[Updated – Jan 17th, 2017] New version: SamyKam https://salmg.net/2017/01/16/samykam/

[Updated – Sep 30th, 2016] @Sabasacustico added the schematics for the project https://github.com/salmg/MagSpoofPI/tree/master/Schematic open hardware for all.

[Updated – Sep 4th, 2016] Important update in MagSpoofPI.c: Instead of “PORTB |= (1<<BUTTON_PIN);” I changed it to “PORTB &= ~(1<<BUTTON_PIN);” Setting low the button in the setup has a better integration with the original loop()’s logic of Samy Kamkar.

[Updated – Aug 30, 2016] Instead of using WiringPI to run the MagSpoof after a succeed MagSpoofPI installation, I decided to use the GPIO library for Python. I noticed that WiringPI worked well in the Raspberry Pi Zero, but it did not work at all in the Raspberry Pi 3 model B using my code. So, I updated the code from C to Python to have just one code for all versions of Raspberry Pi to enable/disable the MagSpoof after the installation.

Why MagSpoofPI?

When I was doing my my research about Samsung Pay and its flaws, I noticed that I needed a device with the MagSpoof characteristics, but with more abilities to make modifications in its code as fast as possible.

Working with Samsung Pay tokens, I knew the necessary to modify the tracks in the MagSpoof code to implement a different type of tests. So I decided to make some adjustments in the MagSpoof library and make it available for Raspberry Pi using avr-gcc. Now, with a simple Python script, I am able to modify the library(MagSpoofPI) before build it, for example to change the tracks with some specific tokens and then compile and install it. It is a very useful tool for real-time tests.

Original schema for MagSpoof:


MagSpoofPI will help if you already have a MagSpoof working, and you want to add it to the Raspberry Pi; however this design and the makefile could help if you just want to reprogram the Attiny85 by itself without Arduino dependency. The next steps are specifically to add connections from the Raspberry Pi to the MagSpoof/Attiny85. The only necessary changes in the original MagSpoof design to work with this project:

-Remove the button and replaced it with a 10k resistor.

I will use Raspberry Pi pin numbers(board numbers), NOT GPIO numbers to describe this article.
We will need four 1k resistors, connecting the Raspberry pins:

-Raspberry pin 15 as reset button, to the Attiny’s PB5.
-Raspberry pin 19(MOSI) to PB0.
-Raspberry pin 21(MISO) to PB1.
-Raspberry pin 23(SCK) to PB2.

Then connecting the Raspberry Pi GND(pin 25) to Attiny’ GND and Raspberry DC power 3.3(pin 17) to Attiny’s VCC. Example:

Screen Shot 2016-08-28 at 2.57.41 PM

The pin 7 will help to control(on/off) the MagSpoof after a succeed installation of MagSpoofPI. So the end user will be able to enable/disable the MagSpoof without removing it from the Raspberry PI GPIO. So the pin 7 is connected to a 10K resistor. The another end of the resistor to GND.

Completed configuration example:

Screen Shot 2016-08-28 at 2.40.18 PM

This slideshow requires JavaScript.

Code to enable/disable the MagSpoof after a succeed installation of MagSpoofPI:


import RPi.GPIO as GPIO
from time import sleep
pin = 7
GPIO.setup(pin, GPIO.OUT)
GPIO.output(pin, GPIO.HIGH) #Send signal to Attiny simulating a pressed button.
GPIO.output(pin, GPIO.LOW) 

How to run it:

sudo python rba.py

MagSpoofPI Code: https://github.com/salmg/MagSpoofPI

Demo: https://twitter.com/Netxing/status/772650998049288192/video/1

Implementing this project and JamSpay to test Samsung Pay flaw in real-time:


Good luck!