The anti🚫-derailment🚃 & thread🧵 hijacking🔫 thread🧵 ⁉

I wouldn’t own him either… Not that we own cats…

You broke Rule 1 AND Rule 2

So I managed to break the xAC by mistake. I might’ve almost set something on fire. It shorted after the massive storm we had pass over us and it shorted, burned a circuit and y’know… kaput.

So I cheaped out and somehow found a solution on Facebook marketplace, picked that up and installed it slightly more waterproof this time. But now, I’ve got two RFID antennas.

So now I’m wondering, could I make a splice into the wiring that goes from the Antenna to the xAC and wire in the second antenna with extended wiring to have another antenna on the inside of the car?

Or would that somehow interfere with its reading capabilities? Seems to me like it’d work just fine, but I don’t wanna risk cutting before I know for sure…

option 1) just try it. option 2) get complicated.

in theory it will not work because the inductance will be all wrong… but it might not matter if its off… could still work well enough.

what should be happening is a flip flop that multiplexes between both antennas using a double pole relay so one antenna is active for 1 second, and the other antenna is active for 1 second and it just flips back and forth. could be different timings like 500ms or whatever but you get the idea.

That’s kind of what I’d been pondering over. Idk, might just give it a shot. If it seems to lose anything, if I just “undo” the splice and fix up the original wire from xAC to Antenna, all should be fine right?

SHOULD

I was poking around the PM3 client some more today, and came across emv scan. Now, EMV in general is pretty much pure magic to me, but the description for the command:

Scan EMV card and save it contents to json file for emulator

It executes EMV contactless transaction and saves result to a file which can be used for emulation

Caught me by surprise. What does it mean for emulation? I didn’t think we could really do a whole lot of emulation with EMV…

the most basic funciton of EMV payment applications for Visa and Mastercard (and yes they work slightly differently), is they can provide contact or contactless access to “TRACK2” data using ADPU commands to extract the data. It is the dumbest shit ever though… on a magstripe you have different “tracks” of data… and the term “track” comes from magnetic tape… cassette tapes to be exact… because a magstripe reader uses a goddamn magnetic reader head from a friggen tape player… and the reader has two track heads that can read basically two separate tracks of data from the card at the same time when you swipe it past the read head… contact and contactless chips were new but instead of upset the entire backend 1970s era network based entirely on magentic track data (track 1 and track 2), they just literally stored the same track data in the chip… so if you pull track 2 data from the chip using a specific set of commands (depending on which type of card you’re talking to, Visa or Mastercard or Discover or Amex, etc.) then you just get back what you’d get if you swiped the magstripe… track 2 data contains the card number and exp date and later versions had CVV as well… and emulating the card’s side of a transaction that pulls track 2 data is easy enough… you answer the commands in succession, then when the terminal asks for track 2 data you dump out what you pulled from the card.

Things get a little different in the EU and other markets because there are additional interactions with the card that involve some crypto - transaction signatures basically… which cannot be emulated for lack of keys… but just about every terminal in the USA just pulls track 2 data.

The short answer here to the question that will be burning a hole in your mind after reading the above is this; yes you could make an EMV emulator applet for javacard that could run on flexSecure that could just do the same thing and dump out track 2 data and it would basically work with terminals here in the USA… but it would be kind of a risky proposal to do that and put our future plans with legitimate payment in jeopardy… but that’s not to say someone else couldn’t do it… someone not associated with us at all… maybe with a public github repo that anyone could access. There might even be some repos which could serve as a good start.

oh also i should mention that emv as a standard is actually kind of confusing because it has started to be looked at for applications other than strictly payment… so people are considering implementing something like it for applications like ticketing… so you might see it popping up in odd places or use cases that may not really help address your immediate goals, whatever those might be

Ha! I was concerned enough about the possibility of doing it via the PM3

Wonder why they don’t seem to have implemented that then, especially if they have the scan command available…

It seems odd to put such a seemingly dumb back end on an actually pretty nice chip…

I knew the cards had some unencrypted data on them, but I had figured it was a backwards compatibility “just-in-case” scenario, which I could sort-of-kinda-maybe understand. I keep hoping they have something better too, but it doesn’t seem like it…

The USA suffers from two things;

1. Being the first to invent a lot of shit
2. Being so goddamn huge that updating things can cost 100x more than it would cost much smaller countries

When 2G mobile networks went to 3G, then to 4G and 5G… the amount of money and time it took for smaller countries like Sweden (500k towers), Australia (686k towers), Mexico (950k towers), etc. was basically nothing… rollouts happened quickly… but the USA has 7.7 million fucking cellphone towers… upgrades cost a ton and take forever… and some areas skip entire generations… going from 2g to 4g… or 3g to 5g. We often lag behind because we’re first movers in a lot of things, but our huge infrastructure costs mean updates are sloooowww AF.

In short, small countries can easily be more nimble when it comes to rollouts. The USA invented electronic payments… particularly credit card payment networks. The USA also invented contactless payment, but rolled it out in 1997 in such a stupid fucking way that it quickly died… we clung to magstripe while the rest of the world implemented chip + pin… why? The number of merchant terminals that needed to be updated in the USA to support contact (chip + pin) or contactless meant the cost was insanely high and making it happen was a chicken and egg problem… critical mass for such a huge country was just not happening… so it died.

