01
May
2012

Plaid CTF 2012 – Debit or Credit

Posted by admin

Ca-Ching! Do you think robots have headphone jacks?
Title: Debit or Credit
Solved: 16 teams solved this!
Points: 200
Category: Potpourri

In this challenge we received a sound (.wav) file. Seeing the challenge title and description we quickly got the idea that this might be a recorded magnetic card swipe. Looking at the sound file in audacity we can see the wave form and from this wave form we can recover the magnetic card swipe. We printed the whole wave form and started out doing this challenge on paper, after we got a solid idea on how to finish this challenges we switched to the computer to work it out further.

When analyzing the wave form and knowing a bit about how magnetic cards work you can easily spot the different wave forms for a 0 and 1. The image below shows three 0s and one 1 wave form.

When the magnetic card contains an 1 you can see that the wave is switching.

Because the amount of waves was pretty small we decided to do the full challenge by hand and not to write a program for it. Also the form of the wave in this specific card swipe was hard to decode and programs we wrote in the past to do so did not like it.

The fully parsed image can be seen below:

From the image we recovered the following raw magnetic code:
00000000000000000001101011001100001100111001111001000010101111001111101000000000000000000000

Now the next step is to turn this raw code in to track data. We can do this by looking up how this data is stored on the magnetic card or we can just do this with a tool. One such tool is StripeSnoop, which can be found on http://stripesnoop.sourceforge.net/

C:\data\snoop>ss -F -i
Stripe Snoop Version 1.5
http://stripesnoop.sourceforge.net  Acidus@yak.net
00000000000000000001101011001100001100111001111001000010101111001111101000000000000000000000
Card Contents: ";31337157?2000XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

And there is our key (the card number).

More info on magnetic cards can be found on Wikipedia: http://en.wikipedia.org/wiki/Magnetic_stripe_card and here http://stripesnoop.sourceforge.net/devel/phrack37.txt

Posted in: Uncategorized
2 Comments
Tags: , , ,

{2 Responses to “Plaid CTF 2012 – Debit or Credit”}

  1. May 1, 2012 at 4:32 pm

    0.o nice

    Reply
    qll
  2. November 16, 2012 at 7:40 pm

    can you tell my the differents reglages and parameters you have on your audacity wav graph
    thanks for your answer and ,you have made a good job

    Reply
    vincent

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>