It would be absolutely amazing to walk around in stores and pay with a MagSpoof instead of your regular card, just to see how the cashiers would react.
I am so grateful I followed my heart to buy things from *@Darkjacob* on *telegram* the dude made believe this whole thing I’m so grateful and happy at the same time I got my credit card from him dumps, pin with SSN and Social security Benefit template 💯
I am so grateful I followed my heart to buy things from *@Darkjacob* on *telegram* the dude made believe this whole thing I’m so grateful and happy at the same time I got my credit card from him dumps, pin with SSN and Social security Benefit template 💯
Here's the BIN of the first 6 digits of your CC 426684 BIN VISA PREMIER credit card issued by CHASE BANK I always figured that the magstripe contained a code for chip requirement that could be turned off with a slightly rewritten magstripe. As a reformed carder I haven't touched a magstripe reader/writer in more than a decade. I never thought that iron oxide particles could reveal the code, amazing!!
Not too shabby for a High School (or was it college?) drop out. :) If you ever turn black hat we have a problem. A BIG problem. Your stuff is always fascinating, and I love the way your inquisitive mind finds such direct and simple measures where everyone else thinks "complex". Iron oxide powder. So simple. So obvious, and yet not - at least on a silver magstrip. I suppose you could just bung the card on a photo scanner at that point, and use some simple image libraries.
I don't know why but I am just smiling and laughing at how GENIUS this is. Not in an insulting way but it's just amazing and marvelous to see someone do this.
Wow your the man. Never stop amazing. It's crazy how "secure" our hard earned money really is. That's why I still stay with the old principle and keep my money under my mattress.
Nice! adding the service code stuff back in was pretty straight forward given to the separator before the date.. as for the algorythm for the Amex cards.. that's your secret :D
Hey Samy I was watching "Mr.Robot" a few days ago and saw them use your Mag Spoof concept to unlock a hotel room door. How does it feel to see one of your creations featured on a popular TV show? Also, what's your opinion on the show?
Samy, come on now... You gotta try harder to hide that beautiful smile behind that video.... The pure pleasure you seem to be glowing here is priceless... Just as your amazing discovery and development of the spoof... Amazing work... :)
From the website, I mention: I found that by emulating a card with MagSpoof, if I send Track 1 one way, and then send Track 2 reversed, every card reader will assume I simply swiped a card back and forth, use the data from both tracks and my strong electromagnet, and properly read all of the data. This is extremely effective, uses only a single coil, and works for both tracks simultaneously. This also allows MagSpoof to work on Track 3.
Nice gizmo. My Samsung S6 cellphone has the spoofing ability built in, but all your other info is very interesting. Sadly here in UK magstripe is hardly ever used, it's all been Chip & PIN for years (and now of course NFC).
maybe i'm criss-crossing my technologies here, but i'd love to see if there's a way to encode/record a tape cassette's magnetic audio information into a magspoofer, then hold the magspoofer up to a tape deck that is empty but in the 'play' position. i bet there's a potential for some pretty freaky sounds ;)
+Stenlan Thanks! I've been playing with software since I was a teen, though I only started touching hardware in the past few years on and off, mostly playing with Arduinos.
+Samy Kamkar Thanks for your reply! I am 15 at the moment and learning to program and have programmed quite a bit already, and am wanting to increase my knowledge of the hardware side, so your videos are a big inspiration! Thank you for that
Hi Samy, you did really interesting talks, thanks for that. :) I have a bunch of magstripe-cards, is there a cheap way to read and write those cards aside from buying some pricey automateic magstripereader like gambling-machines use? Any recommendations?
This is pretty old since it's what LoopPay was doing from the start. And now Samsung, with their Samsung Pay since they bought LoopPay and put that tech into their new phones. It's still cool though and I appreciate knowing how to make it myself.
+Charlie Lehardy Thanks! Note that with Samsung Pay/LoopPay, if a location requires your Chip, you need to still dip the original chip, while with MagSpoof you can disable the Chip requirement. Pretty fun stuff!
Samy Kamkar Yeah, certainly true. 'course, if we want to do it with MagSpoof we have to write that code ourselves since you're not releasing it. Not that it'd be hard to write that code...
+Samy Kamkar S-Pay uses tokenization, and it doesn't use your regular CC number. That means you don't need to have a chip-n-sig card on hand, since it doesn't have the chip-n-pin service code. LoopPay would require the actual chip CC to be present, since it just uses the same data that is on the mag stripe itself. I suppose if you hacked LoopPay, you could remove the chip-n-sig code from the data transmitted, similar to this MagSpoof.
