MagSpoof V4 Getting Started

What is MagSpoof?

MagSpoof V4 is a device that can spoof/emulate any magnetic stripe or credit card. It operates "wirelessly, " even with conventional magnetic stripe and credit card readers, by producing a powerful electromagnetic field that mimics a conventional magnetic stripe card.

Tech Specs

• CH552G Microcontroller
• USB-C compatible
• 1 status LED
• 1 CHRG LED
• SWD pins for programming
• Battery pins
• Coil pins
• Switch for turning ON/OFF the board
• Switch to select BATT/VBUS power supply
• Arduino compatible
• Open hardware

⚠️ Disclaimer ⚠️

MagSpoof is a wireless penetration testing tool intended solely for use in authorized security audits, where such usage is permitted by applicable laws and regulations. Before utilizing this tool, it is crucial to ensure compliance with all relevant legal requirements and obtain appropriate permissions from the relevant authorities.

It is essential to note that the board does not provide any means or authorization to utilize credit cards or engage in any financial transactions that are not legally authorized. Electronic Cats holds no responsibility for any unauthorized use of the tool or any resulting damages.

How does a magstripe work?

The term "magstripes" refers to magnetic stripes. What makes magstripes so cool is that even while the magnetic stripes inside are faint, they are still powerful enough to attract minuscule ferrous particles and wide enough to allow for complete data extraction from a magstripe or credit card using only one's eyes.

A credit card gets dipped into a bag of iron oxide in the animated gif above. The iron oxide is drawn to the magnetic components in the magstripe, and after it is removed, each piece of the tracks can be seen. Credit cards only have two tracks (Tracks 1 and 2), however financial cards with magnetic strips can have up to three tracks. Track 2 has a lower linear density (bits per inch) than Track 1 because it holds fewer bits. Track 2 is now considerably simpler to perceive as a result. Let's look at this:

There are textual pieces above the strips, as shown on the card illustration above. Binary 1 is represented by two solid stripes, while binary 0 is represented by a stripe and a gap. The card should be viewed as the least important portion first after being turned 180 degrees (looking at it upside down). Up to the first 1, we disregard every initial 0 in the string.

The least important bit comes first on Track 2's five-bit characters, while the fifth bit is an unusual parity bit. The credit card number may be obtained (along with additional information like the expiration date, discretionary data, CVV/CVC/CSC/CID/CAV depending on the kind of card) by taking each set of 5 bits and reading the first 4 bits.

Comparing the numbers on the card's front to those in the image above reveals that they are identical.

Front of card:

To use the Magspoof it will be necessary to download and install Arduino IDE.

Installing Arduino IDE

Download Arduino IDE

The Arduino Integrated Development Environment - or Arduino Software (IDE) - contains a text editor for writing code, a message area, a text console, a toolbar with buttons for common functions, and a series of menus. The Arduino Software allows you to write programs and upload them to your board.

First, you will need to download and install the Arduino IDE, which you can find here available on different OS. If needed, specific instructions are mentioned here.

After installing the Arduino IDE you should see the next window.

After installing Arduino IDE, to start programming with it, you'll need to install our boards core, don't worry it is nothing to write home about, here is a quick guide on how to install them.

Installing WCH Boards core

To add board support for WCH products, open the Preferences window (File > Preferences).

Now, copy and paste the following URL into the 'Additional Boards Manager URLs' input field:

https://raw.githubusercontent.com/DeqingSun/ch55xduino/ch55xduino/package_ch55xduino_mcs51_index.json

• If there is already an URL from another manufacturer in that field, click the button at the right end of the field. This will open an editing window allowing you to paste the above URL onto a new line.
• Press the "OK" button.
• Open the "Boards Manager" that is in Tools > Board > Board Manager.
• Then, write ch55x in the search bar.
• Click install, just wait to finish installing, and close the window.

In Tools > Boards, scroll down the board's list until you see the ch55xduino boards.

Our device works at 3.3V, 16 Mhz, and requires this special configuration.

Driver for windows

Zadig is the recommended tool to install drivers in Windows. The bootloader (4348, 55E0) should be installed with WinUSB or libusb-win32 driver.

You can use USB Serial (CDC) driver for the default CDC USB stack. If you tried to emulate another type of USB device without changing the PID/VID, you may need to uninstall the device before installing a new driver.

Installing the driver

Execute Zagdig, you will see the next window:

Connect your MagSpoof V4 to your PC. Before you try to launch the bootloader mode, you should see your board in the PORTS (COM) section:

To install the driver for the bootloader mode, disconnect your board from your PC and put a jumper wire making a shortcut between the pads of JP1 (back of the board). Connect again MagSpoof V4 to your PC. The green LED must turn on and remain on while the shortcut is done through the JP1 pads. Now, you should see an "Unknown Device" in PORTS (COM) section.

