Service Code overwrite implemented

[0ki]

Fine research. I hope this finally helps raise awareness on magstripe security issues.

I think the service code insecurity (no signing of SC field) is what people should be educated about most urgently, so I added some untested code that allows experimenting with changing the SC.

[samyk]

I have not tested this code, however I never experienced a read error and tested on multiple PoS terminals successfully. The MagSpoof video demos this on multiple terminals that accept Chip, and I additionally tested in a location that requires Chip if present on the card, and MagSpoof properly bypassed this requirement.

[samyk]

I won't be distributing the code but it is essentially an update of the service code (updated based off the existing service code) and ensuring the LRC/CRCs are properly updated. "Read error" sounds more like an issue with either CRCs or hardware, perhaps no capacitor on board, but if the original code is not working, I'm not sure what it could be. I briefly looked over the update and it appears that the LRC/CRCs should be fine, but I'd suggest investigating that area further. Easy to retest on a Square terminal.

[wontrapeyou]

How does updating the service code based off of the existing code defeat EMV? It's to my understanding that the CVV is generated via an algorithm based off of the current service code, the PAN, the expiration date, and CVKs? If the service code is updated, then by default the CVV must be updated as well and if the CVV is changed, wouldn't that come back as a fraudulent card?

[samyk]

In my testing, I was able to use "canceled" CVVs with the current (predicted) card number for card present transactions (in the video, I actually have one or two videos demonstrating this). This was specifically on an Amex and I expected the card to be declined as the calculated CVV will surely be different as you note, but there must be some additional check on previous CVVs for some reason, though I have no idea why.

[wontrapeyou]

Wow! Were the canceled CVVs ones you discovered through your Amex predictability algorithm or were they from previous cards under your name? That's incredible

[samyk]

This is the process I produced successfully:

• Record magstripe data of amex card 1 (as if attacker found the card)
• Cancel amex card 1 due to card being lost (assume attacker has obtained/found card)
• Amex sends card 2 with different exp, PAN and CVV
• Without looking at card 2, "attacker" notes card 1 no longer works and so predicts card 2's exp and PAN, sets CVV to old CVV, disables Chip and enters information into magspoof
• MagSpoof works for attacker as demonstrated, including in well known, previously breached retailer that implemented Chip to prevent fraud in the first place :)

[wontrapeyou]

Absolutely mind blowing that it would work like that. Thank you!

[jmpr4xp4xm4n]

This is interesting. Anyone tried and fixed the updated code? Working on it myself!

[hle5128]

this is outdated, changing 201 to 101 simply will not work, probably will work in a couple of years but with this current age at most POS in US, the bank backend fraud protection simply can be denied your request if it's coming from 101 whereas your card has 201. The only thing I could think of to bypass emv is that somehow it creates magnetic fields to trigger the POS that it has failed 3 times and allow you to swipe instantly, otherwise its impossible. The video of original creator to demonstrate back in 2015 and 2016, which most major banks are in progress of implementation of new security EMV. So that was why they didn't catch up yet. But I'm 100% sure he could not able to do it now even with his own card to bypass emv, by changing 201 to 101, unless the brand has major security flaw like Citi bank has now.

[jmpr4xp4xm4n]

@hle5128 Can you please clarify what you mean by the Major Security flaw that citibank has? Or if you want to chat privately what is your email or jabber or any other means of contacting you?

[cheeseandcereal]

@hle5128 Your comment is simply not true. First of all, when a credit card request is made to a bank, it's not sending the raw magstripe data to the bank, the POS will do some processing on the magstripe data locally in order to generate a request. The entire point of the service code is to inform the POS locally of its CLAIMED restrictions so that it can request the proper details from the card holder before it makes a request to the authorizer (visa/mastercard/etc). In other words, a card's service code is claiming it's requirements, but only the remote authorizer itself can make the final choice of whether or not to accept a transaction.

