Magnetic Encoding

This first exercise introduces you to magnetic data storage and how it relates to credit and debit cards. Whilst this might seem like legacy technology, much of modern payments is built upon magstripe. It's therefore important to understand how magstripe works.

Links to decode visual image of a magstripe

https://github.com/anfractuosity/magstripe

Link to buy ferrofluid, pipette and petri dish in a single package

Amazon US https://amzn.to/3jYknf0

Amazon UK https://amzn.to/2XdETP9

Tracks made visible with ferrofluid

close up of Track1 and Track2

Q1. Were you able to see any data on your card?

A. The answer should be yes!

Q2. How many tracks does your card have?

A. there could be to three tracks of information; Track 1, Track 2 and Track 3. If only two tracks of information are visible, this is perfectly acceptable for bank cards. It is common for bank cards to have Track 1 and Track 2 encoded. Track 3 was intended to be dynamically updated.

Q3. How does magnetic encoding work?

A. Magnetic encoding works by translating the data to be stored into binary zeros and ones. The card writer contains an electromagnet. Changing the direction of the current of electricity changes the polarization of the magnet within the electromagnet. As it passes over the magnetic stripe of the card, the magnet permanently orientates each section of the magnetic stripe in either a north facing or south facing direction. Each binary zero or one is represented by a corresponding north facing or south facing magnet. This is why the magnetic stripe looks like a series of bars when exposed to the ferrofluid. When the card is swiped through a card reader or payment device, the signal input changes depending on the direction of the magnet that is read. The computer reads this information as a zero or a one. Once complete, the computer translates all the binary values into corresponding alphanumeric values at the application level.

Credit Card Imprinters

In this video you will learn how card payments were made without a Point of Sale (PoS) terminal.

Early PoS

In this video you will see an example of an early Point of Sale (PoS) terminal from the 1980s that is still in circulation today. In fact Verifone only stopped supporting this model in 2013!

How does magstripe data relate to NFC and CHIP?

In this video you'll learn how the information from different sources on the card is in fact closely related.

Comparing different sources of track information

In this video you'll learn how to read information from the magstripe and CHIP interfaces of a card and you'll learn how to interpret the data structure.

Link to emv utils

https://github.com/davidbarkhuizen/py_emv_utils

SCR3310 (for reading CHIP cards)

Amazon US https://amzn.to/3gIfDIo

Amazon UK https://amzn.to/3kcOIXr

msr605x (magstripe reader/writer)

Amazon US https://amzn.to/3fvLniN

Amazon UK https://amzn.to/33wm0ei

Comparing different sources - second example

In this video you'll learn how to read information from the contactless/NFC interface.

Link to download Card Reader Pro (Google Play store)

https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard.pro

A closer look at Credit Card Reader Pro

In this video you'll learn how to use the Credit Card Reader Pro application to access information about your contactless card.

Link to download Card Reader Pro (Google Play store)

https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard.pro

8. Looking for vulnerabilities in your own cards

Requirements:

Debit and credit cards (Visa, MC, Amex)
Watch videos 5-7
Credit Carder Pro
Android pone

SCR3310 (for reading CHIP cards)

Amazon US https://amzn.to/3gIfDIo

Amazon UK https://amzn.to/3kcOIXr

msr605x (magstripe reader/writer)

Amazon US https://amzn.to/3fvLniN

Amazon UK https://amzn.to/33wm0ei

Objectives:

Look at the different types of card security codes from CHIP, NFC and magstripe.

Understand the type of Card Security Code (CSC). Is it static or dynamic?

Reproduction steps:

Read the magstripe data, using a magstripe reader. What can you see? What are the fields. Which fields are related to security of the magstripe transactions? Are they static or dynamic? How easy is to bruteforce them?
Read the data stored on CHIP using the app. How is information stored on the the card? What kind of data card gives to the terminal during the payment?
What is the difference between Track2 and CHIP Track2 equivalent? What is the type of CSC on the Track2 Equivalent? Is it static or dynamic?
Read the data stored on NFC using the app. How is information stored on the NFC card? What kind of data card gives to the terminal during the payment?
What is the difference between Track2 and NFC Track2 equivalent? What is the type of CSC on the Track2 Equivalent? Is it static or dynamic?

9. Testing for vulnerabilities in your own cards

Requirements:

Debit and credit cards (Visa, MC, Amex)
Watch videos 5-7
magstripe reader/writer
blank magstripe cards
payment terminal such as square/izettle/clover etc

Blank cards

Amazon US https://amzn.to/3i94UqS

Amazon UK https://amzn.to/3fB8tnY

Payment terminals (requires sign up)

Square for magstripe

Amazon US https://amzn.to/3fAdKw7

SumUp

Amazon UK https://amzn.to/3gAPRpI

Objectives:

Try to replace CSC from the magstripe for another type of CVV (iCVV or dCVV).

Make a payment

Analyze the results.

Reproduction steps:

Write Track2 equivalent to the magstripe, using the correct syntax. The data will be similar to the magstripe data, you will be substituting the CSC and potentially the service code.
Try to make a magstripe payment using track2 equivalent, instead of original track2. Does the payment go through?
Try to make a magstripe payment, using random data in the CSC. Does the payment go through?

Structure of Track data on magstripe

Structure of Track equivalent data on CHIP/NFC