Getting Started with MagSpoof R3 firmware on macOS
Follow this step by step guide to get started using the MagSpoof R3 firmware on macOS. You will need the following:
- MagSpoof
- AVR Programmer
- MagStripe Reader (Recommended)
You will need to install following:
- avrdude
- CrossPack AVR
1. Open a terminal application.
2. Install CrossPack AVR and avrdude.
brew cask install crosspack-avr
brew install avrdude
3. Check to make sure they were installed correctly.
$ avrdude -v avrdude: Version 6.3, compiled on Sep 17 2016 at 02:19:28
$ avr-gcc -v ... gcc version 4.8.1 (GCC)
4. Clone the MagSpoof Github repository.
git clone https://github.com/RyscCorp/magspoof_r3.git
5. Navigate to the MagSpoof r3 folder inside your terminal. Inside the MagSpoof folder navigate to the software folder.
cd magspoof_r3/
cd software/
The examples below use the bash shell. Follow along by running:
bash
6. Next, compile the firmware.
make
Note: This will generate a hex file containing the raw binary to be uploaded to the Magspoof.
7. Connect your programmer to the MagSpoof and turn your MagSpoof on. Your connection should look like the following picture.
8. Run the following command in terminal to program the MagSpoof using the AVR Pocket Programmer from SparkFun.
bash-3.2$ PROGRAMMER=usbtiny make firstprog
Output:
avrdude -p t85 -c usbtiny -U lfuse:w:0xe2:m -U hfuse:w:0xdf:m -U efuse:w:0xff:m avrdude: AVR device initialized and ready to accept instructions Reading | ################################################## | 100% 0.00s avrdude: Device signature = 0x1e930b (probably t85) avrdude: reading input file "0xe2" avrdude: writing lfuse (1 bytes): Writing | ################################################## | 100% 0.00s avrdude: 1 bytes of lfuse written avrdude: verifying lfuse memory against 0xe2: avrdude: load data lfuse data from input file 0xe2: avrdude: input file 0xe2 contains 1 bytes avrdude: reading on-chip lfuse data: Reading | ################################################## | 100% 0.00s avrdude: verifying ... avrdude: 1 bytes of lfuse verified avrdude: reading input file "0xdf" avrdude: writing hfuse (1 bytes): Writing | ################################################## | 100% 0.00s avrdude: 1 bytes of hfuse written avrdude: verifying hfuse memory against 0xdf: avrdude: load data hfuse data from input file 0xdf: avrdude: input file 0xdf contains 1 bytes avrdude: reading on-chip hfuse data: Reading | ################################################## | 100% 0.00s avrdude: verifying ... avrdude: 1 bytes of hfuse verified avrdude: reading input file "0xff" avrdude: writing efuse (1 bytes): Writing | ################################################## | 100% 0.00s avrdude: 1 bytes of efuse written avrdude: verifying efuse memory against 0xff: avrdude: load data efuse data from input file 0xff: avrdude: input file 0xff contains 1 bytes avrdude: reading on-chip efuse data: Reading | ################################################## | 100% 0.00s avrdude: verifying ... avrdude: 1 bytes of efuse verified avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2) avrdude done. Thank you. avr-gcc -g -std=c99 -Os -Wall -w -mcall-prologues -mmcu=attiny85 -DF_CPU=8000000UL magspoof.c -o magspoof avr-objcopy -R .eeprom -O ihex magspoof magspoof.hex rm -f magspoof avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex avrdude: AVR device initialized and ready to accept instructions Reading | ################################################## | 100% 0.00s avrdude: Device signature = 0x1e930b (probably t85) avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed To disable this feature, specify the -D option. avrdude: erasing chip avrdude: reading input file "magspoof.hex" avrdude: input file magspoof.hex auto detected as Intel Hex avrdude: writing flash (1170 bytes): Writing | ################################################## | 100% 1.70s avrdude: 1170 bytes of flash written avrdude: verifying flash memory against magspoof.hex: avrdude: load data flash data from input file magspoof.hex: avrdude: input file magspoof.hex auto detected as Intel Hex avrdude: input file magspoof.hex contains 1170 bytes avrdude: reading on-chip flash data: Reading | ################################################## | 100% 2.36s avrdude: verifying ... avrdude: 1170 bytes of flash verified avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2) avrdude done. Thank you. avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex avrdude: AVR device initialized and ready to accept instructions Reading | ################################################## | 100% 0.00s avrdude: Device signature = 0x1e930b (probably t85) avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed To disable this feature, specify the -D option. avrdude: erasing chip avrdude: reading input file "magspoof.hex" avrdude: input file magspoof.hex auto detected as Intel Hex avrdude: writing flash (1170 bytes): Writing | ################################################## | 100% 1.69s avrdude: 1170 bytes of flash written avrdude: verifying flash memory against magspoof.hex: avrdude: load data flash data from input file magspoof.hex: avrdude: input file magspoof.hex auto detected as Intel Hex avrdude: input file magspoof.hex contains 1170 bytes avrdude: reading on-chip flash data: Reading | ################################################## | 100% 2.36s avrdude: verifying ... avrdude: 1170 bytes of flash verified avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2) avrdude done. Thank you.
9. Test that your MagSpoof is working properly.
bash-3.2$ make test
Output:
./test.sh 1. Connect magstripe reader to PC 2. Turn on magspoof 3. Hold magspoof close to reader head 4. Push button on magspoof %B4444444444444444^ABE/LINCOLN^291110100000931?;4444444444444444=29111010000093100000?+4444444444444444=29111010000093100000? PASS
10. In the MagSpoof software folder open up the magspoof.c file and replace the highlighted code below with your own credit card information. We recommended swiping your card with the MagStripe Reader and copying and pasting the output into the code.