You mention that you would need to emulate the chip failing many times then falling back to a magstripe. Well what do you think these POS terminals are doing when this happens? The failure to read the chip is entirely local, and after the POS determines that it can't read the chip, it will allow the magstripe to be used for the purchase DESPITE the card even containing a 201 service code. When the chip read fails, nothing is being sent to the authorizer, and when it falls back to a magstripe transaction, no extra information is sent to the bank that would indicate this transaction was only allowed because the chip failed.

The authorizer is not informed of merchant processing abilities before-hand, and will not enforce certain merchants to use chip/pin simply because they have the capability. The fact that POS systems will try to initially reject a magstripe transaction for a card with a 201 service code is more of a courtesy than anything else. The POS vendors know that chip/pin is more secure, so it tries to use that by default if possible, but it would never try to restrict a sale simply based on the service code, and as of right now NO ONE has chip only cards, and NO ONE will reject magstripe transactions by default.

The only way that a normal magstripe-read request could be denied is if the authorizer itself denied ALL magstripe transactions, which simply cannot happen in this day and age; and at that point you would simply receive cards with only a chip, and no magstripe at all.

With that said, if your card has a 201 service code, simply changing it to 101 (and assuming you re-calculate and set the CRC correctly) still is, and always has been enough to 'spoof' the POS terminals which try to get you to use chip/pin when you initially swipe a card. All of that processing/logic to determine if/when to request chip/pin is done ENTIRELY locally, and the authorizer is never informed of any of this logic, or even the service code of the card itself when transactions are made.

[ChrisDevinePimss]

So what stops fraudsters skimming chip and pin cards and downgrading them to 101 service codes, and recalculating the CRC, then using them in a bank machine.

Are you saying there is currently no protection against this?

if so i find that must be a huge flaw and cant see any reason carders/fraudsters would stop skimming,

[cheeseandcereal]

That is correct. The chip/pin in most places does not prevent traditional skimming/downgrading the service code.

Until chip/pin is ubiquitous, and we can fully remove magstripes from cards (or merchants start refusing magstripe transactions all together), skimming the magstripe and downgrading the service code will remain a valid attack.

Right now, the only protection that pin/chip provides is man-in-the-middle protection while using chip/pin. You can't really 'skim' a chip/pin device, so you couldn't put some sort of skimming device in an existing POS system for chip/pin like you can for magstripes. Also intercepting data from the chip/pin does basically nothing for you as an attacker. In other words, if you keep your card safe when you're not using it, and only use chip/pin for payments, it's going to be a lot harder for anyone to skim your magstripe.

[jdquila]

I'm new to github and especially a noob to all of the coding involved with the magspoof. On that note I have a question on if is possible run the code and make it output to a (.txt) file instead of the output going to a magspoof device? Reason being that I want to change my service code from 201 to 101 and having done that I am needing to calculate the LRC CVV CRC and other Track Data imformation then update my track data, which I do not know how to do. it's to my knowledge that the magspoof code with implemented chip and pin disables is able to do this automatically but I have no idea how to read the calculations from the code. please help.

[skydiverrr]

@hle5128 Your comment is simply not true. First of all, when a credit card request is made to a bank, it's not sending the raw magstripe data to the bank, the POS will do some processing on the magstripe data locally in order to generate a request. The entire point of the service code is to inform the POS locally of its CLAIMED restrictions so that it can request the proper details from the card holder before it makes a request to the authorizer (visa/mastercard/etc). In other words, a card's service code is claiming it's requirements, but only the remote authorizer itself can make the final choice of whether or not to accept a transaction.

You mention that you would need to emulate the chip failing many times then falling back to a magstripe. Well what do you think these POS terminals are doing when this happens? The failure to read the chip is entirely local, and after the POS determines that it can't read the chip, it will allow the magstripe to be used for the purchase DESPITE the card even containing a 201 service code. When the chip read fails, nothing is being sent to the authorizer, and when it falls back to a magstripe transaction, no extra information is sent to the bank that would indicate this transaction was only allowed because the chip failed.

