Перейти к содержанию

MILLW0RM

Пользователь
  • Публикаций

    5
  • Зарегистрирован

  • Посещение

Репутация

61 Excellent

Информация о MILLW0RM

  • Звание
    Rank №1
  1. MagSpoof - EMV+PIN+HW {Hardware}

    Устройства, проданные на FuckAV 2017, покупателю не дали обзор.
  2. MagSpoof - EMV+PIN+HW {Hardware}

    Valid online since 2017http://fuckavu4wxxtemao.onion/showthread.php?p=174840#post174840 Jabber - magspoof@exploit.im
  3. MagSpoof - EMV+PIN+HW {Hardware}

    *8UPDATE** https://anonfile.com/t2v826Zcm0/Untitled_Project_mp4 Proof Of Working Device. Throw in the Jabber only magspoof@dedik.cc
  4. MagSpoof - EMV+PIN+HW {Hardware}

    Back for 2019 greetz to old friends! I have build a handful of these devices originally built by samyk design. I have taken the design from his build and made a much more powerful version with large mag coils for increased range and usability. Also we have all the coding present and working for all bypass methods for EMV and card prediction generation... Allows you to store all of your credit cards and magstripes in one device Works on traditional magstripe readers wirelessly (no NFC/RFID required) Can disable Chip-and-PIN Correctly predicts Amex credit card numbers + expirations from previous card number or canceled card! Supports all three magnetic stripe tracks, and even supports Track 1+2 simultaneously Larger coil design As with samyk design we have improved the range of the device and we have all functioning modules working and present. One of the primary issues I've found is that some of the new forms of security (well, new in the US) are set in the "service code" portion of the magstripe, most specifically Chip-and-PIN. The service code within a credit card magstripe defines several attributes of the card, including whether the card can dispense cash, where it can work (nationally, internationally), and most interestingly, whether the card has a built in IC (Chip) and if it has a pin (Chip-and-PIN / EMV). If your card has a chip inside and you go to a retailer that supports Chip but swipe just your magstripe, the point of sale (PoS) system will ask you to dip your card/chip for additional security if it supports it. the bits stating the card has Chip-and-PIN can be turned off from the magstripe. it mean if you take a card to a retailer that would normally request you to dip, you can actually get away with not dipping your chip at all while performing a successful transaction, evading the security measures altogether. #include #include #define PIN_A 0 #define PIN_B 1 #define ENABLE_PIN 3 // also green LED #define SWAP_PIN 4 // unused #define BUTTON_PIN 2 #define CLOCK_US 200 #define BETWEEN_ZERO 53 // 53 zeros between track1 & 2 #define TRACKS 2 // consts get stored in flash as we don't adjust them const char* tracks[] = { "%B123456781234567^LASTNAME/FIRST^YYMMSSSDDDDDDDDDDDDDDDDDDDDDDDDD?\0", // Track 1 ";123456781234567=YYMMSSSDDDDDDDDDDDDDD?\0" // Track 2 }; char revTrack[41]; const int sublen[] = { 32, 48, 48 }; const int bitlen[] = { 7, 5, 5 }; unsigned int curTrack = 0; int dir; void setup() { pinMode(PIN_A, OUTPUT); pinMode(PIN_B, OUTPUT); pinMode(ENABLE_PIN, OUTPUT); pinMode(BUTTON_PIN, INPUT_PULLUP); // blink to show we started up blink(ENABLE_PIN, 200, 3); // store reverse track 2 to play later storeRevTrack(2); } void blink(int pin, int msdelay, int times) { for (int i = 0; i < times; i++) { digitalWrite(pin, HIGH); delay(msdelay); digitalWrite(pin, LOW); delay(msdelay); } I noticed many of the amex digits were similar. I pulled up the numbers to several other Amex cards I had, and then compared against more than 20 other Amex cards and replacements and found a global pattern that allows me to accurately predict American Express card numbers by knowing a full card number, even if already reported lost