Chargen19
Basic
- Joined
- 02.10.20
- Messages
- 99
- Reaction score
- 115
- Points
- 43
HALLO PEOPLE OF THE FORUM!
I was needed to make this post to make it clear and to educate peoples who're still thinking that nothing is possible. Take it as a quick less.
Lot of peoples are stll thinking that cloning the chip is impossible but never search how chip cards worked.
First, let me explain all types of chips
Before, You need to keep in mind that the differences between the chip and the magnetic strip are :
-the data's in the chip are encrypted during the process of a transaction
-the chip generate a cryptogram named "ARQC" with the help some infos in the chip to ask an authorization for a transaction to the Issuer who will answer with an "ARPC" to make it happens
-the chip contains a specfic private key specific to each chip or at least each BIN provided by the Issuer.
Ok now, what are and how work the differents types of chips
SDA (Static data authentification) : the basic infos such as the initialization of the card are verified. These chips generate the same ARQC for all the transactions. The verification of the private key and the PIN in POS (not ATM's) is optionnal, not critical.
DDA (Dynamic data authentification) : Same purpose as the SDA but generate differents ARQC for each transaction. The verification of the private key and the PIN in POS is optionnal, not critical.
CDA (Combined data authentification) : Same purpose as the DDA but the verification of the private key is critical.
Ok now, you probably might ask what do you mean by "optionnal". The truth is that the verification of the private key before generating the ARQC always happens with all types of chips. This happens because the Issuer have programmed the chip like that even if its not critical at all but if any problem happened, it will not force that verif and go through.
And here's when a smart brazilian hacker gang named "Prilex" thought about why they cannot program themselves their own chips by forcing it to not verify the private key and PIN in POS system. Further to that, that might be working well with SDA and DDA.
Now, you need to know what is the Java card OS.
As you probably might know, a chip is a small computer that have the capacity to make small operations. Java card OS is just an operating system ("OS") that can be used in chips.
Wikipedia : "Java card refers to a technology that allows Java-based applications (applets) to be run securely on smart cards and similar memory footprint devices".
These applets can be programmed with a Java card programming software and here come when the hacker gang have programmed an applet that say the chip to not verify if the private key is valid and same for PIN in POS. These applets can only work with JCOP JAVA card (type of card that accepts java applets).
These hacker gang ("Prilex") seize that opportunity and have sold a writing emv chip software named "Daphne" where you can write SDA and DDA dumps with their malicious applet for 10k. The software is active since 2014 and creators are constantly innoving it. I also heard that their most updated software can write CDA dumps (cannot confirm).
As you probably read, these software is really expensive and not all peoples can buy it. Here's when peoples like Mr_Emv (lot of peoples took his name to scam peoples, go for markets if you want the software, always use escrow
) seize the opportunity to create his own similar software and sold it way more cheaper. The software is the famous "EMV X2" and is pretty similar to Daphne and work also only with JCOP JAVA card. But like lot of peoples have used it, the software is most likely to burn and that's why you always need to have the most updated one (the 2021 now). The software is a bit different because you need to generate an IST file with a real card to have a valid masterkey into your chip.
Anyway, the software is the best "most cheaper" one in the market right now. Be always aware from scammers who will say that they have it etc... If you want to buy it, always go for markets.
Anyway, now you probably ask yourself how peoples get dumps from chips because I said that the data's are encrypted during a transaction.
You need to keep in mind that there's a mili second time (maybe more less) when the data's are not encrypted and can be harvested. Here's why peoples use "shimmers" in POS or ATM's to get your tracks chips info's. They can also use "skimmers" to get the track info's of your mag strip. Yes the track's info's in the magstrip are the same as the chip, it is just not encrypted during a transaction. Shimmers were most used to get the ARQC of SDA dumps when there was no chip based cryptographic calculator like now with "BP tools" for exemple.
I think I said all the important things you need to know for emv chips as well as cloning them. You can search for more in your browser. To motivate some peoples here even if its nothing, I had sucess on cashout two times last year (just 500 due to maximum withdrawal amount).
Anyway, hope it realize frustrated peoples that its possible to do it.
Peoples with that mentality will never sucess in the fraud game and that's obvious. Keep in mind that all pro fraudsters/hackers are lucid and always involving new methods to bypass new security features. If you are always thinking that nothing is possible, you can already get out of that fraud game and rob some gas station's or sell drugs to get your money but you won't do it cuz you're afraid to get in jail cuz its risky. Keep in mind also that when you begin to make fraud at a "pro" level and pigs realize that, you'll get more in trouble than drug dealers. Anyway, that's not the subject.