The authorizer is not informed of merchant processing abilities before-hand, and will not enforce certain merchants to use chip/pin simply because they have the capability. The fact that POS systems will try to initially reject a magstripe transaction for a card with a 201 service code is more of a courtesy than anything else. The POS vendors know that chip/pin is more secure, so it tries to use that by default if possible, but it would never try to restrict a sale simply based on the service code, and as of right now NO ONE has chip only cards, and NO ONE will reject magstripe transactions by default.

The only way that a normal magstripe-read request could be denied is if the authorizer itself denied ALL magstripe transactions, which simply cannot happen in this day and age; and at that point you would simply receive cards with only a chip, and no magstripe at all.

With that said, if your card has a 201 service code, simply changing it to 101 (and assuming you re-calculate and set the CRC correctly) still is, and always has been enough to 'spoof' the POS terminals which try to get you to use chip/pin when you initially swipe a card. All of that processing/logic to determine if/when to request chip/pin is done ENTIRELY locally, and the authorizer is never informed of any of this logic, or even the service code of the card itself when transactions are made. When you say re-calculate the crc correctly what does that mean exactly? I'm just curios because I have no idea what that means.

[antuandixon1123]

can someone help me?... i lost my visa card but have picture of the front and back. is there anyway to write onto another card? the card in question here is a vanilla prepaid card so no emv chip. i will pay someone! its a 500$ visa i need to use in store. shipping will take 10 days...

[jLynx]

That doesn't sound like stolen card details at all....

On Fri, 13 Sep 2019, 8:56 AM antuandixon1123, notifications@github.com wrote:

can someone help me?... i lost my visa card but have picture of the front and back. is there anyway to write onto another card? the card in question here is a vanilla prepaid card so no emv chip. i will pay someone! its a 500$ visa i need to use in store. shipping will take 10 days...

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/samyk/magspoof/pull/3?email_source=notifications&email_token=ABBQX64I43W24C62VNXMC3DQJKUIVA5CNFSM4BVEZ4QKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6THPMA#issuecomment-531003312, or mute the thread https://github.com/notifications/unsubscribe-auth/ABBQX637K5J7NKBT73MUIUDQJKUIVANCNFSM4BVEZ4QA .

[meddlin]

@jLynx that's what I was thinking.

@antuandixon1123 This is likely not the place to ask your question. Giving you the benefit of the doubt here...there are numerous red flags in your question. Please post where appropriate, or consult your bank/financial institution. You're asking for what is borderline fraud in (likely) many jurisdictions.

[antuandixon1123]

no.. i can show you tracking info from when i bought it on walmart.com i own a business.

[jLynx]

Congratulations on owning a business...? Not sure why we needed to know that

On Fri, 13 Sep 2019, 9:14 AM antuandixon1123, notifications@github.com wrote:

no.. i can show you tracking info from when i bought it on walmart.com i own a business.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samyk/magspoof/pull/3?email_source=notifications&email_token=ABBQX62NY2HQZ4RX3M74ZMTQJKWLDA5CNFSM4BVEZ4QKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6TI7AA#issuecomment-531009408, or mute the thread https://github.com/notifications/unsubscribe-auth/ABBQX6YDKGEHVCKHYMM6O33QJKWLDANCNFSM4BVEZ4QA .

[antuandixon1123]

because why risk jail?

[antuandixon1123]

i trying to order tattoo equipment

[antuandixon1123]

i can provide tracking info and receipt.. just trying to see if someone could help

[jLynx]

Go get money out of your bank to pay for it. This sounds like you are using a stolen card. So no one here will help you. Goodbye 👋

[antuandixon1123]

if i had the 500$ in my bank id paypal the merchant. idc what it sounds like im just looking for help. oh so a bunch of white nerds in a chat room see my is name "antuan" and assume fraud?.. but you guys are literally openly talking about loopholes and security flaws and im the fraudster?..

