Getting Started with MagSpoof R3 firmware on macOS

April 25, 2017

Follow this step by step guide to get started using the MagSpoof R3 firmware on macOS. You will need the following:

You will need to install following:

avrdude
CrossPack AVR

1. Open a terminal application.

2. Install CrossPack AVR and avrdude.

brew cask install crosspack-avr

brew install avrdude

3. Check to make sure they were installed correctly.

$ avrdude -v
avrdude: Version 6.3, compiled on Sep 17 2016 at 02:19:28

$ avr-gcc -v
  ...
gcc version 4.8.1 (GCC)

4. Clone the MagSpoof Github repository.

git clone https://github.com/RyscCorp/magspoof_r3.git

5. Navigate to the MagSpoof r3 folder inside your terminal. Inside the MagSpoof folder navigate to the software folder.

cd magspoof_r3/

cd software/

The examples below use the bash shell. Follow along by running:

bash

6. Next, compile the firmware.

make

Note: This will generate a hex file containing the raw binary to be uploaded to the Magspoof.

7. Connect your programmer to the MagSpoof and turn your MagSpoof on. Your connection should look like the following picture.

MagSpoof connected to Programmer

8. Run the following command in terminal to program the MagSpoof using the AVR Pocket Programmer from SparkFun.

bash-3.2$ PROGRAMMER=usbtiny make firstprog

Output:

avrdude -p t85 -c usbtiny -U lfuse:w:0xe2:m -U hfuse:w:0xdf:m -U efuse:w:0xff:m

avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% 0.00s

avrdude: Device signature = 0x1e930b (probably t85)
avrdude: reading input file "0xe2"
avrdude: writing lfuse (1 bytes):

Writing | ################################################## | 100% 0.00s

avrdude: 1 bytes of lfuse written
avrdude: verifying lfuse memory against 0xe2:
avrdude: load data lfuse data from input file 0xe2:
avrdude: input file 0xe2 contains 1 bytes
avrdude: reading on-chip lfuse data:

Reading | ################################################## | 100% 0.00s

avrdude: verifying ...
avrdude: 1 bytes of lfuse verified
avrdude: reading input file "0xdf"
avrdude: writing hfuse (1 bytes):

Writing | ################################################## | 100% 0.00s

avrdude: 1 bytes of hfuse written
avrdude: verifying hfuse memory against 0xdf:
avrdude: load data hfuse data from input file 0xdf:
avrdude: input file 0xdf contains 1 bytes
avrdude: reading on-chip hfuse data:

Reading | ################################################## | 100% 0.00s

avrdude: verifying ...
avrdude: 1 bytes of hfuse verified
avrdude: reading input file "0xff"
avrdude: writing efuse (1 bytes):

Writing | ################################################## | 100% 0.00s

avrdude: 1 bytes of efuse written
avrdude: verifying efuse memory against 0xff:
avrdude: load data efuse data from input file 0xff:
avrdude: input file 0xff contains 1 bytes
avrdude: reading on-chip efuse data:

Reading | ################################################## | 100% 0.00s

avrdude: verifying ...
avrdude: 1 bytes of efuse verified

avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)

avrdude done.  Thank you.

avr-gcc -g -std=c99 -Os -Wall -w -mcall-prologues -mmcu=attiny85 -DF_CPU=8000000UL magspoof.c -o magspoof
avr-objcopy -R .eeprom -O ihex magspoof magspoof.hex
rm -f magspoof
avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex

avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% 0.00s

avrdude: Device signature = 0x1e930b (probably t85)
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
         To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: reading input file "magspoof.hex"
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: writing flash (1170 bytes):

Writing | ################################################## | 100% 1.70s

avrdude: 1170 bytes of flash written
avrdude: verifying flash memory against magspoof.hex:
avrdude: load data flash data from input file magspoof.hex:
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: input file magspoof.hex contains 1170 bytes
avrdude: reading on-chip flash data:

Reading | ################################################## | 100% 2.36s

avrdude: verifying ...
avrdude: 1170 bytes of flash verified

avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)

avrdude done.  Thank you.

avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex

avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% 0.00s

avrdude: Device signature = 0x1e930b (probably t85)
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
         To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: reading input file "magspoof.hex"
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: writing flash (1170 bytes):

Writing | ################################################## | 100% 1.69s

avrdude: 1170 bytes of flash written
avrdude: verifying flash memory against magspoof.hex:
avrdude: load data flash data from input file magspoof.hex:
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: input file magspoof.hex contains 1170 bytes
avrdude: reading on-chip flash data:

Reading | ################################################## | 100% 2.36s

avrdude: verifying ...
avrdude: 1170 bytes of flash verified

avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)

avrdude done.  Thank you.

9. Test that your MagSpoof is working properly.

bash-3.2$ make test

Output:

./test.sh
1. Connect magstripe reader to PC
2. Turn on magspoof
3. Hold magspoof close to reader head
4. Push button on magspoof
%B4444444444444444^ABE/LINCOLN^291110100000931?;4444444444444444=29111010000093100000?+4444444444444444=29111010000093100000?
PASS

10. In the MagSpoof software folder open up the magspoof.c file and replace the highlighted code below with your own credit card information. We recommended swiping your card with the MagStripe Reader and copying and pasting the output into the code.

11. Save the magspoof.c file and run the make command.

bash-3.2# make
avr-gcc -g -std=c99 -Os -Wall -w -mcall-prologues -mmcu=attiny85 -DF_CPU=8000000UL magspoof.c -o magspoof
avr-objcopy -R .eeprom -O ihex magspoof magspoof.hex
rm -f magspoof

12. Run the following command to program your MagSpoof with your own credit card information.

bash-3.2# make install
avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex

avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% 0.01s

avrdude: Device signature = 0x1e930b (probably t85)
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
         To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: reading input file "magspoof.hex"
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: writing flash (1170 bytes):

Writing | ################################################## | 100% 2.48s

avrdude: 1170 bytes of flash written
avrdude: verifying flash memory against magspoof.hex:
avrdude: load data flash data from input file magspoof.hex:
avrdude: input file magspoof.hex auto detected as Intel Hex
avrdude: input file magspoof.hex contains 1170 bytes
avrdude: reading on-chip flash data:

Reading | ################################################## | 100% 3.61s

avrdude: verifying ...
avrdude: 1170 bytes of flash verified

avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2)

avrdude done.  Thank you.

Your MagSpoof should now be programmed with your credit card information. Try testing it by placing the MagSpoof over the magstripe reader and pushing the button on the MagSpoof.

If you have any questions related to this blog please email us at support at ryscc dot com.

How to specify a different programmer

To specify a different programmer for the makefile targets, set the PROGRAMMER environment variable.

1. For example if you want to use the Atmel AVR ISP mkII programmer instead, use in the following:

PROGRAMMER=avrispmkII make install

2. Your MagSpoof should now be programmed.

The makefile uses avrdude to program the MagSpoof. You can find a list of supported programmers by typing in the following command into a terminal application.

avrdude -c?

Share:

Also in Blog

Black Hat / Defcon Sale - 2019

July 29, 2019

Black Hat / Defcon sale until August 11th 2019. Get 10% off plus free shipping on purchase of $200 or more.

View full article →

ProxmarkPro - How to Replay a Mifare Ultralight Tag

July 23, 2019

This blog post covers the steps to replay a Mifare Ultralight tag with a ProxmarkPro.

View full article →

ProxmarkPro - Replaying a EM4100 Tag

July 23, 2019

This blog post covers the steps of how to Replay a EM4100 tag with a ProxmarkPro.

View full article →

Contact Us

sales@ryscc.com
support@ryscc.com
tel: 888-828-8497

10307 West Broad Street
Suite 250
Glen Allen VA 23060 USA

About Us

Rysc Corp is your one stop shop for security research hardware. We’ve been creating, distributing and supporting security research devices since 2009. Our commitment to customer service and quality means you can count on us when it counts.