BUID Information

*Note: Information gained from this project is to be used for the expressed purpose of hash interpretation and cryptographic analysis of BU ID data. Duplicating or altering data on a BU ID card is verboten, and lies outside the scope of this project.

Overview

Basically, I'm interested in the data contained on everyone's BUID.

Objectives

• Find a mag stripe reader in order to dump some BUIDs
• Attempt to interpret the data stored on the card.  Most likely the card contains some unique identifier in order to do database lookups of dining points, physical access rights to different buildings, etc.  This key could very possibly be our BU student number.
• I feel as though many important systems at BU hinge on the data stored on these cards.  If they're insecure, awareness of the problem is the first step towards solving it.

3 Track Mag Stripe Readers/Writers

If anyone owns one, or knows of someone at BU who could loan one for research/educational purposes, let me know [broglek AT bu DAWT edu].  I've been turning this idea around in my head for a long time, but hardware is expensive.

Solenoid / iPod "writer"

http://www.instructables.com/id/Magnetic_stripe_card_spoofer/ 

• a thick piece of iron or steel for the base of the solenoid (must still be thin enough to fit in the mag stripe reader canal)
  • Is brick strap usually made of ferrous metal?
• enamel-coated magnetic wire
• Amplifier circuit
  • If we want to built the one from the instructable, we need6-pin DIP socket

    IC1 - LM386 op-amp

    C1, C2 - 0.1 uF ceramic capacitors

    C3 - 220 uF electrolytic capacitor

    R1 - 10 ohm resistor

    R2 - 5k trimmer potentiometer (actual value doesn't really matter, just as long as the max is large)

    Audio cable with 1/8" phono jack on one end (I just cut the cord off some old headphones)

    9V battery clip

    Small switch

    Prototyping board

    Assorted jumper wires

• Alligator clips, electric tape, and other aesthetics

BUID Information:

If anyone has any information regarding what is stored on the card that could be helpful to us, share it here.

UPDATE:  I found this when reading through documentation for Zaius, which is a web frontend to the room access system that BU has implemented

Information about Zaius: http://www.bu.edu/phpbin/forums/viewtopic.php?p=782

The following are excerpts from Zaius Help:

Each Boston University Terrier Card is encoded with a unique Lost Card/Replacement/Issue Code to identify the physical card in the event of theft or replacement.

When the holder visits the Terrier Card office to obtain a new card prior to becoming a Zaius user, certain situations may result in the office incrementing your code. When this is done, all your room access will end. You may get your access back by using this page to change your Code in Zaius.

The best situation is for you to find out your correct code. To determine your correct code, call the Terrier Card office at 617-353-9966. Ask them for your "Lost Card Code". You may also find your "LCC" on the form given to you by the Terrier Card Office at the time you were given a replacement card.

In general, the number is increased by one. If you do not have your correct code, you can try to increase the code by one using this form but there is no guarantee that it will work, since your current code is unknown.

On a Related Note:

The above forum post where the ENG kids brag about their app mentions that its interfacing with a CCURE-800 Access Control System.

Documentation for configuring and managing a CCURE-800 can be found at the bottom of this page:

http://www.swhouse.com/products/software_CCURE800.aspx

Funding:

We're acquired $100 from the Student Union for purchasing a MagStripe reader and supplies for building the iPod "writer;" we'll be discussing which parts to buy and compiling the order after the next ACM meeting, so be sure to stop by!