[jLynx]

@SammyK can you clean up this thread and ban the racist?

[antuandixon1123]

now im racist...

[antuandixon1123]

i mean ill just pay the 7$ again off this visa and keep commenting under new profiles...

[antuandixon1123]

who goes through all this trouble for fraud?.. im jus trying to get ink and tattoo gun for show i have monday

[skydiverrr]

So confused here. If someone was to Simply change a 201 to a 101 using an MSR 605x that would be enough to fool a POS system. I feel like that can't be possible it would have detect it somehow. What exactly does crc mean? I'm not as technologically savvy as some of you. I'm just curious with that terms means and what they mean when they say they reset it.

[jLynx]

I just tried it out with mine and I got a "contact card issuer" error. Will try again on some other POS machines. Update: My original code was 206, so tried updating it to 106. Was able to select credit and enter my pin, but as soon as I did that it went from "processing" to "declined". Maybe its blocked from the banks side?

[PhenomAmd]

totally fake even in earlier 2016 there was no chance making the card work by switching 201 to 101 There are currently only 2 methods to bypass EMV.

Method 1 works pretty easy there are some cards that the service code can be changed to 999 and it will work as magstripe but now days its nearly dead, Method 2 used to be called "faked emv" is stupid and will get you in troubles on any country because the steps to reproduce it without any problem first however there are 2 rules in order to work 1st you are not able to use bins from near almost neighboor countries ie Mexico and USA and second you CANT use bins from youre country in youre country (IT WONT WORK ITS USELESS TO TRY) The method works as following attacker encodes a card like he always do using a 201 dump he go straight to the shop of convenience, the nearest one or the one he want he picks stuff and go to pay when the cashier asks for payment method he provides a card with a malfunctioned chip that ha been screwdrivered electrified or so on ... when the cashier gets the card inside the pos machine it wont be able to read the chip, cashier tries again with no luck then one last time the pos asks for the card then after 3 attemptes the pos will say "Couldnt read EMV use magstripe instead" proof you will be able to use dumps again

anyways both methods are silly and will give you nearly 100 usd for a dump it cost around 100 usd nevertheeless you card stuff and sell it at 50% to get paid fast so in other words you spent 100 and got 50 back PROFIT

[unbanner]

@PhenomAmd how do you that it never worked? The explanation to why it should work sounds logical. The number tells the terminal if a pin is required, so change the numbers so a pin is no longer required.

Other than that, your Method 1 sounds exactly like switching 201 to 101 but in your case you switch it to 999. How do you know what cards could be changed to 999 and why would it differ from changing it to 101?

I get what you are trying to do in your Method 2 but wouldn't the terminal still require a pin after you have swiped the card? I know that where I live, you always have to write pin; no matter if you use chip or magstripe to pay.

[PhenomAmd]

@PhenomAmd how do you that it never worked? The explanation to why it should work sounds logical. The number tells the terminal if a pin is required, so change the numbers so a pin is no longer required.

Other than that, your Method 1 sounds exactly like switching 201 to 101 but in your case you switch it to 999. How do you know what cards could be changed to 999 and why would it differ from changing it to 101?

I get what you are trying to do in your Method 2 but wouldn't the terminal still require a pin after you have swiped the card? I know that where I live, you always have to write pin; no matter if you use chip or magstripe to pay.

do you think people who developed a system to "counterfit magstripe cloning" are really that retarded to let you just switch 201 for 101 and be back in the "buisness" how does this sound:

