Samy Kamkar, security researcher and friend of WonderHowTo, just had one of his devices featured in Mr. Robot.
If you've never heard of Samy, you've at least probably heard of one of his hacks. For instance, the Samy computer worm that hacked MySpace, his compressed air trick that opens security doors, or the Master Combination lock cracking calculator.
SPOILER ALERT: Details from Mr. Robot Season 2, Episode 6 Below
In season 2, episode 6, Angela visits the FBI floor in the Evil Corp's offices to plant a femtocell, a low-power cellular base station, with an exploit on it. But before she does this, Darlene breaks into a hotel room close to Evil Corp's building using some hacker trickery so she can use what looks like a cantenna to safely connect to the femtocell from afar.
To break in, she basically clones a maid's hotel key, which has a magnetic stripe on it. But since cloning a physical card takes too long, she uses a device called a MagSpoof.
The MagSpoof is Samy's creation, and something we've covered before in the past. It essentially uses an electromagnet to copy the same pattern that the maid's key card would provide to the card reader, then transmits that data to the lock. The stronger the electromagnet, the father away it will work.
To learn more about how MagSpoof works, check out our overview of the project. And make sure to check out Samy's site or his YouTube channel for more cool hacks to come. You never know what might make it into Mr. Robot next.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
5 Comments
My question is how did they attach a square card reader and code it into the device. I thought those were all encrypted?
They're not using the headphone pinouts, but rather tapping directly into the mag reader to get the raw binary data off the card.
I have been replicating Samy's MagSpoof just as a little project and I thought getting it to work on 2-3 track hotel room keys would be fun. I was thinking on just getting a cheap USB card swipe off Amazon and essentially using it to lift the data. Any thoughts? Ideas?
Hi guys, I'm new on education and ethical hacking, not at linux nor shell. Ok, so whenever I create either, android/shell or android/meterpreter I get not only a 0 byte file, also the error at the screenshot.
Any ideas how handle he APK file creation?? Thanks in advance.
Also any ideas please let us all know.
Great work
Share Your Thoughts