[sudo-access] magnetic card reader error codes as peoples' card hashes
Jake
jake at spaz.org
Wed Nov 29 16:46:35 PST 2017
it's still the case that error codes reported by the magnetic stripe reader are
being used as peoples' card hashes. this means that a random person swiping a
random card can get access to omni if the error code matches that hash.
since the data from the card reader is scrambled and randomized, there's no
easy way to discern "ERROR - CARD NOT READ" or whatever it's trying to say from
")!#@@@449492837203804720_05/20_" or whatever a normal card would be reporting.
substack and i tried to fix this a while ago by counting the number of bytes
coming from the reader but it wasn't enough. so blah, now everybody here knows
and so if you care to look into it we can do that.
-jake
More information about the access
mailing list