+StephenB The tokenization only works at NFC-enabled terminals, which in the US there are very few of, otherwise it reverts to traditional magstripe (what they call MST) which has the Chip issue discussed.
+Samy Kamkar I don't want to be the party pooper here, but Samsung Pay uses tokenization for all transactions, NFC or MST. Samsung Pay also doesn't use the chip-n-sig codes that would force you to dip your card. Where are you getting this misinformation? As an example, just today I was at the department store, Target, where they require chip cards to be dipped. They also don't have NFC enabled at their PoS terminals currently. My credit card has a chip on it, so I would be forced to dip my card. However, because I use Samsung Pay, I just hold my phone up to the swipe slot, and it goes through just as if I swiped with a card with no chip on it. I don't get a message telling me I need to dip the card. I have seen many people struggle with this new chip-n-sig dipping method. They swipe, dip, swipe again, dip again... Then the sales associate forces the card in deeper and it finally works.
hej i like ur videos ur super cool but i want to make a question? i used ur quickjack online but i dont know where to paste the skript to make it usefull can u help me ??
Hi samy, I want to make it one as my project. in your blog you said, how to make a device, but after making this device how to load card details into this device to use at POS and ATM's? Pls give that description also.
Accurately predict replacement card numbers from about 20 cards? Is this in reference to your own cards and current card numbers? Like if you request one on your current card you can predict the new one OR your claiming you can predict all future amex numbers for all customers?? Im really curious on what amex said to you when you told them. Hard to believe they would just trust you to keep it to yourself. I could be wrong but i could see that possibily being a huge issue later on.. if some big breach/fraud/ id theft situation happens and somehow someone references this video that amex was notified of the issue a lot time ago and chose to not do anything about it may put them at risk of a lot of law suits.
is it possible to jam the frequencies used by the terminal and card for the tap transaction forcing the customer to have to use the emv chip instead? i suspect that a few stores in my town have a jammer to force us to use the emv chip making skimming easier. my experiences is i have tried to use the tap to pay from credit card (not phone) and the terminal refuses the transaction at several gas station convenience stores then a few weeks later i get an alert of fraud on my card for $2000 from a starlink internet connection. then i have to redo my card. my purchase is usually under $10 i can understand and get it that anything over $250 would not work with tap but i doubt there is a minimum
I wish I knew as much as you..I'm trying to teach myself all this but its so hard when I don't know where to start. ...your amazing by the way: ) any chance you can post some tutorials for penetration testing?? Thanks from canada for all the great info...
Pressimg down the button causes the magspoof to transmit the magstripe data; however, how can one read the magstripe data off something using magspoof?
Sweet! Mostly learning from trial and error online and learning to program. Starting with simple programs, learning about basic vulnerabilities, and developing new attacks. Automating attacks also really helped me learn things quickly.
danm I saw some of your videos and holy shit your way way too smart. I myself like to hack games and other similar stuff but I'm not good as you obviously but I was just wondering when are u going to make like website hacking videos or is it even possible to hack any thing on a website? any way I love your work. big Fan💯💯💯
+johnny .test Thanks Johnny! I used to do a lot more web based and software attacks (you can see some of them at samy.pl), I may reintroduce a few though I've been having a lot of fun with hardware lately. If you haven't seen my Quickjack tool, that may be interesting to you: ua-cam.com/video/bCkSVGhIEb4/v-deo.html
+Psycopathic cuntstable Yes, the FONA has serial (RX/TX), and you can connect that to the RX/TX lines of the Pi (you may need logic level converters/resistors if the voltages don't match up) and use serial on the Pi to connect to the Internet, then bridge wifi over it. I do essentially what you're asking in my ProxyGambit project here: samy.pl/proxygambit/
It was awesome! I have been crazy busy but trying to get back into it...ps, really looking to learn about EMPs and have been checking out your channel! Very cool stuff!
So let me get this clear: The chip on my card that I have, to make sure no one can steal my magnetic stripe and take my money, can be turned off..... by the magnetic stripe. If the bank can't decline transactions based on my card type, I'm going to be super pissed. (At the bank, mind you)
+Cole d Coding was one of the first things that allowed me to dive in. Knowing basic hardware and being able to build digital circuits has also opened up a lot as it allows access to so much more hardware you might not normally tamper with. Third is hard to say, but I will say actually attempting to execute or exploit something, rather than just reading about it, is huge -- there is a lot of nuance in execution and going through it teaches you so much that becomes extremely useful in the future.
+Samy Kamkar Thanks! Helps a lot. I have experience in these areas but no official training. I plan on learning to code soon, I'll probably start with C++
Hi Samy hope you are still active on this chanel, i have idea on similar project to repurpose samsung mst chip that is in samsung note 9 and samsung phones form that generation, mst is preety much same as magspof only i do not know how to make android app that can talk to thet chip, it would be awsome to have 3dr party app since samsung diched mst in samsung pay
Hi I was reading through your magspoof project on github and was hoping I could ask you a few questions about magstripe cards. I actually found your project while looking for a way to store my various ID (school, work, ect) cards in one system. Do ID cards (like this) use the same principles as credit card magstripes?
Yup, assuming there is a magstripe on the card, then yes, it will essentially behave the same. Different cards may use different tracks, however, as there are a total of three possible tracks for magstripes where credit cards only use two.
Thanks, besides ferrous powder is there any simple way to identify how many tracks the card has? I assume id also need a card reader to decode its data
You can measure where the tracks are as each track has a specific location: www.magtek.com/content/documentationfiles/d99800004.pdf You'll need a magstripe reader to decode the data or ferrous material, correct.
Can magspoof hold multiple cards? If so how do you choose between them. I'm probably wrong but I've never seen arduino do input commands, like scrolling through cards and choosing one kind of input.
Hello Samy. How can I start to learn all these cool computer things you do? I mean, typing "how to be a hacker" on google feels really derp... What should be the first thing to learn? Where to find good content for beginners? I watched a lot of your stuff and I feel so ignorant! I've been using a computer since I was a child but I know close to nothing in regards to how things work, but I want to change this. Thanks .
Google "how to be a hacker for realsies", I think...actually the best thing for me was learning to code (and a Google search there will help). I believe understanding how to code, and then learning how code could be exploited, helped shape the idea of exploitation and reverse engineering strongly, and interestingly allowed me to apply it in other areas without any additional work. If you learn to code for web, for example, then checking out OWASP and their lists of web vulnerabilities, how to exploit them, how to solve them, along with tools they provide are pretty helpful (this is just one area but a relevant one). Also building tools to help me find vulns seemed to be beneficial too...
Samy, the magstripe reader has one reader for each track, what makes it impossible to read the two tracks simultaneously using this emulator, am I right?
Actually even though I only have one loop antenna, I'm actually able to trick the reader into believing two tracks are being played by reversing the 2nd track (emulating a swipe one way, and swipe in reverse for the 2nd track). I describe this at samy.pl/magspoof/
Maybe I'm missing something, but why can't someone use this if they don't have the physical card? I would assume if you are capable of retrieving both tracks and the cvv # you would be able to use any card even ones you don't have...?
It would be absolutely amazing to walk around in stores and pay with a MagSpoof instead of your regular card, just to see how the cashiers would react.
Jesper Jacobsen lol
What’s the protocol for magspoofing
that's what I was thinking too
@@benjiladd2955 is telegram an app
".. you can actually get away without dipping your chip at all..." now I'm hungry.
+Jess R. When I dip, you dip, we dip
+Samy Kamkar Just don't double dip.
I have a chip card but want to swipe I also have a magstripe reader writer can anyone tell me how to change the card to "swipe only"
can i connect you or connect at mrandmrsavaliablie@gmail.com
mrs icq?
but most of all, samy is my hero
A real genius
justquant he's more than a hero since mr robot
I am so grateful I followed my heart to buy things from *@Darkjacob* on *telegram* the dude made believe this whole thing I’m so grateful and happy at the same time I got my credit card from him dumps, pin with SSN and Social security Benefit template 💯
Since when geniuses side with human traffickers?
dam this guy is good at reverse engineering
He's the chuck norris of reversing
I am so grateful I followed my heart to buy things from *@Darkjacob* on *telegram* the dude made believe this whole thing I’m so grateful and happy at the same time I got my credit card from him dumps, pin with SSN and Social security Benefit template 💯
Here's the BIN of the first 6 digits of your CC
426684 BIN VISA PREMIER credit card issued by CHASE BANK
I always figured that the magstripe contained a code for chip requirement that could be turned off with a slightly rewritten magstripe. As a reformed carder I haven't touched a magstripe reader/writer in more than a decade.
