RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-20 07:16:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

ADD: copied all EMV files from peter filmoores fork. Have not started with making it work in current fork. (a lot of work)

Browse source
This commit is contained in:
iceman1001 2016-03-20 19:37:29 +01:00
parent f400ff6519
commit 9206d3b034
17 changed files with 3541 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

245
armsrc/emvcard.h Normal file
View file

@ -0,0 +1,245 @@
//-----------------------------------------------------------------------------
// Peter Fillmore 2014
// code derived off merloks mifare code
//
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// structure to hold EMV card and terminal parameters
//-----------------------------------------------------------------------------
#ifndef __EMVCARD_H
#define __EMVCARD_H
//structure to hold received/set tag values
//variable data inputs have length specifiers
typedef struct {
//ISO14443-A card stuff
uint8_t ATQA[2]; //Answer to Request
uint8_t UID_len;
uint8_t UID[10];
uint8_t SAK;
uint8_t ATS_len; //Answer to select
uint8_t ATS[256];
//ATS
uint8_t TL;
uint8_t T0;
uint8_t TA1;
uint8_t TB1;
uint8_t TC1;
uint8_t* historicalbytes;
//PPS response
uint8_t PPSS;
//SFI 2 record 1
uint8_t tag_4F_len; //length of AID
uint8_t tag_4F[16]; //Application Identifier (AID)
uint8_t tag_50_len; //length of application label
uint8_t tag_50[16]; //Application Label
uint8_t tag_56_len; //track1 length
uint8_t tag_56[76]; //Track 1 Data
uint8_t tag_57_len; //track2 equiv len
uint8_t tag_57[19]; //Track 2 Equivalent Data
uint8_t tag_5A_len; //PAN length
uint8_t tag_5A[10]; //Application Primary Account Number (PAN)
//uint8_t tag_6F[]; //File Control Information (FCI) Template
//uint8_t tag_70[255]; //Record Template
//uint8_t tag_77[]; //Response Message Template Format 2
//uint8_t tag_80[]; //Response Message Template Format 1
uint8_t tag_82[2]; //Application Interchange Profile AIP
//uint8_t tag_83[]; //Command Template
uint8_t tag_84_len;
uint8_t tag_84[16]; //DF Name
uint8_t tag_86_len;
uint8_t tag_86[261]; //Issuer Script Command
uint8_t tag_87[1]; //Application Priority Indicator
uint8_t tag_88[1]; //Short File Identifier
uint8_t tag_8A[2]; //Authorisation Response Code
uint8_t tag_8C_len;
uint8_t tag_8C[252]; //CDOL1
uint8_t tag_8D_len;
uint8_t tag_8D[252]; //CDOL2
uint8_t tag_8E_len;
uint8_t tag_8E[252]; //Cardholder Verification Method (CVM) List
uint8_t tag_8F[1]; //Certification Authority Public Key Index
uint8_t tag_90_len;
uint8_t tag_90[255]; //ssuer Public Key Certificate
uint8_t tag_92_len;
uint8_t tag_92[255]; //Issuer Public Key Remainder
uint8_t tag_93_len;
uint8_t tag_93[255]; //Signed Static Application Data
uint8_t tag_94_len;
uint8_t tag_94[252]; //Application File Locator AFL
uint8_t tag_95[5]; //Terminal Verification Results
uint8_t tag_97_len;
uint8_t tag_97[252]; //Transaction Certificate Data Object List (TDOL)
uint8_t tag_98[20]; //Transaction Certificate (TC) Hash Value
//assume 20 bytes, change after testing
uint8_t tag_99_len;
uint8_t tag_99[20]; //Transaction Personal Identification Number (PIN) Data
uint8_t tag_9A[3]; //Transaction Date
uint8_t tag_9B[2]; //Transaction Status Information
uint8_t tag_9C[1]; //Transaction Type
uint8_t tag_9D_len;
uint8_t tag_9D[16]; //Directory Definition File
