https://s30.postimg.org/6qib9grtd/cooltext230154049369196.pngVersion 1[COLOR="Lime"]
https://youtu.be/Cueq3USAjcw[/COLOR]
I have build a handful of these devices originally built by samyk. I have taken the design from his build and made a much more powerful version with large mag coils for increased range and usability.
Also we have all the coding present and working for all bypass methods for EMV and card prediction generation...
- Allows you to store all of your credit cards and magstripes in one device
- Works on traditional magstripe readers wirelessly (no NFC/RFID required)
- Can disable Chip-and-PIN
- Correctly predicts Amex credit card numbers + expirations from previous card number or canceled card!
- Supports all three magnetic stripe tracks, and even supports Track 1+2 simultaneously
https://s30.postimg.org/5b6tivjm9/magspoof_schematic_dip.pngAs with samyk design we have improved the range of the device and we have all functioning modules working and present.
https://s24.postimg.org/6cj56laid/build1.jpghttps://s24.postimg.org/v778eekqd/Build2.jpghttps://s24.postimg.org/870l22mwl/Writing_To_Device.jpghttps://s27.postimg.org/6qwdbvolv/meter_small2.gifOne of the primary issues I've found is that some of the new forms of security (well, new in the US) are set in the "service code" portion of the magstripe, most specifically Chip-and-PIN.
The service code within a credit card magstripe defines several attributes of the card, including whether the card can dispense cash, where it can work (nationally, internationally), and most interestingly, whether the card has a built in IC (Chip) and if it has a pin (Chip-and-PIN / EMV).
If your card has a chip inside and you go to a retailer that supports Chip but swipe just your magstripe, the point of sale (PoS) system will ask you to dip your card/chip for additional security if it supports it.
However, the bits stating the card has Chip-and-PIN can be turned off from the magstripe. This means if you take a card to a retailer that would normally request you to dip, you can actually get away with not dipping your chip at all while performing a successful transaction, evading the security measures
altogether.#include <avr/sleep.h>
#include <avr/interrupt.h>
#define PIN_A 0
#define PIN_B 1
#define ENABLE_PIN 3 // also green LED
#define SWAP_PIN 4 // unused
#define BUTTON_PIN 2
#define CLOCK_US 200
#define BETWEEN_ZERO 53 // 53 zeros between track1 & 2
#define TRACKS 2
// consts get stored in flash as we don't adjust them
const char* tracks[] = {
"%B123456781234567^LASTNAME/FIRST^YYMMSSSDDDDDDDDDDDDDDDDDDDDDDDDD?\0", // Track 1
";123456781234567=YYMMSSSDDDDDDDDDDDDDD?\0" // Track 2
};
char revTrack[41];
const int sublen[] = {
32, 48, 48 };
const int bitlen[] = {
7, 5, 5 };
unsigned int curTrack = 0;
int dir;
void setup()
{
pinMode(PIN_A, OUTPUT);
pinMode(PIN_B, OUTPUT);
pinMode(ENABLE_PIN, OUTPUT);
pinMode(BUTTON_PIN, INPUT_PULLUP);
// blink to show we started up
blink(ENABLE_PIN, 200, 3);
// store reverse track 2 to play later
storeRevTrack(2);
}
void blink(int pin, int msdelay, int times)
{
for (int i = 0; i < times; i++)
{
digitalWrite(pin, HIGH);
delay(msdelay);
digitalWrite(pin, LOW);
delay(msdelay);
}
I noticed many of the amex digits were similar.
I pulled up the numbers to several other Amex cards I had, and then compared against more than 20 other Amex cards and replacements and found a global pattern that allows me to accurately predict American Express card numbers by knowing a full card number, even if already reported lost or stolen.
MasterCard: ^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$ MasterCard numbers either start with the numbers 51 through 55 or with the numbers 2221 through 2720. All have 16 digits.
American Express: ^3[47][0-9]{13}$ American Express card numbers start with 34 or 37 and have 15 digits.
