Hacking the Square
For Christmas, I received a cool little device called the square from Ed Park. You plug this device into the audio mini jack on your smartphone and you can swipe credit cards right on your phone. It’s perfect for people doing business on the go. Or… next time your buddy owes you money, the “I don’t have any cash on me right now” excuse won’t work.
The first strange thing I noticed was that the data was being inputed via the audio jack rather than the data port (located at the bottom of the iphone). There are 3 types of audio mini jacks: Mono, stereo, stereo/microphone. Since the iphone audio jack accepts corded hands-free earpieces as well as earphones for music, it has to be the combo jack (stereo/microphone).
If you look at the tip, you’ll notice there are four sections separated by insulated plastic rings.
This type of plug is known as the “TRRS”. T-R-R-S stands for Tip-Ring-Ring-Sleeve. The tip is for Left-channel audio out. The first ring is for Right-channel audio out. The second ring is Ground. The sleeve is for Microphone in.
What I would like to know is how the square transmits your credit card number into the software through the audio port.
Now, before wiring each terminal up to an arduino and outputting data to serial, since input is only possible through the sleeve (microphone terminal), maybe we can find out if the data is actually audible! By simply plugging it into a computer mic in port or firing the voice recorder app on the iphone, we can find out what our credit cards sound like.
Interesting. So if I just recorded the swipe of each of my credit cards, I can technically store credit card numbers as wav files and play them directly into the square software. I was inspecting each of my credit card wav files and tried to notice some kind of pattern that matched the pattern of my credit card numbers. I didn’t think that was going to be successful, but it was worth a shot.
I then decided to rig the square swiper up to my arduino and display output to serial.
Here is the arduino code:
const int mic = A5;
int counter = 0;
void setup()
{
Serial.begin( 9600 );
}
void loop()
{
counter++;
Serial.print(analogRead(mic));
Serial.print(" ");
delay(50);
if(counter>=40){
counter=0;
Serial.print("\n");
}
}
I chose an analog input because that audio minijack is analog. I know what each section in the TRRS specs do, but does it need power? Do I need to connect the ground? Do I need to power it through both left and right channels? I wasn’t sure, so I decided to simply try different combinations.
When I connect the ground, I get a bunch of ‘O’s. When I swipe the credit card, I get a few numbers… but not nearly enough to carry the data I’m assuming the stripe holds. When I disconnect ground I notice something interesting.
Now I’m still not sure if I’m on the right track because I expected a bunch of 1’s and 0’s…. but I noticed a pattern in the numbers. The numbers are grouped in 4’s. Every four numbers, the pattern repeats itself.
It makes perfect sense. I’m going to assume the credit card stripe MUST be carrying 4 rows of data… thus 4 different reads from the swiper. So I tried swiping my credit card to investigate the reads. (I’m not posting the output from my credit card here…. but I’ll post the output from when I swiped my Disneyland Annual Passport!)
I’m gonna go ahead and assume the data isn’t encrypted (at this level at least. I’m pretty certain it’s encrypted at the software level)… so it’s just a matter of deobfuscating it. Unfortunately for me, I was staring closely at the output and I started getting sleepy. Hmmm. I’m not sure if I’m on the right track or not… so feel free to chime in if you have any ideas. I shall come back to this later.
apparently the square simply transmits the data through the audio jack unencrypted, and then decoded via software? dood, that is some seriously flawed design in terms of security. that means any malicious app can turn the Square into a skimmer with no hacking or modding necessary. there is no way in hell anybody in their right mind would actually pay anybody using on of these things, not me at least. not unless you come up with some anti-skimming tin foil card protection. that would be awesome.
Eh, it’s not up to them to make sure that you use your credit card at a reputable place that uses these. They read the data and encrypt it where they need to.
Just remember to not give your credit card to just anybody.
Look up an android app called squareless. I can wave my phone near someone’s pay wave credit card and get the full number. Much easier than having to swype a card
FRESH&VALID SPAMMED USA DATABASE/FULLZ/LEADS
****Contact****
*ICQ :748957107
*Gmail :fullzvendor111@gmail.com
*Telegram :@James307
*Skype : Jamesvince$
USA SSN FULLZ WITH ALL PERSONAL DATA+DL NUMBER
-FULLZ FOR PUA & SBA
-FULLZ FOR TAX REFUND
$2 for each fullz/lead with DL num
$1 for each SSN+DOB
$5 for each with Premium info
ID’s Photos For any state (back & front)
(Price can be negotiable if order in bulk)
+High quality and connectivity
+If you have any trust issue before any deal you may get few to test
+Every leads are well checked and available 24 hours
+Fully cooperate with clients
+Any invalid info found will be replaced
+Payment Method(BTC,USDT,ETH,LTC & PAYPAL)
+Fullz available according to demand too i.e (format,specific state,specific zip code & specifc name etc..)
+US cc Fullz
+(Dead Fullz)
+(Email leads with Password)
+(Dumps track 1 & 2 with pin and without pin)
+Hacking & Carding Tutorials
+Smtp Linux
+Safe Sock
+Server I.P’s
+HQ Emails with passwords
*Let’s do a long term business with good profit
*Contact for more details & deal
****Contact****
*ICQ :748957107
*Gmail :fullzvendor111@gmail.com
*Telegram :@James307
*Skype : Jamesvince$
found some handy info that you may already be familiar with or found on your own…
http://krebsonsecurity.com/2010/11/crooks-rock-audio-based-atm-skimmers/
that’s a great article. Thanks Paul. You’re absolutely right about being able to use the square to skim cards.
This is completely off topic but thought it was cool since you’re trying to build your own robot
dude that’s awesome. That’s a great idea to utilize the Kinect’s engine to control a robot.
as well as this
http://tubecrunch.blogspot.com/2011/12/nerd-hacks-atari-to-make-epic-atari.html
Very interesting post. What rings on the square did you determine should be connected to which pins on the arduino?
Hi Willy. Since the square treats the read like analog audio, I would connect the mic out portion of the jack ( the sleeve – terminal closest to the plastic) to any analog in pin on the arduino.
Awesome blog!
What did the .wav sound like when you played it? Check out the frequency spectrum in Sonic Visualiser (sonicvisualiser.org). I bet you’ll see a pattern. Maybe it’s simple like DTMF?
Also, when connecting the Square’s sleeve to your Arduino, you’re definitely going to want to connect a common ground (2nd ring) – otherwise you’re just reading noise. The Arduino’s analog input is a 10-bit ADC, so it will give you a value between 0 – 1023. That value is proportional to the voltage on the sleeve at the time of sampling.
Your code samples the voltage of the Square’s output every 50ms (20Hz). To have a shot at programming your Arduino to decode the output you’re need a sample rate of at least 8KHz. I’d stick to your box’s sound card.
Thank you Josh! What you said makes total sense. While rigging this up, I added the 50ms delay temporarily during analysis. But you are right. Even with 0 delay, it wouldn’t even suffice for an 8KHz sample rate.
Looking at the .wav file after checking out the phrack article on credit card skimmers, it all makes sense!
http://krebsonsecurity.com/2010/11/crooks-rock-audio-based-atm-skimmers/
It all interprets into binary data based on the kind of wave! I have not revisited this, but I certainly would like to at some point.
Oh ya, look at that.. A bit is a single cycle, where a 1 bit is double the frequency of a 0 bit.
To decode reference here:
http://www.cyberd.co.uk/support/technotes/isocards.htm
Check the .wav to get an idea of bit times for a swipe. I bet they’re long enough that you could decode it on the Arduino. I’d try using an opamp wired up as a zero crossing detector and sample that on a digital input pin.
Portable cc reader I guess?
Thank you for that info! Now I want to experiment with the square some more. An arduino + lcd screen as a portable cc reader would be pretty cool.
I would bet that the output is just the raw magnetic flux from the head. This will represent the north-south coding of the magnetic flux transitions on the swipe. To test the hypothesis – it’s quite simple – you should get a shorter data “burst” on the audio if you swipe the card faster. In fact, if you sample at a high enough sample rate, and you swipe fast enough, the data should be “above” DC so much that you should get a good “square wave” representation in an audio editor as opposed to a sloping square wave (due to the limitations of the filter capacitor preventing the DC portion of the signal from passing in your sound card).
With that, if you “slice” the signal around the mid-point, you can probably use the durations in between mid-point crossings to get your data.
decoded audio dumps, audio tracks from skimmer
decoded tracks, dumps atm skimmer with audio mp3, wav, avi, etc.
tracks1 track 2 or track2
decoded audio file from skimmer
decrypt audio tracks atm skimmer
I also sell the good software to decode the audio tracks
the software comes with user manual in Englis explanatory
for more information contact:
Email: audiotrack@hush.com
Icq: 673778948
I offer my service
decode sound files Square and ATM skimmer
decoded waw, mp3, etc.
decode tracks
decoded any skimmer
contact: audio_decode@hotmail.com
ICQ: 673778948
Hello all
am looking few years that some guys comes into the market
they called themselves hacker, carder or spammer they rip the
peoples with different ways and it’s a badly impact to real hacker
now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
Anyone want to make deal with me any type am available but first
I‘ll show the proof that am real then make a deal like
Available Services
..Wire Bank Transfer all over the world
..Western Union Transfer all over the world
..Credit Cards (USA, UK, AUS, CAN, NZ)
..School Grade upgrade / remove Records
..Spamming Tool
..keyloggers / rats
..Social Media recovery
.. Teaching Hacking / spamming / carding (1/2 hours course)
discount for re-seller
Contact: 24/7
fixitrogers@gmail.com
Hello carders!
Offer my services to decode wav file in track2
low price!!!
CONTACT:
Email: audiotrack@hush.com
ICQ: 673778948
hi, im professional decoder, i can decode any sound file to track2!
if you need a good decoder contactme
this is im ICQ: 655803449
jabber : decode.wav@jabbim.cz
Hello All
I’m offering following hacking services
..Western union Trf
..wire bank trf
..credit / debit cards
..Perfect Money / Bintcoing adders
..email hacking /tracing
..Mobile hacking / mobile spam
..hacking Tools
..Spamming Tools
..Scam pages
..spam tools scanners make your own tools
..Keyloggers+fud+xploits
Fake peoples have just words to scam peoples
they just cover their self that they are hacker
but when you ask them a questions they don’t have answer
they don’t have even knowledge what is hacking
am dealing with real peoples who interested and honest
also teaching hacking subjects in reasonable price
with private tools and proof.
Availability 24/7 contact only given below addresses
salvrosti@gmail.com
Icq: 718684828
Skype: live:Salvrosti@gmail.com
I’m hacker and Services provider
intersted in any thing i do fair deals.
I will show you each and everything
also teaching
…Western Union transfer
…Bank Transfer
…Credit Card / Debit Card
… Grade Change
…Bill payment
…Fake Documents
…College Fee
…andriod hacking whatsapp
…Social media Hacking Email/ facebook
I have all tools that you need to spam
Credit cards.. money adders.. bill paying
College fee.. fake documents.. grade change
Contact me:
gmail : omoskovitz@gmail.com
Nation_Hackers is a globally well-established group of international Hackers & Spammers.
We tend to confirm by all suggests that necessary that our shoppers get the most
effective of services on A PAYMENT. Instead of send cash and trust a criminal to meet
your deal. You’ll get wonderful client service. That’s a 100 percent guarantee.
Be careful of people accused of some crimes, like Ponzis. You have been dragged through
the grimy door to become a sadist or another kind of victim. We are always looking for
a way to communicate directly with you. It would always be a Victory for you here. No
doubt, Nation_Hackers offer matchless services that are unparalleled.
Contact:
Telegram : @Nation_Hackers
ICQ : 1003488698
* USA SSN leads / SSN FULLZ Fresh
* CC With CVV (vbv & non-vbv)
* USA I.D Photos Front & Back
* Other I.D Templates
* High Credit Score Fullz
* Bank Logins
* Paypal Logins
* Netflix Logins
* American Express Login
* UAE Bank Logins
* Disney Plus Logins
* HBO max Logins
* VPN Logins
* Bianance Logins
* Coinbase Logins
* Blockchain Logins
* TOOLS
* TUTORIALS
* Ethical Hacking (Tools/Tutorials)
* Bitcoin Hacking
* Kali Linux
* RATS
* Keylogger
* Bitcoin Flasher
* SQL Injector
* SMTP Linux Root
* Shell Scripting
* SMS Sender
* Email Blaster
* Server I.P’s & Proxies
* Viruses
* VPN
* Email Combo
* SQL Injector
* CARDING
* Penetration Testing
* SMTP Mailer
* PHP Mailer
* Trojen V
Contact:
Telegram : @Nation_Hackers
ICQ : 1003488698
We are always looking for a way to communicate directly with you.
It would always be a Victory for you here. No doubt,
with none cheap doubts, it’s no news that Nation_Hackers supply one amongst the best services.