uint8_t tag_CD[3]; //Card Issuer Action Codes Paypass
uint8_t tag_CE[3];
uint8_t tag_CF[3];
uint8_t tag_D7[3]; //Application Control (PayPass)
uint8_t tag_D8[2]; //Application Interchange Profile (PayPass)
uint8_t tag_D9_len; //Application File Locator (PayPass)
uint8_t tag_D9[16];
uint8_t tag_DA[2]; //Static CVC3track1
uint8_t tag_DB[2]; //Static CVC3track2
uint8_t tag_DC[2]; //IVCVC3 CVC3track1
uint8_t tag_DD[2]; //IVCVC3 CVC3track2
uint8_t tag_AF_len;
uint8_t tag_AF[255]; //Proprietary Information
uint8_t tag_5F20_len;
uint8_t tag_5F20[26]; //Cardholder Name
uint8_t tag_5F24[3]; //Application Expiry Date
uint8_t tag_5F25[3]; //Application Effective Date YYMMDD
uint8_t tag_5F28[2]; //Issuer Country Code
uint8_t tag_5F2A[2]; //Transaction Currency Code
uint8_t tag_5F2D_len;
uint8_t tag_5F2D[8]; //Language Preference
uint8_t tag_5F30[2]; //Service Code
uint8_t tag_5F34[1]; //Application Primary Account Number (PAN) Sequence Number
uint8_t tag_5F36[2]; //ATC
uint8_t tag_5F50_len;
uint8_t tag_5F50[255]; //Issuer URL
uint8_t tag_5F54_len;
uint8_t tag_5F54[11]; //Bank Identifier Code (BIC)
uint8_t tag_9F01[6]; //Acquirer Identifier
uint8_t tag_9F02[6]; // Amount, Authorised (Numeric)
uint8_t tag_9F03[6]; //Amount, Other (Numeric)
uint8_t tag_9F04[4]; //Amount, Other (Binary)
uint8_t tag_9F05_len;
uint8_t tag_9F05[32]; //Application Discretionary Data
uint8_t tag_9F06_len;
uint8_t tag_9F06[16]; //AID terminal
uint8_t tag_9F07[2]; //Application Usage Control
uint8_t tag_9F08[2]; //Application Version Number
uint8_t tag_9F09[2]; //Application Version Number
//uint8_t tag_9F0A[2]
uint8_t tag_9F0B_len;
uint8_t tag_9F0B[45]; //Cardholder Name Extended
uint8_t tag_9F0D[5]; //Issuer Action Code - Default
uint8_t tag_9F0E[5]; //Issuer Action Code - Denial
uint8_t tag_9F0F[5]; //Issuer Action Code - Online
uint8_t tag_9F10_len; //Issuer Application Data
uint8_t tag_9F10[32];
uint8_t tag_9F11[1]; //Issuer Code Table Index
uint8_t tag_9F12_len;
uint8_t tag_9F12[255]; //Application Preferred Name
uint8_t tag_9F13[2]; //Last Online Application Transaction Counter (ATC) Registerjk
uint8_t tag_9F14[1]; //Lower Consecutive Offline Limit
uint8_t tag_9F15[2]; //Merchant Category Code
uint8_t tag_9F16[15]; //Merchant Identifier
uint8_t tag_9F17[1]; //Personal Identification Number (PIN) Try Counter
uint8_t tag_9F18[4]; //Issuer Script Identifier
//uint8_t tag_9F19[]
uint8_t tag_9F1A[2]; //Terminal Country Code
uint8_t tag_9F1B[4]; //Terminal Floor Limit
uint8_t tag_9F1C[8]; //Terminal Identification
uint8_t tag_9F1D_len;
uint8_t tag_9F1D[8]; //Terminal Risk Management Data
uint8_t tag_9F1E[8]; //Interface Device (IFD) Serial Number
uint8_t tag_9F1F_len;
uint8_t tag_9F1F[255]; //Track 1 Discretionary Data
uint8_t tag_9F20_len;
uint8_t tag_9F20[255]; //Track 2 DD
uint8_t tag_9F21[3]; //Transaction Time
uint8_t tag_9F22[1]; //Certification Authority Public Key Index
uint8_t tag_9F23[1]; //Upper Consecutive Offline Limit
//uint8_t tag_9F24
//uint8_t tag_9F25
uint8_t tag_9F26[8]; //Application Cryptogram
uint8_t tag_9F27[1]; //Cryptogram Information Data
//uint8_t tag_9F28
//uint8_t tag_9F29
//uint8_t tag_9F2A
//uint8_t tag_9F2B
//uint8_t tag_9F2C
uint8_t tag_9F2D_len;
uint8_t tag_9F2D[255]; //Integrated Circuit Card (ICC) PIN Encipherment Public Key Certificate
uint8_t tag_9F2E[3]; //Integrated Circuit Card (ICC) PIN Encipherment Public Key Exponent