I never thought that iron oxide particles could reveal the code, amazing!!
Samy where are you i miss you! Your projects are so FUCKING cool!! keep doiing them pleease
^!
Not too shabby for a High School (or was it college?) drop out. :)
If you ever turn black hat we have a problem. A BIG problem.
Your stuff is always fascinating, and I love the way your inquisitive mind finds such direct and simple measures where everyone else thinks "complex". Iron oxide powder. So simple. So obvious, and yet not - at least on a silver magstrip. I suppose you could just bung the card on a photo scanner at that point, and use some simple image libraries.
Incredible! It's one thing to build a product but to reverse engineer and beat the system is another!
Awesome stuff
I had always thought that this would be possible but never knew about the binary codes, very intersting video! Keep them coming!!!
The one thumb down is from AMEX.
+Peter Jones Boom!
why not give use this hackers called Keybenefits , contact them at keybenefits@tutanota.com
I just googled your name.... your a genius. I can't believe I have access to communicating with a genius like you.
I don't know why but I am just smiling and laughing at how GENIUS this is. Not in an insulting way but it's just amazing and marvelous to see someone do this.
I just subscribed. I found this channel from Wired December 2015 issue. Keep up the good work.
+Dennis Martin Thanks!
So glad you're a good guy.
Until he gets fucked over by one of those companies he helps
Wow your the man. Never stop amazing. It's crazy how "secure" our hard earned money really is. That's why I still stay with the old principle and keep my money under my mattress.
Hey, Can I crash at your place tonight? I take the bed.
Fancy seeing you here!
+LockPickingLawyer hahaha fancy indeed.
+Papa Gleb Reprobates, the pair of you!
+l0ckcr4ck3r looks like the gang is all hear, well maybe just a portion.
Nice! adding the service code stuff back in was pretty straight forward given to the separator before the date.. as for the algorythm for the Amex cards.. that's your secret :D
That choreographed hand intro blew my mind.
Hey Samy I was watching "Mr.Robot" a few days ago and saw them use your Mag Spoof concept to unlock a hotel room door. How does it feel to see one of your creations featured on a popular TV show? Also, what's your opinion on the show?
Hey Pablo, felt pretty awesome! I've always been a fan of the show.
Samy Kamkar Are you a fan of the show?
But most of all, Samy is my hero.
Samy, come on now... You gotta try harder to hide that beautiful smile behind that video.... The pure pleasure you seem to be glowing here is priceless... Just as your amazing discovery and development of the spoof...
Amazing work... :)
I wrote a paper about you back in community college. Its all so fascinating.
Really cool, especially since you do this not to do things that are bad but to inform those companies that they exist.
Thanks!
Dude life hack! Cool and worrisome at the same time. Well done.
I love this, Build this inside a 3D printed phone case and now i don't have to carry my Hotel room cards/Gym card
Can you please help me build mines?
My bank just sent me a new card with a chip in it, lmao. Thanks Samy! :)
waiting for a new video for so long! finally! :)
Woah Sammy, u are so good, i wish u will get some reward for discovering that out :) !
Happy to hear that you took precautions here, Samy. :-)
How are you so smart!!!! This is so cool I want to learn how to do cool things like this.
Thanks, I am curious how it simulates the use of multiple tracks because there is only one transmitting coil.
From the website, I mention: I found that by emulating a card with MagSpoof, if I send Track 1 one way, and then send Track 2 reversed, every card reader will assume I simply swiped a card back and forth, use the data from both tracks and my strong electromagnet, and properly read all of the data. This is extremely effective, uses only a single coil, and works for both tracks simultaneously. This also allows MagSpoof to work on Track 3.
Samy Kamkar
Thanks Sammy, I don't even carry or use my card anymore, this is great!!!!!!!
wow dude. Just wow. You make me feel stupid...but in a good way.
Just found this, LOL oh Samy, you are still my hero.
Vous faites du super travail, merci :)
Samy is my hero once again!
please be my teacher in this awesome tech field
You could create a headphone jack unit and smartphone app for a much more sophisticated device.
Garrett Fogerlie Conor Tierney I sell data email me now wayz.52210@yandex.com ...or. Computermath2019@gmail.com. Trk1 trk 2. And SumTimes pin
Nice gizmo. My Samsung S6 cellphone has the spoofing ability built in, but all your other info is very interesting. Sadly here in UK magstripe is hardly ever used, it's all been Chip & PIN for years (and now of course NFC).
