Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mag Stripe reader for POS terminal pentest

from [Bharat Puri] Network Security [Permanent Link]
Subject: Mag Stripe reader for POS terminal pentest
Date: Thu, 16 Nov 2006 19:30:52 +1300 
if theyre part of a POS infrastructure then yes theyll be hico cards
and track 2 will follow the ansi/iso BCD format ~ this track has the
data on it youll likely want to fiddle with.

Personally I wouldnt bother with the MAKI writers as I found the
software rather cumbersome. My experience & research of looking at
ATMs and POS's had the MSR 206 as the daddy in this field in
conjunction with the Exeba software. Try ebay.
If youre looking to save money you may be lucky enough to score a
refurb or secondhand Fargo or Magicard card printer with hico encoder
for less than a new MSR 3 track hico encoder. Ebay again!

There is also an MSRW206 (but this appears to be a slightly cheaper
Chinese clone of the above MSR206 which I have no experience with,
correct me if Im wrong on the clone thing)

The track 2 format allows you a very limited character range from the
insertion of bad chars thatll be accepted by any POS terminal or ATM.
When manipulating dont forget to ensure your badly formatted card
still remains Luhn compliant, this "should" be taken care of in the
encoding sw for you but its good to know how to calc the Luhn (modulus
10) digits (this acts as a basic checksum)
http://en.wikipedia.org/wiki/Luhn_algorithm

Track 2 format:
===========
     --Data Bits--   Parity
       b1  b2  b3  b4   b5    Character  Function

       0   0   0   0    1        0 (0H)    Data
       1   0   0   0    0        1 (1H)      "
       0   1   0   0    0        2 (2H)      "
       1   1   0   0    1        3 (3H)      "
       0   0   1   0    0        4 (4H)      "
       1   0   1   0    1        5 (5H)      "
       0   1   1   0    1        6 (6H)      "
       1   1   1   0    0        7 (7H)      "
       0   0   0   1    0        8 (8H)      "
       1   0   0   1    1        9 (9H)      "
       0   1   0   1    1        : (AH)    Control
       1   1   0   1    0        ; (BH)    Start Sentinel
       0   0   1   1    1        < (CH)    Control
       1   0   1   1    0        = (DH)    Field Separator
       0   1   1   1    0        > (EH)    Control
       1   1   1   1    1        ? (FH)    End Sentinel


By far one of the best papers written on track formats and specs is a
1992 phrack paper written by Count Zero ~
http://www.hackcanada.com/ice3/card/phrack37-6.txt

Rather than just writing bad data to track 2 and hoping for a terminal
fault, think about maybe the compare routines that may take place
between tracks 1 and 2. Because track 1 is in the ANSI/ISO Alpha
format youve got a much greater char set to play with, maybe a null
byte written to track 1 could cause your terminal software problems
during a compare routine?
Then theres the usual suspects such as neg numbers where +ve is expected



Dan Cornforth

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Call Center Security Testing, crazy frog crazy frog
Next by Date:  Re: Call Center Security Testing, Adviser
Previous by Thread:  RE: Mag Stripe reader for POS terminal pentest, Omar Herrera
Next by Thread:  Tutorial for brute forcing Web apps,, IRM
Indexes:  [Date] [Thread] [Top] [All Lists]