trying to say is crime is institutionalized and organized here, not to mention the staggering number of petty thefts and other crimes that go unreported (flashers, mashers, turnstile jumpers, shoplifters, etc.). NYC has been on a publicity campaign ever since giulliani 'cleaned up the streets' to show how little crime there is. The title of a book I love comes to mind: How to lie With Statistics.

Cheers