Git Product home page Git Product logo

zacharyweiss / magspoof_flipper Goto Github PK

View Code? Open in Web Editor NEW
465.0 30.0 25.0 286 KB

Port of Samy Kamkar's MagSpoof project (http://samy.pl/magspoof/) to the Flipper Zero. Enables wireless emulation of magstripe data, primarily over GPIO, but with additional code testing inbuilt hardware as the electromagnet.

Home Page: https://lab.flipper.net/apps/magspoof

License: MIT License

C 100.00%
flipper-plugin flipper-plugins flipper-zero flipperzero flipper stm32 rfid flipper-app flipper0 flipperapp

magspoof_flipper's Introduction

magspoof_flipper

WIP of MagSpoof for the Flipper Zero. Basic TX of saved files confirmed working against an MSR90 with an external H-bridge module mirroring Samy Kamkar's design. Sample files are included in resources.

RFID coil output weaker; able to be picked up/detected by more compact mag readers such as Square, but yet to have success with it being decoded/parsed properly. Additional investigation was made into alternate internal TX options (CC1101, ST25R3916, piezo); tentatively, RFID coil + speaker (LF + P config setting) results in the strongest internal TX tested to date but still weaker than a dedicated external module or an actual card swipe (and sounds like a dial-up modem from hell). For information on the state of internal TX &/or misc TODOs, known bugs, etc, confer NOTES.md.

Disclaimer: use responsibly, and at your own risk. I neither condone nor am sympathetic to malicious uses of my code. Please only use this with magstripe cards and mag readers you own — this is solely meant as a proof of concept for educational purposes. Similarly, if using internal TX: while in my testing, I've seen no reason to believe this could damage the RFID (or other) hardware, this is inherently driving the coil in ways it was not designed or intended for; I take no responsibility for fried/bricked Flippers.

GPIO TX Module

For those desiring better TX than the internal RFID coil can offer, one can build the module below, consisting of an H-bridge, a capacitor, and a coil. Custom GPIO pin selection is a planned future feature.

Wiring diagram

Credits

This project interpolates work from Samy Kamkar's original MagSpoof project, Alexey D. (dunaevai135) & Alexandr Yaroshevich's Flipper hackathon project, and the Flipper team's LF RFID and SubGhz apps.

Many thanks to everyone who has helped in addition to those above, most notably:

  • arha for bitmapping work, skunkworks testing, and innumerable suggestions/ideas/feedback (now a collaborator!)
  • Zalán Kórósi (Z4urce) for an earlier app icon
  • Salvatore Sanfilippo (antirez) for bitmapping suggestions and general C wisdom
  • skotopes for RFID consultation
  • Tiernan (NVX) + dlz for NFC consultation
  • davethepirate for EE insight and acting as a sounding board
  • cool4uma for their work on custom text_input scenes
  • hummusec for testing of UART RX
  • xMasterX and WillyJL for keeping the app updated across API changes while I was away!
  • Everyone else I've had the pleasure of chatting with!

magspoof_flipper's People

Contributors

arha avatar hummusec avatar willy-jl avatar zacharyweiss avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jermainlaforce vaginessa arha rhysperry111 nullze greedo8181 lethereal-0x00 munstar0s ec0lin3 electroniccats dviros nvx astro-cyberpaws e1337r0x0r jondevops jcr-jeff zaperking johanoskarsson timelf123 richardsolaire capitantrips fatbear7139 manton1800 generalzero

magspoof_flipper's Issues

Exiting magspoof wip clears tracks

So I can add entries and track info. I can attempt to emulate this info. Once I leave magspoof and come back, I'll try to load a saved entry and find all the tack data is missing.

Build fails

Trying to build this against the latest firmware release gives the following:

scons: Entering directory `/home/rhys/.ufbt/current/scripts/ufbt'
	CC	/tmp/tmptmp/magspoof_flipper/helpers/mag_helpers.c
	CC	/tmp/tmptmp/magspoof_flipper/helpers/mag_text_input.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_about.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_delete_confirm.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_delete_success.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_emulate.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_emulate_config.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_exit_confirm.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_file_select.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_input_name.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_input_value.c
	CC	/tmp/tmptmp/magspoof_flipper/scenes/mag_scene_save_success.c
/tmp/tmptmp/magspoof_flipper/helpers/mag_text_input.c:3:10: fatal error: assets_icons.h: No such file or directory
    3 | #include <assets_icons.h>
      |          ^~~~~~~~~~~~~~~~
compilation terminated.
scons: *** [/home/rhys/.ufbt/build/mag/helpers/mag_text_input.o] Error 1
/tmp/tmptmp/magspoof_flipper/helpers/mag_helpers.c: In function 'tx_init_rfid':
/tmp/tmptmp/magspoof_flipper/helpers/mag_helpers.c:131:5: error: implicit declaration of function 'furi_hal_ibutton_start_drive'; did you mean 'furi_hal_ibutton_pin_write'? [-Werror=implicit-function-declaration]
  131 |     furi_hal_ibutton_start_drive();
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |     furi_hal_ibutton_pin_write
/tmp/tmptmp/magspoof_flipper/helpers/mag_helpers.c:132:5: error: implicit declaration of function 'furi_hal_ibutton_pin_low'; did you mean 'furi_hal_ibutton_pin_write'? [-Werror=implicit-function-declaration]
  132 |     furi_hal_ibutton_pin_low();
      |     ^~~~~~~~~~~~~~~~~~~~~~~~
      |     furi_hal_ibutton_pin_write
cc1: all warnings being treated as errors
scons: *** [/home/rhys/.ufbt/build/mag/helpers/mag_helpers.o] Error 1

Am I doing something wrong?

Test the RF coil for me please

Can you please run a test against your MSR with the new MagTxLFCarrier TX method? Perhaps do a few sanity checks yourself if the messages are fine. There's a new branch with a rather crude implementation which pulses the LF coil at 125k for LF_PULSE_US microseconds:tx-lf-carrier. Still waiting on Amazon for my stuff, sadly, otherwise I would have done this myself.

Current RF emulation on a 125khz tuned coil + track 1 gives me about 4Vpp
image

Charging the LF coil for 60us (with a 200us bit clock) boosts my reading to about 9V, that's 33% duty cycle, that should be about ~5 times of a stronger field. Note this is track 2 of Samy's test card.
image

Counting past the 25 zeroes, splitting the count at every zero bit, we should be getting the original track again (5, 3, 1, 1, 3, 1, 1, 3, 1...). This is posted as a sanity check for myself.
image

On a 50% duty cycle I get about 12Vpp on average, that should be about 9x more power.
image

I'm not holding my fingers crossed yet.

Inconsistent Results based on magstripe data length in track 2

I have done testing in the past and was unable to send track 2 with lengths of less than 17 characters. When sending for example a 16-digit ID number, the application would require padding prior to the start sentinel to see a result from the reader.

i.e.

;1234123412341234? = failure
0;1234123412341234? = successfully sends 1234123412341234

External coil test

Is the external coil option confirmed to work? I built a coil and I can't seem to get it to work.
20230209_184509
20230209_183048
20230209_183859

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.