Every now and then, I pull something nerdy on my readers. You all know that I love math. I am not that good at math, but damn, I think it’s a beautiful thing. Some of my idols/role models are mathematicians, like John Allen Paulos, John Nash, Max Planck (of which I loved his work so much I have a tattoo on my arm showing Planck’s constant).
I think last time I dropped math on you was the little Fibonacci sequence I made in PHP. That code was awesome. This time the math was inspired by an image posted on Gizmodo and Credit Card validation. Below is a digit-color-coded image of the cool zebra card I made. (I like doing graphic design <3)
The first digit in yellow is the Major Industry Identifier. Meaning, this is a financial institution for being either a 4 or 5. The yellow and the whole green section is actually the Issuer Identifier Number, or IIN. In our case VISA owns The orange section is the account number of the card holder, and the last digit is a check-sum. This reminds me of ISBN. There was an awesome mathematics book I read ages ago, called In Code, written by a really cute Irish girl who showed you cool things like ISBN and how to determine if it was valid or not.
So, if their method is true about validating the numbers, we can easily write code to produce them all, right? From left to right, double every other number (starting with the first, in our case above would be 1). If the doubled number is two digits in length, you need to add those together. So say we have two of the highest numbers we can have (in base ten) 9 Then our sum is 18. We then add the 1 and the 8 together and get 9 again. :) Easy as pie. Once we have all of our regular and doubled digits, we simply sum them all up, yielding a two digit number. If this two digit number happens to be divisible by ten, then our full credit card number is, indeed, valid!
I did this by starting off with the VISA MII number of my card 443057. Next I generated numbers from 000000000 to 999999999 and each time I generated a number – starting with 000000001 - I would double every other digit starting at the left side. Then I would try each check-sum 0 through 9. By try I mean I actually sum up all of the digits and perform a modulus (
number % 10 == 0) of 10 on the full number.
If the modulus returns true, it says “[!] CC# 4430570000000001 is valid.\n”;
Here’s the code, kinda sloppy cos I wrote it right before bed, late last night. It is a proof of concept only. This does nothing, but generate ALL valid card numbers for that particular VISA MII. My card number was generated in under 5 minutes using a 2GHz dual core intel XEON 4MB cache. This algorithm for base 10 validation is called the Luhn Algorithm, and is actually used for IMEI, or International Mobile Equipment Identifier numbers as well! (had to through a little wireless technology in there..)
Anyways, the Wikipedia page from the Luhn Algorithm link I posted above actually has a few implementations of code for 3 various languages. If interested I would recommend peeking into the link!
Have fun, happy hacking!