FIND the PIN EMV

[cubicdesigne]

how can we pull out the Pin, since the Pin its in the card, who know how to pull it out. btc rewards

thanks

[cubicdesigne]

hi Valerii,

thanks for the reply, well i have been able to test and validate the chip pin using the cardpeek with the script code to request the pin verification. and even if the computer was offline, the cardpeek software was able to tell when my pin entered was wrong and when it was the right one.which clearly indicate that the offline pin is in the chip card, and in that same moment, the pin that cardpeek verified was the actual offline and online pin, since it was the same one.

would you be able to recreate that scenario but to find a way to read the pin, without previously enter it.

thank you for your time.

Le dim. 14 juin 2020 à 09:55, Valerii Zapodovnikov notifications@github.com a écrit :

Usually PIN is not checked by tye card. It is checked by issuer bank (most operations are online operations with online PIN check). For online operations with offline pin check you need to first initiate transcation from bank. For offline transactions it is more complicated.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/L1L1/cardpeek/issues/100#issuecomment-643769971, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMM5AJBOHMPGAGAXAPMLFK3RWTJF3ANCNFSM4HZPVJLA .

[apannetrat]

The PIN is not readable on EMV cards. When an offline pin check is required, the PIN is sent to the card and the card answers YES/NO if the pin is good or not. The PIN is stored in an unreadable area of the card and never leaves the card.

[cubicdesigne]

thank you for both reply, since people was saying that the pin was not in the card, then with test, i was able to proof that the pin was in the card, then people said that its not the online pin but only the offline pin, then again with test i was able to proof that most of the time both pin are the same, so which mean offline pin is on the card. by asking the chip if the number entered are the good number. but most of the card information are avaible to be readable. so my guess would had been, that the chip do an calculation of different variant, but always placed at the same place, then said to the machine, yes i have the same calcul result or no i dont have the same calculation result. it was more that everytime i was trying to stop work on this enigma, a new information backed with test, was motivating me to keep trying.

thank you for time guys

Le mer. 17 juin 2020 à 05:59, Valerii Zapodovnikov notifications@github.com a écrit :

PIN is sent to the card and the card answers YES/NO if the pin is good or not

Lol, that does not work for modern cards with DDA or CDA.

in an unreadable area of the card

Yep.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/L1L1/cardpeek/issues/100#issuecomment-645278326, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMM5AJBUCX7ZZ7QUNAPX7MLRXCHZJANCNFSM4HZPVJLA .

[cubicdesigne]

the technology change and update every day, but the feeling of been able to beat those security measure, show us that everything is possible.

Le mer. 17 juin 2020 à 17:27, Valerii Zapodovnikov notifications@github.com a écrit :

Yep you are correct!

again with test i was able to proof that most of the time both pin are the same

Here in my bank you can update you pin in the app on you smartphone and then on next operation the offline pin will be updated! Also, there exists CDCVM, like Apple pay, Google Pay and Samsung Pay. They are not using pin at all! They use your biometrics (on smartphone, iris, fingerprints or face id). The amount of money is also shown on your smartphone. That is nice, is not it))

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/L1L1/cardpeek/issues/100#issuecomment-645634144, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMM5AJBSPWY4JV26B65RNDLRXEYLPANCNFSM4HZPVJLA .

[Shakes204]

Hey where can I find #71 one script

[doctorpoletti]

my card has blocked the password due to too many attempts, I have the pin, is there a script for me to unlock my card or reset the number of attempts?

[Michagogo]

The fact that the PIN is stored on the card doesn't mean that it's possible to read it. Smart cards, including EMV payment cards, aren't simple memory devices that can be freely read/written. They are more akin to lightweight computers, with their own processor, storage, programming, etc. and when using a smart card you're using the interface that the application running on the card exposes, and only the operations made available are possible. The EMV application doesn't allow the PIN to be read, only verified, and while there may be mechanisms for changing the PIN they generally require further authentication.

[cyla00]

The fact that the PIN is stored on the card doesn't mean that it's possible to read it. Smart cards, including EMV payment cards, aren't simple memory devices that can be freely read/written. They are more akin to lightweight computers, with their own processor, storage, programming, etc. and when using a smart card you're using the interface that the application running on the card exposes, and only the operations made available are possible. The EMV application doesn't allow the PIN to be read, only verified, and while there may be mechanisms for changing the PIN they generally require further authentication.

what about offline payments that ask for pin? is that even a thing? I'm aware not all payments go through the issuer network

[Michagogo]

what about offline payments that ask for pin? is that even a thing? I'm aware not all payments go through the issuer network

Yes, in that scenario the reader is passing the PIN to the card, and the card verifies it internally. Assuming it’s correct, it will proceed to authenticate the transaction. It doesn’t provide any other information other than whether or not the PIN provided was correct, and often after several incorrect PIN attempts it will lock out.