Select "Unknown Device #1" in Zadig and select the WinUSB or libusb-win32 driver. By checking the "Edit" box, you can also change the name of the device. Then, click on "Replace Driver" (this is in case there was another driver already installed):

In case no driver was previously installed, click on "Install Driver".

Bootloader Mode

MagSpoof V4 has a Bootloader Mode that is activated by making a shortcut between the pads of JP1:

Once the board is in bootloader mode (and the WinUSB or libusb-win32 has been installed for the device), you should see MagSpoof V4 in the Device Manager as follows:

Once everything is set up, you may start using your Magspoof.

The guidelines for using your MagSpoof V4 to simulate a magnetic stripe are listed below.

• Note that using credit cards for which you do not have the proper authorization is not possible with MagSpoof. MagSpoof needs you to have/own the magstripes you intend to replicate since Chip-and-PIN and Amex information are not implemented. Transactions cannot be completed by just entering a credit card number and expiration date. With the help of MagSpoof, you may do study several fields related to electromagnetism, microcontrollers, and magstripes. You can also learn about other commercially available technologies like Samsung MST and Coin and design your products using those technologies as a model.

Examples

Obtain information about the tracks on your magstripe.

Obtaining the information about the tracks on your magstripe is easier than dipping the card into an iron oxide bag. You can use a card reader.

Note: the card reader is not included with the purchase of the MagSpoof V4.

Connect your card reader with a USB cable to the computer.

Open a notepad application on your computer.

Swipe your card through the card reader, so the magstripe will be read. Notice that on the notepad will appear a chain of characters. These characters correspond to the data read from tracks 1 and 2 on the magstripe. Keep an eye on them, you will need them in the next steps.

Creating and uploading the firmware to your MagSpoof V4

To make your Magstripe emulator work, you need to upload the firmware to your MagSpoof V4. The firmware is software embedded in the hardware and stored in the ROM and it is understood as a group of instructions to be executed once the device has been energized. You can download the base code for firmware here.

Open it up on your computer, and look for those lines commented as //Track 1 and //Track2. See the image below, they are highlighted.

These code lines are the ones you need to modify with the information obtained from your card reader and written on your notepad application.

Maybe you are asking yourself which characters of the obtained chain stand for track 1 and which for track 2. Let us compare track 1 in the code against the read characters.

Quotation marks should be omitted since they only announce a character chain in the code. Look that the chain begins with %B, just like the example in the code. Then we have alphanumeric and some special characters; we need to take the characters to read before the underscore. You do not need to erase the blank spaces, just take care with some of the special characters. ^ must be written instead of & and / instead of -. DON'T erase the % at the beginning, neither ?\0 at the end. This way, we obtained Track 1.

Track 2 is conformed with the rest of the characters obtained after the first underscore and before the last underscore.

Just as before, some characters must be changed: write; instead of ñ and = instead of ¿. Your code should be read as follows.

Save your firmware code and compile it, just to check there are no syntax errors. Connect your MagSpoof V4 to your computer. Go to IDE > Tools > Port and select the board. Upload the firmware.

Once programmed, you will see in your MagSpoof the three LEDs turned on: ON led, Batt Done led, and Status Led. Keep your MagSpoof V4 connected to your computer and Arduino IDE open. Open the Serial Monitor; go to IDE > Tools > Serial Monitor.

Every time you press the S1 button the emulator process is performed. It means the MagSpoof emulates a magnetic stripe by quickly changing the polarization of an electromagnet (coil), producing a magnetic field similar to that of a normal magnetic stripe as if it's being swiped.

Press the S1 button to start the emulation. By pressing it, the Status LED will blink once and then turn off, and you will see in the serial monitor the next message.

After pressing the S1 button and executing the emulator, it is needed to press the RST button if you want to emulate again the card.

You can test the reading of your card info, by inserting the coil pad into the card reader.

Before pressing S1 button

After pressing S1 button

The reading test must throw the same information that the real card.

Also, please check our newest firmware, which enables you to submit card tracks through USB and immediately simulate them without the need for Arduino IDE.

If you made it to this point, congratulations! You are done.

Electronic Cats invests time and resources in providing this open-source design. Please support Electronic Cats and open-source hardware by purchasing products from Electronic Cats!

Firmware released under a GNU AGPL v3.0 license.

Hardware released under a CERN Open Hardware Licence v1.2.

Electronic Cats is a registered trademark, please do not use it if you sell these PCBs.

If you have any queries, comments, or worries, you can get in touch with us at the following link: Contact Us.