Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues...
Transcript of Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues...
![Page 1: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/1.jpg)
Samsung Pay:Tokenized Numbers,
Flaws and Issues
Salvador MendozaTwitter: @Netxing
Blog: salmg.net
![Page 2: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/2.jpg)
@Netxing
Who am I?
● Security researcher
● From California, USA
● Mexican(Bad hombre)
![Page 3: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/3.jpg)
Terminology
● NFC: Near Field Communication
● MST: Magnetic Secure Transmission
● VTS: Visa Token Service
● Tokenized Numbers: Surrogated value = Token
● Token: A voucher
● TSP: Token Service Provider
● PAN: Primary Account Number
@Netxing
![Page 4: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/4.jpg)
What is Samsung Pay?
● New app for digital payments
● Similar to Apple Pay or Android Pay
● Big difference: MST protocol
@Netxing
![Page 5: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/5.jpg)
What is MST?● It is a magnetic field
● The terminal interprets the electromagnetic waves like a swiping of a physical card
● Without security or encryption because it is a transmission of one way @Netxing
![Page 6: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/6.jpg)
Analyzing Tokenized Numbers (Token)
%4012300001234567^21041010647020079616?;4012300001234567^21041010647020079616?~4012300001234567^21041010647020079616?
% = Start sentinel for first track^ = Separator? = End sentinel for every track; = Start sentinel for second track~ = Start sentinel for third track
A tokenized number follows exactly the same format of American Banking Association (ABA/IATA); emulating perfectly a physical swiping card.
@Netxing
![Page 7: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/7.jpg)
http://www.samsung.com/hk_en/business-images/insights/2015/Samsung_Pay_Will_Transform_the_Mobile_Wallet_Experience-0.pdf
![Page 8: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/8.jpg)
Analyzing a Track
Second track = ;4012300001234567^21041010647020079616?
2104-101-0647020079616
21/04 101 064702-0079-616
Token’s heart.New expiration date.
Service code: 1: Available for international interchange.0: Transactions are authorized following the normal rules.1: No restrictions.
064702: It handles transaction’s range/CVV role.0079: Transaction’s id, increase +1 in each transaction.616: Random numbers, to fill ABA format, generated from a cryptogram/array method.
The last 20 digits are the token’s heart: 21041010647020079616
@Netxing
![Page 9: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/9.jpg)
Offline/online mode
Without internet; did not change the middle counter%4012300001234567^2104101082000(constant)0216242? %4012300001234567^21041010820000217826?%4012300001234567^21041010820000218380?[…]With internet, the middle counter increased +1:%4012300001234567^21041010820000233969? %4012300001234567^21041010820000234196?%4012300001234567^21041010820010235585? ← +1
@Netxing
![Page 10: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/10.jpg)
Offline mode
@Netxing
![Page 11: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/11.jpg)
Token Phases
●Active: Normal status after generated.●Pending: Waiting for TSP’s response.●Disposed: Destroyed token.●Enrolled: Registered token.●Expired: Became invalid after period of time.●Suspended_provision: Valid PAN, requesting more info.●Suspended: VST will decline the transaction with a suspended token.
@Netxing
![Page 12: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/12.jpg)
Updating Token Status
//SAMPLE REQUEST URLhttps://sandbox.api.visa.com/vts/provisionedTokens/{vProvisionedTokenID}/suspend?apikey={apikey}// Headercontent-type: application/jsonx-pay-token: {generated from request data}// Body{ "updateReason": { "reasonCode": "CUSTOMER_CONFIRMED", "reasonDesc": "Customer called" }}// SAMPLE RESPONSE// Body{}
Source: Visa Developer Center
@Netxing
![Page 13: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/13.jpg)
Files StructureDatabases > 20 Directories/files
vasdata.db, suggestions.db, mc_enc.db /system/csc/sales_code.dat, SPayLogs/
spay.db, spayEuFw.db, PlccCardData_enc.db B1.dat, B2.dat, pf.log, /dev/mst_ctrl
membership.db, image_disk_cache.db, loyaltyData.db
/efs/prov_data/plcc_pay/plcc_pay_enc.dat
transit.db, GiftCardData.db, personalcard.db /efs/prov_data/plcc_pay/plcc_pay_sign.dat
CERT.db, MyAddressInfoDB.db, serverCertData.db /sdcard/dstk/conf/rootcaoper.der
gtm_urls.db, statistics.db, mc_enc.db /efs/pfw_data, /efs/prov_data/pfw_data
spayfw_enc.db, collector_enc.db, cbp_jan_enc.db /sys/class/mstldo/mst_drv/transmit… many more
@Netxing
![Page 14: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/14.jpg)
cbp_jan_enc.dbCREATE TABLE tbl_enhanced_token_info (_id INTEGER PRIMARY KEY AUTOINCREMENT, vPanEnrollmentID TEXT, vProvisionedTokenID TEXT, token_requester_id TEXT, encryption_metadata TEXT, tokenStatus TEXT, payment_instrument_last4 TEXT, payment_instrument_expiration_month TEXT, payment_instrument_expiration_year TEXT, token_expirationDate_month TEXT, token_expirationDate_year TEXT, appPrgrmID TEXT, static_params ...
https://sandbox.api.visa.com/vts/provisionedTokens/{vProvisionedTokenID}/suspend?apikey={apikey}
@Netxing
![Page 15: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/15.jpg)
Flaws and Issues
● paramString = LFWrapper.encrypt("OverseaMstSeq", paramString);● bool1 = b.edit().putString(paramString,
LFWrapper.encrypt("PropertyUtil", null)).commit();● String str = LFWrapper.encrypt("tui_lfw_seed",
Integer.toString(paramInt)); @Netxing
![Page 16: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/16.jpg)
Encrypt/Decrypt Functions
@Netxing
![Page 17: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/17.jpg)
Flaws and Issues
● Token expiration date is in blank.● ivdRetryExpiryTime implements timestamp format.
