// the find
samyk/magspoof
A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX card numbers with 100% accuracy.
MagSpoof is an Arduino-based hardware device that emulates magnetic stripe cards by generating an electromagnetic field strong enough to fool standard magstripe readers — no NFC or RFID involved. It's from Samy Kamkar (of XSS worm fame), released in 2015 as a proof-of-concept for magnetic stripe vulnerabilities. Audience is hardware security researchers and people curious about how magstripes actually work at the physics level.
The core trick is genuinely clever: by reversing Track 2 and sending both tracks sequentially, readers interpret it as a normal back-and-forth swipe — single coil, no exotic hardware. The README doubles as a real tutorial on magstripe encoding (ISO 7811 bit layout, parity, service codes) with photos of actual iron oxide visualizations. Full KiCad PCB files are included, not just a breadboard schematic. The AMEX card number prediction finding is a legitimate and serious vulnerability disclosure, responsibly handled.
The repo has been essentially dead since 2015 — one C file, no updates in years, and the most interesting capabilities (Chip-and-PIN bypass, AMEX prediction algorithm) are explicitly withheld from the code, which makes it closer to a demo than a usable tool. No tests, no build system, just a single .c file you compile manually. The 'wireless' range is a few inches at best, making real-world research use awkward without significant hardware iteration. Anyone hoping to build on this seriously will need to redesign around better drivers (the L293D at 3.7V is operating out of spec by the author's own admission).