Why ?
This site is addressed at Malware Analysts/RE/Security people, not to lamers.
If you are curious about how that kind of things work (how they handle smart cards, code similarities, etc..), you have here a list of +100 hashes to beggin your investigations.
There is before each hash a quick link access to their virustotal scan report, and also a hybrid-analysis and any.run link. (HA and AR may return 404 error if they haven't already stumbled across the sample of interest.)
May hopefully someone find one or two useful gems, but i doubt (just my two cents, i already analyzed them and most of theses 'softs' are mostly copycat if not 'ressource hacked' of each others relying on GPShield and a 'macgyver.cap'.
You may want to have a look also on @fboldewin presentation:
MacGyver's return - An EMV Chip cloning case.
How can I use the datas ?
As usual our policy is to
CC0. the whole content of this website is released under Creative
Common's CC0 1.0. We Believe in OSINT and thinks we can achieve great things by sharing datas.
Feel free to do what you want with the datas and files hosted here.
Can I contribute to eMVTRACKER ?
Yes, we are always looking for people who want to share valuable informations
ie: yaras, samples, unpacks, paracetamol, swag, wine and cakes.
If you found a mistake somewhere on eMVTRACKER, or if something need a fix, if you have inquiries or whatever.
Contact: coSnPtaActM@atm.cybercrime-tracker.net (remove all capital letters)
Can I batch download the files ?
Yes you can, we have a page
here who list all the files.
Hashs, with signature and date can be found
here.
Are the dates reliable ?
Dates are based on first apparition on a public scanner service: Virus Total (for most.)
We cannot guarantee correctness of the datas being presented and sometime when we thinks the date
presented isn't good, we adjust it manually. Date aren't reliable but at least we try to get them
as accurate as possible.
What is 'FIRST RACE!' ?
Some notice may be mentionned with 'FIRST RACE!' on Virscan line, it just indicate that we're
the first to submit the file on VirusTotal, It does not necessarily mean it's something new used
in the wild, but at least it mean this file definitely picked our attention, since somehow it
passed out gate and we're the first to release it.
Now the FAQ for lamers..
Can a EMV Software be used to clone or duplicate cards ?
The EMV standard regarding Signed-SDA, DDA and CDA have never been broken.
There are few reasons:
- EMV softwares cannot write accurately card data that varies on every transaction or upon "read".
Such data include ARQC, DDOL, CDA data and other dynamic EMV data.
- EMV softwares cannot write accurately card data for data, that varies upon every transaction.
Good example, is DDA data, which changes or varies, and cannot be static.
Thus, a "cloned" card will never be accepted as anti-fraud systems will detect the DDA, CDA data is static, and marked as invalid.
How are all these videos using blank cards, and withdrawing from ATMs and places ?
The people doing this, are:
1) remove the chip of an actual working EMV card (most of time visa prepaid cards) and put the chip on a white plastic card.
2) remove the paint lamination on a working card, and then use that card on an ATM.
They can be spotted easilly in their 'cashout' videos,
contact plate of the emv chip ain't their J2A040.
In reality they are withdrawing from their own prepaid cards that they buy with the cash of their victims.
We are aware of such videos, and when we are bored, we
report them.
Suppose example, EMV Software 'X' saves data from one credit card, to another live credit card, is that possible ?
No. That is not possible.
All live credit-card systems have anti-tamper systems built into the card.
A request to write data will be, ACCESS_DENIED and result in CARD_LOCKED.
Can EMV Software 'X' be used to code data from "dumps" ?
That is not possible.
First, the EMV Standard encodes more data required, such as ICC (a 1400+ bit RSA key) and IPK (another 1400+ bit RSA Key) which cannot be easily duplicated.
Second, as above. The EMV standard DDA and CDA has never been broken.
If someone clones a card, and brings it to a store, would it work ?
No, it would not work.
The person would be stopped as the card does not work.
As explained earlier the main feature that prevents fraudulent attacks is the use of dynamic data for each transaction,
so that even if the card data is stolen or intercepted during a transaction, nothing can be done with it.
All dynamic card data can only be used for one individual transaction, and after that, it's useless.
Is there a version of (Software) that works to modify dynamic data in-chip ?
No. No such version of software exists at all.
You can't predict the dynamic data: EMV Algorithms have never been hacked nor broken.
Someone told me i need to buy 'X2 2028', it work!
No. no it will not work.
Basically x1 is dead in late 2015, and all the newest versions "x2" are just reshacked versions where scammers
just change pictures and placement of controls (buttons, texts, etc..).
Their mistakes are obvious as the
pdb pathway and compilation timestamp are always the same.
It mean they don't even recompile from source, just same old 'X1' file in a new outfit.
Sometime they even do more mistakes like leaving: "
Modified by an unpaid evaluation copy of Resource Tuner 2" in file informations.
Hey bro let's make some bread, what's your jabber ?
Lmao.