RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-13 10:43:01 +08:00
Code Issues Projects Releases Packages Wiki Activity

ADD: 'hf emv' - more additions by (@merlokk)

Browse source
This commit is contained in:
iceman1001 2017-12-05 15:44:35 +01:00
parent ba4df1b9fc
commit 53d8668e00
5 changed files with 232 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

141
client/emv/cmdemv.c
View file

@ -285,6 +285,10 @@ int UsageCmdHFEMVExec(void) {
PrintAndLog(" -a : show APDU reqests and responses\n");
PrintAndLog(" -t : TLV decode results\n");
PrintAndLog(" -f : force search AID. Search AID instead of execute PPSE.\n");
PrintAndLog(" -v : transaction type - qVSDC or M/Chip.\n");
PrintAndLog(" -c : transaction type - qVSDC or M/Chip plus CDA (SDAD generation).\n");
PrintAndLog(" -x : transaction type - VSDC. For test only. Not a standart behavior.\n");
PrintAndLog("By default : transaction type - MSD.\n");
PrintAndLog("Samples:");
PrintAndLog(" hf emv pse -s -> select card");
PrintAndLog(" hf emv pse -s -t -a -> select card, show responses in TLV, show APDU");
@ -296,6 +300,7 @@ int CmdHFEMVExec(const char *cmd) {
bool showAPDU = false;
bool decodeTLV = false;
bool forceSearch = false;
enum TransactionType TrType = TT_MSD;
uint8_t buf[APDU_RES_LEN] = {0};
size_t len = 0;
@ -317,7 +322,7 @@ int CmdHFEMVExec(const char *cmd) {
switch (param_getchar_indx(cmd, 1, cmdp)) {
case 'h':
case 'H':
UsageCmdHFEMVPPSE();
UsageCmdHFEMVExec();
return 0;
case 's':
case 'S':
@ -335,6 +340,18 @@ int CmdHFEMVExec(const char *cmd) {
case 'F':
forceSearch = true;
break;
case 'x':
case 'X':
TrType = TT_VSDC;
break;
case 'v':
case 'V':
TrType = TT_QVSDCMCHIP;
break;
case 'c':
case 'C':
TrType = TT_CDA;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar_indx(cmd, 1, cmdp));
return 1;
@ -405,9 +422,24 @@ int CmdHFEMVExec(const char *cmd) {
PrintAndLog("\n* Init transaction parameters.");
//9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
switch(TrType) {
case TT_MSD:
TLV_ADD(0x9F66, "\x86\x00\x00\x00"); // MSD
// TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
// TLV_ADD(0x9F66, "\x8e\x00\x00\x00"); // CDA
break;
// not standart for contactless. just for test.
case TT_VSDC:
TLV_ADD(0x9F66, "\x46\x00\x00\x00"); // VSDC
break;
case TT_QVSDCMCHIP:
TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
break;
case TT_CDA:
TLV_ADD(0x9F66, "\x86\x80\x00\x00"); // CDA
break;
default:
TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
break;
}
//9F02:(Amount, Authorised (Numeric)) len:6
TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
//9F1A:(Terminal Country Code) len:2
@ -444,6 +476,7 @@ int CmdHFEMVExec(const char *cmd) {
PrintAndLog("\n* GPO.");
res = EMVGPO(true, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
free(pdol_data_tlv_data);
free(pdol_data_tlv);
if (res) {
@ -544,13 +577,27 @@ int CmdHFEMVExec(const char *cmd) {
break;
}
// transaction check
// get AIP
const struct tlv *AIPtlv = tlvdb_get(tlvRoot, 0x82, NULL);
uint16_t AIP = AIPtlv->value[0] + AIPtlv->value[1] * 0x100;
PrintAndLog("* * AIP=%x", AIP);
PrintAndLog("* * AIP=%04x", AIP);
// SDA
if (AIP & 0x0040) {
PrintAndLog("\n* SDA");
trSDA(AID, AIDlen, tlvRoot);
}
// DDA
if (AIP & 0x0020) {
PrintAndLog("\n* DDA");