Good as always.
Really like your videos.
maybe i'm criss-crossing my technologies here, but i'd love to see if there's a way to encode/record a tape cassette's magnetic audio information into a magspoofer, then hold the magspoofer up to a tape deck that is empty but in the 'play' position. i bet there's a potential for some pretty freaky sounds ;)
How edit your code on Git to emulate my card? What data I need?
You are a legend. Looking forward to the next video
Hey Samy,
Amazing work, like all your videos. I have just 1 question; when did you start fiddling around with electronics and such?
Thanks in advance!
+Stenlan Thanks! I've been playing with software since I was a teen, though I only started touching hardware in the past few years on and off, mostly playing with Arduinos.
+Samy Kamkar Thanks for your reply! I am 15 at the moment and learning to program and have programmed quite a bit already, and am wanting to increase my knowledge of the hardware side, so your videos are a big inspiration! Thank you for that
I love you in the good way, really man you are a genius, thank you.
Hi Samy, loved your talk at DefCon 18! Are you still active on UA-cam?
Hopefully I'll get back to it shortly!
Great, looking forward to it!
+Bob. me too! :)
yay
You are an inspiration Samy!
You should do a video on what programs you use and general recommendation.
Hi Samy, you did really interesting talks, thanks for that. :) I have a bunch of magstripe-cards, is there a cheap way to read and write those cards aside from buying some pricey automateic magstripereader like gambling-machines use? Any recommendations?
It's an amazing video Samy! I really love work with this kind of components. But I have a question.. How can you synchronize your card with MagSpoof?
+weroo109 You can read the bits off manually via iron oxide or use a magstripe reader such as the MSR605.
Great video! Amazed once again!
Would Love to do more research in the areas of ECE engineering!
This is pretty old since it's what LoopPay was doing from the start. And now Samsung, with their Samsung Pay since they bought LoopPay and put that tech into their new phones.
It's still cool though and I appreciate knowing how to make it myself.
+Charlie Lehardy Thanks! Note that with Samsung Pay/LoopPay, if a location requires your Chip, you need to still dip the original chip, while with MagSpoof you can disable the Chip requirement. Pretty fun stuff!
Samy Kamkar Yeah, certainly true. 'course, if we want to do it with MagSpoof we have to write that code ourselves since you're not releasing it. Not that it'd be hard to write that code...
+Samy Kamkar S-Pay uses tokenization, and it doesn't use your regular CC number. That means you don't need to have a chip-n-sig card on hand, since it doesn't have the chip-n-pin service code. LoopPay would require the actual chip CC to be present, since it just uses the same data that is on the mag stripe itself. I suppose if you hacked LoopPay, you could remove the chip-n-sig code from the data transmitted, similar to this MagSpoof.
+StephenB The tokenization only works at NFC-enabled terminals, which in the US there are very few of, otherwise it reverts to traditional magstripe (what they call MST) which has the Chip issue discussed.
+Samy Kamkar I don't want to be the party pooper here, but Samsung Pay uses tokenization for all transactions, NFC or MST. Samsung Pay also doesn't use the chip-n-sig codes that would force you to dip your card. Where are you getting this misinformation?
As an example, just today I was at the department store, Target, where they require chip cards to be dipped. They also don't have NFC enabled at their PoS terminals currently. My credit card has a chip on it, so I would be forced to dip my card. However, because I use Samsung Pay, I just hold my phone up to the swipe slot, and it goes through just as if I swiped with a card with no chip on it. I don't get a message telling me I need to dip the card.
I have seen many people struggle with this new chip-n-sig dipping method. They swipe, dip, swipe again, dip again... Then the sales associate forces the card in deeper and it finally works.
Just imagine putting a MetroCard number on this... Contactless entry into the NYC subway :D
Where from buy magspoof I need that device
hej i like ur videos ur super cool but i want to make a question? i used ur quickjack online but i dont know where to paste the skript to make it usefull can u help me ??
I've noticed your voice pitch changes from High-to-Low in your videos as they progress xD
+Barrel Titor From excited to tired ;)
just came over from physics girl... nice content
+James L Thanks!
Do you work alone for your self? Or do you work for a company? You are so smart and one day I hope to be like you!
Hi samy,
I want to make it one as my project.
in your blog you said, how to make a device, but after making this device how to load card details into this device to use at POS and ATM's?