uint8_t tag_9F2F_len;
uint8_t tag_9F2F[255]; //Integrated Circuit Card (ICC) PIN Encipherment Public Key Remainder
//uint8_t tag_9F30
//uint8_t tag_9F31
uint8_t tag_9F32_len;
uint8_t tag_9F32[3]; //Issuer Public Key Exponent
uint8_t tag_9F33[3]; //Terminal Capabilities
uint8_t tag_9F34[3]; //Cardholder Verification Method (CVM) Results
uint8_t tag_9F35[1]; //Terminal Type
uint8_t tag_9F36[2]; //Application Transaction Counter (ATC)
uint8_t tag_9F37[4]; //Unpredictable Number
uint8_t tag_9F38_len;
uint8_t tag_9F38[255]; //PDOL
uint8_t tag_9F39[1]; //Point-of-Service (POS) Entry Mode
uint8_t tag_9F40[5]; //Additional Terminal Capabilities
uint8_t tag_9F41[4]; //Transaction Sequence Counter
uint8_t tag_9F42[2]; //Application Currency Code
uint8_t tag_9F43[4]; //Application Reference Currency Exponent
uint8_t tag_9F44[1]; //Application Currency Exponent
uint8_t tag_9F45[2]; //Data Authentication Code
uint8_t tag_9F46_len;
uint8_t tag_9F46[255]; //ICC Public Key Certificate
uint8_t tag_9F47_len;
uint8_t tag_9F47[3]; //ICC Public Key Exponent
uint8_t tag_9F48_len;
uint8_t tag_9F48[255]; //ICC Public Key Remainder
uint8_t tag_9F49_len;
uint8_t tag_9F49[252];
uint8_t tag_9F4A[1]; //SDA Tag list
uint8_t tag_9F4B_len;
uint8_t tag_9F4B[255]; //Signed Dynamic Application Data
uint8_t tag_9F4C[8]; //ICC Dynamic Number
uint8_t tag_9F4D[2]; //Log Entry
uint8_t tag_9F4E[255]; //Merchant Name and Location
//9F50-9F7F are payment system specific
uint8_t tag_9F60[2]; //CVC3 track1
uint8_t tag_9F61[2]; //CVC3 track2
uint8_t tag_9F62[6]; //Track 1 Bit Map for CVC3 (PCVC3TRACK1)
uint8_t tag_9F63[6]; //Track 1 Bit Map for UN and ATC (PUNATCTRACK1)
uint8_t tag_9F64[1]; //Track 1 Number of ATC Digits (NATCTRACK1)
uint8_t tag_9F65[2]; //rack 2 Bit Map for CVC3 (PCVC3TRACK2)
uint8_t tag_9F66[2]; //Track 2 Bit Map for UN and ATC (PUNATCTRACK2), or VISA card type
uint8_t tag_9F67[1]; //Track 2 Number of ATC Digits (NATCTRACK2)
uint8_t tag_9F68_len;
uint8_t tag_9F68[252]; //Mag Stripe CVM List
uint8_t tag_9F69_len;
uint8_t tag_9F69[255]; //Unpredictable Number Data Object List (UDOL)
uint8_t tag_9F6A[8]; //Unpredictable Number (Numeric)
uint8_t tag_9F6B_len;
uint8_t tag_9F6B[19]; //track 2 data
uint8_t tag_9F6C[2]; //Mag Stripe Application Version Number(Card)
//template holders
uint8_t tag_61_len;
uint8_t tag_61[255]; //Application template
uint8_t tag_6F_len;
uint8_t tag_6F[255]; //6F template
uint8_t tag_A5_len;
uint8_t tag_A5[255]; //A5 template
uint8_t tag_DFNAME_len;
uint8_t tag_DFNAME[255]; //A5 template
uint8_t tag_70_len;
uint8_t tag_70[255]; //70 template
uint8_t tag_77_len;
uint8_t tag_77[255]; //77 template
uint8_t tag_80_len;
uint8_t tag_80[255]; //80 template
uint8_t tag_91_len; //Issuer Authentication Data
uint8_t tag_91[16];
uint8_t tag_BF0C_len;
uint8_t tag_BF0C[222]; //File Control Information (FCI) Issuer Discretionary Data
uint8_t tag_DFName[16];
uint8_t tag_DFName_len;
}emvtags;
#endif //__EMVCARD_H

740
armsrc/emvcmd.c Normal file
View file

@ -0,0 +1,740 @@
//Peter Fillmore - 2014
//
//--------------------------------------------------------------------------------
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//--------------------------------------------------------------------------------
//--------------------------------------------------------------------------------
