search

zacharyweiss / magspoof_flipper

Port of Samy Kamkar's MagSpoof project (http://samy.pl/magspoof/) to the Flipper Zero. Enables wireless emulation of magstripe data, primarily over GPIO, with additional experimental internal TX.
https://lab.flipper.net/apps/magspoof
MIT License
531 stars 28 forks source link

Inconsistent Results based on magstripe data length in track 2 #9

Open GasStationWeenie opened 5 months ago

GasStationWeenie commented 5 months ago

I have done testing in the past and was unable to send track 2 with lengths of less than 17 characters. When sending for example a 16-digit ID number, the application would require padding prior to the start sentinel to see a result from the reader.

i.e.

;1234123412341234? = failure 0;1234123412341234? = successfully sends 1234123412341234

zacharyweiss commented 5 months ago

I'll dig through the code (and once I get the testing hardware set up again, I'll attempt to replicate), but on intuition I wonder if this is attributable to oddities of the reader's parsing.

To narrow things down in the interim, a few Qs for you:

  1. What reader are you testing against?
  2. Is the data you're attempting to transmit replicating an actual magstripe card (ie, have you swiped an actual card on the same reader, and gotten the output string that fails over magspoof)? Or completely synthetic?
  3. What constitutes "failure"? Does it appear to emulate, but simply fails to show/parse on the reader? Or something else?
  4. Does placing the padding after the start sentinel work? If so, does the parser strip leading zeros? (eg, is it possible the actual mag card has leading zero(s), and the MSR is simply formatting / cleaning the string?)
  5. (optional) If you have the hardware to check — such as a multimeter: in the "failure" case, is there a signal over GPIO? Or nothing gets played over the pins?
GasStationWeenie commented 5 months ago
  1. What reader are you testing against? MSR90 and MSR123
  2. Is the data you're attempting to transmit replicating an actual magstripe card (ie, have you swiped an actual card on the same reader, and gotten the output string that fails over magspoof)? Or completely synthetic? This is occurring with a real card and has been tested in production (I own the system). However, my "real card" is simply a 16 digit ID number on track 2.
  3. What constitutes "failure"? Does it appear to emulate, but simply fails to show/parse on the reader? Or something else? The reader responds (beep/LED) but does not provide any output.
  4. Does placing the padding after the start sentinel work? If so, does the parser strip leading zeros? (eg, is it possible the actual mag card has leading zero(s), and the MSR is simply formatting / cleaning the string?) It sends the 0 along with the string, I do not believe there is any formatting being done in the MSR.
  5. (optional) If you have the hardware to check — such as a multimeter: in the "failure" case, is there a signal over GPIO? Or nothing gets played over the pins? I can if you let me know some rough details on what exactly to check, but the readers do respond so I'm assuming something is being sent.