Getting Started with MagSpoof R3 firmware on macOS
Follow this step by step guide to get started using the MagSpoof R3 firmware on macOS. You will need the following:
- MagSpoof
- AVR Programmer
- MagStripe Reader (Recommended)
You will need to install following:
- avrdude
- CrossPack AVR
1. Open a terminal application.
2. Install CrossPack AVR and avrdude.
brew cask install crosspack-avr
brew install avrdude
3. Check to make sure they were installed correctly.
$ avrdude -v avrdude: Version 6.3, compiled on Sep 17 2016 at 02:19:28
$ avr-gcc -v ... gcc version 4.8.1 (GCC)
4. Clone the MagSpoof Github repository.
git clone https://github.com/RyscCorp/magspoof_r3.git
5. Navigate to the MagSpoof r3 folder inside your terminal. Inside the MagSpoof folder navigate to the software folder.
cd magspoof_r3/
cd software/
The examples below use the bash shell. Follow along by running:
bash
6. Next, compile the firmware.
make
Note: This will generate a hex file containing the raw binary to be uploaded to the Magspoof.
7. Connect your programmer to the MagSpoof and turn your MagSpoof on. Your connection should look like the following picture.
8. Run the following command in terminal to program the MagSpoof using the AVR Pocket Programmer from SparkFun.
bash-3.2$ PROGRAMMER=usbtiny make firstprog
Output:
avrdude -p t85 -c usbtiny -U lfuse:w:0xe2:m -U hfuse:w:0xdf:m -U efuse:w:0xff:m
avrdude: AVR device initialized and ready to accept instructions
Reading | ################################################## | 100% 0.00s
avrdude: Device signature = 0x1e930b (probably t85)
avrdude: reading input file "0xe2"
avrdude: writing lfuse (1 bytes):
Writing | ################################################## | 100% 0.00s
avrdude: 1 bytes of lfuse written
avrdude: verifying lfuse memory against 0xe2:
avrdude: load data lfuse data from input file 0xe2:
avrdude: input file 0xe2 contains 1 bytes
avrdude: reading on-chip lfuse data:
Reading | ################################################## | 100% 0.00s
avrdude: verifying ...
avrdude: 1 bytes of lfuse verified
avrdude: reading input file "0xdf"
avrdude: writing hfuse (1 bytes):
Writing | ################################################## | 100% 0.00s
avrdude: 1 bytes of hfuse written
avrdude: verifying hfuse memory against 0xdf:
avrdude: load data hfuse data from input file 0xdf:
avrdude: input file 0xdf contains 1 bytes
avrdude: reading on-chip hfuse data:
Reading | ################################################## | 100% 0.00s
avrdude: verifying ...
avrdude: 1 bytes of hfuse verified
avrdude: reading input file "0xff"
avrdude: writing efuse (1 bytes):
Writing | ################################################## | 100% 0.00s
avrdude: 1 bytes of efuse written
avrdude: verifying efuse memory against 0xff:
avrdude: load data efuse data from input file 0xff:
avrdude: input file 0xff contains 1 bytes
avrdude: reading on-chip efuse data:
Reading | ################################################## | 100% 0.00s
avrdude: verifying ...
avrdude: 1 bytes of efuse verified
avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)
avrdude done. Thank you.
avr-gcc -g -std=c99 -Os -Wall -w -mcall-prologues -mmcu=attiny85 -DF_CPU=8000000UL magspoof.c -o magspoof
avr-objcopy -R .eeprom -O ihex magspoof magspoof.hex
rm -f magspoof
avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex
avrdude: AVR device initialized and ready to accept instructions
Reading | ################################################## | 100% 0.00s
avrdude: Device signature = 0x1e930b (probably t85)
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: reading input file "magspoof.hex"
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: writing flash (1170 bytes):
Writing | ################################################## | 100% 1.70s
avrdude: 1170 bytes of flash written
avrdude: verifying flash memory against magspoof.hex:
avrdude: load data flash data from input file magspoof.hex:
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: input file magspoof.hex contains 1170 bytes
avrdude: reading on-chip flash data:
Reading | ################################################## | 100% 2.36s
avrdude: verifying ...
avrdude: 1170 bytes of flash verified
avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)
avrdude done. Thank you.
avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex
avrdude: AVR device initialized and ready to accept instructions
Reading | ################################################## | 100% 0.00s
avrdude: Device signature = 0x1e930b (probably t85)
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: reading input file "magspoof.hex"
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: writing flash (1170 bytes):
Writing | ################################################## | 100% 1.69s
avrdude: 1170 bytes of flash written
avrdude: verifying flash memory against magspoof.hex:
avrdude: load data flash data from input file magspoof.hex:
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: input file magspoof.hex contains 1170 bytes
avrdude: reading on-chip flash data:
Reading | ################################################## | 100% 2.36s
avrdude: verifying ...
avrdude: 1170 bytes of flash verified
avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)
avrdude done. Thank you.
9. Test that your MagSpoof is working properly.
bash-3.2$ make test
Output:
./test.sh 1. Connect magstripe reader to PC 2. Turn on magspoof 3. Hold magspoof close to reader head 4. Push button on magspoof %B4444444444444444^ABE/LINCOLN^291110100000931?;4444444444444444=29111010000093100000?+4444444444444444=29111010000093100000? PASS
10. In the MagSpoof software folder open up the magspoof.c file and replace the highlighted code below with your own credit card information. We recommended swiping your card with the MagStripe Reader and copying and pasting the output into the code.
11. Save the magspoof.c file and run the make command.
bash-3.2# make avr-gcc -g -std=c99 -Os -Wall -w -mcall-prologues -mmcu=attiny85 -DF_CPU=8000000UL magspoof.c -o magspoof avr-objcopy -R .eeprom -O ihex magspoof magspoof.hex rm -f magspoof
12. Run the following command to program your MagSpoof with your own credit card information.
bash-3.2# make install
avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex
avrdude: AVR device initialized and ready to accept instructions
Reading | ################################################## | 100% 0.01s
avrdude: Device signature = 0x1e930b (probably t85)
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: reading input file "magspoof.hex"
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: writing flash (1170 bytes):
Writing | ################################################## | 100% 2.48s
avrdude: 1170 bytes of flash written
avrdude: verifying flash memory against magspoof.hex:
avrdude: load data flash data from input file magspoof.hex:
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: input file magspoof.hex contains 1170 bytes
avrdude: reading on-chip flash data:
Reading | ################################################## | 100% 3.61s
avrdude: verifying ...
avrdude: 1170 bytes of flash verified
avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)
avrdude done. Thank you.
Your MagSpoof should now be programmed with your credit card information. Try testing it by placing the MagSpoof over the magstripe reader and pushing the button on the MagSpoof.
If you have any questions related to this blog please email us at support at ryscc dot com.
How to specify a different programmer
To specify a different programmer for the makefile targets, set the PROGRAMMER environment variable.
1. For example if you want to use the Atmel AVR ISP mkII programmer instead, use in the following:
PROGRAMMER=avrispmkII make install
2. Your MagSpoof should now be programmed.
The makefile uses avrdude to program the MagSpoof. You can find a list of supported programmers by typing in the following command into a terminal application.
avrdude -c?
Also in Blog
Proxmark Pro - Sniffing a Mifare Desfire 4K Tag
ProxmarkPro - Sniffing a Mifare 4K Tag
