PortaPack: As FM Mag-stripe Decoder and “Replayer”

Intro

During my participation in the DragonJAR conference as speaker, I had the opportunity to play with the PortaPack device during my trip. This beautiful device is a perfect add-on to my HackRF. Imaging that you have all the powerful features of the HackRF hardware and now add portability!

On my way to @DragonJARCon! the first question since I bought the hackrf was if it is possible to make a monetary transaction with it? During this trip I will use the PortaPack to try to make a plan to do it with NFC or Mag-stripe info. I will keep you updated! pic.twitter.com/9cXal6YfTN

— Salvador Mendoza (@Netxing) September 6, 2018

I updated the PortaPack and HackRF firmware. For the PortaPack, I used the impressive and beautiful Havoc version.

As security researcher, I was wondering if it was posible to use the PortaPack for a replay attack using tokenized NFC card or mag-stripe information to make a transaction. Basically, the idea was to implement somehow this device to achieved that purpose.

To understand properly how to generate Audio Spoof and how it works, we should take a look at previous posts:

Hardware

To read some data directly from the PortaPack, I had to create a magnetic stripe radio station to transmit the signal using a FM transmitter. At this point, I had two choices: The Elechouse FM transmitter or the Zus universal car adapter:

In Bogota!! Yeaaayy!

I will test two FM transmitters to try to implement a mag-stripe radio station.

Right: Elechouse FM transmitter 2.0
Left: Zus universal car adapter pic.twitter.com/iskLWqeX4R

— Salvador Mendoza (@Netxing) September 7, 2018

The connection was straightforward. I decided to use the Zus FM transmitter, so I implemented a Bluetooth connection from my laptop to the device:

Day 2:

I had some connectivity issues with the Elechouse FM transmitter. So, I decided to use the Zue transmitter.

It connects by Bluetooth with the laptop and open a transmission at 102.2 FM pic.twitter.com/eaoyvKqVja

— Salvador Mendoza (@Netxing) September 7, 2018

After this, I was able to play a WAV file to be transmitted by Bluetooth and see if I can receive something in the PortaPack listening mode. The best way to do it is using a waterfall view:

receiving data, waterfall(love waterfalls), remember I am in the NFM in the PortaPack.

I was using my earphones in the jack of the device to test if I can hear the same sound. Seems that I need to play with the gains.

But I am receiving sound which is the important part! pic.twitter.com/EiNE7euy1U

— Salvador Mendoza (@Netxing) September 7, 2018

To generate a magnetic field using this WAV encoding, I had to add a coil in the jack output of the PortaPack:

Software

For the mag-stripe audio generation part, I had two options. One was the AudioSpoof repository or the ViolentMag code. I decided to use the ViolentMag with a few changes in the original mag-stripe recommendation.

Normally, we can create mag-stripe audio files with 25 leading zeros:

This slideshow requires JavaScript.

But to have better results and avoid noise in the initial part of the receiving, I decided to use 100 leading zeros in the WAV generation:

Now, I just added a special coil in the jack output of the PortaPack; so it generates a magnetic field following the WAV file encoding which is detect by the card reader. Testing everything together:

At the end, I switched to the WFM in the PortaPack menu: Receivers->Audio

Running the magstripe loop audio using Audacity to send it with the Zus FM transmitter. In the PortaPack audio jack, I connected a special coil to make a magnetic field so the card reader can interpret it! pic.twitter.com/tbhlxzrJ8O

— Salvador Mendoza (@Netxing) September 7, 2018

With a few changes, this project could be implemented in Arduino, for example.

Salvador Mendoza

If you are not making something or inspiring something, you are doing something… wrong.

PortaPack: As FM Mag-stripe Decoder and “Replayer”

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply