X2 Exposed

X2 Exposed

After this you'll shit bricks

X2 is an app made of demos, of Global Platform's C++ smart-card code.

I will explain that "X2" and every variant of it, are just simply resource-editing of an older app, X0.5 beta. The original author has since passed away (Obituary). His friend, a person in Sao Paulo Brazil, released it.


Timeline

Around 2012, ten years ago, a version of X1 was made. The screenshots are below.

I will explain what works, and what doesn't work.

X1 is made of the following UI screens:

Internal
IST Generate
IST Load

Then came X2:

  • Internal became "EMV"
  • IST Load became "Guide"
  • IST Generate became "Generate"
  • IST Database is hidden.
  • Certain buttons are hidden.
  • UI changed.

Splash Screen

The splash screen is easily modifiable. You can take any JPG or PNG and slap in it:

Missing features hidden in X2

NFC and MICR writing has never worked

The only thing that worked, is the IST generate. The rest of the screens don't work.

What was discovered

  • X2 doesn't write AID. Even if you click MASTERCARD and put a VISA "AID" (Application Identification)
  • X2 doesn't write any correct country code, despite entering a valid country code.
  • X2 doesn't write any correct currency code, despite entering a country code.
  • X2 doesn't write any correct date, despite entering a date.
  • X2 doesn't clear the original name, despite entering a name to override.
  • X2 doesn't write the ARQC, despite entering the ARQC value.
  • X2 doesn't write EMV Track2 correctly. Track2 is missing PSE (replacement card number)
  • X2 doesn't write the PPV and ATC (ATM Code Number) 200, 201, 101, etc. correctly.

See: https://telegra.ph/X2-writes-Visa-Electron-when-EMVFoundry-writes-Visa-Debit-05-30

Visa 1
Jose Mariano De Silva

That is:

What X2 actually does

Where the names are embedded in the data it generates:

autorizado
Jose

The ARQC issue is discussed in these articles:

https://telegra.ph/ARQC---How-it-works-08-21-2

https://telegra.ph/ARQC-and-MDK-08-22


The ARQC is hard-coded

X2 hard-codes the ARQC results. 9F36 is hard-coded, it approximates to an estimated date between 2nd January 2010 to 8th March 2012.

Hard-coded X2

In other words:

  • X2 doesn't work. It writes hard-coded data embedded inside the EXE to Smart-Card.
  • X2 doesn't respect any data entered by the user.
  • X2 doesn't write to SmartCard, data above 254 bytes.
  • X2 writes hard-coded ARQC data that approximates to around Jan 2010 - 8th March 2012.

Do you feel lucky using X2? Some vendors are selling X2 for US$1,000.00 or more.


EMVFoundry (Archives)

https://telegra.ph/EMVFoundry-2003-08-15

EMVFoundry (Latest)
https://telegra.ph/EMVFoundry-2005-Release-Notes-09-04

Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org