//Routines to support EMV transactions
//--------------------------------------------------------------------------------
#include "mifare.h"
#include "iso14443a.h"
#include "emvutil.h"
#include "emvcmd.h"
#include "apps.h"
#include "emvdataels.h"
static emvtags currentcard; //use to hold emv tags for the reader/card during communications
static tUart Uart;
// The FPGA will report its internal sending delay in
uint16_t FpgaSendQueueDelay;
//variables used for timing purposes:
//these are in ssp_clk cycles:
//static uint32_t NextTransferTime;
static uint32_t LastTimeProxToAirStart;
//static uint32_t LastProxToAirDuration;
//load individual tag into current card
void EMVloadvalue(uint32_t tag, uint8_t *datain){
//Dbprintf("TAG=%i\n", tag);
//Dbprintf("DATA=%s\n", datain);
emv_settag(tag, datain, &currentcard);
}
void EMVReadRecord(uint8_t arg0, uint8_t arg1,emvtags *currentcard)
{
uint8_t record = arg0;
uint8_t sfi = arg1 & 0x0F; //convert arg1 to number
uint8_t receivedAnswer[MAX_FRAME_SIZE];
//uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
//variables
tlvtag inputtag; //create the tag structure
//perform read
//write the result to the provided card
if(!emv_readrecord(record,sfi,receivedAnswer)) {
if(EMV_DBGLEVEL >= 1) Dbprintf("readrecord failed");
}
if(*(receivedAnswer+1) == 0x70){
decode_ber_tlv_item(receivedAnswer+1, &inputtag);
emv_decode_field(inputtag.value, inputtag.valuelength, currentcard);
}
else
{
if(EMV_DBGLEVEL >= 1)
Dbprintf("Record not found SFI=%i RECORD=%i", sfi, record);
}
return;
}
void EMVSelectAID(uint8_t *AID, uint8_t AIDlen, emvtags* inputcard)
{
uint8_t receivedAnswer[MAX_FRAME_SIZE];
//uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
//variables
tlvtag inputtag; //create the tag structure
//perform select
if(!emv_select(AID, AIDlen, receivedAnswer)){
if(EMV_DBGLEVEL >= 1) Dbprintf("AID Select failed");
return;
}
//write the result to the provided card
if(*(receivedAnswer+1) == 0x6F){
//decode the 6F template
decode_ber_tlv_item(receivedAnswer+1, &inputtag);
//store 84 and A5 tags
emv_decode_field(inputtag.value, inputtag.valuelength, &currentcard);
//decode the A5 tag
if(currentcard.tag_A5_len > 0)
emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, &currentcard);
//copy this result to the DFName
if(currentcard.tag_84_len == 0)
memcpy(currentcard.tag_DFName, currentcard.tag_84, currentcard.tag_84_len);
//decode the BF0C result, assuming 1 directory entry for now
if(currentcard.tag_BF0C_len !=0){
emv_decode_field(currentcard.tag_BF0C, currentcard.tag_BF0C_len, &currentcard);}
//retrieve the AID, use the AID to decide what transaction flow to use
if(currentcard.tag_61_len !=0){
emv_decode_field(currentcard.tag_61, currentcard.tag_61_len, &currentcard);}
}
if(EMV_DBGLEVEL >= 2)
DbpString("SELECT AID COMPLETED");
}
int EMVGetProcessingOptions(uint8_t *PDOL, uint8_t PDOLlen, emvtags* inputcard)
{
uint8_t receivedAnswer[MAX_FRAME_SIZE];
//uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
//variables
tlvtag inputtag; //create the tag structure
//perform pdol
if(!emv_getprocessingoptions(PDOL, PDOLlen, receivedAnswer)){
if(EMV_DBGLEVEL >= 1) Dbprintf("get processing options failed");
return 0;
}
//write the result to the provided card
//FORMAT 1 received
if(receivedAnswer[1] == 0x80){
//store AIP
//decode tag 80
decode_ber_tlv_item(receivedAnswer+1, &inputtag);
