EMV Trace Enables Analyzing and Injecting Traffic of EMV Cards
Now available for pre-order, with pick-up at DEF CON 31.
Just in time for DEF CON 31, Electronic Cats has opened pre-orders for their latest product. EMV Trace sits between an EMV card and a payment terminal, where it can analyze or modify traffic. USB-C allows for analysis on a PC, or an onboard ESP32 module provides remote access.
EMV Trace focuses on the application protocol data unit (APDU), or the communication between a smart card’s IC and a reader. The board has connectors that enable EMV Trace to connect to other boards that function as a card reader and an emulation card. This combined capability means you can monitor, modify, or inject traffic between the two. Additionally, you can simulate inserting and ejecting cards to automate security testing.
While EMV Trace does have a USB-C port for communication to a PC, it also has an ESP32 to interact over WiFi. For example, the ESP32 can send MQTT messages passed between a card or a terminal.
Electronic Cats uses the same Microchip SAM3S microcontroller as the Osmocom SIMTrace board. This similarity means EMV Trace can run with the SIMTrace 2 software to sniff the traffic between a SIM card and a mobile device based on the ISO 7816 T=0 specification.
Electronic Cats is best known for a variety of development, hacking, and research tools. Previously, we covered their products like the CatSniffer (IoT Scanner) and Hunter Cat (NFC Tool). As with their past creations, EMV Trace is open source. You can see the KiCad design files in this GitHub repository.
EMV Trace pre-orders are open and cost $110. Electronic Cats plans to start shipping on August 10th. For those attending DEF CON 31, you have the option of picking up your EMV Trace at the conference.