About a year ago I walked through a German consumer electronics store and got absolutely nerdsniped. Right next to usual consumer electronics, think cameras, laptops and keyboards, I saw this:
Danke fürs Lesen von Substack von Altay! Abonnieren Sie kostenlos, um neue Posts zu erhalten und meine Arbeit zu unterstützen.
They are generally equipped with systems which recognize tampering, e.g. opening their case, and then proceed to self-destruct. Don’t worry they won’t explode, but instead they delete all necessary keys and certificates and turn into a paperweight with a display and pin pad.
I proceeded to brick my first one, look at the tamper detection methods and reverse engineered the companion Android app with Frida.
After the initial joy weared off, my 120€ investment forced me to perform more in-depth research into the topic of card payments.
But this post isn’t about how I hacked this device, installed my custom firmware, played Doom on it and stole millions, the suspense arc is a lot flatter than I hoped for.