Join Us!

Skimming device Mag...
 
Notifications
Clear all

Skimming device Magnetic Strip Decoding  

  RSS
nsbuck
(@nsbuck)
Member

Not a mobile phone I grant you but I cant find a specific forum to ask this question -

I removed the EEPROM chip from a makeshift magnetic card reader and obtained a binary dump which has given me something I have not seen before. I would appreciate any suggestions as to what steps are required (if indeed if it is possible) to put this data into a human readable format -

Here is an example of the file obtained

¹Q ¿ B„ÑP _ÿþ©à$MH° =~ȐT@ÀDd0„!C÷ & ¿ B„[email protected]À‡…ªx @E’, ¢6¢¬à[email protected]Ь„BhB„!!ø € 9 ð€B„-P„B€jÀP‘b9ª+b, h„j9Äd‚QœÎÐÈx€À[email protected]Є!üÀ ;7 ?€Ð[email protected]á0·3˜­b9Åb` @ ¬âÊ¡€¹;B¡j
¡¿ð?È € $ 3˜g'ª
Ш[“ $ªq™­ˆ° € ‰RfmI6‡ˆB x€„?° ø@ BȈð8Z!ð¶I[L3%H° ,
Ï<€B48#Á¤„!Cð€ ! ‡á

Quote
Posted : 30/05/2013 9:50 pm
keydet89
(@keydet89)
Community Legend

How does the mag reader store it's data?

ReplyQuote
Posted : 30/05/2013 10:35 pm
Xennith
(@xennith)
Active Member

Looks like a reverse engineering question, can you provide that data in hex format instead?

When you say you took the EEPROM off, is it possible that what you are looking at here is actually the code that controls the device rather than the resultant data?

ReplyQuote
Posted : 30/05/2013 10:50 pm
nsbuck
(@nsbuck)
Member

Here a snippet -

snippet removed as causing issues!!!!

ReplyQuote
Posted : 31/05/2013 2:00 pm
dan0841
(@dan0841)
Member

The data formats are defined in an ISO standard. I did have some of the documents but I can't seem to find them and it has been a while since I've done an MSR job.

If you do a a bit of research you should be able to find the ISO standards which cover MSR. These would be a good starting point, because they define the data structures as well as the cards physical specifications etc.

Dan

ReplyQuote
Posted : 31/05/2013 2:27 pm
mscotgrove
(@mscotgrove)
Senior Member

Your very wide hex dump with no spaces kills my display - by being very wide

Can you do a standard dump, ie 0x10 bytes wide, with a space between each byte!

ReplyQuote
Posted : 31/05/2013 2:46 pm
nsbuck
(@nsbuck)
Member

It Friday and I wasn't thinking.

Ive been doing some research and it looks like track 1 information is 7 bit encoded and track 2 is 5 bit encoding, but I should only need to be interested in track 1 data.

Here is a section and I'm off to read ISO 7811….

b9 51 00 00 00 04 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
10 00 00 03 bf 09 08 42 10 84 d1 01 04 50 20 5f
ff fe a9 e0 24 4d 01 16 48 b0 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 0f
3d 12 7e 02 c8 90 1e 54 40 c0 81 44 10 11 64 30
84 21 08 43 f7

ReplyQuote
Posted : 31/05/2013 3:12 pm
jhup
 jhup
(@jhup)
Community Legend

Xennith asked a good question.

Why do you think the mag stripe data is stored on the EEPROM?

After all, writing to EEPROM is a pain from voltage for read/write and life expectancy perspective. Even if it was some NOR hybrid, it would be a slug. It would be technically much simple to slap some NAND flash onto the same board, and use the EEPROM for the program code itself…

ReplyQuote
Posted : 03/06/2013 10:35 pm
athulin
(@athulin)
Community Legend

I removed the EEPROM chip from a makeshift magnetic card reader and obtained a binary dump which has given me something I have not seen before. I would appreciate any suggestions as to what steps are required (if indeed if it is possible) to put this data into a human readable format

First, find out what makes the reader do the job. Is there a processor on the thing that is programmed (i.e. it's an embedded-processor-solution)? Or is there just some kind of control chip that eats track data and excretes decoded text to a serial port, controlled by parameters in the EEPROM?

In the second case, go to the manufacturer of the device, and ask for documentation and developer material.

In the first case, look for a description of the device. Find a manufacturer id, or something – and ask them. They're the experts.

Or, figure out how the processor works on power-on – does it jump to a fixed address? (if it does, it may be in that EEPROM.) Does it do something else? Whatever, that's where you need to start following the trace.

A dump of a EEPROM is … rarely useful, unless it's complete. And even then you need to know something about the processor that reads from it – like endianness. If you want to find code, you must know at least some parts of the instruction set.

If you have a full dump, and know something about the processor, you might throw it at the IDA disassembler, experiment with starting addresses and see what you get.

By the way, what are you looking for?

ReplyQuote
Posted : 04/06/2013 12:21 am
nsbuck
(@nsbuck)
Member

A little late but I thought you might want a solution to this problem.

There were three chips on this device, the first, verified by the manufacturer is the Magtek chip and its function is to read and decode data on the magnetic chip and does not store user created files, the second chip stored the code and did have a small area for storage but did not store any card information. There was no NAND, only an EEPROM which is where the information was stored.

The information is displayed in hex and needed to be converted to binary (the ISO standard for magnetically stored information is guess what….binary -) )

Once I mapped the memory, the conversion revealed the card numbers.

ReplyQuote
Posted : 03/07/2013 1:45 pm
Share: