1. Home
  2. Electronics Design
  3. Magstripe Reading / Writing

Magstripe Reading / Writing

Hello,

My colleagues and I are enrolled in a course which deals with various aspects of computer security. The particular area we are studying now is security involing magstripe (non-smartcard) systems. Specifically, we have been asked to analyze the security of the card based vending machines on campus.

Our initial conclusion is that the security will be poor -- the vending machines are not connected to a network so each machines "vision" of the outside world is limited by what is encoded on a card. This would undoubtedly make each machine vulnerable to "double spending attacks". We are currently attempting to investigate the specific details of what information is stored to the card (ie. whether amounts are encrypted, timestamps are used, etc.) Again, these cards are just "dumb" magstripe cards so our analysis will be much simpler than if they were smartcards.

We have purchased a magstrip reader and writer. This unit has the ability to read and write in "raw" mode (independent of any of the ISO standards). The company that manufacturers the vending cards is called "Debitek"

formatting link
and their card writers work off a smaller magstripe (smaller than a standard ABA / credit card magstripe). However, their magstripe does align with approximately where "Track 2" would be in the standard magstripe configuration. When we attempt to read for this magstripe, our reader essentially detects no data -- it is possible for us pull the card through the reader at various speeds and obtain data, but it always seems to be "garbage" as we don't consistently read the same data for the Debitek magstripe.

Some questions -- the reader/writer we purchased has what is called an "BPI" (Bits Per Inch) setting. This can be set to either 75 or

210. I assume that this value tells the reader where to look for the next bit as it reads the data -- if Debitek used a value that wasn't 75 or 210, would this explain the reason we are unable to read their magstripe? There are also parity settings (odd or even) and another option that allows us to specify how many leading zeros should precede the sentinel value.

Our goal is to read the value on this magstripe. We just want to see the raw binary values. Does anyone have any idea why the magstripe reader is not detecting anything on this magstripe? (We know that it's not empty because the vending machine can read the values from the card). I suppose its possible that Debitek has used some non- standard way to record 1 and 0 onto the card, in which case we need to find a way to observe the contents of the magstripe in terms of the two states it posesses. Any ideas?

We're hoping for a relatively inexpensive way to accomplish this project -- buying the card reader/writer was a huge expense, given that we have no need for it after the project is complete.

I apologize if there was a better newsgroup to which I should have posted my querey -- this one seemed the most appropriate of the groups I found discussing magstripe technology.

Also, for those wondering/concerned, our group has full permission from the school and professor to carry out our research assignment. Obviously, when we are successful in completing our project, we would be able to "steal" from the vending machines, but any theft would lead to failing grades for all group members. Although the vending machines are not in real-time communication with each others or a "home base", when the funds are collected a transaction log is downloaded so any discrepancies would immediately be detected.

Any suggestions, tips and advice are greatly appreciated.

Thanks,

Jacob

Reply to
jacobderien
Loading thread data ...

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.