Square Card Reader - Sourcecode/Exploit

1. /*http://eurodev.blogspot.com/2009/09/raw-audio-manipulation-in-android.html
2. http://hackaday.com/2012/04/18/hackaday-links-april-18-2012/
3. http://hackaday.com/2012/04/18/reading-credit-cards-with-a-tape-head/
4.  
5. //http://pogue.blogs.nytimes.com/2013/09/26/the-iphone-5ss-fingerprint-scanner-was-hacked-but-im-not-worried/?_php=true&_type=blogs&_r=0
6.  
7. http://www.darkreading.com/vulnerabilities-and-threats/ipad-credit-card-reader-hacked-as-skimmer/d/d-id/1099397?
8. http://gigaom.com/2011/03/09/verifone-attacks-rival-square-with-ethically-questionable-security-exploit/
9.  
10.  
11. Source: http://eurodev.blogspot.com/2009/09/raw-audio-manipulation-in-android.html
12. SOURCE CODE: (JAVA)
13.  
14. Start with the recording code. It's designed to record the incoming audio to a file on the SD Card that we'll read and playback later. As per the latest security patch, your application requires a uses-permission to record audio.
15.  
16. <uses-permission android:name="android.permission.RECORD_AUDIO"></uses-permission>
17.  
18. The recording code here records a new set of 16bit mono audio at 11025Hz to reverseme.pcm on the SD card.
19. */
20. public void record() {
21. int frequency = 11025;
22. int channelConfiguration = AudioFormat.CHANNEL_CONFIGURATION_MONO;
23. int audioEncoding = AudioFormat.ENCODING_PCM_16BIT;
24. File file = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/reverseme.pcm");
25.  
26. // Delete any previous recording.
27. if (file.exists())
28. file.delete();
29.  
30.  
31. // Create the new file.
32. try {
33. file.createNewFile();
34. } catch (IOException e) {
35. throw new IllegalStateException("Failed to create " + file.toString());
36. }
37.  
38. try {
39. // Create a DataOuputStream to write the audio data into the saved file.
40. OutputStream os = new FileOutputStream(file);
41. BufferedOutputStream bos = new BufferedOutputStream(os);
42. DataOutputStream dos = new DataOutputStream(bos);
43.  
44. // Create a new AudioRecord object to record the audio.
45. int bufferSize = AudioRecord.getMinBufferSize(frequency, channelConfiguration, audioEncoding);
46. AudioRecord audioRecord = new AudioRecord(MediaRecorder.AudioSource.MIC,
47. frequency, channelConfiguration,
48. audioEncoding, bufferSize);
49.  
50. short[] buffer = new short[bufferSize];
51. audioRecord.startRecording();
52.  
53.  
54. while (isRecording) {
55. int bufferReadResult = audioRecord.read(buffer, 0, bufferSize);
56. for (int i = 0; i < bufferReadResult; i++)
57. dos.writeShort(buffer[i]);
58. }
59.  
60.  
61. audioRecord.stop();
62. dos.close();
63.  
64. } catch (Throwable t) {
65. Log.e("AudioRecord","Recording Failed");
66. }
67. }
68.  
69. /*
70. Next we create a playback method that reads the file and plays back the contents in reverse. It's important to set the audio data encoding (here PCM 16 bits), channel, and frequency values to the same settings used in the AudioRecord object. Then again, playing with the playback frequency might be have its own appeal.
71. */
72.  
73. public void play() {
74. // Get the file we want to playback.
75. File file = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/reverseme.pcm");
76. // Get the length of the audio stored in the file (16 bit so 2 bytes per short)
77. // and create a short array to store the recorded audio.
78. int musicLength = (int)(file.length()/2);
79. short[] music = new short[musicLength];
80.  
81.  
82. try {
83. // Create a DataInputStream to read the audio data back from the saved file.
84. InputStream is = new FileInputStream(file);
85. BufferedInputStream bis = new BufferedInputStream(is);
86. DataInputStream dis = new DataInputStream(bis);
87.  
88. // Read the file into the music array.
89. int i = 0;
90. while (dis.available() > 0) {
91. music[musicLength-1-i] = dis.readShort();
92. i++;
93. }
94.  
95.  
96. // Close the input streams.
97. dis.close();
98.  
99.  
100. // Create a new AudioTrack object using the same parameters as the AudioRecord
101. // object used to create the file.
102. AudioTrack audioTrack = new AudioTrack(AudioManager.STREAM_MUSIC,
103. 11025,
104. AudioFormat.CHANNEL_CONFIGURATION_MONO,
105. AudioFormat.ENCODING_PCM_16BIT,
106. musicLength,
107. AudioTrack.MODE_STREAM);
108. // Start playback
109. audioTrack.play();
110.  
111. // Write the music buffer to the AudioTrack object
112. audioTrack.write(music, 0, musicLength);
113.  
114.  
115. } catch (Throwable t) {
116. Log.e("AudioTrack","Playback Failed");
117. }
118. }
119.  
120. /*Finally, to drive this you need to update your application Activity to call the record and playback methods as appropriate. To keep this example as simple as possible I'm going to record for 10 seconds as soon as the application starts, and playback in reverse as soon as I've finished taking the sample.
121.  
122. To be more useful you'd almost certainly want to perform the playback operation in a Service and on a background thread.
123. */
124. @Override
125. public void onCreate(Bundle savedInstanceState) {
126. super.onCreate(savedInstanceState);
127. setContentView(R.layout.main);
128.  
129. Thread thread = new Thread(new Runnable() {
130. public void run() {
131. record();
132. }
133. });
134. thread.start();
135.  
136.  
137. try {
138. wait(10000);
139. } catch (InterruptedException e) {}
140.  
141. isRecording = false;
142.  
143. try {
144. thread.join();
145. } catch (InterruptedException e) {}
146.  
147. play();
148. finish();
149. }
150. /*
151. The AudioTrack and AudioRecord classes offer a lot more functionality than I've demonstrated here. Using the AudioTrack streaming mode you can do processing of incoming audio and playback in near real time, letting you manipulate incoming or outgoing audio and perform signal processing on raw audio on the device.