}
// transaction check
// qVSDC
{
if (TrType == TT_QVSDCMCHIP|| TrType == TT_CDA){
// 9F26: Application Cryptogram
const struct tlv *AC = tlvdb_get(tlvRoot, 0x9F26, NULL);
if (AC) {
@ -587,19 +634,88 @@ int CmdHFEMVExec(const char *cmd) {
}
}
// TODO: Mastercard M/CHIP
{
// Mastercard M/CHIP
if (GetCardPSVendor(AID, AIDlen) == CV_MASTERCARD && (TrType == TT_QVSDCMCHIP || TrType == TT_CDA)){
const struct tlv *CDOL1 = tlvdb_get(tlvRoot, 0x8c, NULL);
if (CDOL1 && GetCardPSVendor(AID, AIDlen) == CV_MASTERCARD) { // and m/chip transaction flag
PrintAndLog("\n--> Mastercard M/Chip transaction.");
PrintAndLog("* * Generate challenge");
res = EMVGenerateChallenge(true, buf, sizeof(buf), &len, &sw, tlvRoot);
if (res) {
PrintAndLog("ERROR GetChallenge. APDU error %4x", sw);
return 5;
}
if (len < 4) {
PrintAndLog("ERROR GetChallenge. Wrong challenge length %d", len);
return 5;
}
// ICC Dynamic Number
struct tlvdb * ICCDynN = tlvdb_fixed(0x9f4c, len, buf);
tlvdb_add(tlvRoot, ICCDynN);
if (decodeTLV){
PrintAndLog("\n* * ICC Dynamic Number:");
TLVPrintFromTLV(ICCDynN);
}
PrintAndLog("* * Calc CDOL1");
struct tlv *cdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x8c, NULL), tlvRoot, 0x01); // 0x01 - dummy tag
if (!cdol_data_tlv){
PrintAndLog("ERROR: can't create CDOL1 TLV.");
return 4;
}
PrintAndLog("CDOL1 data[%d]: %s", cdol_data_tlv->len, sprint_hex(cdol_data_tlv->value, cdol_data_tlv->len));
PrintAndLog("* * AC1");
// EMVAC_TC + EMVAC_CDAREQ --- to get SDAD
res = EMVAC(true, (TrType == TT_CDA) ? EMVAC_TC + EMVAC_CDAREQ : EMVAC_TC, (uint8_t *)cdol_data_tlv->value, cdol_data_tlv->len, buf, sizeof(buf), &len, &sw, tlvRoot);
free(cdol_data_tlv);
if (res) {
PrintAndLog("AC1 error(%d): %4x. Exit...", res, sw);
return 5;
}
if (decodeTLV)
TLVPrintFromBuffer(buf, len);
PrintAndLog("* M/Chip transaction result:");
// 9F27: Cryptogram Information Data (CID)
const struct tlv *CID = tlvdb_get(tlvRoot, 0x9F27, NULL);
if (CID) {
emv_tag_dump(CID, stdout, 0);
PrintAndLog("------------------------------");
if (CID->len > 0) {
switch(CID->value[0] & EMVAC_AC_MASK){
case EMVAC_AAC:
PrintAndLog("Transaction DECLINED.");
break;
case EMVAC_TC:
PrintAndLog("Transaction approved OFFLINE.");
break;
case EMVAC_ARQC:
PrintAndLog("Transaction approved ONLINE.");
break;
default:
PrintAndLog("ERROR: CID transaction code error %2x", CID->value[0] & EMVAC_AC_MASK);
break;
}
} else {
PrintAndLog("ERROR: Wrong CID length %d", CID->len);
}
} else {
PrintAndLog("ERROR: CID(9F27) not found.");
}
}
}
// MSD
if (AIP & 0x8000) {
if (AIP & 0x8000 && TrType == TT_MSD) {
PrintAndLog("\n--> MSD transaction.");
PrintAndLog("* MSD dCVV path. Check dCVV");
const struct tlv *track2 = tlvdb_get(tlvRoot, 0x57, NULL);
@ -624,7 +740,7 @@ int CmdHFEMVExec(const char *cmd) {
if (!UDOL)
PrintAndLog("Use default UDOL.");
struct tlv *udol_data_tlv = dol_process(UDOL ? UDOL : &defUDOL, tlvRoot, 0x01); // 0x01 - fake tag!
struct tlv *udol_data_tlv = dol_process(UDOL ? UDOL : &defUDOL, tlvRoot, 0x01); // 0x01 - dummy tag
if (!udol_data_tlv){
PrintAndLog("ERROR: can't create UDOL TLV.");
return 4;
@ -651,9 +767,6 @@ int CmdHFEMVExec(const char *cmd) {
}
}
// additional contacless EMV commands (fDDA, external authenticate)
// DropField
DropField();

