Don't have a badge and not planning to buy one? Don't worry, you still can solve the tasks the same way as everyone else.

1. Grab a card from The Payment Village (Las Vegas Convention Center, W202). You need to have contact SCR3310 or contactless ACR122 reader to read data from the card. We can let you one if you don't have any, come to our equipment checkout section.

2. Set up the Point of Sales Simulator

• Download the files from our telegram group or use this link

• Install python3 and the following dependencies: 

apt install swig 
apt install pcscd
(you don't need these if you run POSSim on Windows)

pip3 install requests
pip3 install pyscard

3. Running the Point of Sales Simulator

To access the help menu, run: POSSim.py -h

Card Hacking Challenge / Virtual POS / Relay Emulator

options:

  -h, --help            show this help message and exit

  -H, --hook-data       Use data hook function for data processing

  -R READER_VALUE, --reader READER_VALUE

                        Reader ID

  -I {contact,cless}, --interface {contact,cless}

                        Interface type (contact or contactless)

  -A AMOUNT_VALUE, --amount AMOUNT_VALUE

                        Transaction amount without (,) E.g. for $10.01, enter 1001

  -F, --faulty          Faulty terminal, generates static UN 

Run:
POSsim.py -A 100 -I cless -R 0 -F  
If everything works successfully, you will get a message showing that it has been processed in our infrastructure:

4. Now you can emulate the MiTM attack, by running POSSim.py -H. This will take rules.json file from the current directory and substitute APDU data according to the rules:

{"9F2608": "9f2608aabbccdd11223344",

            "7724": "77289a02ff00"}

-H flag runs every request and response through a data hook function that reads the rules.json file and adds/substitutes TLV tags:

    string = binascii.hexlify(data).upper()

    for key in rules:

        value = rules[key].encode().upper()

        pos = string.find(key.encode().upper()) # changing only one tag

        if (pos>=0):

            length = int(key[-2:], 16)

            if ((length*2)!=(len(value)-len(key))):

                trailen = pos+len(key)

            else:

                trailen = pos+len(value)                

            string = string[0:pos]+value+string[trailen:]                     

    print ("Data hook, send_fragmented: %s" % send_fragmented)

    print ("After: %s" % string)

Don't have a card? Don't have a reader? NO WORRIES! Adyen provides a virtual POS available at pos.paymentvillage.org. Watch this video to learn how to use it.