1

My company purchased an old square reader, the seller claims it is unencrypted. We are trying to develop a web application that uses this reader. The reader is supposed to fire a hard return keypress event after registering a swipe - it has never done that (using javascript event listeners). The only time this reader does anything is using the iOS Square Register app - that app does recognize the reader and the swipe (though it does a terrible job, asking me to 'retry swipe faster' a few dozen times before registering a swipe)

The fact that it only works in the app leads me to believe that this is an encrypted reader. Is there any way to tell if this assumption is correct? Without taking it apart.

Also, any tips on troubleshooting this would also be appreciated.

Thanks

Mike
  • 751
  • 2
  • 7
  • 14
  • Does your web application recognize the reader when connected? Are you able to see what the card data read off the swipe? – Gloria Jul 31 '13 at 14:42
  • As far as I know this kind of reader is just a dumb magnetic reading head tied to the microphone input of the jack, which is not really good (electronically speaking), real readers use carefull amplification and signal filtering as well as a specifically designed signal processing chain, not really the same as the limited capabilities of an microphone input from a cell phone ... That may be why you must try and try again, you are not the first one I see having problem with such device. – yent Jul 31 '13 at 14:44
  • @Gloria I haven't found any information on detecting if the reader is connected - do you have any resources on the subject so I can give it a shot? The Square Register app does recognize when it is connected and disconnected. There is no information from the swipe in my app, since it's not even recognizing that a swipe occured. The Square app is able to read the data – Mike Jul 31 '13 at 14:50
  • @Mike, I have not worked specifically with any square readers but I have with other card readers. They usually have some way to detect if the device is connected. Only once this happens will any future operations like card swipes work. Maybe you could search online for your particular Square card reader model or contact Square to provide some documentation. – Gloria Jul 31 '13 at 14:55

1 Answers1

0

I think you're pretty lucky to even be able to detect anything at all with javascript event listeners as you seem to imply....

Imagine the privacy intrusions we'd have all over (maybe already) if javascript stealthily downloaded from a web site could gain access to your microphone and/or microphone jack as you want to do. It might be possible, but the phone 'ifrastructure' is definitely designed to 'resist' this.

I think you're going to have to write an app that installs with user permissions to access the devices you need - otherwise the mic jack device is unlikely to be available to you.

BTW, credit card stripes are encoded in 7 bit, so if you are getting a string that looks 'encrypted' examine the unaltered string as 7 bit and it'll start making sense.

Ron Robinson
  • 558
  • 1
  • 3
  • 8
  • that makes a lot of sense actually thanks for clearing this up... I thought I was going crazy, but the tutorials I was following are for USB readers, installed on a computer. – Mike Aug 07 '13 at 15:48
  • Actually, Javascript can read audio data using WebRTC. (which will prompt the user for permission) – SLaks May 27 '14 at 02:35