55
client/emv/emv_tags.c
View file

@ -35,6 +35,7 @@ enum emv_tag_t {
EMV_TAG_NUMERIC,
EMV_TAG_YYMMDD,
EMV_TAG_CVR,
EMV_TAG_CID,
};
struct emv_tag {
@ -59,7 +60,7 @@ static const struct emv_tag_bit EMV_AIP[] = {
{ EMV_BIT(1, 4), "Terminal risk management is to be performed" },
{ EMV_BIT(1, 3), "Issuer authentication is supported" },
{ EMV_BIT(1, 2), "Reserved for use by the EMV Contactless Specifications" },
{ EMV_BIT(1, 1), "CDA supported" },
{ EMV_BIT(1, 1), "CDA supported (Combined Dynamic Data Authentication / Application Cryptogram Generation)" },
{ EMV_BIT(2, 8), "MSD is supported (Magnetic Stripe Data)" },
{ EMV_BIT(2, 7), "Reserved for use by the EMV Contactless Specifications" },
{ EMV_BIT(2, 6), "Reserved for use by the EMV Contactless Specifications" },
@ -221,6 +222,7 @@ static const struct emv_tag emv_tags[] = {
{ 0x9f06, "Application Identifier (AID), Terminal. ISO 7816-5" },
{ 0x9f07, "Application Usage Control", EMV_TAG_BITMASK, &EMV_AUC },
{ 0x9f08, "Application Version Number" },
{ 0x9f0a, "Application Selection Registered Proprietary Data" }, // https://blog.ul-ts.com/posts/electronic-card-identifier-one-more-step-for-mif-compliance/
{ 0x9f0d, "Issuer Action Code - Default", EMV_TAG_BITMASK, &EMV_TVR },
{ 0x9f0e, "Issuer Action Code - Denial", EMV_TAG_BITMASK, &EMV_TVR },
{ 0x9f0f, "Issuer Action Code - Online", EMV_TAG_BITMASK, &EMV_TVR },
@ -233,7 +235,7 @@ static const struct emv_tag emv_tags[] = {
{ 0x9f1f, "Track 1 Discretionary Data", EMV_TAG_STRING },
{ 0x9f21, "Transaction Time" },
{ 0x9f26, "Application Cryptogram" },
{ 0x9f27, "Cryptogram Information Data" },
{ 0x9f27, "Cryptogram Information Data", EMV_TAG_CID },
{ 0x9f2a, "Kernel Identifier" },
{ 0x9f2d, "ICC PIN Encipherment Public Key Certificate" },
{ 0x9f2e, "ICC PIN Encipherment Public Key Exponent" },
@ -270,6 +272,7 @@ static const struct emv_tag emv_tags[] = {
{ 0x9f6c, "Card Transaction Qualifiers (CTQ)", EMV_TAG_BITMASK, &EMV_CTQ },
{ 0xa5 , "File Control Information (FCI) Proprietary Template" },
{ 0xbf0c, "File Control Information (FCI) Issuer Discretionary Data" },
{ 0xdf20, "Issuer Proprietary Bitmap (IPB)" },
};
static int emv_sort_tag(tlv_tag_t tag)
@ -471,6 +474,50 @@ static void emv_tag_dump_cvr(const struct tlv *tlv, const struct emv_tag *tag, F
return;
}
// EMV Book 3
static void emv_tag_dump_cid(const struct tlv *tlv, const struct emv_tag *tag, FILE *f, int level) {
if (!tlv || tlv->len < 1) {
PRINT_INDENT(level);
fprintf(f, "\tINVALID!\n");
return;
}
PRINT_INDENT(level);
if ((tlv->value[0] & EMVAC_AC_MASK) == EMVAC_AAC) fprintf(f, "\tAC1: AAC (Transaction declined)\n");
if ((tlv->value[0] & EMVAC_AC_MASK) == EMVAC_TC) fprintf(f, "\tAC1: TC (Transaction approved)\n");
if ((tlv->value[0] & EMVAC_AC_MASK) == EMVAC_ARQC) fprintf(f, "\tAC1: ARQC (Online authorisation requested)\n");
if ((tlv->value[0] & EMVAC_AC_MASK) == EMVAC_AC_MASK) fprintf(f, "\tAC1: RFU\n");
if (tlv->value[0] & EMVCID_ADVICE) {
PRINT_INDENT(level);
fprintf(f, "\tAdvice required!\n");
}
if (tlv->value[0] & EMVCID_REASON_MASK) {
PRINT_INDENT(level);
fprintf(f, "\tReason/advice/referral code: ");
switch((tlv->value[0] & EMVCID_REASON_MASK)) {
case 0:
fprintf(f, "No information given\n");
break;
case 1:
fprintf(f, "Service not allowed\n");
break;
case 2:
fprintf(f, "PIN Try Limit exceeded\n");
break;
case 3:
fprintf(f, "Issuer authentication failed\n");
break;
default:
fprintf(f, "\tRFU: %2x\n", (tlv->value[0] & EMVCID_REASON_MASK));
break;
}
}
return;
}
static void emv_tag_dump_cvm_list(const struct tlv *tlv, const struct emv_tag *tag, FILE *f, int level)
{
uint32_t X, Y;
@ -628,6 +675,10 @@ bool emv_tag_dump(const struct tlv *tlv, FILE *f, int level)
fprintf(f, "\n");
emv_tag_dump_cvr(tlv, tag, f, level);
break;
case EMV_TAG_CID:
fprintf(f, "\n");
emv_tag_dump_cid(tlv, tag, f, level);
break;
};
return true;

