Hacker News new | past | comments | ask | show | jobs | submit login

For the same reason, the ferromagnetic nature of the magstripe, it is possible to read, store and playback the data information on the stripe. You need only few $ for the reader or a simple Square reader. This is an alternative solution to spoof Magnetic stripe cards on Android: http://cosmodro.me/blog/2011/mar/25/rhombus-square-iskewedi/



Hey, cool, it's nice to see my stuff get referenced by someone that isn't me!

Rhombus only _reads_ magnetic stripe data. It won't write it. But yes, you could totally write to a low-coercivity stripe with the right hardware.

Before you run out and get a Square reader, they're all encrypted now and don't return the raw data necessary for Rhombus to work. You can still get unencrypted readers from China on alibaba pretty easily.


There are same crazy nerd which enjoy themself (I don't know why) to decrypt credit card data coming off of a magnetic stripe scanner: https://www.parthenonsoftware.com/blog/how-to-decrypt-magnet...

But I agree with you, an un-encrypted reader of magnetic stripe is very easy to find or build. The security is like a door in the desert.


I actually read your thing a long while ago too! I took it a step further, and made a small coil and amp, and played the recorded data back through the coil, and placed the coil next to a one-track card reader. It actually worked, which was neat.


I remember requesting a stripe reader when I first saw something about them just spitting out the info, and by the time I got it they were already encrypted.


Here is a spoofer for Arduino which I have constructed myself once: http://www.instructables.com/id/Arduino-Magstripe-Emulator/ Rather fun.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: