Jump to content

Trying To Hack Square Credit Card Reader


Recommended Posts

Posted

Well I saw that we sell these things are work now and they don't require your social to buy one for $10 so I thought this could easily be turned into a skimmer,(for a proof of concept thing I would do for youtube) however this is not as easy as I expected. Maybe you guys can help me out here.

Picture%209_8.png

It seems very simple, the device just converts the magnetic strip data to sound that you could use a variety of programs to decode.

My first problem, I can't even get sound. I plugged it into the microphone jack on my computer. and of course nothing, I figured that was a bit too complicated with drivers and what not; so I grab my digital voice recorder and plug it into the external Mic jack. swipe a card. still no sound.

Posted

Soo...what exactly IS the issue? That you don't have sound when it's not plugged into the iPhone? I would think that the sound is due to it interfacing with the Square app.

Posted

To be honest, this type of "Audio" card swiping has been hacked a LONG time ago. I looked it up back in 2004-ish or something. I had documentation on how to decrypt the sounds and all of that. I wish i still had the info but that is basically all the "Square" app does. Except the new ones will have built in encryption from the reader to the iPhone/iPod/Android device. I'm going to guess encrypting the info before it's turned into audio, then decoded by the app.

I have 2 square readers, I signed up on the site to get them and plan on using them as intended. But not to say I wouldn't be interested in seeing the information again :D

Posted

My first problem, I can't even get sound. I plugged it into the microphone jack on my computer. and of course nothing, [...] so I grab my digital voice recorder and plug it into the external Mic jack. swipe a card. still no sound.

Did you try hooking it up to a microphone pre-amp? And have you tried looking a the resulting output on an o-scope or multimeter instead of tying to hear it? It might be outside the audible range.

Posted

I hooked the square reader to my mic jack and it put out sound. Also built in recorder on the iPod works too (Voice Memo).

Make sure you are plugging it in all the way to your computer. It is a 3 part mini plug, not a typical 2 part for stereo audio.

Posted (edited)

I have plugged it in completely in my computer and in my Digital voice recorder. No sound. Though I may have a second generation where apparently the sound is encrypted but i would still expect to hear something.

Just plugged it into my android phone and went to the sound recorder, nothing. Though that jack IS meant for audio out but i figured I would try since it some how worked on your ipod outside the app.

Edited by Ampix0
Posted

Did you try hooking it up to a microphone pre-amp? And have you tried looking a the resulting output on an o-scope or multimeter instead of tying to hear it? It might be outside the audible range.

I have seen a video on youtube of someone at some convention and the sound is quite easy to hear.

Posted

To be honest, this type of "Audio" card swiping has been hacked a LONG time ago. I looked it up back in 2004-ish or something. I had documentation on how to decrypt the sounds and all of that. I wish i still had the info but that is basically all the "Square" app does. Except the new ones will have built in encryption from the reader to the iPhone/iPod/Android device. I'm going to guess encrypting the info before it's turned into audio, then decoded by the app.

I have 2 square readers, I signed up on the site to get them and plan on using them as intended. But not to say I wouldn't be interested in seeing the information again :D

Yes i just found this in the store remembering that a long time ago online you needed to have a SSN i didnt buy it. I saw it at my job and was like "well this will be a fun project"

But if I can not decode the encrypted data (I cant even get sound) I will most likely return it. I dont think I'll ever use it legitimately. (I wouldn't use it for illegal purposes, I just wanted to do it for the fun)

Posted

Just a quick question, does it work when you interface it to the app's that it was made for? If it does then maybe the device first talks to the app and has some kind of hand shake going on in order to try and stop something like what you are doing. The first thing i would be doing is decompiling one of the app's and taking a look at there code to see how they work and interface with the thing.

Posted (edited)

If it doesn't make sound, Then your reader is probably broken...

Or it is not plugged in all the way. Push it really hard to make sure it clicks.

Edited by Mr-Protocol
Posted

I have not tried this with the app only because I never intend to use it and I would rather not give my social in that case. I am also VERY sure the device was in completely.

  • 1 year later...
Posted

On a whim I sent of for one of the new encrypted square card readers and just got in the mail today. I pulled the apk off of my phone and started looking around, and found a squaremicr-normal.ttf file. It is indeed all of the micr symbols and fonts. I am wondering why they would have micr fonts if they don't take checks? They also have 9 digit routing codes for most banks in their software.

I have also been wondering about the new encyrption. I am by no means a programmer, I just like to tinker with things. It looks like the software uses sha-1 and rsa. My understanding of best practices would be that you swipe the card. The information gets encrypted and stored in a file, then the file is sent to square and decrypted. Where is the file stored before it is sent to square? Is it deleted immediately after being sent?

  • 3 weeks later...
Posted

Did you try hooking it up to a microphone pre-amp? And have you tried looking a the resulting output on an o-scope or multimeter instead of tying to hear it? It might be outside the audible range.

I don't think it will be much if any outside of the audible range. Why would they offer that on the phone? That jack is for a headset.

Unless they plan on selling cell phones to dogs :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...