Pretty quickly after banks started shipping the first contactless cards (which were useless because of the old magstripe only terminal problem), Google tried to bring out Google Wallet but it failed because of incompatible terminals, but also mobile phone carriers only wanted payments on their locked in phones, and some like Verizon actually blocked Google Wallet app from installing on “their” phones… like wtf… but then Apple actually did some brilliant moves creating Apple Pay… they patiently created everything, but then getting merchants to update millions of terminals across the country to support contactless (let alone chip + pin) was a hurdle… so they worked with banks and processors to implement the liability shift to scare the shit out of merchants and force hardware upgrades… basically saying if you accept a magstripe payment and it’s fraud, it will 100% be your (the merchant’s) liability with no chance to contest or prove transaction legitimacy… again a brilliant move to make everyone pay billons of dollars across the industry to upgrade terminals all so Apple Pay could launch in a big way immediately after… fucking brilliant scam there Apple.

I meant to wonder about the proxmark implementing an emv sim type command to go with the emv scan here

But also that too

It sounds like then that the cards likely do support a better protocol and it’s the POS terminals that lack implementation for it?
Or are our cards behind too?
It seems like an odd choice to use a fancy-pants java-card if all they’ve done so far is move the magstripe data into NFC format

oh i see… yeah emulating would require a lot of params… there are different payment systems on cards… emv applets on cards are not made by visa or mastercard but by companies like npx, gemalto, infineon, g+d, etc. who buy the huge “books” from mastercard or visa (the more research you do you’ll see different “book” standards) and create their own payment applications… but then along the way there were like a couple different “payment system environment” standards created because if you are a terminal do you just scan through a bunch of AIDs when a card is presented, looking for different payment applets to talk to? how do you update that list in the field… it’s terrible… so the idea of a PSE would mean the terminal could query just one AID… send some commands to find out what actual payment applets were on chip, present options to the user because yes you can actually have a card with a Visa payment applet and a MasterCard payment applet on board… and in the USA we have a “pin network” option for “debit cards” that have credit card numbers associated with them, but are not credit cards… which are referred to as “signature networks” because you sign for them, you don’t enter a pin code… jesus we are doing things very “feet, pounds, ounces” here in the USA while the rest of the world is pretty much standardized on this… but anyways… to properly sim an “emv” card you would have like 25 different parameters to enter to handle most common simulation setups… and like… yeah it’s not like emulating an EM or Mifare chip… not at all.

both… cards are not updated because terminals aren’t… the same chicken and egg issue contactless payment had really… so fraud happens and consumers and merchants battle it out while visa, mastercard, and processors like stripe just sit back and laugh… a year ago i had to accept new terms for stripe which said that EVEN IF I WON A TRANSACTION FRAUD DISPUTE that i would still have to pay the contested charge fee… oh and also IF I REFUND A CHARGE i still have to pay the processing fee (both of these things were new changes to processor agreements)… so nobody in power gives two shits about it because the fraud costs are ultimately pushed to consumers… with merchants having to act as the bad guy by raising prices.

they have actively and successfully killed the threat of crypto, disallowing crypto apps to run on terminals and chips with payment applets side by side… they subverted the promise of p2p crypto payments by forcing it to go over their networks (crypto.com does this, owned by mastercard, visa, etc.) so they can take their cut and control the flow of money… they actively lobby and market social commentary in countries to push the narrative that cash is only used by criminals and digital payments (that run over their networks) is the only way upstanding citizens should be paying for anything)… if money is the root of all evil, these guys pull the purse strings.

if a luigi ever happened to anyone working in payments, i’d understand.

It seems like the PM3 would be doing the same searching around the card structure for payment info during emv scan and could save the same information about the card to the dump json

oh sure… but you gonna code it? its a very complex ask… it’s an open source project… they’re waiting for you to get busy

it’s kind of the same thing with hacking the ntag216 based mo-lock nfc system… i’m waiting for the sim function for the ntag216 chip type to get an update so i can control the output of PWD_ACK … but it was coded by someone who is not even the same someone that coded the lf em sim function… its a big collection of various project supporters and right now if i want that function i would have to figure it out myself and submit a pull request… not something i can do or have the time to learn how to do.

at best i can only hope that ai programming tools will or have already advanced to the point i could submit the codebase and ask for a feature to be added and get back working code… maybe that’s a possibility for my relatively simple ask … but emv sim would be pretty complex, even for a vibecoder.

I’m barely competant as a theorizer for this kind of thing, let alone programmer

I’m not trying to accuse any given party for the fact that it hasn’t been done yet, more so I’m surprised that it’s even as possible and progressed as far as it is

Did that python script not end up working?

oh yeah of course… no i just wanted to point out that the answer to “i wonder why” for open source projects is always “because nobody has done it yet”… unlike a commercial endeavor with a clear driving force behind it and $ to pay people to make things work… open source is always just waiting for people to step up and do the thing… so it’s always “why hasn’t XYZ happened” → “nobody did it yet”.

ehhhhh… to be honest i have not circled back to it… it might work? I think it will be put on a @tac0s to do list soon… he’s good at python

I’m definitely curious to know if it works that way, if it has any issues I’d be happy to adjust the script where possible too

Yikes!

“You’re being accused for money laundering because you payed for a hamburger in cash, only criminals pay in cash” - Visa

I love chash BTW.

Why is fusking garlic so common around here!? It doesn’t taste great, it smells disgusting, and you end up smelling like fusking garlic for hours on end.

Stop putting it in fusking everything!