Skip to content

Latest commit

 

History

History
97 lines (55 loc) · 6.95 KB

README.md

File metadata and controls

97 lines (55 loc) · 6.95 KB

MagSpoof_STM32

A MagSpoof build using STM32

Credit

This design is based on the incredible work of Samy Kamkar, the creator of the original magspoof. You can find his work, discribed in detail here.

The code to disable Chip&Pin protection comes from Кirils Sоlovjоvs's work, the repository is here.

Also the libraries I used to develop a standard, portable STM32 project is stm32f10x-stdperiph-lib.

Description

MagSpoof, as its original creator has detailly explained, is a device to mimic the swipe of a magstrip card by manipulating a magnetic field generated by a coil. Its first version is small yet powerful, based on a Attiny85 MCU. It's light weight, small, and easy to use.

However, when I started to build a device accoringly, it occurred to me that I don't always have to use Attiny85. It is a easy-to-use chip, of course, but it also has limitted resources and function. Also, back in the days when I was messing around with Bad USB made with Attiny85 (digi-spark), I noticed that the chips I use have a rather high malfunction rate (probably because of misconfiguration or potential design error in circuitry of my PCB), so in the end I chose a more stable and powerful MCU, the STM32F103C8T6.

The C8T6 is a cheap yet powerful STM32 unit, and a minimal system module only cost about 1.5$, making it perfect in such conditions. Thanks to its resources the MagSpoof-STM32 is able to communicate with other devices to receive data on new cards to mimic, without repeatedly flashing the chip. It also has far more memory than an Attiny85, so it can store more cards, and possibly add more function to the design in the future.

Disclaimer

This project comes with absolutly no warrenty, and I'm not responsible for any possible consequence of using this project in real life.

License

This project is under the License of GPL V 3.0.

Hardware design

To keep this design as simple as possible, I chose not to design any additional PCB, but used a base board instead. The components you need to fully recreate this design is:

  • A STM32F103C8T6 minimal system board. Any other C8T6 would surfice as lone as there's sufficient pins and UART to use.
  • A magentic coil. You can use any similar things as lone as it can be driven under 600mA (maximum) and can provide a stable magnetic field.
  • L293D H-bridge drive. This is an IC used to drive reactive load like a motor. It works under 5V input (3.7V should work as well according to Samy Kamkar), and can provide 1.2A maximum none repeating, or 600mA constantly.
  • A button for trigger control the simulation.
  • 100uF capacitor to prevent overdrain on L293D to cause a reboot on the MCU. Technically speaking since I'm using a 20W discharge, 5V powerbank and STM32, this capacitor is no longer necessary. But you should decide on your own condition.

And that's it. Literally a 10 minute hack. And if you want to use the serial port you'll need some connector, normally CH340 in my region, or any other devices, even like ESP8266.

Prototype

The prototype, the one I've already built, is based on a simple wire-wrap board. All the components are acuqirable online at a total price of about 5$. I made use of what I have at hand, so I didn't use any special hardware.

Here are the design pictures:

Front

Side

Please pardon my horrible soldering. I was neveer good at it. The L293D driver and the 100uF capacitor is inside the design, between STM32 and the wire-wrap board. In my test the heat won't be an issue on L293D, so wrapping it in the coil is fine. The coil is wrapped for 70 times.

V 1.0

I've started to design the circuit and PCB of a new design. It will include an ESP8266 and a battery pack. I'm currently having a bit of an issue on PCB design because it's a little bit too complicated for my capability, but eventually I'll finish it. In the mean time, feel free to contact me if you can help with the PCB design.

Firmware design

The program of the design is located in the Firmware folder of this repo. Due to copyright issue (and not wanting to deal with all sorts of licenses) I only uploaded the main.c file of a regular Keil project. You can use your own template to make it work. This code should be compatable with any MCU under the STM32F10x family, maybe even more.

Usage

First make sure that you've built the same or similar functioning hardware platform to run this project. I will not stress on hardware building because there're multiple choices for each component, you can build it however you see fit.

Use the code in a Keil project

The most common way to develop code for a STM32 is to use Keil. If you already have a functioning environment and a working template you can skip this part. For those who don't, you need an authorized copy of Keil, because you'll need to mix up assembly and C, and without proper license Keil can't perform the linking procedure. Then go download the device pack of STM32 on their official site, set it up. The last thing you need is a template project of STM32F103C8T6, unless you want to costomize the startup process and know what you're doing. Pay special attention to the chip set because different STM32 processers has different startup process, address, etc.

As mentioned above, I used stdperiph library to simplify the code. You can use what you like and port the code, but for stdperiph users, please enable misc.h, EXTI.h, USART.h, GPIO.h, RCC.h and other headfile you want.

Code customization

The code is quite easy and has comments. But basically, if you want to load more cards into the device, I've shown how it should be done in the code itself. Just remember to avoid modifying global variable in an interruption handler, it may have unintended consequences.

Use the project after downloading

After downloading, you may want to reset the board just in case. Then open a serial on PA9 and PA10, it will prompt to enter the data you want to spoof. When edit is done, simply pull the PA7 to GND will trigger the simulation. When simulation is done the LED will blink twice, when the board is reset it will blink 3 times.

To-Do list

This is only a prototype of STM32 based magspoof. There're a few things I'm planning to do:

  • actually design a PCB which has a USB-to-TTL builtin module, so that simply plug it onto any device will work.
  • Add WiFi and/or bluetooth support to this design.
  • Add a portable builtin power source.

Feel free to open an issue to discuss any interesting features you'd like to add.

Update log

  • 7/26/2020: General bug fix including:
    • Fix the bug that the LED keeps on without blinking
    • Fix the bug of "Hard Fault" caused by null pointer
    • Fix the bug that USART can't receive message due to configuration error of NVIC
    • Fix the bug that external interruption can't be triggered due to misconfiguration of interruption source
    • Fix the bug of enternal loop
    • Code cleanup