Let me make the following statement clear as a fucking bell:
Creating a FUNCTIONAL, physical clone of an EMV card is not possible, for a whole fuck-ton of reasons.
It seems so simple, doesn’t it ladies? Just buy a 201 dump, run any of your trusty hi-co cr80 trashsquares through ye olde MSR, and voilá, right?
Maybe you’re more enlightened after some cursory perusal of forums like this and you think you know what the fuck you’re doing, right? Maybe you have an Omnikey 3121, some bullshit Java cards you paid way too much for, and that flaming turd of a virus dropping app that someone sold you in a bundle of other slick looking malware slingers - ooh, be still my quivering terminal!
Both of you kind of fucksticks are deficient in the sort of knowledge that keeps you thirsty for breaking even on your “investment” in this business, and even if you do break your ass free from the hypnotic seduction of your ignorance, unless you educate yourself about the technology you are up against you will continue to be fodder for the cretins below you, present company excluded of course.
SO WHY THE FUCK CAN’T IT BE DONE, HERR PROFESSOR?
Well, I am so very happy you asked, trog! If you wouldn’t mind mopping up your droolpuddle while I regale you and your friends here, I shall gladly do so:
REASON NUMBER ONE:
When you DIP THAT CHIP, a super complicated series of shit happens - the order of which is controlled by SOMETHING YOU HAVE NO CONTROL OVER: the payment terminal itself. But guess what? Essential transaction information like the card number, expiration date, discretionary data, et cetera - NONE of that shit gets transmitted between terminal and processor, processor and acquiring bank, issuing bank and acquiring bank, I mean for fucks sake, not even the goddamn name on the front of the card, BEFORE this one critical step happens.
What step? FUCKING CRYPTOGRAPHIC KEY IDENTIFICATION AND EXCHANGE, between the TERMINAL and the little bitty fucking tiny ass chip under those gold finger bits. Terminal says HEY BABY I HEAR YOU LIKE KEYS, and finger-bangs that little bitch chip a little til it gives up its public key, which the TERMINAL then replies with its own public key, and once the chip and the terminal have secure communications, the TERMINAL asks the chip some dirty questions about how it likes to get down, and as the two chat it up about how it likes to give and take, they also swap transaction keys… Just like the public keys earlier, but they change, and depend on the private key for the issuing bank, which is generated on the fly based on deep voodoo crypto shit stored one-way in the chip, and the private key assigned to the TERMINAL by the merchant processor.
Once ALL THAT IS DONE, in the blink of a fucking eye, once the TERMINAL and the chip can talk securely, does ANY of the fucking payment shit get shot back and forth. All of that shit is also cryptographically signed and encrypted - USUALLY but there ARE some mostly useless exceptions - some NFC for one, more on this later - and so even out of the gate, for a successful EMV clone operation you have to have possession of the cryptographic keys that you cannot read the actual values of, not even with Super CardPeek XTREAMedition. The functions do not exist, and attempting to read those locations low level directly will fail because again, THE IMPORTANT BITS are generated on the fly - this is the ATR shit you hear EMVfagUk and the other ice-vendors talk about.
TL;DR? You have no control over the sequence of events that result in a transaction, successful or not, thus you cannot capture the data needed to do it manually, except by capture and playback of packets sent back and forth. Yes, sequence prediction and replay attacks notwithstanding - i challenge anyone who does MiTM style replay attacks on legit straight EMV transactions using hardware terminals and a legit merchant processor to SHOW ME THE MONEY. No? Know why? Because you can’t.
REASON NUMBER TWO:
If EMV cloning were possible, then some Russians would have been doing it twenty years ago when chip and pin was introduced in Europe, leading to what I can only estimate to be the simultaneous destruction of the Eurozone and the incredible post-Soviet rebirth of the Russian economy - both of which did not happen, leading us to the third and final,
REASON EMV CLONING IS NOT POSSIBLE:
If it were, then nobody would be selling software bundles, Java cards or Omnikey 3121s for the low ass prices you find. HID reader writer availability would dry up tighter than your mom’s pussy after a facelift. There would be more lucrative money to be had with making the clones and using them than would EVER be made otherwise, and the price of 201 dumps would skyrocket higher than pigeon tits.
in fact, were it possible to clone and use an EMV card, we would all likely be so broke that just the scent of the cologne worn by all the Russian mobsters who would control it would cost a young white pretty little whore’s whole year of wages in solid gold fucking bars to even get a whiff downwind.