memcpy(currentcard.tag_82, &inputtag.value, sizeof(currentcard.tag_82));
memcpy(currentcard.tag_94, &inputtag.value[2], inputtag.valuelength - sizeof(currentcard.tag_82));
currentcard.tag_94_len = inputtag.valuelength - sizeof(currentcard.tag_82);
}
else if(receivedAnswer[1] == 0x77){
//decode the 77 template
decode_ber_tlv_item(receivedAnswer+1, &inputtag);
//store 82 and 94 tags (AIP, AFL)
emv_decode_field(inputtag.value, inputtag.valuelength, &currentcard);
}
if(EMV_DBGLEVEL >= 2)
DbpString("GET PROCESSING OPTIONS COMPLETE");
return 1;
}
int EMVGetChallenge(emvtags* inputcard)
{
uint8_t receivedAnswer[MAX_FRAME_SIZE];
//uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
//variables
//tlvtag inputtag; //create the tag structure
//perform select
if(!emv_getchallenge(receivedAnswer)){
if(EMV_DBGLEVEL >= 1) Dbprintf("get processing options failed");
return 1;
}
return 0;
}
int EMVGenerateAC(uint8_t refcontrol, emvtags* inputcard)
{
uint8_t receivedAnswer[MAX_FRAME_SIZE];
uint8_t cdolcommand[MAX_FRAME_SIZE];
uint8_t cdolcommandlen = 0;
tlvtag temptag;
//uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
if(currentcard.tag_8C_len > 0) {
emv_generateDOL(currentcard.tag_8C, currentcard.tag_8C_len, &currentcard, cdolcommand, &cdolcommandlen); }
else{
//cdolcommand = NULL; //cdol val is null
cdolcommandlen = 0;
}
//variables
//tlvtag inputtag; //create the tag structure
//perform select
if(!emv_generateAC(refcontrol, cdolcommand, cdolcommandlen,receivedAnswer)){
if(EMV_DBGLEVEL >= 1) Dbprintf("get processing options failed");
return 1;
}
if(receivedAnswer[2] == 0x77) //format 2 data field returned
{
decode_ber_tlv_item(&receivedAnswer[2], &temptag);
emv_decode_field(temptag.value, temptag.valuelength, &currentcard);
}
return 0;
}
//function to perform paywave transaction
//takes in TTQ, amount authorised, unpredicable number and transaction currency code
int EMV_PaywaveTransaction()
{
uint8_t cardMode = 0;
//determine mode of transaction from TTQ
if((currentcard.tag_9F66[0] & 0x40) == 0x40) {
cardMode = VISA_EMV;
}
else if((currentcard.tag_9F66[0] & 0x20) == 0x20) {
cardMode = VISA_FDDA;
}
else if((currentcard.tag_9F66[0] & 0x80) == 0x80) {
if((currentcard.tag_9F66[1] & 0x80) == 1) { //CVN17
cardMode = VISA_CVN17;
}
else{
cardMode = VISA_DCVV;
}
}
EMVSelectAID(currentcard.tag_4F,currentcard.tag_4F_len, &currentcard); //perform second AID command
//get PDOL
uint8_t pdolcommand[20]; //20 byte buffer for pdol data
uint8_t pdolcommandlen = 0;
if(currentcard.tag_9F38_len > 0) {
emv_generateDOL(currentcard.tag_9F38, currentcard.tag_9F38_len, &currentcard, pdolcommand, &pdolcommandlen);
}
Dbhexdump(pdolcommandlen, pdolcommand,false);
if(!EMVGetProcessingOptions(pdolcommand,pdolcommandlen, &currentcard)) {
if(EMV_DBGLEVEL >= 1) Dbprintf("PDOL failed");
return 1;
}
Dbprintf("AFL=");
Dbhexdump(currentcard.tag_94_len, currentcard.tag_94,false);
Dbprintf("AIP=");
Dbhexdump(2, currentcard.tag_82, false);
emv_decodeAIP(currentcard.tag_82);
//
// //decode the AFL list and read records
uint8_t i = 0;
uint8_t sfi = 0;
uint8_t recordstart = 0;
uint8_t recordend = 0;
if(currentcard.tag_94_len > 0){
while( i < currentcard.tag_94_len){
sfi = (currentcard.tag_94[i++] & 0xF8) >> 3;
recordstart = currentcard.tag_94[i++];
recordend = currentcard.tag_94[i++];
for(int j=recordstart; j<(recordend+1); j++){