11
client/emv/emv_tags.h
View file

@ -19,6 +19,17 @@
#include "tlv.h"
#include <stdio.h>
// AC
# define EMVAC_AC_MASK 0xC0
# define EMVAC_AAC 0x00
# define EMVAC_TC 0x40
# define EMVAC_ARQC 0x80
# define EMVAC_CDAREQ 0x10
// CID
# define EMVCID_ADVICE 0x08
# define EMVCID_REASON_MASK 0x07
bool emv_tag_dump(const struct tlv *tlv, FILE *f, int level);
#endif

32
client/emv/emvcore.c
View file

@ -242,13 +242,13 @@ int EMVExchangeEx(bool ActivateField, bool LeaveFieldON, sAPDU apdu, uint8_t *Re
// 6 byes + data = INS + CLA + P1 + P2 + Lc + <data = Nc> + Le
int res = ExchangeAPDU14a(data, 6 + apdu.Lc, ActivateField, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen);
if (APDULogging)
PrintAndLog("<<<< %s", sprint_hex(Result, *ResultLen));
if (res) {
return res;
}
if (APDULogging)
PrintAndLog("<<<< %s", sprint_hex(Result, *ResultLen));
*ResultLen -= 2;
isw = Result[*ResultLen] * 0x0100 + Result[*ResultLen + 1];
if (sw)
@ -467,3 +467,29 @@ int EMVGenerateChallenge(bool LeaveFieldON, uint8_t *Result, size_t MaxResultLen
int MSCComputeCryptoChecksum(bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
return EMVExchange(LeaveFieldON, (sAPDU){0x80, 0x2a, 0x8e, 0x80, UDOLlen, UDOL}, Result, MaxResultLen, ResultLen, sw, tlv);
}
// Authentication
int trSDA(uint8_t *AID, size_t AIDlen, struct tlvdb *tlv) {
if (AIDlen < 5)
return 1;
// Get public key index (0x8F)
//int PubKeyIndx = 0;
// Get public key from key storage
// GetPublicKey(AID(0..5), PubKeyIndx)
// Processing of Issuer Public Key Certificate (0x90)
//Certificate =
// check issuer public key certificate
// Verification of Signed Static Application Data (SSAD) (0x93)
// get 9F4A Static Data Authentication Tag List
// set Data Auth Code (9F45) from SSAD
return 0;
}

12
client/emv/emvcore.h
View file

@ -29,6 +29,13 @@
#define APDU_RES_LEN 260
#define APDU_AID_LEN 50
enum TransactionType {
TT_MSD,
TT_VSDC, // not standart for contactless!!!!
TT_QVSDCMCHIP,
TT_CDA,
};
typedef struct {
uint8_t CLA;
uint8_t INS;
@ -69,8 +76,13 @@ extern int EMVSelectApplication(struct tlvdb *tlv, uint8_t *AID, size_t *AIDlen)
// Get Processing Options
extern int EMVGPO(bool LeaveFieldON, uint8_t *PDOL, size_t PDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
extern int EMVReadRecord(bool LeaveFieldON, uint8_t SFI, uint8_t SFIrec, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
// AC
extern int EMVGenerateChallenge(bool LeaveFieldON, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
extern int EMVAC(bool LeaveFieldON, uint8_t RefControl, uint8_t *CDOL, size_t CDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
// Mastercard
int MSCComputeCryptoChecksum(bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
// Auth
extern int trSDA(uint8_t *AID, size_t AIDlen, struct tlvdb *tlv);
#endif