Pls give that description also.
It has been a long time since you uploaded a video
Accurately predict replacement card numbers from about 20 cards? Is this in reference to your own cards and current card numbers? Like if you request one on your current card you can predict the new one OR your claiming you can predict all future amex numbers for all customers??
Im really curious on what amex said to you when you told them. Hard to believe they would just trust you to keep it to yourself. I could be wrong but i could see that possibily being a huge issue later on.. if some big breach/fraud/ id theft situation happens and somehow someone references this video that amex was notified of the issue a lot time ago and chose to not do anything about it may put them at risk of a lot of law suits.
what a legend!!!! well done and thanks for your hard work!!!
Happy 2k17 Samy
is it possible to jam the frequencies used by the terminal and card for the tap transaction forcing the customer to have to use the emv chip instead?
i suspect that a few stores in my town have a jammer to force us to use the emv chip making skimming easier.
my experiences is i have tried to use the tap to pay from credit card (not phone) and the terminal refuses the transaction at several gas station convenience stores then a few weeks later i get an alert of fraud on my card for $2000 from a starlink internet connection.
then i have to redo my card.
my purchase is usually under $10 i can understand and get it that anything over $250 would not work with tap but i doubt there is a minimum
Would you kindly release your intro music?
I know it's "Epoch Rises - Phantasm (unreleased)", but I couldn't find anywhere...
Thanks.
Wow, I literally have an ATTINY85 and L293D chips laying around from a robotics project. Just gonna screenshot that schematic :D
I wish I knew as much as you..I'm trying to teach myself all this but its so hard when I don't know where to start. ...your amazing by the way: ) any chance you can post some tutorials for penetration testing?? Thanks from canada for all the great info...
Pressimg down the button causes the magspoof to transmit the magstripe data; however, how can one read the magstripe data off something using magspoof?
Excellent video!
Hey Samy, where did you learn to do all of this? Books? Forums? People? SUBBBBED
Sweet! Mostly learning from trial and error online and learning to program. Starting with simple programs, learning about basic vulnerabilities, and developing new attacks. Automating attacks also really helped me learn things quickly.
wait... does that mean you could go on a spending spree and pay with this magspoof and walk out with zero debt?
Can someone explain how he extracts the credit card number from the strips?
+cer You can read the bits off manually via iron oxide or use a magstripe reader such as the MSR605.
+Code Alex (SplitPolygon) That's what she said!
Dude. Pretty impressive work.
danm I saw some of your videos and holy shit your way way too smart. I myself like to hack games and other similar stuff but I'm not good as you obviously but I was just wondering when are u going to make like website hacking videos or is it even possible to hack any thing on a website? any way I love your work. big Fan💯💯💯
+johnny .test Thanks Johnny! I used to do a lot more web based and software attacks (you can see some of them at samy.pl), I may reintroduce a few though I've been having a lot of fun with hardware lately. If you haven't seen my Quickjack tool, that may be interesting to you: ua-cam.com/video/bCkSVGhIEb4/v-deo.html
+Psycopathic cuntstable Yes, the FONA has serial (RX/TX), and you can connect that to the RX/TX lines of the Pi (you may need logic level converters/resistors if the voltages don't match up) and use serial on the Pi to connect to the Internet, then bridge wifi over it. I do essentially what you're asking in my ProxyGambit project here: samy.pl/proxygambit/
would you make and sell one but without the chip n pin thing so i cant do anything bad with it
Is this a different technology than LoopPay? I know LoopPay has MST patents...
samy? are you still making cool projects and posting them to youtube? these are so cool. Also how does it feel to have your hack featured in Mr.Robot?
It was awesome! I have been crazy busy but trying to get back into it...ps, really looking to learn about EMPs and have been checking out your channel! Very cool stuff!
So let me get this clear:
The chip on my card that I have, to make sure no one can steal my magnetic stripe and take my money, can be turned off..... by the magnetic stripe.
If the bank can't decline transactions based on my card type, I'm going to be super pissed. (At the bank, mind you)
+William Weissman I call it a Tail Wagging the Dog Attack
Please I want to ask about something. I have a smart card that I want to copy. How can I know what kind of card is and is it duplicable or not?
can i buy one already made including the credit card with the button plus original code
I enjoyed the video. Do you sell ur product?
What would you say the top 3 skills are that an aspiring security researcher should acquire. I'm a college freshman going into cyber security.
