-
Notifications
You must be signed in to change notification settings - Fork 15
7. Examples
Below you can find the instructions to emulate a magnetic stripe with your MagSpoof.
Note: MagSpoof does not enable you to use credit cards that you are not legally authorized to use. The Chip-and-PIN and Amex information is not implemented, and using MagSpoof requires you to have/own the magstripes that you wish to emulate. Simply having a credit card number and expiration date is not enough to perform transactions. MagSpoof does allow you to perform research in other areas of magstripes, microcontrollers, and electromagnetism, as well as learn about and create your own devices similar to other existing, commercial technologies such as Samsung MST and Coin.
Obtaining information about the tracks on your magstripe is easier than dipping the card into an iron oxide bag. You can use a card reader.
Note 1: The card reader is not included with the purchase of the MagSpoof.
Note 2: We recommend you set your keyboard language to English, to obtain the chain of characters within the proper format.
Connect your card reader with a USB cable to the computer.
Open a notepad application on your computer.
Swipe your card through the card reader, so the magstripe will be read. Notice that a chain of characters will appear on the Notepad. These characters correspond to the data read from tracks 1 and 2 on the magstripe. Keep an eye on them, you will need them in the following steps.
To make your MagStripe emulator work, you need to upload the firmware to your MagSpoof. The firmware is software embedded in the hardware and stored in the ROM, and it is understood as a group of instructions to be executed once the device has been energized. You can download the firmware for MagSpoof V3 here.
Open it up on your computer, and look for the lines commented as //Track 1 and //Track2. See the image below, they are highlighted.
These code lines are the ones you need to modify with the information obtained from your card reader and written on your notepad application.
Maybe you are asking yourself which characters of the obtained chain stand for track 1 and which for track 2. Let us compare track 1 in the code against the read characters.
Quotation marks should be omitted since they only announce a character chain in the code. Note that the chain begins with %B, just like the example in the code. Then we have alphanumeric and some special characters; we need to take the characters read before the semicolon. You do not need to erase any of the blank spaces that may appear. We have successfully obtained Track 1.
Track 2 is conformed with the rest of the characters obtained, starting from the semicolon to the question mark.
Copy and paste tracks 1 and 2 to your sketch.
Save your firmware code and compile it, just check that there are no syntax errors. Connect your MagSpoof to your computer. Go to IDE > Tools > Port and select the COM that matches your board. Go to IDE > Tools > Board > Electronic Cats SAMD Boards > Magspoof V3.
Click on the "Upload" button.
Note: In case you are not able to upload the new firmware or the current firmware is not stable, you can try launching the bootloader. Double-tap the RST button on MagSpoof V3.
You can download the firmware for MagSpoof V4 here. Use magspoofV4.ino to emulate the board the same way MagSpoof V3 works, in this case, you will need to follow the same process described for MagSpoof V3.
Use usbcdc_magspoof.ino to use the new features of MagSpoof V4. With this firmware, it is not needed to copy and paste the tracks to the sketch, you will be able to use the tracks for the card you want to emulate using a serial terminal.
Compile and save the code. Follow the steps in methods 1 or 2 to upload the firmware to the board.
1.1. Go to the following link and download the last release of usbcdc_magspoof.ino.ch552.hex file.
1.2. Go to the following link to download the WCHISP Tool V3.3 and install it on Windows. Open the application.
1.3. Select the right Chip Model (CH552) and USB on "Download Type".
1.4. Launch the bootloader mode of your MagSpoof V4 and plug it into the PC using a USB cable. The tool will automatically show the board in "Device List".
1.5. In "User File" look for the HEX file you downloaded in step 1.1.
1.6. OPTIONAL: You can check the "Clear Data Flash" box to ERASE all the data saved in the Flash memory. Be careful, if you have already saved tracks in the flash, they will be erased.
1.7. Click on "Download" button.
2.1. Go to IDE > Tools > Port and select the COM that matches your board. Go to IDE > Tools > Board > CH55xDuino MCS51 plain C core (non-C++) > CH552 Board.
Warning
Pay special attention to the information in the red square. These configurations must be selected to prevent any inappropriate behavior of the board the next time you connect it to your PC. If the Clock Source speed is different from 16MHz, the board may brick.
2.2. Click on the "Upload" button.
Note: In case you are not able to upload the new firmware or the current firmware is not stable, you can try launching the bootloader. For MagSpoof V4, if you use the bootloader mode, you need to click on the "Upload" button. You will see the message "Compiling". Once the message changes to "Uploading", you must activate the bootloader mode. We suggest you unplug and plug MagSpoof into your PC once the upload process is done.
2.3. Keep your MagSpoof connected to your computer and Arduino IDE open. Open the Serial Monitor; go to IDE > Tools > Serial Monitor.
For both MagSpoof, V3 and V4, every time you press the S1 button the emulation process is performed. It means the MagSpoof emulates a magnetic stripe by quickly changing the polarization of an electromagnet (coil), producing a magnetic field similar to that of a typical magnetic stripe as if it's being swiped.
Press the S1 button to start the emulation. By pressing it, the Status LED will blink once and then turn off, and you will see in the serial monitor the tracks emulated. You can also test the reading of your card info, by inserting the coil pad into the card reader, it is not necessary to swipe the coil through.
Before pressing S1 button
After pressing S1 button
The reading test must throw the same information that the real card.
"I want to emulate another card but I do not have WCHISP Tool or Arduino IDE to modify the firmware. Is it possible to change the magstripes information?" Yes, it is! You just need to connect your MagSpoof V4 to any device running a serial terminal to send the information.
To emulate the magstripes, follow these steps:
-
Connect your MagSpoof V4 to the device running a serial terminal.
-
Select the option that allows you to establish communication between the device and MagSpoof V4.
-
Type the first track and press Intro key to send the information. You must receive "? found" response.
-
Type the second track and press Intro key to send the information. You must receive "? found" response.
You can emulate the card from the terminal, without pressing S1 button on your MagSpoof:
- Type p (lowercase) and press Intro key to send the Probe command. You must read "Magspoof" followed by both tracks in the serial terminal.
Below, find the graphical guide.
Serial Terminal on Arduino IDE
Note: Flash memory storage capabilities are limited. While changing the tracks is now easier, we recommend you manage this action and use it only to save the most important information to extend the lifetime of the MCU's flash. Since this action could be executed approximately 200 times, we recommend using the emulation mode described in the above section.
To change the tracks, follow these steps:
-
Connect your MagSpoof V4 to the device running a serial terminal.
-
Select the option that allows you to establish communication between the device and MagSpoof V4.
-
Type the first track and press Intro key to send the information. You must receive "? found" response.
-
Type s (lowercase) and press Intro key to send the Save command. You must receive "Tracks saved in Data Flash" response.
-
Type the second track and press Intro key to send the information. You must receive "? found" response.
-
Type s (lowercase) and press Intro key to send the Save command. You must receive "Tracks saved in Data Flash" response.
You can also emulate the card from the terminal, without pressing S1 button on your MagSpoof:
- Type p (lowercase) and press Intro key to send the Probe command. You must read "Magspoof" followed by both tracks in the serial terminal.
Below, you will find the graphical guide.
Serial Terminal on a Smartphone