MAGTEK USB CARD READER HACKING 2

So back at it, now with some code to decode the common financial card: Let start out by showing the end results of scanning my Freebirds card:

./main.py Please swipe your card now: Raw String: %B???????????^FANATIC/FREEBIRDS^4211?;????????????=???????????? Card Holder: FANATIC/FREEBIRDS Card Number: ????-????-????-???? Expiration Date: 11/42 As you can see we still have our raw string, this is being decoded from the code I used last time. However now I have the Card Holder’s name, Card Number, and Expiration date, this format was all outlined quite well on Wikipedia .

4/11/2013 DevelopmentPythonHardware

MAGTEK USB CARD READER HACKING

So just the other day I received my MagTek MSR100 in the mail, this unit only cost me about $20 and I have to say I’m very satisfied with it. After opening the box it was delivered in I quickly noticed no documentation was provided. No worries I figured, this will make hacking at it that much more fun. I started out by connecting the USB device to my Gentoo Linux laptop and swiped a card, I noticed on my console prompt the card data was spewed out.

4/11/2013 DevelopmentPythonHardware

PYTHON DEVICE HACKING (KEYBOARD)

After spending a bit of time hacking at the gamepad I decided to take a deeper look in to how /dev devices worked in Python, the easiest device I could get my hands on of course was a keyboard. First things first I needed to discover which device name represented my keyboard, to do this I used the virtual /proc filesystem at /proc/bus/input/devices : I: Bus=0011 Vendor=0001 Product=0001 Version=ab41 N: Name="AT Translated Set 2 keyboard" P: Phys=isa0060/serio0/input0 S: Sysfs=/devices/platform/i8042/serio0/input/input3 U: Uniq= H: Handlers=sysrq kbd event2 B: PROP=0 B: EV=120013 B: KEY=4 2000000 3803078 f800d001 feffffdf ffefffff ffffffff fffffffe B: MSC=10 B: LED=7 From the above output I can see my device is event2 within Handlers, which I know is the block device /dev/input/event2 .

4/11/2013 DevelopmentPythonHardware

PYTHON DEVICE HACKING (GAMEPAD)

So today I was reading an article on Hack A Day about a user who wrote a Python script to interrupt his USB Gamepad, I watched the video and realized I had a very similar gamepad laying around. One thing led to another and I found my self attempting the same sort of project. The Gamepad I am using is a Logitec Dual Action : Using some of the code posted on Hackaday I quickly realized my Gamepad returned quite different result and thus needed different code.

4/11/2013 DevelopmentPythonHardware

REVERSE ENGINEERING A BINARY 1

DISCLAIMER Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country. THE CODE In this paper we are going to go over the reverse engineering of a simple compiled C++ binary, if you look below I have included the source code.

4/11/2013 DevelopmentReverse EngineeringHacking

REVERSE ENGINEERING A BINARY 2

DISCLAIMER Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country. THE CODE In this example we have a bit more complicated program which assigns two integers to varibles then performs a multiplication on them to get our code :

4/11/2013 DevelopmentReverse EngineeringHacking

PYTHON FREQUENCY ANALYSIS FOR CIPHERS

Frequency Analysis is the study of the frequency of letters or groups of letters in a cipher text. Using Python we can extract the count of letters, bigrams, and trigrams, lets have a look shall we: $ ./frequency.py –help usage: frequency.py [-h] [–letters] [–bigrams] [–trigrams] msg positional arguments: msg Message to count letters in optional arguments: -h, –help show this help message and exit –letters, -l Frequency of letters –bigrams, -b Frequency of bigrams –trigrams, -t Frequency of trigrams Lets go ahead and enter a simple sentence and do some testing:

4/11/2013 DevelopmentPythonCiphers

WACKY PYTHON IMAGE CREATION

The other night I had a wacky idea of extracting each pixel from an image in order to save it as a plain text ASCII file. Of course this is not ideal and can take a bit of time, but like most things I do with python its just for the fun of it. I figured the easiest way to achieve this would be to use Python’s Image library and save the output to a serialized pickle text file.

4/11/2013 DevelopmentPython

CLEARING VARNISH CACHE WITHOUT RESTART

There has been a number of times when I’ve needed to clear the Varnish caching server’s cache, but had no clue how to do this. This resulted in me restarting Varnish, which really wasn’t needed. The easiest way to clear the Varnish cache (without restarting) is by using the varnishadm command line tool: varnishadm -T 127.0.0.1:6082 url.purge . The man page for varnishd shows a number of command which can be used with varnishadm , but the one we need is url.

4/11/2013 LinuxVarnish

PYTHON RUNNING SYSTEM COMMAND

So there are a few ways to run system command using python, but I tend to find the below approach the easiest to use and has error handling. First off I would create a function rather than running the commands over and over: import subprocess def run(command): '''takes a string command and hands back a subprocess object''' process = subprocess.Popen(command.split(), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE) process.wait() return process The function itself is pretty small and makes use of the subprocess library .

4/11/2013 DevelopmentPythonLinux