Magnetic Stripe Card Spoofer

Before going any further, read the document I've attached to this step, "A Day in the Life of a Flux Reversal" by Count Zero. This document is pretty much the bible on how magnetic stripes work, and you need to understand how data is encoded on to them and the basic formatting of the tracks on a given magnetic stripe card. I'm going to go get a cup of coffee; have it read by the time I get back.

.......

Finished? Good.

As you will have learned from your reading, data is encoded on to magnetic stripes by means of magnetic flux reversal in the segments on the stripe. When the card is swiped past the card reader, the changing magnetic field of the passing flux reversals induce a current in the reader element, which is then decoded into binary bits, and the original data stored on the magnetic stripe is reconstructed.

So, in order to emulate a particular magnetic stripe, all we need to do is find a way to recreate the pattern of the way its magnetic field changes as it's being swiped past the reader. How are we going to do this? With an electromagnet!

As you may already know, an electromagnet is basically just a solenoid (coil of wire). When an electric current is passed through the coil, a magnetic field is created. By turning the electromagnet on and off rapidly, we can replicate the changing magnetic field of a magnetic stripe swipe.

The final piece of this puzzle is how to control the electromagnet. Well, we're trying to recreate a particular waveform of current through the solenoid in order to create a particular waveform of magnetism. What's a common way of storing waveforms and converting them to electric current? Sound files! So, all we have to do is encode the highs and lows representing the desired flux reversal pattern into a .wav file and play it back on an iPod or similar music player through the solenoid.

Music players designed to play sound through headphones do not produce enough current to drive the electromagnet in this project, so we will also have to construct a basic amplifier that the signal must be passed through before going to the electromagnet.

Although a solenoid by itself will produce a magnetic field when electric current is passed through it, a much stronger magnetic field will be produced if the solenoid is wrapped around a core of ferrous material, such iron or steel.

For this project, I cut some small shapes out of 7 mil steel shim material to use as the core. I marked off a tab that is the part of the metal that will actually be inside of the reader slot, and cut some grooves to keep the solenoid in place. When electric current is passes through the coil, the entire steel shim is magnetized.

For the coil itself, just use standard enamel-coated magnet wire. Wrap it until you run out of wire or space. The more turns you have, the stronger your electromagnet will be. Before you start wrapping the wire, cover the part of the steel around which the wire will be wrapped with tape or something to keep the coil from shorting out if a sharp metal edge bites through the magnet wire's thin enamel coating.

After you have wrapped the solenoid, cover it in electrical tape to hold it in place, and solder some wires on to the end of the magnet wire leads.

Make sure not to get tape on the metal face that will be pushed up against the stripe reader's sensing element.

**Thanks to Steve Moskovchenko for helping me to work out the positioning of the coil. **

Because a personal media player's headphone jack is not strong enough to drive our electromagnet, we must build a simple amplifier to drive it.

I just threw together this circuit from stuff I had lying around my desk. You can use pretty much any amplifier as long as it has enough gain to drive the electromagnet before it starts to distort. If you really don't want to build this circuit, you could even get some old powered computer speakers and replace one of the speakers with your electromagnet.

Anyway, to build the amplifier I'm using, you need the following items:

6-pin DIP socket
IC1 - LM386 op-amp
C1, C2 - 0.1 uF ceramic capacitors
C3 - 220 uF electrolytic capacitor
R1 - 10 ohm resistor
R2 - 5k trimmer potentiometer (actual value doesn't really matter, just as long as the max is large)
Audio cable with 1/8" phono jack on one end (I just cut the cord off some old headphones)
9V battery clip
Small switch
Prototyping board
Assorted jumper wires

Assemble the circuit as shown in the schematic. Make sure that the ground lead of the phono cable is connected to ground of the circuit. It does not matter if you connect the left or right channel of the phono cable to the input of the amplifier. Also, it does not matter which end of the solenoid is connected to ground, as long as one of them is.

I just soldered some jumper wires for the coil outputs that I connect up later with alligator clips later in order to keep the system modular.

Finally, you need a a signal to send to the electromagnet. Edit the data array in the attached C++ program (written by geohot) to contain the data from the magnetic stripe that you want to emulate, and compile/run the program. It will output a file called text.wav that is your data file. Upload the file to your favorite music player (make sure it stays in .wav format), and you're in business!

There are two versions of the program in the zip that I've attached - one is for powerPC mac, and the other for PC/x86 mac.

If you are in need of some data to encode, see my other instructable.

Remember, don't be naughty. I'm not responsible for anything stupid/illegal you try do with this device.

Now that you have built all the parts, it's time to play! Connect the music player, amplifier, and coil as shown in the picture. Insert the electromagnet's metal tab into the card reader slot. I recommend testing the device with a card reader/arduino setup as shown in my other instructable.

Make sure the amplifier is on, and play the .wav file containing your data on the music player. If you've done everything right, the electromagnet should transmit the data from the card you're emulating.

If there's a problem with the transmission, try playing with different combinations of gain on the amplifier and volume on the music player. If the signal is too low, the magnetic field produced won't be strong enough, and if there is too much gain, the signal will be distorted.

Some music players cut off the first split second of things that they play. If this happens, your data will obviously not be transmitted properly. You might have to mess with the C++ code or use an audio editing program to add some silence at the beginning of the sound file if this is a problem. I was able to get around this with my iPod by making a playlist that has a .wav of silence before my data file.

Also, mess with the positioning of the metal tab you might have to move it around a little to find the "sweet spot" where its magnetic field is pest perceived by the reader. Additionally, make sure that it is thick enough to trigger the "card present" switch in the card reader.

It took me a few days to get settings that worked, so don't give up if you don't get it perfect on the very first try.

Good luck!