Gas Pump Skimmers

Contributors: Nate
Favorited Favorite 10

Serial Injection

alt text

The pinout of the gray cable have been located but not identified

The 7 pins going to the gray cable that connect to the credit card reader have been toned out to the PIC. We know where they go but we don’t know what the pins do. For example, what does D3 connect to on the credit card reader inside the pump? We expect pin D0 to be the main data input from the card reader because it has a current limiting resistor inline (R1). But without getting access to an actual gas pump we are kind of guessing.

In order to identify the purposes of each of the 7 pins we attempted to send serial into the skimmer as if we were a credit card reader on the gas pump.

We tried sending TTL level serial at many different baud rates, with different strings, on different pins, hoping the skimmer would blindly store this data. Nothing was stored as a credit card record. Perhaps the device is smart enough to look for well formed track data and our tests were not formatted correctly. However, some of the records we obtained from the EEPROMs look like gibberish so we are inclined to believe the skimmer is just recording blindly.

Perhaps the device is expecting RS232 level signals rather than TTL. We tried using a magnetic card reader to send RS232 signals to the device and were not able to get it to store the card data. The magnetic card reader outputs RS232 at 9600bps whereas the gas pump may be operating at a different baud rate.

In the end, we were unable to get the skimmer to record our fake data and thus were unable to determine definitively what each of the pins going to the pump card reader are for. The function of these pins don’t really matter, we were just curious.