Stripe Snoop parses and analyzes data from magstripe cards, displays their contents, and then tries to identify the card using a database of known card types, refining its output by printing data inside specific fields. Release 1.4 adds support for reading magstripes from keyboard based magstripe readers (such as Cherry POS keyboards), from gameport based readers, or from stdin. The database has been expanded to identify more card types. Several sample bitstreams of different card types are included to experiement with.

Linux and Windows Builds are supported

Full Change Log:

- Added Force Parse (-F) which try to parse a bitstream as
long as it has at least a start character
- Limited Cherry Keyboard (and other readers that connect
through the keyboard) support added. Works best with cards
containing only 1 track.
- Added more Issuing Bank names for Visa
- Code simplification: Lookup tables, single line ifs with ?'s
- bitgen ignores ";" and "?"
- Track 1 and Track 2 Support with Cherry Keyboards, though only
Track 2 will be parsed.
- mod10 will generate Luhn compliant account numbers of any
length

Cards Added

American Express Credit Card
Barnes & Noble Gift Card
Generic ATM Cards
Georgia Institute of Technology Parking or Temporary Card

Stripe Snoop 1.4 Released

] We have found that by sending specially crafted packets
] to the client during the authentication process, an
] attacker is able to compromise and execute arbitrary code
] on the machine running PuTTY or PSCP.

CoreLabs: Vulnerability in PuTTY

Like the heads in a VCR, the ones in card readers can wear out. After all, they are reading cards at an extraordinary rate. The busiest turnstile in the subway system, turnstile No. 10 in the middle array by the escalators in the main entrance to the subway below Grand Central Terminal, reads a whopping 236,000 cards a month.

I thought that was a neat factoid. I can imagine New Yorkers saying to themselves, "I know that turnstile!"

The article is rich in trivia about heavy-duty magnetic card readers and the millions of people who (ab)use them.

Mastering the Art of the Swipe

] A series of videos showing how Stripe Snoop works, and
] illustrates all its features. This lets you see how cool
] and exciting Stripe Snoop can be, and is a nice
] introduction if you are interested in the project.

You can do alot with 3 hours, a cheap RCA-out PCI card, and VirtualDub!

Videos of Stripe Snoop in action

In light of the Memestream hacker... [looks at Decius] er... security personal outing to NYC last week, I have been quite interested in the Metrocard. Here is a talk from Beyond Hope about it.

Mertocard Presentation at Beyond Hope [ftp: real audio]

http://homepage.mac.com/leperous/.Pictures/silence.jpg

Indeed.

RE: The Fifth HOPE Artwork

] This demo is the first peek of the comic book adaptation
] of George Orwell%u2019s Nineteen Eighty-four. As you will
] see, it%u2019s still in the penciling stage. Inking and
] colors (sort of) are yet to come

1984 Comic Demo

I'm modifying some of my code to deal with the non standard it uses. Data is on track 2, but I'm not yet sure how to read it.

UPDATE!
The code in CVS for Stripe Snoop now supports Raw mode with a "-r". All this information was collected with it.

Here is what I have looking at some 1 signle ride cards.

On the back of the card is a date (all are issued 7/11/2004), a time, and a number. Based on different single ride cards I have, I believe this number is a station id. (for these cards, all are 1445, but I have others, like 1439 and 0122).

Some of this data looks very similiar or is the same. This is only track 2. Most likely , the rest of the data is stored on Track 3,
the read/write track. Also, the number of leading, trailing zeros can be random. It does not seem to follow any known character set.

4:44P 1445
0000000111100111101110000000000001010010010110000110101001011100100
00001100000100001000000000000000000000000000000000010

5:59P 1445
0000000111100111101110000000000001010010010110000110101001011100100
00001100000100001000000000000000000000000000000000010

5:59P 1445
0000000011110110110111000000000000101001001011000011010100101110010
0000011000001000000100000000000000000000000000000000000

6:00P 1445
0000000011110111000111000000000000101001001011000011010100101110010
000001100000100000000000000000000000000000000000000000000

6:02P 1445
0000000011110111000111000000000000101001001011000011010100101110010
00000110000010000000000000000000000000110000000000000000

Metrocard hacking

Stripe Snoop ver 1.2

- Added support for Linux and Unix-like systems! Must be run
as root however, because of direct I/O requirements.
- Create track-generic parser, to extract fields from a
decoded track, given a set of field delimiters.
- Luhn algorithm (AKA MOD10) implemented to detect proper
credit card/debit card account numbers.
- Can detect Visa credit cards, displays account number,
expiration date, and encrypted pin.

If you are interested in developing for Stripe Snoop, email me. The next step is USB interfacing.

Download here: https://sourceforge.net/project/showfiles.php?group_id=113229

] This series of articles takes a look at the consumer
] desktop processors that have borne the Pentium name,
] beginning with the original Pentium up through today's
] Pentium 4 (Prescott) and Pentium M divisions. The
] overview is general enough that for the most part it
] should be accessible to the nonspecialist, and it should
] give you a sense of the major differences between each
] generation of Pentiums.

Perhaps the best article I have ever read overviewing the Pentium architecture, and its advances. The article is an easy read, though if its been a while since you've read something like P&H (Patterson and Hennessy), you might have some trouble.

The Pentium: An Architectural History