Hacking Credit Cards With Square Card Reader

Share This:

Warning: The content in this article is for educational purposes only. You can do it with your own cards, but doing the things talked about in this article to steal other peoples information is a crime. I take no responsibility for your actions.

You may have heard stories about many stores such as Target getting credit card info stolen, or other stores. It’s understandable why. Unlike the rest of the tech world that has moved forward over the years. Our card readers are still using technology that dates back to the 1980’s.

Card Readers as well as Card Writers are widely available very cheap and can legally be obtained. And if someone can’t obtain one they can make one very easily by taking an audio cassette tape recorder apart removing the read/write head from it, and soldering a head/phone jack to it.

Here I will talk about cloning credit cards. I will first show how easy it can be done using a square card reader, since I already have a square card reader. I will then show you how to make your own square card reader, as well as show you how to identify and modify the data from the cards that are swiped.

Square Card

What we will need.

If we look at the square card reader we will see that it connects to the headphone port of a smart phone. If your curious you may plug it into the computer and discover that it acts like a Human Interface Device, which means you don’t need to install or write any drivers for it. It also means you can easily swipe the card with a text editor opened on your computer and you will see data written to the text editor. It will look something like the below.


%B4511551100342222^LASTNAME/FIRSTNAME ^20050233164000033230000?;E?

But what does the above information mean? Well The credit card number is after the %B, so in our example we know the credit card number is 4511551100342222 after the credit card number we see the ^ followed by LASTNAME. This will actually be the card holders last name in all capital letters. Then we see the / followed by the FIRSTNAME which will be the card holders firtst name in all capital letters. The last thing we see is a long list of numbers after the ^. The first for numbers in our case 2005 is the expiration date. So 2005 means the card will expire on May of 2020.

To make this easier for us we can write a nice little BASH file to organize it better.


#!/bin/bash
while [ 1 ]
do
read data
clear
num="$(echo "$data"|cut -d\B -f2|cut -d\^ -f1)"
name="$(echo "$data"|cut -d\^ -f2)"
lname="$(echo "$name"|cut -d\/ -f1)"
fname="$(echo "$name"|cut -d\/ -f2)"
exdate="$(echo "$data"|cut -d\^ -f3)"
exdate="${exdate:0:2}/${exdate:2:2}"
echo "Card Number: $num"
echo "Card Holder: $fname $lname"
echo "Experation Date: $exdate"
done

Now with the above bash file created. We run it and then swipe our card using the Square Card Reader. When we do this we will see the output like so.


Card Number: 4511551100342222
Card Holder: FIRSTNAME LASTNAME
Experation Date: 20/05

So now that we have a basic understanding of what is going on here. Lets take the Square Card Reader and plug it into the microphone jack of our audio cassette recorder. Lets also place a blank tape into the cassette recorder and start recording the cassette tape. Now that we are recording we will swipe our card. The data is now written to our cassette tape.

To verify that it is written to our cassette tape we will first rewind our tape. Then we will plug the cassette tape recorder into the headphone jack of our computer.

Next we will play the tape with our bash file running. And we should get the same results as we did when we ran the bash file with the card before.

Now we can simply cut the tape with some scizzers just before the place the data begins and right after where it ends. Next we simply take some scotch tape and tape the audio tape onto some cardboard.

If all went well we can use our Square Card Reader and swipe our home made card with the Square Card Reader, with bash file that we created ealier running. If all goes well the results should be the same, and we will now technically have a cloned credit card.

Making A Card Reader

If we open up any card reader we will see something that looks a lot like the reading head of an audio cassette player.

That is because it technically is just that. So what we will do is we will remove the audio cassette player head out of a cassette player. Then we will solder a headphone jack onto it. And boom we can do everything we just did with the Square Card Reader with what we just rigged up.

Chip Cards

In recent years placing chips in cards has become more common. However Credit Card manufactures know that not every merchant has card readers that support the chip functionality. Because of this cards the chip cards have the data on the stripe as well as the chip. And the output of the data when striped will have information that says it has a chip. If you remove that data then you can swipe that card without being asked to read from the chip.

Making It More Professional

If you have ever been to a hotel, you will be issued a card with a stripe on it that will allow you to open up the door. The hotel has a stack of blank cards they purchase and write to these cards when they are needed.

Using the same methods I talked about you can clone these cards. So if I theif gets their hands on a card they can clone it and gain access to your hotel room. Or they can decide to keep the key card they have and and write credit card information to the card, so they wont need to use an audio tape.

Of course they can simply just head over to Amazon and buy 100 blank cards from Amazon and write to them that way as well. And while they are doing that they could simply scan some images of credit cards onto their computer, and then print the credit image on to the blank card, which will make the card look like an official credit card.