Visa and Mastercard were being created by people at banks that used to get frauded by simple pieces of paper like mr Frank Abagnale showed us (catch me if you can is like a good reference) then they thought about it and they will not be able to counterfit the fraudsters on that "times" so then someone came with a smart idea lets use a card "like a presentation card that will tell the commerce the bank the customer has and will instruct us to make this funds hold for them" Red ALERT YOU CAN TRUST NOBODY bank made his first terrible terrible mistake by trusting the customers why?? on that times people used to trust too much and banks did it to but then one of the thieves appeared when he came to a buisness and tried to purchase something that he had not the funds on the account god!!! the good old days

at this time you didnt had to bother for banks credits or whatever it was nearly impossible the bank could know you didnt had enough funds until the month-cut came so first big shift ... they though about good customers and bad customers at the same time the bank was thinking "how can i implement security so the thieves wont make purchases without the money being in the account and what can i give to my loyal customers so they dont think im doubting about them" once again a smart guy came accross with "Why dont we give some kind of special sh*t to identify them something that cant be beaten so easy like a magnetic stripe so they can be identified easy and we wont give them money while they dont have" then the other guy said "well yes we can do that but what we will give to loyal customers what incentive so they dont see we are scared of being scammed once again" the smart guy replied "we can give em money all day all night as far as its on theyre account" and the first ATM born when this ATM launched the thieves were "counterfited" already because they werent able to re-produce the magnetic stripe then our chinnese friends came with a good idea to make theyre country involved into this but receiving money from them what they didnt expect was that thieves will also get many interest, so the chinesse saw that producing a white card with a magstripe on it in usa cost around 5 usd as you know whinesse are famous around the world for the cheaper handwork in other words they started saying everyone "hey why do you buy from them if we seel exactly the same for 3 usd then the other banks thought the same and chinesse came even with better deals something like 2.50 each card so thieves where thinking about this and they said "ill get cards for 2.50 and expect there is a way to clone this magstripe" then they waited and waited until one day some guy came with the idea of "smashing a credit card/ cutting it off (or whatever you like)" and he noticed that the magstripe it was more like a sticker how does he noticed it ?? you are RIGHT!! the chinesse once again come to the picture, they start by developing good things until some cheap dumb says "if i use this instead of this its more cheaper from me if i do it in this way every card cost to me .5 and i get 2 usd PROFIT!!! so thiss thieve was stealing this stickers and replacing em by "not recorded ones" but wait ... theres more in the past the cards were given without authentication other than the magstripe there was nothing like pin or so, so when this thief came to scene he was stealing lot of money by just changing the stripes on the cards since pin wasnt requiered it was more like you insert the card -> you take money out -> concluded transaction since the bank made her 2ND mistake trusting no one will ever try to steal this magnetic stripes then once again the smart and stupid guys had an appointment and once again the smart guy said "i think the best solution is to keep some kind of password in the bank that can be compared on the atm once again stupid people at bank thought it was fair enough to encode the pin (to get compared) with the pin the customer type on the cashier but this was just the worwst mistake ever since they encoded the magstripe with the onwer pin thieves thought "its time to get something to read that shit so we can have customer pins even people took the same technology to create betamax vhs and music casettes so the bank failed once aagain and a new technology had to be developed ... the CVV with this some company make the chinesse company to cease creating the same cards he were doing then by customers demands they created visa and/or mastercard ... why? because the customers that had to travel couldnt use theyre cards on other countries as they didnt had a matching cvv and banks didnt want to share information with other banks to provide whole information regarding cvv account number and name in that case visa was created to deal with all the banks but they wont share data or give cards so in the creation of this companies a lot of data was given to them (encoding ways, cvv, numbers, names and so on) but guess who came to the picture again? the chinesse ... in the past you could create a "mini bank" by having enough funds to support the funds of your employees or customers in that case visa and/or mastercard had to give away the technology to encode magnetic stripes aswell as a lot of data from customers around the world and they saw this like a buisness i.e. What about if now i reproduce the encoding machines so i will have once again the banks as customers so after that the first readers encoders were made by them then thieves started thinking what about if instead of stealing the whole "sticker" i just use one of this readers and an encoder to make cards and get the money or purchase goods in the store with that being thiught thieves started buying the whole combo (emboser --for all that shops that still had the thing in the picture i provided earlier-- magentic stripe reader so they wont have to steal the "sticker" the encoder so they will make theyre own cards and obviusly the cards) then the 3rd mistake was made by the banks "DOING NOTHING TO SEE IF THEY CAN CATCH THE THIEVES" with all theese history but the fact is that this mistake has to come with the very first one "trusting people" they trusted thieves will be catch someday however and as you know they couldnt get them with that being said there was a calculation that more thank 1 billion dollars had been stoled from cloned credit cards in this case the most affected companies were VISA and MASTERCARD since you already read that they were in charge of sharing data with banks and they where in charge in build trusting between each bank so after they saw it was nearly impossible to recover all the encoders sold by the chinesse they have decided to start thinking of a new technology that could make the transactions secure not so many data shared so they started by developing "a subnet" with encrypted shit on it ie if you are able to find a really really old card you will see that pin and cvv was encoded in the magnetic stripe with this said and thinking they wont be able to loose again a lot of money they started by telling the banks to create a "master key" for each one of them this "master key" was only given to visa and mastercard so people was able to have theyre with theyre whole data on it but crypted for good and since visa and master were in full control they wont have to share this key with the other banks as every transaction had to pass first thru visa so they could validate -> decrypt data for the other bank or the other country to accept it for a payment