or stolen. MasterCard: ^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$ MasterCard numbers either start with the numbers 51 through 55 or with the numbers 2221 through 2720. All have 16 digits. American Express: ^3[47][0-9]{13}$ American Express card numbers start with 34 or 37 and have 15 digits. Diners Club: ^3(?:0[0-5]|[68][0-9])[0-9]{11}$ Diners Club card numbers begin with 300 through 305, 36 or 38. All have 14 digits. There are Diners Club cards that begin with 5 and have 16 digits. These are a joint venture between Diners Club and MasterCard, and should be processed like a MasterCard. Discover: ^6(?:011|5[0-9]{2})[0-9]{12}$ Discover card numbers begin with 6011 or 65. All have 16 digits. JCB: ^(?:2131|1800|35\d{3})\d{11}$ JCB cards beginning with 2131 or 1800 have 15 digits. JCB cards beginning with 35 have 16 digits. The CID (aka CVV2 on Visa) printed on the card is protected by a secret 3DES key that encrypts the PAN (Primary Account Number, aka credit card number), service code (see table above), and expiration. The service code can be easily determined as most cards will contain the same service code. I also determined that the CSC (essentially behaves like a CID or CVV2 on the magstripe) for a lost or stolen card continues to work for a newer, predicted card. An attacker would be able to use a stolen card's CSC with the predicted card number and expiration to make actual purchases. To actually perform the transaction without arousing suspicion, an attacker would be able to use a magstripe writer (e.g., the well known MSR605), or a device like MagSpoof, to "load" the newly devised card information onto a card like Coin. Coin itself does not actually verify the CID (CVV2), thus allowing an attacker to load data, and then use the Coin card in person without knowing the CID and exploiting these various issues, as well as disabling Chip-and-PIN. void sleep() { GIMSK |= _BV(PCIE); // Enable Pin Change Interrupts PCMSK |= _BV(PCINT2); // Use PB3 as interrupt pin ADCSRA &= ~_BV(ADEN); // ADC off set_sleep_mode(SLEEP_MODE_PWR_DOWN); // replaces above statement MCUCR &= ~_BV(ISC01); MCUCR &= ~_BV(ISC00); // Interrupt on rising edge sleep_enable(); // Sets the Sleep Enable bit in the MCUCR Register (SE BIT) sei(); // Enable interrupts sleep_cpu(); // sleep cli(); // Disable interrupts PCMSK &= ~_BV(PCINT2); // Turn off PB3 as interrupt pin sleep_disable(); // Clear SE bit ADCSRA |= _BV(ADEN); // ADC on sei(); // Enable interrupts Payment BTC Only. Price 2.5 BTC - Device + Source code + Pin Generation Device only - 1.5 BTC Device loaded with firmware no source. Device only comes with firmware loaded competent coder could write in around 10/15 day possibly also supplied are resources related to our own project with device. ===========Payments & Delivery & Rules=========== Understand that delivering this device world wide security of is paramount we ship via UPS / FEDEX / Or selected shipping of your choice to any location. We also require when buying and sending your deliver address you encrypt this with PGP this is for your safety! knock in the jabber for our PGP Key Delivery times can depending where in the world the device is being shipped. All payments are final No Refund If device post intercepted. We will however reship if this happens and can be PROVED. =================================================== Jabber - magspoof@exploit.im OTR Required! Knock only for sales. ===List Of Tested Devices NFC===http://pastebin.com/du0uT8a4 https://anonfile.com/5bMed8Zdme/MagSpoofD_mp4 https://anonfile.com/bfMfd3Zbma/Build2_jpg https://anonfile.com/UeL6d4Z6mf/build1_jpg Greetz - 414s,:D Long term service 2017-2019 FuckAV - http://fuckavu4wxxtemao.onion/showthread.php?p=174840#post174840
  5. при необходимости можете обратиться в xmpp для метода передвижения, как это
×