//read records
EMVReadRecord(j,sfi, &currentcard);
//while(responsebuffer[0] == 0xF2) {
// EMVReadRecord(j,sfi, &currentcard);
//}
}
i++;
}
}
else {
EMVReadRecord(1,1,&currentcard);
EMVReadRecord(1,2,&currentcard);
EMVReadRecord(1,3,&currentcard);
EMVReadRecord(2,1,&currentcard);
EMVReadRecord(2,2,&currentcard);
EMVReadRecord(2,3,&currentcard);
EMVReadRecord(3,1,&currentcard);
EMVReadRecord(3,3,&currentcard);
EMVReadRecord(4,2,&currentcard);
}
//EMVGetChallenge(&currentcard);
//memcpy(currentcard.tag_9F4C,&responsebuffer[1],8); // ICC UN
EMVGenerateAC(0x81,&currentcard);
Dbprintf("CARDMODE=%i",cardMode);
return 0;
}
int EMV_PaypassTransaction()
{
//uint8_t *responsebuffer = emv_get_bigbufptr();
//tlvtag temptag; //buffer for decoded tags
//get the current block counter
//select the AID (Mastercard
EMVSelectAID(currentcard.tag_4F,currentcard.tag_4F_len, &currentcard);
//get PDOL
uint8_t pdolcommand[20]; //20 byte buffer for pdol data
uint8_t pdolcommandlen = 0;
if(currentcard.tag_9F38_len > 0) {
emv_generateDOL(currentcard.tag_9F38, currentcard.tag_9F38_len, &currentcard, pdolcommand, &pdolcommandlen);
}
if(EMVGetProcessingOptions(pdolcommand,pdolcommandlen, &currentcard)) {
if(EMV_DBGLEVEL >= 1) Dbprintf("PDOL failed");
return 1;
}
Dbprintf("AFL=");
Dbhexdump(currentcard.tag_94_len, currentcard.tag_94,false);
Dbprintf("AIP=");
Dbhexdump(2, currentcard.tag_82, false);
emv_decodeAIP(currentcard.tag_82);
//decode the AFL list and read records
uint8_t i = 0;
uint8_t sfi = 0;
uint8_t recordstart = 0;
uint8_t recordend = 0;
while( i< currentcard.tag_94_len){
sfi = (currentcard.tag_94[i++] & 0xF8) >> 3;
recordstart = currentcard.tag_94[i++];
recordend = currentcard.tag_94[i++];
for(int j=recordstart; j<(recordend+1); j++){
//read records
EMVReadRecord(j,sfi, &currentcard);
//while(responsebuffer[0] == 0xF2) {
// EMVReadRecord(j,sfi, &currentcard);
//}
}
i++;
}
/* get ICC dynamic data */
if((currentcard.tag_82[0] & AIP_CDA_SUPPORTED) == AIP_CDA_SUPPORTED)
{
//DDA supported, so perform GENERATE AC
//generate the iCC UN
EMVGetChallenge(&currentcard);
//memcpy(currentcard.tag_9F4C,&responsebuffer[1],8); // ICC UN
EMVGenerateAC(0x80,&currentcard);
//generate AC2
//if(currentcard.tag_8D_len > 0) {
// emv_generateDOL(currentcard.tag_8D, currentcard.tag_8D_len, &currentcard, cdolcommand, &cdolcommandlen); }
//else{
// //cdolcommand = NULL; //cdol val is null
// cdolcommandlen = 0;
//}
//emv_generateAC(0x80, cdolcommand,cdolcommandlen, &currentcard);
//if(responsebuffer[1] == 0x77) //format 2 data field returned
//{
// decode_ber_tlv_item(&responsebuffer[1], &temptag);
// emv_decode_field(temptag.value, temptag.valuelength, &currentcard);
//}
}
//generate cryptographic checksum
//uint8_t udol[4] = {0x00,0x00,0x00,0x00};
//emv_computecryptogram(udol, sizeof(udol));
//if(responsebuffer[1] == 0x77) //format 2 data field returned
//{
// decode_ber_tlv_item(&responsebuffer[1], &temptag);
// emv_decode_field(temptag.value, temptag.valuelength, &currentcard);
//}
return 0;
}
void EMVTransaction()
{
//params
uint8_t uid[10] = {0x00};
uint32_t cuid = 0;
//setup stuff
BigBuf_free(); BigBuf_Clear_ext(false);
clear_trace();
set_tracing(TRUE);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
while(true) {
if(!iso14443a_select_card(uid,NULL,&cuid)) {
if(EMV_DBGLEVEL >= 1) Dbprintf("Can't select card");
break;
}
//selectPPSE