Diners Club: ^3(?:0[0-5]|[68][0-9])[0-9]{11}$ Diners Club card numbers begin with 300 through 305, 36 or 38. All have 14 digits. There are Diners Club cards that begin with 5 and have 16 digits. These are a joint venture between Diners Club and MasterCard, and should be processed like a MasterCard.
Discover: ^6(?:011|5[0-9]{2})[0-9]{12}$ Discover card numbers begin with 6011 or 65. All have 16 digits.
JCB: ^(?:2131|1800|35\d{3})\d{11}$ JCB cards beginning with 2131 or 1800 have 15 digits. JCB cards beginning with 35 have 16 digits.This means if I were to obtain your Amex card and you called it in as lost or stolen, the moment you get a new card, I know your new credit card number.
I also know the new expiration date as the expiration date is fixed based on when the new card was requested, and you can determine if the new card has been requested by performing an auth on the existing card.
https://s29.postimg.org/fudxdrkl3/servicecodes.jpgThe CID (aka CVV2 on Visa) printed on the card is protected by a secret 3DES key that encrypts the PAN (Primary Account Number, aka credit card number), service code (see table above), and expiration. The service code can be easily determined as most cards will contain the same service code.
I also determined that the CSC (essentially behaves like a CID or CVV2 on the magstripe) for a lost or stolen card continues to work for a newer, predicted card. An attacker would be able to use a stolen card's CSC with the predicted card number and expiration to make actual purchases.
To actually perform the transaction without arousing suspicion, an attacker would be able to use a magstripe writer (e.g., the well known MSR605), or a device like MagSpoof, to "load" the newly devised card information onto a card like Coin. Coin itself does not actually verify the CID (CVV2), thus allowing an attacker to load data, and then use the Coin card in person without knowing the CID and exploiting these various issues, as well as disabling Chip-and-PIN.
void sleep()
{
GIMSK |= _BV(PCIE); // Enable Pin Change Interrupts
PCMSK |= _BV(PCINT2); // Use PB3 as interrupt pin
ADCSRA &= ~_BV(ADEN); // ADC off
set_sleep_mode(SLEEP_MODE_PWR_DOWN); // replaces above statement
MCUCR &= ~_BV(ISC01);
MCUCR &= ~_BV(ISC00); // Interrupt on rising edge
sleep_enable(); // Sets the Sleep Enable bit in the MCUCR Register (SE BIT)
sei(); // Enable interrupts
sleep_cpu(); // sleep
cli(); // Disable interrupts
PCMSK &= ~_BV(PCINT2); // Turn off PB3 as interrupt pin
sleep_disable(); // Clear SE bit
ADCSRA |= _BV(ADEN); // ADC on
sei(); // Enable interrupts
I have a
5 available to ship and are working on a order based system from then on.
Payment BTC Only.
Price $2500 - Device With Full Source Code For ExploitDevice only - $1200Device only comes with firmware loaded competent coder could write in around 10/15 day possibly also supplied are resources related to our own project with device.
============ MagSpoof V2 - Card Spoofing Device ============
https://s24.postimg.org/4cbr2ekdh/cooltext230159254859625.pngLadies and gentlemen let me introduce to you today MAGSPOOF V2
Its now time to SPOOF A CARD!!!
https://youtu.be/Cueq3USAjcwPreorder is available!
https://s29.postimg.org/6ibuaobjb/Mag_Spoof_Front.pnghttps://s29.postimg.org/h6fl9ilif/Mag_Spoof_Top.pngPrice $120.99
BTC Only
Limited first run of 20 cards!
More info soon!
https://s28.postimg.org/ateuvbt1p/cooltext230289135713059.pngWe understand that securlty delivering this device world wide of this is paramount we ship via UPS / FEDEX / Or selected shipping of your choice to any location.
We also require when buying and sending your deliver address you encrypt this with PGP this is for your safety!
PM for our PGP Key
Delivery times can depending where in the world the device is being shipped.
All payments are final.. There are no refunds if your device gets lost in the post or intercepted. We will however reship if this happens and can be PROVED.
Jabber -
magspoof@exploit.imOTR Required!
Email -
MILLW0RM@PROTONMAIL.COM===List Of Tested Devices NFC===
http://]http://pastebin.com/du0uT8a4
