This Android app collects Mag-Stripe data and CVC3 codes from MasterCard PayPass cards and emulates that information. It is based on combined pre-play and downgrade attack described in Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless by Michael Roland, Josef Langer.
WARNING! This application might destroy your credit card (MasterCard only) after ~ 66 successful attacks.*
*For each attack application increments card's ATC by 1000. ATC (Application Transaction Counter) is 2B value that means that maximum value of ATC is 65535, so after approximately 66 attacks this counter overflows.
This is just proof of concept application, so interface is quite simple.
1, This screen shows, that app is ready for reading card
2, When you have compatible card (MasterCard PayPass) app will start collecting data
3, Data collection is completed and your phone is ready for emulating your card
4, Now you can put this app to background or just close it and whenever you want to reply collected data just turn on your screen and app will start to communicate with reader