+Cole d Coding was one of the first things that allowed me to dive in. Knowing basic hardware and being able to build digital circuits has also opened up a lot as it allows access to so much more hardware you might not normally tamper with. Third is hard to say, but I will say actually attempting to execute or exploit something, rather than just reading about it, is huge -- there is a lot of nuance in execution and going through it teaches you so much that becomes extremely useful in the future.
+Samy Kamkar Thanks! Helps a lot. I have experience in these areas but no official training. I plan on learning to code soon, I'll probably start with C++
this is cool, want to buy the parts to use at Dave and Busters so I don't have to always carry that card around
Hi Samy hope you are still active on this chanel, i have idea on similar project to repurpose samsung mst chip that is in samsung note 9 and samsung phones form that generation, mst is preety much same as magspof only i do not know how to make android app that can talk to thet chip, it would be awsome to have 3dr party app since samsung diched mst in samsung pay
surely i am your fan now , you are my idol
so you made samsung pay with more configurability?
Smh thank god your a honest human bean...
Brilliant work!
how do you program your magstripe information on the device
Hi I was reading through your magspoof project on github and was hoping I could ask you a few questions about magstripe cards. I actually found your project while looking for a way to store my various ID (school, work, ect) cards in one system. Do ID cards (like this) use the same principles as credit card magstripes?
Yup, assuming there is a magstripe on the card, then yes, it will essentially behave the same. Different cards may use different tracks, however, as there are a total of three possible tracks for magstripes where credit cards only use two.
Thanks, besides ferrous powder is there any simple way to identify how many tracks the card has? I assume id also need a card reader to decode its data
You can measure where the tracks are as each track has a specific location: www.magtek.com/content/documentationfiles/d99800004.pdf
You'll need a magstripe reader to decode the data or ferrous material, correct.
Can magspoof hold multiple cards? If so how do you choose between them. I'm probably wrong but I've never seen arduino do input commands, like scrolling through cards and choosing one kind of input.
You can add a secondary button to rotate through cards. All of the code is set up to handle multiple cards and loop through them already.
hello friend very good day I want to ask you if with the mac wireless, you can get the real mac from the mode
Samy where do u learn all these omg! Please tell me 😕
Parse data with ACSIII algorithm. The data is just a sound frequency.
i want 1 to buy how can i get it???????????????plz reply
Hello Samy. How can I start to learn all these cool computer things you do? I mean, typing "how to be a hacker" on google feels really derp... What should be the first thing to learn? Where to find good content for beginners?
I watched a lot of your stuff and I feel so ignorant! I've been using a computer since I was a child but I know close to nothing in regards to how things work, but I want to change this. Thanks .
Google "how to be a hacker for realsies", I think...actually the best thing for me was learning to code (and a Google search there will help). I believe understanding how to code, and then learning how code could be exploited, helped shape the idea of exploitation and reverse engineering strongly, and interestingly allowed me to apply it in other areas without any additional work. If you learn to code for web, for example, then checking out OWASP and their lists of web vulnerabilities, how to exploit them, how to solve them, along with tools they provide are pretty helpful (this is just one area but a relevant one). Also building tools to help me find vulns seemed to be beneficial too...
hahahah. Is pyton a good language to start?
Any language is! Python is great.
Samy, the magstripe reader has one reader for each track, what makes it impossible to read the two tracks simultaneously using this emulator, am I right?
Actually even though I only have one loop antenna, I'm actually able to trick the reader into believing two tracks are being played by reversing the 2nd track (emulating a swipe one way, and swipe in reverse for the 2nd track). I describe this at samy.pl/magspoof/
Maybe I'm missing something, but why can't someone use this if they don't have the physical card? I would assume if you are capable of retrieving both tracks and the cvv # you would be able to use any card even ones you don't have...?
Sure, you have to have had physical access at one point to the card you'd like to emulate.
+Samy Kamkar thanks for the reply Samy! Also thanks for the clarification.
I'm not familiar with US based card payment systems. I guess the "this card has no chip" spoof only works with offline terminals?
+Elektronaut No, works with every connected terminal I've tested on.
oh wow...
I guess I need to build a card reader ;-)
I'd like to disable EMV on my own card so that I never have to dip. Can this be possible?
Care to elavorate, @Hali Kane?
Those are a little before my time, @Hali Kane.
at the start i was thinking this reminds me of "coin"... then you used one in the video.