Use an external magnetic stripes card reader to obtain your card's data, or use a similar method. Card readers will act as a US language keyboard, so you will need to open a notes app to save the data.

From now on we will use the dummy card below shown. As you can see, there are differences between the cards’ tracks, but in the end, any format is useful since there are a few differences that can be corrected manually.

The tracks obtained/generated are:

• Track 1: B4913989534473337^Doroteja/Marija/Goncalves^05301110000682000?\0
• Track 2: ;4913989534473337=05301110000000006820?\0

Let us identify the data, add missing information to meet the format, and compare it to the information printed on the bank card.

MagSpoof uses the magstripe Format B. The minimum cardholder account information needed to complete a transaction is present on both tracks. Track 1 has a higher bit density (210 bits per inch vs. 75), is the only track that may contain alphabetic text, and hence is the only track that contains the cardholder's name.

• Track 1 structure:

  • Start sentinel — one character (generally '%')
  • Format code="B" — one character (alpha only)
  • Primary account number (PAN) — up to 19 characters. Usually, but not always, matches the credit card number printed on the front of the card.
  • Field Separator — one character (generally '^')
  • Name — 2 to 26 characters, surnames separated by space if necessary, Surname separator: /
  • Field Separator — one character (generally '^')
  • Expiration date — four characters in the form YYMM.
  • Service code — three characters
  • Discretionary data — may include Pin Verification Key Indicator (PVKI, 1 character), PIN Verification Value (PVV, 4 characters), Card Verification Value or Card Verification Code (CVV or CVC, 3 characters)
  • End sentinel — one character (generally '?')
  • Longitudinal redundancy check (LRC) — it is one character and a validity character calculated from other data on the track.

• Track 2 structure:

  • Start sentinel — one character (generally ';')
  • Primary account number (PAN) — up to 19 characters. Usually, but not always, matches the credit card number printed on the front of the card.
  • Separator — one character (generally '=')
  • Expiration date — four characters in the form YYMM.
  • Service code — three digits. The first digit specifies the interchange rules, the second specifies authorization processing and the third specifies the range of services
  • Discretionary data — as in track one
  • End sentinel — one character (generally '?')
  • Longitudinal redundancy check (LRC) — it is one character and a validity character calculated from other data on the track. Most reader devices do not make the LRC available for display but use it to verify the input internally to the device.

Learn more about the service code values here.

With this information, we can now section both tracks and add the missing data (only the start sentinel for track 1):

Track 1:

Track 2:

There are multiple ways to perform this depending on the version you are using. For MagSpoof standalone versions can be directly defined in the code, version 4 and above can use the command line interface (CLI) for easier use, and lastly, MagSpoff Add-On requires saving the data in a specific format file. Refer to its documentation.

In this case, we are using MagSpoof V5, so we used the CLI to perform this:

• Connect MagSpoof to a computer and turn it ON.
• Open a serial terminal you prefer to start a session. You can send the track data by simply copying and pasting it to the terminal. We can verify that the tracks are saved in the board’s RAM by sending the command “d”. We saved it in the EEPROM for future testing by sending the command “s”.
• Emulate the saved data by pressing the SW1 button or by sending the command “p” to the terminal.

"I want to emulate another card but I do not have WCHISP Tool or Arduino IDE to modify the firmware. Is it possible to change the magstripes information?" Yes, it is! You just need to connect your MagSpoof V4 to any device running a serial terminal to send the information.

To emulate the magstripes, follow these steps:

1. Connect your MagSpoof V4 to the device running a serial terminal.

2. Select the option that allows you to establish communication between the device and MagSpoof V4.

3. Type the first track and press Intro key to send the information. You must receive "? found" response.

4. Type the second track and press Intro key to send the information. You must receive "? found" response.

You can emulate the card from the terminal, without pressing S1 button on your MagSpoof:

5. Type p (lowercase) and press Intro key to send the Probe command. You must read "Magspoof" followed by both tracks in the serial terminal.

Below, find the graphical guide.

                                          Serial Terminal on Arduino IDE

Note: Flash memory storage capabilities are limited. While changing the tracks is now easier, we recommend you manage this action and use it only to save the most important information to extend the lifetime of the MCU's flash. Since this action could be executed approximately 200 times, we recommend using the emulation mode described in the above section.

To change the tracks, follow these steps:

1. Connect your MagSpoof V4 to the device running a serial terminal.

2. Select the option that allows you to establish communication between the device and MagSpoof V4.

3. Type the first track and press Intro key to send the information. You must receive "? found" response.

4. Type s (lowercase) and press Intro key to send the Save command. You must receive "Tracks saved in Data Flash" response.

5. Type the second track and press Intro key to send the information. You must receive "? found" response.

6. Type s (lowercase) and press Intro key to send the Save command. You must receive "Tracks saved in Data Flash" response.

You can also emulate the card from the terminal, without pressing S1 button on your MagSpoof:

7. Type p (lowercase) and press Intro key to send the Probe command. You must read "Magspoof" followed by both tracks in the serial terminal.

Below, you will find the graphical guide.

                                          Serial Terminal on a Smartphone

You can download the firmware for MagSpoof V4 here. Use magspoofV4.ino to emulate the board the same way MagSpoof V3 works, in this case, you will need to follow the same process described for MagSpoof V3.

Use usbcdc_magspoof.ino to use the new features of MagSpoof V4. With this firmware, it is not needed to copy and paste the tracks to the sketch, you will be able to use the tracks for the card you want to emulate using a serial terminal.

Compile and save the code. Follow the steps in methods 1 or 2 to upload the firmware to the board.

1.1. Go to the following link and download the last release of usbcdc_magspoof.ino.ch552.hex file.

1.2. Go to the following link to download the WCHISP Tool V3.3 and install it on Windows. Open the application.

1.3. Select the right Chip Model (CH552) and USB on "Download Type".

1.4. Launch the bootloader mode of your MagSpoof V4 and plug it into the PC using a USB cable. The tool will automatically show the board in "Device List".

1.5. In "User File" look for the HEX file you downloaded in step 1.1.

1.6. OPTIONAL: You can check the "Clear Data Flash" box to ERASE all the data saved in the Flash memory. Be careful, if you have already saved tracks in the flash, they will be erased.

1.7. Click on "Download" button.

2.1. Go to IDE > Tools > Port and select the COM that matches your board. Go to IDE > Tools > Board > CH55xDuino MCS51 plain C core (non-C++) > CH552 Board.

2.2. Click on the "Upload" button.

Note: In case you are not able to upload the new firmware or the current firmware is not stable, you can try launching the bootloader. For MagSpoof V4, if you use the bootloader mode, you need to click on the "Upload" button. You will see the message "Compiling". Once the message changes to "Uploading", you must activate the bootloader mode. We suggest you unplug and plug MagSpoof into your PC once the upload process is done.

2.3. Keep your MagSpoof connected to your computer and Arduino IDE open. Open the Serial Monitor; go to IDE > Tools > Serial Monitor.

For both MagSpoof, V3 and V4, every time you press the S1 button the emulation process is performed. It means the MagSpoof emulates a magnetic stripe by quickly changing the polarization of an electromagnet (coil), producing a magnetic field similar to that of a typical magnetic stripe as if it's being swiped.

Press the S1 button to start the emulation. By pressing it, the Status LED will blink once and then turn off, and you will see in the serial monitor the tracks emulated. You can also test the reading of your card info, by inserting the coil pad into the card reader, it is not necessary to swipe the coil through.

                                            Before pressing S1 button

                                            After pressing S1 button

The reading test must throw the same information that the real card.