● If Samsung Pay generated a token, but it is not used to make a purchase, that token is still active/alive.
@Netxing
![Page 18: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/18.jpg)
Flaws and Issues
Adding/deleting the same card.
● %4059557240050212^22111014803010255698?Deleted
● %4059557240056045^22111014804000001352?Deleted
● %4059557240056052^22111014804000001457?● %4059557240056052^22111014848010007855?
Deleted● %4059557240056557^22111014902000001888?● %4059557240056557^22111014902000002230?
@Netxing
![Page 19: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/19.jpg)
Attacks
Dangerous scenarios:
● Social engineering
● Jamming MST signal
● International Tokens
● Attack in Real-Time (MagSpoofPI)
● Attacking the NFC Protocol
● Guessing the next token? @Netxing
![Page 20: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/20.jpg)
Social Engineering(TokenGet)
@Netxing
![Page 21: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/21.jpg)
Social Engineering(TokenGet)
@Netxing
![Page 22: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/22.jpg)
Social Engineering(TokenGet)
https://www.youtube.com/watch?v=QMR2JiH_ymU
TokenGet:● Raspberry Pi Zero● Lipo 3.7 V● PowerBoost 1000● Credit Card reader one head● USB adapters● USB WIFI dongle ● Mini OTG USB● Cell phone armband
@Netxing
![Page 23: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/23.jpg)
@Netxing
MagSpoof + CC Reader + Raspberry Pi = JamSpay
++
![Page 24: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/24.jpg)
JamSpay
● Pin 7(GPIO04) connected to a 10K resistor. The other resistor’s end to GND.
● Raspberry Pi GND to Attiny’ GND and Raspberry DC power 3.3 to Attiny’s
@Netxing
![Page 25: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/25.jpg)
JamSpay
https://www.youtube.com/watch?v=ytV7xNJP1o8
● Raspberry Pi Zero● Lipo 5 V● Credit Card reader one head● MagSpoof● USB adapters● USB WIFI dongle ● Mini OTG USB● Mini-box
@Netxing
![Page 27: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/27.jpg)
International Samsung Pay Tokens
https://www.youtube.com/watch?v=EphR18sSjgA
Thanks @Sabasacustico
@Netxing
![Page 28: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/28.jpg)
Attack in Real-time
https://www.youtube.com/watch?v=zuDdb3XSupE
MagSpoof + Raspberry Pi = MagSpoofPI● Raspberry Pi 3 ● Lipo 3.7 V● PowerBoost 1000● USB cable● MagSpoof
Details about this project: https://salmg.net/2016/08/27/magspoofpi/
@Netxing
![Page 29: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/29.jpg)
Attacking NFC Protocol
@Netxing
![Page 30: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/30.jpg)
How Samsung Pay implements two different tokens per transaction?
@Netxing
![Page 31: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/31.jpg)
Two tokens for one transaction
MST:%4012300001234567^21041010820000216242?[…]
NFC:%4012300001234567^21042010820000217969?[...]
@Netxing
![Page 32: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/32.jpg)
Secure Element at NFC
@Netxing
![Page 33: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/33.jpg)
Analyzing the NFC tags
ATS:...77 66 9F 26 08 35 56 96 3E DB 9E D7 8A 94 04 08 03 03 00 82 02 00 40 9F 36 02 00 50 9F 6C 02 01 80 9F 6E 04 23 8C 00 00 9F 10 20 1F 43 01 00 20 00 00 00 00 00 00 00 00 06 68 17 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 13 XX XX D2 21 12 01 68 17 01 00 80 44 3F 5F 34 01 00 9F 27 01 80 90 0080 CA 9F 17 0069 8580 CA 9F 36 0069 85... @Netxing
![Page 34: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/34.jpg)
Attacking Samsung Pay NFC - PoC
https://www.youtube.com/watch?v=cD97Bey_2yA
@Netxing
![Page 35: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/35.jpg)
Guessing a Token?
@Netxing
![Page 36: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/36.jpg)
How did Samsung Pay fix everything?
@Netxing
![Page 37: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/37.jpg)
Other Researchers
https://www.youtube.com/channel/UC-Z9ZK4Pv5YNObhP53eCz1g
@Netxing
![Page 38: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/38.jpg)
Beta Project: SamyKam
https://www.youtube.com/watch?v=zp8G1WKreXA
Services:● Web server ● Bluetooth service● OLED/Rotary Encoder● MagSpoofPI
Library(avr-gcc code integration)
More details: salmg.net
@Netxing
![Page 39: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/39.jpg)
Take-Away
● Samsung Pay has some levels of security, but it is a fact that could be a target for malicious attacks.
● Samsung Pay has some limitations in the tokenization process which could affect customers’ security.
● Finally, tokens generated by Samsung Pay could be used in another hardware.
@Netxing
![Page 41: Flaws and Issues Samsung Pay: Tokenized Numbers,Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza Twitter: @Netxing Blog: salmg.net @Netxing Who am I? Security researcher](https://reader036.fdocuments.in/reader036/viewer/2022062414/5ee1125ead6a402d666c15fc/html5/thumbnails/41.jpg)
Greetz, Hugs & Stuff
Samy Kamkar (@samykamkar)Andres Sabas (@Sabasacustico)Pedro Joaquin (@_hkm)Luis Colunga (@sinnet3000)RMHT (raza-mexicana.org)Los RazosGDG modesto group