with all this being said i think you will become smart enough to make youre question again? in method 1 where you change to 999 works in most cases because its a new institution or its a new bin bank acquisition if you refrain to service code list says 999 is for testing cards not my or your fault that banks dont make theyre testes going local instead

i could care less about my grammar im not from usa and i really put some effort in explaining you the whole story so now you could know it wont work never by just changing the service code ... why? because of the master key and ... because with the new technology they could make something like: encoded on the pos 415231 = 201 where 415231 is as bin and 201 a service code

@samyk you should say youre thing is POC and dont say its working because your chip pin bypass wont work however "replaying a magnetic stripe totally contactless is good ... but nothing new, noy days even cars of private suburbs use this to open the door

[PhenomAmd]

just think about it do you think visa or mastercard will be paying around 5 usd each card for you to change youre service code and fraud millions?? dont you think its retarded?

[unbanner]

just think about it do you think visa or mastercard will be paying around 5 usd each card for you to change youre service code and fraud millions?? dont you think its retarded?

Thanks for your explination. Yes, it does sound a little retarded that they one could fraud millions simply bu changing service code. But saying that there are no ways to do it doesn't sound likely. You are saying that there are only 2 methods that could bypass EMV, but I have found multiple sources saying that there are much more effictive ways to bypass EMV. Check out this video: https://youtu.be/u0HL6gGZSos?t=12

[PhenomAmd]

I still dont get @unbanner why aer you standing for this shit .... Current emv clone software sold on the Underground is able to bypass pin verification but they are not ablr to reproduce DDA bins without copying rhe original card and even that it takes up to 2 months to perfectly replicate the card ... However i dont get you we were talking about bypsssing chip and pin on a bank normal person bank account by using THE MAGNETIC STRIPE wre never stated things regarding DDA CDA OR SDA what doesnthis has to do against emv cards just for proofing how stupid is this ans how stupid you are for believing this i would suggest you to warch the following

[Artash818]

Have you ever heard of mst. Or looppay?,check it out . Anyways i use to load my chip cards on my looppay device that used magnetic strip technology and everytime i had to pay at the cashier i would just take out my looppay and hold it against the pos terminal and press the only button on my looppay , and always left the cashiers amazed , speechless, ofcourse they would ask what and how ? Its called loopay . Sadly Samsung pay baught looppay and its mst technology for 250million.

