> To brute force the CCV, you do need the clear text CC.
No you don't; the ciphertext will do. There CCV codes are three or four digits, so you have 1,000 or 10,000 keys to try. Try all of them. If the plaintext is encoded in ASCII, then throw out all the ones where the plaintext isn't a number. There will very likely only be one left, and that's the credit card number.
If the plaintext CC number is encoded as a binary number (does anyone do this?), filter for (a) proper length in decimal; (b) number is positive (if stored signed); (c) check digit verifies; (d) card type code (first few digits) are sane; if you still have more than one, (e) bank code (next few digits) is sane.
And naturally, once you have the CC number, you know which key got you it. So you have the CCV as well.
No you don't; the ciphertext will do. There CCV codes are three or four digits, so you have 1,000 or 10,000 keys to try. Try all of them. If the plaintext is encoded in ASCII, then throw out all the ones where the plaintext isn't a number. There will very likely only be one left, and that's the credit card number.
If the plaintext CC number is encoded as a binary number (does anyone do this?), filter for (a) proper length in decimal; (b) number is positive (if stored signed); (c) check digit verifies; (d) card type code (first few digits) are sane; if you still have more than one, (e) bank code (next few digits) is sane.
And naturally, once you have the CC number, you know which key got you it. So you have the CCV as well.