EMVSelectAID((uint8_t *)DF_PSE, 14, &currentcard); //hard coded len
//get response
if (!memcmp(currentcard.tag_4F, AID_MASTERCARD, sizeof(AID_MASTERCARD))){
Dbprintf("Mastercard Paypass Card Detected");
EMV_PaypassTransaction();
}
else if (!memcmp(currentcard.tag_4F, AID_VISA, sizeof(AID_VISA))){
Dbprintf("VISA Paywave Card Detected");
EMV_PaywaveTransaction();
}
//TODO: add other card schemes like AMEX, JCB, China Unionpay etc
break;
}
if (EMV_DBGLEVEL >= 2) DbpString("EMV TRANSACTION FINISHED");
//finish up
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
void EMVdumpcard(void){
dumpCard(&currentcard);
}
//SIMULATOR CODE
//-----------------------------------------------------------------------------
// Main loop of simulated tag: receive commands from reader, decide what
// response to send, and send it.
//-----------------------------------------------------------------------------
void SimulateEMVcard()
{
//uint8_t sak; //select ACKnowledge
uint16_t readerPacketLen = 64; //reader packet length - provided by RATS, default to 64 bytes if RATS not supported
// The first response contains the ATQA (note: bytes are transmitted in reverse order).
//uint8_t atqapacket[2];
// The second response contains the (mandatory) first 24 bits of the UID
uint8_t uid0packet[5] = {0x00};
memcpy(uid0packet, currentcard.UID, sizeof(uid0packet));
// Check if the uid uses the (optional) part
uint8_t uid1packet[5] = {0x00};
memcpy(uid1packet, currentcard.UID, sizeof(uid1packet));
// Calculate the BitCountCheck (BCC) for the first 4 bytes of the UID.
uid0packet[4] = uid0packet[0] ^ uid0packet[1] ^ uid0packet[2] ^ uid0packet[3];
// Prepare the mandatory SAK (for 4 and 7 byte UID)
uint8_t sak0packet[3] = {0x00};
memcpy(sak0packet,&currentcard.SAK1,1);
ComputeCrc14443(CRC_14443_A, sak0packet, 1, &sak0packet[1], &sak0packet[2]);
uint8_t sak1packet[3] = {0x00};
memcpy(sak1packet,&currentcard.SAK2,1);
// Prepare the optional second SAK (for 7 byte UID), drop the cascade bit
ComputeCrc14443(CRC_14443_A, sak1packet, 1, &sak1packet[1], &sak1packet[2]);
uint8_t authanspacket[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce
//setup response to ATS
uint8_t ratspacket[currentcard.ATS_len];
memcpy(ratspacket,currentcard.ATS, currentcard.ATS_len);
AppendCrc14443a(ratspacket,sizeof(ratspacket)-2);
// Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present,
// TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1
// TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us)
// TC(1) = 0x02: CID supported, NAD not supported
//ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]);
//Receive Acknowledge responses differ by PCB byte
uint8_t rack0packet[] = {0xa2,0x00,0x00};
AppendCrc14443a(rack0packet,1);
uint8_t rack1packet[] = {0xa3,0x00,0x00};
AppendCrc14443a(rack1packet,1);
//Negative Acknowledge
uint8_t rnak0packet[] = {0xb2,0x00,0x00};
uint8_t rnak1packet[] = {0xb3,0x00,0x00};
AppendCrc14443a(rnak0packet,1);
AppendCrc14443a(rnak1packet,1);
//Protocol and parameter selection response, just say yes
uint8_t ppspacket[] = {0xd0,0x00,0x00};
AppendCrc14443a(ppspacket,1);
//hardcoded WTX packet - set to max time (49)
uint8_t wtxpacket[] ={0xf2,0x31,0x00,0x00};
AppendCrc14443a(wtxpacket,2);
//added additional responses for different readers, namely protocol parameter select and Receive acknowledments. - peter fillmore.
