Magomatic
What is it?
The Magomatic is a device that I built to read and emulate magstripe cards. It is similar to being able to copy a magstripe card onto another card, only this only works with one track at a time. Currently, it only supports track two, although with very slight modification it can be set to read track one.
Overview
This project uses an SX chip to read a TTL magstripe reader I purchased online for about $30. The SX stores 32 Bytes worth of information from the magstripe card. 32 bytes is a bit too much actually. The magstripe can’t hold that much on track two so I usually have to swipe the card twice just to fill the excess variable space before I can move on and emulate the card. The extra data seems to have no effect on the emulation. I wanted to have extra variable space to make sure there was room for the leading and trailing zeros found on these cards.
After the SX stores the information and has filled up all the variables, it flashes a red LED to let me know it is ready to emulate. I then place a thin electromagnit into a magnetic card reader and press a button. The SX can send out the binary data through the electromagnet in a way the reader can understand. The reader does not know the difference between my emulator or a read magstripe card.
Once I have some more time I will take some photographs of the device and post them here. I will also post all of my working source code and references. If I get the device to emulate my hotel room key in Las Vegas next weekend I will definitely post up a video of it working.
Videos
I realized that UAT (the school I graduated from) has vending machines that accept credit cards. This was a perfect opportunity to test the magomatic. I was not sure if it would work considering track 2 only contains the card number, expiration date, and encrypted pin. I figured in order to make a transaction the system would also require the person’s name, which is stored on track 1 if my sources are correct. So this device shouldn’t work right?
Wrong. It totally worked on the vending machine. That means the vending machine only checks track 2 for data, making this way easier that it could have been. I apologize for the terrible video quality. I only had my cell phone on me at the time, hence the terrible resolution and lack of any sound. I’m planning on going back to school tomorrow to do it again with a better camera and a steadier camera operator. I also hope to try this out on the doors to the dorm building since it uses magstripe keys to unlock the doors.
Possible Improvements:
I have thought of a number of ways to improve this project. Here are some of the better ideas:
- Brute forcing function.
I devoted an entire blog post to my ideas about brute forcing these things. It can be found here.
- Serial LCD display to show me the card data
- Use the serial LCD and buttons to be able to scroll through the binary data and alter it. One practical application for this would be to scan a key card and be able to change the data on the key. You could potentially change the expiration date of the key, or perhaps the room(s) it can unlock. This depends on what the card stores and if the card data is encrypted
- Use an eeprom to store the swiped card data in non-volatile memory. This would allow you to power off the device and still keep the data in tact.
- Ability to store data from multiple cards.
- Ability to read/emulate multiple tracks simultaneously. I’m not sure how credit card systems work exactly. They may read both tracks one and two on a card simultanously in order to process transactions. If this is the case, this emulator would not work to copy card data and make purchases. I’m wondering if it would be possible to make an emulator that can emulate multiple tracks simultaneously. It would require tiny electro magnets placed side by side exactly where the tracks should be.