Pre-sale
Hunter Cat is a project where Electronic Cats and I worked together to have the first portable skimmer detector. It works detecting the quantity of magnetic stripe heads inside a card reader. The scan process is simple. Before inserting the bank card, the user just has to insert and remove the Hunter Cat like it was a normal card. The Hunter Cat will take a second to process the information and show the reading results with three LEDs on the same board: Ok, Warning or Dangerous. With this information, the user could proceed or not, depending on the alert LED.
At this point, the project is in the pre-sale period. For more information, please visit: https://hunter.electroniccats.com/
Hardware
The Hunter Cat runs over a SAMD11 with a CR2032 3V battery. According to Atmel SAM D11 datasheet, SAM D11 is a series of low-power microcontrollers using the 32-bit ARM® Cortex®-M0+ processor, and ranging from 14- to 24-pins with 16KB Flash and 4KB of SRAM. The SAM D11 devices operate at a maximum frequency of 48MHz and reach 2.46 Coremark/MHz.
The Hunter Cat board design has the same dimensions of a bank card. The only difference is that the Hunter Cat board is a little bit longer. The position of the magnetic stripe hunters are in the same position of a normal magnetic stripe covering not only two tracks, but three of them. The design follows the most important physical characteristics of ISO 7810/7816 for positioning. The Hunter Cat has four small pieces of metal in the front side. Those will be useful to interact with the sensors at some ATMs that detect the chip metal as trigger to open the compartment to insert the card.
The position of the mag-stripe triggers and the pieces of metal in the front side of the board will not affect the ATM reader or mag-stripe reader functionality at all. The pieces of metal that act as chip trigger to trick some ATM sensors are NOT connected to any voltage or signal to avoid any issues internally.
Understanding the Hunter Cat and its LEDs
Hunter Cat works detecting the quantity of magnetic stripe heads inside the card reader. The scan process is simple. Before inserting the bank card, the user just have to insert and remove the Hunter Cat like it was a normal card. The Hunter Cat will take a second to process the information and giving the reading results with three LEDs on the same board: Ok, Warning or Dangerous. With this information, the user could proceed or not, depending on the alert LED.
When the user inserts the battery for the first time, the three LEDs on the board will flash together four times. This indicates that Hunter Cat is ready to interact with mag-stripe readers.
If the Hunter Cat is not used in a lapse of 15 seconds, it will change from ready mode to sleep mode to save battery. When this transition occurs, the LEDs will flash separately one by one two times.
After the Hunter Cat is in sleep mode, the only way to wake it up is pressing the reset button or removing and inserting the battery. With this process, the Hunter Cat will be ready again to process more mag-stripe readings.
When the Hunter Cat detects a normal reading, the Ok LED will be active:
When the Hunter Cat detects an unusual reading, the Warning or Red LED will be active:
After each reading, the board will keep the LED active for 5 seconds; enough time to visible for the user. Then, the board will reset automatically flashing 4 times to show that it is ready to keep reading; this reset method is identical to insert a battery or to press the reset button. In this process, the board will reset the sleep timer to 15 seconds as well. After 15 seconds of inactivity, the board will enter to sleep mode to save battery.
If the boards flashes a yellow LED, it is recommended to try a second time. A yellow LED means a second magnetic field. If in the second try, the board keeps flashing a yellow LED, it is recommend not to use your bank card in the card reader.
Note: If the user inserts and remove the Hunter Cat in a mag-stripe card reader, and the board does not flash any LED that means that none readers was detected at all.
Power-save Mode
The Hunter Cat implements a 3V CR2032 Battery. To keep running for months, the board has a power-save mode characteristic. After 15 seconds of inactivity, the board will enter to sleep mode to save battery. Decreasing the consumption from 6mA to 500uA.
Reading Process
After pressing the reset button or after inserting the battery, the LEDs will flash four times simultaneously, and the Hunter Cat will be ready to interact with mag-stripe readers. Inserting and removing the Hunter Cat is a normal process like using a normal card. This process takes less than a second to be completed.
The question is why the Hunter Cat has to be inserted and removed in a second or less? This will avoid that the ATM intersect the card and take it all the way into the ATM. Also as preventive mechanism, the Hunter Cat is longer in size that the normal card; adding that the battery holder could block this process as well.
Another important reason to insert and remove the Hunter Cat in less than a second is because the firmware calculates an average reading in one way and confirming on the way back. This gives a better and more accurate reading.
One of the main concerns is the false-positives with devices that have two mag-stripe readers in some gas stations or devices; those readers can read a card in two different ways which means it contains two readers that could be a problem for counting them. But Hunter Cat has four mag-stripe hunters(two per side), and each part of the hunter is independent to avoid this issue and to count correctly even with this type of readers:
Simulating a skimmer in an ATM card reader
It could be difficult to see how the Hunter Cat works internally in a real skimmer scenario. That is why we designed a special project for defcon to test the boards. In this project, we added a second energized magnetic stripe head to act as a simulated skimmer. First, I tried to read to see if the Hunter detects the second magnetic reader head(simulated skimmer). After that, I removed it to see its reading again:
Salvador Mendoza 