11. Save the magspoof.c file and run the make command.
bash-3.2# make avr-gcc -g -std=c99 -Os -Wall -w -mcall-prologues -mmcu=attiny85 -DF_CPU=8000000UL magspoof.c -o magspoof avr-objcopy -R .eeprom -O ihex magspoof magspoof.hex rm -f magspoof
12. Run the following command to program your MagSpoof with your own credit card information.
bash-3.2# make install avrdude -p t85 -c usbtiny -U flash:w:magspoof.hex avrdude: AVR device initialized and ready to accept instructions Reading | ################################################## | 100% 0.01s avrdude: Device signature = 0x1e930b (probably t85) avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed To disable this feature, specify the -D option. avrdude: erasing chip avrdude: reading input file "magspoof.hex" avrdude: input file magspoof.hex auto detected as Intel Hex avrdude: writing flash (1170 bytes): Writing | ################################################## | 100% 2.48s avrdude: 1170 bytes of flash written avrdude: verifying flash memory against magspoof.hex: avrdude: load data flash data from input file magspoof.hex: avrdude: input file magspoof.hex auto detected as Intel Hex avrdude: input file magspoof.hex contains 1170 bytes avrdude: reading on-chip flash data: Reading | ################################################## | 100% 3.61s avrdude: verifying ... avrdude: 1170 bytes of flash verified avrdude: safemode: Fuses OK (E:FF, H:DF, L:E2) avrdude done. Thank you.
Your MagSpoof should now be programmed with your credit card information. Try testing it by placing the MagSpoof over the magstripe reader and pushing the button on the MagSpoof.
If you have any questions related to this blog please email us at support at ryscc dot com.
How to specify a different programmer
To specify a different programmer for the makefile targets, set the PROGRAMMER environment variable.
1. For example if you want to use the Atmel AVR ISP mkII programmer instead, use in the following:
PROGRAMMER=avrispmkII make install
2. Your MagSpoof should now be programmed.
The makefile uses avrdude to program the MagSpoof. You can find a list of supported programmers by typing in the following command into a terminal application.
avrdude -c?
Also in Blog

Proxmark Pro - Sniffing a Mifare Desfire 4K Tag

ProxmarkPro - Sniffing a Mifare 4K Tag