[PhenomAmd]

Have you ever heard of mst. Or looppay?,check it out . Anyways i use to load my chip cards on my looppay device that used magnetic strip technology and everytime i had to pay at the cashier i would just take out my looppay and hold it against the pos terminal and press the only button on my looppay , and always left the cashiers amazed , speechless, ofcourse they would ask what and how ? Its called loopay . Sadly Samsung pay baught looppay and its mst technology for 250million.

in my country you are requiring additional validation to pay with some of them ie if i use my banregio card on samsung pay it requests for a code sent over sms in other words what borught you here i think its not the chance to switch the service code of "your" cards however its a good approach i´ve got ton of apks that do the same however they dont work on my country :( only hope in a near future we get a decent software

[dvrksvil]

@cheeseandcereal trying to test this theory how would I identify the crc on the mag strip data?

[ghost]

That is correct. The chip/pin in most places does not prevent traditional skimming/downgrading the service code.

Until chip/pin is ubiquitous, and we can fully remove magstripes from cards (or merchants start refusing magstripe transactions all together), skimming the magstripe and downgrading the service code will remain a valid attack.

Right now, the only protection that pin/chip provides is man-in-the-middle protection while using chip/pin. You can't really 'skim' a chip/pin device, so you couldn't put some sort of skimming device in an existing POS system for chip/pin like you can for magstripes. Also intercepting data from the chip/pin does basically nothing for you as an attacker. In other words, if you keep your card safe when you're not using it, and only use chip/pin for payments, it's going to be a lot harder for anyone to skim your magstripe. can we have private talk

[ghost]

@unbanner

can we have private talk

[unbanner]

@unbanner

can we have private talk

Telegram: @davidrock1337

[Sirhc0s]

*

Trac1
B456xx1003274xxxx-jhon doe-24122010000
045300000
Trac2
456xx1003274xxxx-241220
1000OO

*

So i generated this card and on trac 2 i erased 9 numbers and left only lect five zeros for some reason it only Worked at the carwash. But wen i try go buy food at a store it dont work with the pos at the stores. Would any one know what im doing wrong.

[PhenomAmd]

I truely doubt it lets say your track 1 is a worthless piece of track the only important one is track2 and from there you can generate track1

Track 2:

FAKE DATA DONT EVEN TRY:

4152313029759342=28102010000875400000 so just convert it placing a B at the fron replacing = for ^^ and you are good to go

B4152313029759342^^28102010000875400000

[PhenomAmd]

That is correct. The chip/pin in most places does not prevent traditional skimming/downgrading the service code. Until chip/pin is ubiquitous, and we can fully remove magstripes from cards (or merchants start refusing magstripe transactions all together), skimming the magstripe and downgrading the service code will remain a valid attack. Right now, the only protection that pin/chip provides is man-in-the-middle protection while using chip/pin. You can't really 'skim' a chip/pin device, so you couldn't put some sort of skimming device in an existing POS system for chip/pin like you can for magstripes. Also intercepting data from the chip/pin does basically nothing for you as an attacker. In other words, if you keep your card safe when you're not using it, and only use chip/pin for payments, it's going to be a lot harder for anyone to skim your magstripe. can we have private talk

errmmmm excuse me you cant really skimm? https://chargebacks911.com/credit-card-shimmers/ do investigate a bit more before "pretending this does not exist in the wild"

[Sirhc0s]

I did trac 2 how i was B4152313029759342^^28102010000875400000 Then i changed it to B4152313029759342^^281020100000 And for aome reson it let me do a car wash but wen i wanted to buy food it dint work it declined it

[PhenomAmd]

I did trac 2 how i was B4152313029759342^^28102010000875400000 Then i changed it to B4152313029759342^^281020100000 And for aome reson it let me do a car wash but wen i wanted to buy food it dint work it declined it

might be validations because of the commerce i.e: carwash is no more than 20 usd while buying food you can expend thousands

[Sirhc0s]

Is there any way i could write the track so it would let me buys food.

[Sirhc0s]

@unbanner

can we have private talk

Telegram: @davidrock1337

Nothing came out on telegram