For Christmas, I received a cool little device called the square from Ed Park. You plug this device into the audio mini jack on your smartphone and you can swipe credit cards right on your phone. It’s perfect for people doing business on the go. Or… next time your buddy owes you money, the “I don’t have any cash on me right now” excuse won’t work.
The first strange thing I noticed was that the data was being inputed via the audio jack rather than the data port (located at the bottom of the iphone). There are 3 types of audio mini jacks: Mono, stereo, stereo/microphone. Since the iphone audio jack accepts corded hands-free earpieces as well as earphones for music, it has to be the combo jack (stereo/microphone).
If you look at the tip, you’ll notice there are four sections separated by insulated plastic rings.
This type of plug is known as the “TRRS”. T-R-R-S stands for Tip-Ring-Ring-Sleeve. The tip is for Left-channel audio out. The first ring is for Right-channel audio out. The second ring is Ground. The sleeve is for Microphone in.
What I would like to know is how the square transmits your credit card number into the software through the audio port.
Now, before wiring each terminal up to an arduino and outputting data to serial, since input is only possible through the sleeve (microphone terminal), maybe we can find out if the data is actually audible! By simply plugging it into a computer mic in port or firing the voice recorder app on the iphone, we can find out what our credit cards sound like.
Interesting. So if I just recorded the swipe of each of my credit cards, I can technically store credit card numbers as wav files and play them directly into the square software. I was inspecting each of my credit card wav files and tried to notice some kind of pattern that matched the pattern of my credit card numbers. I didn’t think that was going to be successful, but it was worth a shot.
I then decided to rig the square swiper up to my arduino and display output to serial.
Here is the arduino code:
const int mic = A5;
int counter = 0;
void setup()
{
Serial.begin( 9600 );
}
void loop()
{
counter++;
Serial.print(analogRead(mic));
Serial.print(" ");
delay(50);
if(counter>=40){
counter=0;
Serial.print("\n");
}
}
I chose an analog input because that audio minijack is analog. I know what each section in the TRRS specs do, but does it need power? Do I need to connect the ground? Do I need to power it through both left and right channels? I wasn’t sure, so I decided to simply try different combinations.
When I connect the ground, I get a bunch of ‘O’s. When I swipe the credit card, I get a few numbers… but not nearly enough to carry the data I’m assuming the stripe holds. When I disconnect ground I notice something interesting.
Now I’m still not sure if I’m on the right track because I expected a bunch of 1’s and 0’s…. but I noticed a pattern in the numbers. The numbers are grouped in 4’s. Every four numbers, the pattern repeats itself.
It makes perfect sense. I’m going to assume the credit card stripe MUST be carrying 4 rows of data… thus 4 different reads from the swiper. So I tried swiping my credit card to investigate the reads. (I’m not posting the output from my credit card here…. but I’ll post the output from when I swiped my Disneyland Annual Passport!)
I’m gonna go ahead and assume the data isn’t encrypted (at this level at least. I’m pretty certain it’s encrypted at the software level)… so it’s just a matter of deobfuscating it. Unfortunately for me, I was staring closely at the output and I started getting sleepy. Hmmm. I’m not sure if I’m on the right track or not… so feel free to chime in if you have any ideas. I shall come back to this later.