Thanks.
I was needed to make this post to make it clear and to educate peoples who're still thinking that nothing is possible. Take it as a quick less.
Lot of peoples are stll thinking that cloning the chip is impossible but never search how chip cards worked.
First, let me explain all types of chips
Before, You need to keep in mind that the differences between the chip and the magnetic strip are :
-the data's in the chip are encrypted during the process of a transaction
-the chip generate a cryptogram named "ARQC" with the help some infos in the chip to ask an authorization for a transaction to the Issuer who will answer with an "ARPC" to make it happens
-the chip contains a specfic private key specific to each chip or at least each BIN provided by the Issuer.
Ok now, what are and how work the differents types of chips
SDA (Static data authentification) : the basic infos such as the initialization of the card are verified. These chips generate the same ARQC for all the transactions. The verification of the private key and the PIN in POS (not ATM's) is optionnal, not critical.
DDA (Dynamic data authentification) : Same purpose as the SDA but generate differents ARQC for each transaction. The verification of the private key and the PIN in POS is optionnal, not critical.
CDA (Combined data authentification) : Same purpose as the DDA but the verification of the private key is critical.
Ok now, you probably might ask what do you mean by "optionnal". The truth is that the verification of the private key before generating the ARQC always happens with all types of chips. This happens because the Issuer have programmed the chip like that even if its not critical at all but if any problem happened, it will not force that verif and go through.
And here's when a smart brazilian hacker gang named "Prilex" thought about why they cannot program themselves their own chips by forcing it to not verify the private key and PIN in POS system. Further to that, that might be working well with SDA and DDA.
Now, you need to know what is the Java card OS.
As you probably might know, a chip is a small computer that have the capacity to make small operations. Java card OS is just an operating system ("OS") that can be used in chips.
Wikipedia : "Java card refers to a technology that allows Java-based applications (applets) to be run securely on smart cards and similar memory footprint devices".
These applets can be programmed with a Java card programming software and here come when the hacker gang have programmed an applet that say the chip to not verify if the private key is valid and same for PIN in POS. These applets can only work with JCOP JAVA card (type of card that accepts java applets).
These hacker gang ("Prilex") seize that opportunity and have sold a writing emv chip software named "Daphne" where you can write SDA and DDA dumps with their malicious applet for 10k. The software is active since 2014 and creators are constantly innoving it. I also heard that their most updated software can write CDA dumps (cannot confirm).
As you probably read, these software is really expensive and not all peoples can buy it. Here's when peoples like Mr_Emv (lot of peoples took his name to scam peoples, go for markets if you want the software, always use escrow
) seize the opportunity to create his own similar software and sold it way more cheaper. The software is the famous "EMV X2" and is pretty similar to Daphne and work also only with JCOP JAVA card. But like lot of peoples have used it, the software is most likely to burn and that's why you always need to have the most updated one (the 2021 now). The software is a bit different because you need to generate an IST file with a real card to have a valid masterkey into your chip.Anyway, the software is the best "most cheaper" one in the market right now. Be always aware from scammers who will say that they have it etc... If you want to buy it, always go for markets.
Anyway, now you probably ask yourself how peoples get dumps from chips because I said that the data's are encrypted during a transaction.
You need to keep in mind that there's a mili second time (maybe more less) when the data's are not encrypted and can be harvested. Here's why peoples use "shimmers" in POS or ATM's to get your tracks chips info's. They can also use "skimmers" to get the track info's of your mag strip. Yes the track's info's in the magstrip are the same as the chip, it is just not encrypted during a transaction. Shimmers were most used to get the ARQC of SDA dumps when there was no chip based cryptographic calculator like now with "BP tools" for exemple.
I think I said all the important things you need to know for emv chips as well as cloning them. You can search for more in your browser. To motivate some peoples here even if its nothing, I had sucess on cashout two times last year (just 500 due to maximum withdrawal amount).
Anyway, hope it realize frustrated peoples that its possible to do it.
Peoples with that mentality will never sucess in the fraud game and that's obvious. Keep in mind that all pro fraudsters/hackers are lucid and always involving new methods to bypass new security features. If you are always thinking that nothing is possible, you can already get out of that fraud game and rob some gas station's or sell drugs to get your money but you won't do it cuz you're afraid to get in jail cuz its risky. Keep in mind also that when you begin to make fraud at a "pro" level and pigs realize that, you'll get more in trouble than drug dealers. Anyway, that's not the subject.
Thanks.
