Sunday, March 2, 2008

The ATM card

Written by
Xtreme Great
(for k0r0pt)
(no copying please)


This document is for informational purposes only. I do not condone any form of fraud or deceit or any exploit carried out as a result of this document. So, I cannot be held responsible for any act carried out by you or the consequences thereof. Use this document to learn. To explore and not to exploit. And beware if you land doing any shit with this, you're gonna land your ass in trouble. And also remember, that it is the case with banks, so if you do something really stupid and serious, the cops will definitely ram your ass. Better look out.


How often, in your life have you thought about cracking into someone's bank account? How much have you wondered about the infinite possibilities of doing so. How deep have you delved into the sea of "possibilities"?

I'm going to tell you one aspect of the securities of bank accounts in present day life. Remember, NOTHING is foolproof. Everything can be broken. In today's world of cyber banking, nothing is safe. There is no security. No privacy. Everything is publicized, without of course, the prior knowledge of the VICTIMS. We expose our information, every time we buy something from the Internet, or give our Credit card numbers. What is the guarantee that the credit card database won't be cracked? There is no guarantee. There is only HOPE, and trust me, HOPES never work out. So, the end users are the ultimate losers.

In this post, I'll shed some light on ATM card hacking.

ATM's are the most widely used cash money machines around. They'd handle thousands of transactions every single day. A single card holds the key to all of your money. And that card is protected by only one key - The PIN, and that too is only 4 digits long, and if we'd calculate the permutation, there are only 10^4 possible combinations, which can be cracked "very" easily, provided we have the card. Now, how the fuck would someone crack the PIN from a card, you may ask, and I say, why not? Broaden your point of view. The answer lies right in front of you. You're not noticing it though. Every magnetic card, in today's world, works on a single basis - Magnet. Magnets are all around - in your hard disk, your cassette tapes, your DATs, your Floppy disks, Your Debit card, your ATM card. Not only is it possible to read out and crack PINs from ATM cards, but also, it is possible to MAKE your own ATM card, with a card writer, which is of course quite costly. Now, we'd delve a bit more deeper into the world of magnetic cards.

But before I go any further, I'll assure you that there are thousands of other articles out there, that will tell you the same thing. I will only tell you what to do to do what they say, in addition.


All the magnetic cards have what "they" (the makers) call tracks. Tracks are nothing, but tracks (don't ask me again), of magnets that contain data. There are three standard tracks. Track one, track two and (you guessed it) track three. These tracks contain different kinds of information.
The information is stored in different formats. But first, I'd tell how to read all those 1's and 0's from the cards. After all, that's what we're upto. These 1's and 0's are our business... When we read a card with a card reader (when I say card, I mean magnetic card, so don't get confused again) we get voltages. High voltage obviously means a 1, and low means 0. These voltages would be produced due to electromagnetic induction. If you don't know what this is, try googling it. After this, you'd get some voltages. When you stripe your card against the read head (I used a tape player read head. Search for them, and you'd definitely get one around. If not, try going to some radio shack store), remember that in the ATMs, the card get read, when you pull the card outside, not when you push it inside. So, if your magstripe is facing upwards and away from you, you stripe it right to left. Here, you'd get two types of frequencies. Remember, when I mean frequency, I mean the width between two waves, that you'd get, not the height of the waves, which is the amplitude. The frequency for a one, will always be double the frequency for a 0. Thus, we can read either of the three tracks. But how do we know which track we've read? The positions of tracks is standardized, with respect to the edge of the card.

As you can see the positions of the three tracks, with respect to the edge of the card, you can easily construct a card reader, and start reading your card right away. Now, we get to the nitty gritty details of the hardware and software parts. This is where the Computer comes into play.

The Hardware

For the hardware part, as I already said, all you need to get is a card reader, lying around somewhere in your basement or something. Then solder that thing's end terminals to a copper wire and attach it to a mono jack, that can be inserted in your computer microphone slot.

The software

Assuming you've got the hardware, Let's leap to the software. There are two ways for all hackers, when it comes to softwares. Either fetch some software made by some other person, or make your own. Well, the former is the case with most of the people around. But believe me. The true hacker, will go to every nitty gritty detail of everything, spend night after night, reading out man pages, and make the software him/herself (in case there are female hackers around). With the details I've given and that I am about to give, anyone could build that program to read magnetic stripes and dig out information. There are two ways. Either you make a microphone reader program, or you can make a program, that will read out a wave file, that contains the information of the card recorded in it, and give out the information.

Getting back to the main discussion, the magnetic card does have three tracks, the tracks have information coded as 1's and 0's. Now we get to interpreting those information. There are two standard formats used to encode data on cards The ANSI/ISO BCD Data Format and ANSI/ISO Alpha Data Format.

You must find the information regarding these standards yourself. C'mon if I give you all the details, what would you do?

The last two tracks are encoded by the BCD format, and the First one, by the Alpha standard. The second track is generally used to store information regarding the account thing. The first track contains information about the owner's name. The densities and number of characters per track are:

1st track: 210 bpi 79 characters
2nd track: 75 bpi 40 characters
3rd track: 210 bpi 107 characters

The 3rd track is generally, rarely used in any type of card. These standards also apply to all sorts of Credit cards, Debit cards, Metro Cards and whatever cards you can imagine. The deviation from the standards can also be there in particular case, for example, in case of Hotel room cards, that give you access to hotel rooms.


Well then, that's all the information I could give you. It's not enough, but still more than enough. Happy exploring, and remember not to do anything stupid. Till next time...


shreya said...

its a gr8 article fab analysis involved liked it buddy :)...keep up the gud work..
- shreya

Xtreme Great said...