Magnetic Encoding
This first exercise introduces you to magnetic data storage and how it relates to credit and debit cards. Whilst this might seem like legacy technology, much of modern payments is built upon magstripe. It's therefore important to understand how magstripe works.
Links to decode visual image of a magstripe
https://github.com/anfractuosity/magstripe
Link to buy ferrofluid, pipette and petri dish in a single package
Amazon US https://amzn.to/3jYknf0
Amazon UK https://amzn.to/2XdETP9
Tracks made visible with ferrofluid
close up of Track1 and Track2
Q1. Were you able to see any data on your card?
A. The answer should be yes!
Q2. How many tracks does your card have?
A. there could be to three tracks of information; Track 1, Track 2 and Track 3. If only two tracks of information are visible, this is perfectly acceptable for bank cards. It is common for bank cards to have Track 1 and Track 2 encoded. Track 3 was intended to be dynamically updated.
Q3. How does magnetic encoding work?
A. Magnetic encoding works by translating the data to be stored into binary zeros and ones. The card writer contains an electromagnet. Changing the direction of the current of electricity changes the polarization of the magnet within the electromagnet. As it passes over the magnetic stripe of the card, the magnet permanently orientates each section of the magnetic stripe in either a north facing or south facing direction. Each binary zero or one is represented by a corresponding north facing or south facing magnet. This is why the magnetic stripe looks like a series of bars when exposed to the ferrofluid. When the card is swiped through a card reader or payment device, the signal input changes depending on the direction of the magnet that is read. The computer reads this information as a zero or a one. Once complete, the computer translates all the binary values into corresponding alphanumeric values at the application level.
Credit Card Imprinters
In this video you will learn how card payments were made without a Point of Sale (PoS) terminal.
Early PoS
In this video you will see an example of an early Point of Sale (PoS) terminal from the 1980s that is still in circulation today. In fact Verifone only stopped supporting this model in 2013!
How does magstripe data relate to NFC and CHIP?
In this video you'll learn how the information from different sources on the card is in fact closely related.
Comparing different sources of track information
In this video you'll learn how to read information from the magstripe and CHIP interfaces of a card and you'll learn how to interpret the data structure.
Link to emv utils
https://github.com/davidbarkhuizen/py_emv_utils
SCR3310 (for reading CHIP cards)
Amazon US https://amzn.to/3gIfDIo
Amazon UK https://amzn.to/3kcOIXr
msr605x (magstripe reader/writer)
Amazon US https://amzn.to/3fvLniN
Amazon UK https://amzn.to/33wm0ei
Comparing different sources - second example
In this video you'll learn how to read information from the contactless/NFC interface.
Link to download Card Reader Pro (Google Play store)
https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard.pro
A closer look at Credit Card Reader Pro
In this video you'll learn how to use the Credit Card Reader Pro application to access information about your contactless card.
Link to download Card Reader Pro (Google Play store)
https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard.pro
8. Looking for vulnerabilities in your own cards
Requirements:
Debit and credit cards (Visa, MC, Amex)
Watch videos 5-7
Credit Carder Pro
Android pone
SCR3310 (for reading CHIP cards)
Amazon US https://amzn.to/3gIfDIo
Amazon UK https://amzn.to/3kcOIXr
msr605x (magstripe reader/writer)
Amazon US https://amzn.to/3fvLniN
Amazon UK https://amzn.to/33wm0ei
Objectives:
Look at the different types of card security codes from CHIP, NFC and magstripe.
Understand the type of Card Security Code (CSC). Is it static or dynamic?
Reproduction steps:
Read the magstripe data, using a magstripe reader. What can you see? What are the fields. Which fields are related to security of the magstripe transactions? Are they static or dynamic? How easy is to bruteforce them?
Read the data stored on CHIP using the app. How is information stored on the the card? What kind of data card gives to the terminal during the payment?
What is the difference between Track2 and CHIP Track2 equivalent? What is the type of CSC on the Track2 Equivalent? Is it static or dynamic?
Read the data stored on NFC using the app. How is information stored on the NFC card? What kind of data card gives to the terminal during the payment?
What is the difference between Track2 and NFC Track2 equivalent? What is the type of CSC on the Track2 Equivalent? Is it static or dynamic?
9. Testing for vulnerabilities in your own cards
Requirements:
Debit and credit cards (Visa, MC, Amex)
Watch videos 5-7
magstripe reader/writer
blank magstripe cards
payment terminal such as square/izettle/clover etc
Blank cards
Amazon US https://amzn.to/3i94UqS
Amazon UK https://amzn.to/3fB8tnY
Payment terminals (requires sign up)
Square for magstripe
Amazon US https://amzn.to/3fAdKw7
SumUp
Amazon UK https://amzn.to/3gAPRpI
Objectives:
Try to replace CSC from the magstripe for another type of CVV (iCVV or dCVV).
Make a payment
Analyze the results.
Reproduction steps:
Write Track2 equivalent to the magstripe, using the correct syntax. The data will be similar to the magstripe data, you will be substituting the CSC and potentially the service code.
Try to make a magstripe payment using track2 equivalent, instead of original track2. Does the payment go through?
Try to make a magstripe payment, using random data in the CSC. Does the payment go through?
Structure of Track data on magstripe
Structure of Track equivalent data on CHIP/NFC
