Magstripe Snooping

Here’s a little mid-week hardware hack: building a magstripe card reader (a.k.a. credit card reader). When completed, the device can pull data off just about any type of common magstripe card, including credit cards and identification tags.

Last summer I took a trip to Ohio and made it a point to visit a gigantic store in Dayton — Mendelson’s Liquidation Outlet. They carry just about everything you could want, however I was particularly interested in the several floors of electronics surplus items. I happened across a magstripe reader with a connector attached, but it was unwrapped with no documentation. It’s surplus, so you take what you can get. On the off-chance it might be useful for a project such as this, I paid about $10 for it. It’s been kicking around since then, and only recently have I done something with it.

I looked up the documentation for the reader I had using a model number found on the bottom, and discovered it was an Omron 3S4YR-HSR4. It could read common cards and output TTL signals, so I searched around some more to see what could be done with it. I found a SourceForge project dedicated to magstripe readers, called Stripe Snoop. They provide diagrams showing how to connect the reader to a PC game port, so I took a trip to my local RadioShack for a matching connector. With a little soldering, I had the finished magstripe reader ready to go.

The Strip Snoop project also maintains an open source program for reading and parsing the card data that is sent in from the reader unit. With my aging Windows box fired up (ugh), I swiped nearly every magstrip card I could find to see what they contained. For example, I was surprised to find that my college student ID contained only my social security number as an identifier.

In short, building a simple magstripe reader isn’t too hard a task, and it’s interesting to see what information is hiding from you even when it’s right in the palm of your hand. While the reader I built only connects to a PC game port, the signals are standard TTL level, so building a USB version is quite feasible. With complete software and diagrams available from the Stripe Snoop project, it’s trivial to get a basic reader up and running on affordable hardware. Total project cost was about $12 plus a few minutes of soldering.

Update: Via Bruce Schneier: Ownership of Mag Stripe Readers May be Illegal in Illinois. Crazy.

Advertisements
Magstripe Snooping

3 thoughts on “Magstripe Snooping

  1. das7282 says:

    I use mag readers at work (on our POS systems which are only mATX Celeron boxes running a striped down version of Win98 and the POS software sitting on top). While I’m not sure why you had a model that you had to connect to a game port because almost ever model I’ve seen connects to a PS2 port and the system sees it as a keyboard.

    And because the system sees it as a keyboard all you need to “read” the information off a strip is an app that can read text such as notepad or Microsoft Word.

    I was amazed when I found out all I had to do was open notepad, swipe my credit card and all the information would be entered into notepad instantly (not encrypted).

    I’m assuming if you found a USB mag strip reader you could do the same thing on a Mac with TextEdit.

    Like

  2. At work (I’m a registration clerk at a hospital) we have card readers to read people’s ID numbers from their health cards. They just hook into a PS/2 port, with a pass-through for the actual keyboard.

    When they were first installed, they would just dump everything on a card through the keyboard. Now they just grab the number part from health cards, but before, it was fun to swipe other things (Visa cards, driver’s licenses, etc) just to see what data was on ’em.

    Like

  3. John says:

    I just built this project and it works very well. While the two comments above are valid the main point of this project is cost. Commercial magnetic card readers usually cost over $70.00 (although you can find deals on ebay). I purchased my reader for under $10.00. Also the free Strip Snoop software does a pretty good job of identifying the card and deciphering the content.

    Plus if you’re the DIY type this project is fun and easy, I have learned much about the information I share using my cards.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s