Stripe Snoop :: Why use it?

Why is Stripe Snoop Important?

Open your wallet. How many cards in there have magstripes on them? Three? Four? Five? Ever wonder what was encoded on them?

I know I did. I had six cards in my wallet with magstripes. One day a friend of mine had a $200 Magstripe reader, so I ran my cards through. Aside from the expected credit card numbers, I was surprised by the amount of personal information encoded on them. In fact, for reasons I still don't know, 2 cards contained my social security number.

Magstripes are everywhere in the United States. Aside from a few academic papers and hacking articles, very little information is published about them. So I went about trying to locating a reader system to do research with. I learned that while there magstripe readers and software available to the public, they suffer some pretty serious problems.

Cost - Readers that interface directly to a PC are expensive. While they have come down recently, a baseline Track 2 only reader will run $75+.

Compatibility - Hardware readers will only work with the software they come with. Nothing is compatible with anything else. This is because how much decoding of the magstripe is done in hardware and how much in software varies from reader to reader.

Crappy Software - The software for these readers leaves much to be desired. It basically uses a standard look up table to decode the bitstream and prints the contents on the screen. The software is closed source as well, so you can't improve it.

Research Tools - These are little to no readers or software out there that supports reading and decoding of nonstandard tracks. There is no software that allows you to try different character sets with different bitstreams. There is no software out there that allows for easy exporting of the magstripe data to share with other researchers around the world. All of these needs must be filled for any type of serious research to take place.

Stripe Snoop was created to solve these issues that the manufactures don't deem important.

Cost - Stripe Snoop is Free. The plans to build a reader are free. The parts to build a baseline reader cost less than $35.

Compatibility - Stripe Snoop is Open Source Software. It can be freely modified to support any hardware reader. Official support for PS/2 readers is currently be added, and a serial readers are being ordered.

Crappy Software - Stripe Snoop does more than just decode the magstripe. Its database of card formats will attempt to identify the card you swipe, and extract out information from the magstripe and give it meaningful names (ie this Visa was issued by Wachovia bank, instead of simply "4313...").

Research Tools - Stripe Snoop is THE tool for research. It includes a raw mode to allow for reading and attempted parsing of non-standard track information (such as NYC's Metrocard). It support for different readers is growing, allowing for different readers to use the same standard interface. It comes with extras tools that allow for the bitstreams to be captured, modified, and exported. This exported data can be analyzed on a different machine running Stripe Snoop, with no reader necessary! This allows for researchers around the world to trade magstripe data and research with each other without needing their own readers, or without shipping the actual card.