//added defininitions for predone responses to aid readability
#define ATR 0
#define UID1 1
#define UID2 2
#define SELACK1 3
#define SELACK2 4
#define AUTH_ANS 5
#define ATS 6
#define RACK0 7
#define RACK1 8
#define RNAK0 9
#define RNAK1 10
#define PPSresponse 11
#define WTX 12
#define TAG_RESPONSE_COUNT 13
tag_response_info_t responses[TAG_RESPONSE_COUNT] = {
{ .response = currentcard.ATQA, .response_n = sizeof(currentcard.ATQA) }, // Answer to request - respond with card type
{ .response = uid0packet, .response_n = sizeof(uid0packet) }, // Anticollision cascade1 - respond with uid
{ .response = uid1packet, .response_n = sizeof(uid1packet) }, // Anticollision cascade2 - respond with 2nd half of uid if asked
{ .response = sak0packet, .response_n = sizeof(sak0packet) }, // Acknowledge select - cascade 1
{ .response = sak1packet, .response_n = sizeof(sak1packet) }, // Acknowledge select - cascade 2
{ .response = authanspacket, .response_n = sizeof(authanspacket) }, // Authentication answer (random nonce)
{ .response = ratspacket, .response_n = sizeof(ratspacket) }, // dummy ATS (pseudo-ATR), answer to RATS
{ .response = rack0packet, .response_n = sizeof(rack0packet) }, //R(ACK)0
{ .response = rack1packet, .response_n = sizeof(rack1packet) }, //R(ACK)0
{ .response = rnak0packet, .response_n = sizeof(rnak0packet) }, //R(NAK)0
{ .response = rnak1packet, .response_n = sizeof(rnak1packet) }, //R(NAK)1
{ .response = ppspacket, .response_n = sizeof(ppspacket)}, //PPS packet
{ .response = wtxpacket, .response_n = sizeof(wtxpacket)}, //WTX packet
};
//calculated length of predone responses
uint16_t allocatedtaglen = 0;
for(int i=0;i<TAG_RESPONSE_COUNT;i++){
allocatedtaglen += responses[i].response_n;
}
//uint8_t selectOrder = 0;
BigBuf_free_keep_EM();
// Allocate 512 bytes for the dynamic modulation, created when the reader queries for it
// Such a response is less time critical, so we can prepare them on the fly
#define DYNAMIC_RESPONSE_BUFFER_SIZE 256 //max frame size
#define DYNAMIC_MODULATION_BUFFER_SIZE 2 + 9*DYNAMIC_RESPONSE_BUFFER_SIZE //(start and stop bit, 8 bit packet with 1 bit parity
//uint8_t dynamic_response_buffer[DYNAMIC_RESPONSE_BUFFER_SIZE];
//uint8_t dynamic_modulation_buffer[DYNAMIC_MODULATION_BUFFER_SIZE];
uint8_t *dynamic_response_buffer = BigBuf_malloc(DYNAMIC_RESPONSE_BUFFER_SIZE);
uint8_t *dynamic_modulation_buffer = BigBuf_malloc(DYNAMIC_MODULATION_BUFFER_SIZE);
tag_response_info_t dynamic_response_info = {
.response = dynamic_response_buffer,
.response_n = 0,
.modulation = dynamic_modulation_buffer,
.modulation_n = 0
};
// allocate buffers from BigBuf (so we're not in the stack)
uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
//uint8_t* free_buffer_pointer;
//free_buffer_pointer = BigBuf_malloc((allocatedtaglen*8) +(allocatedtaglen) + (TAG_RESPONSE_COUNT * 3));
BigBuf_malloc((allocatedtaglen*8) +(allocatedtaglen) + (TAG_RESPONSE_COUNT * 3));
// clear trace
clear_trace();
set_tracing(TRUE);
// Prepare the responses of the anticollision phase
// there will be not enough time to do this at the moment the reader sends it REQA
for (size_t i=0; i<TAG_RESPONSE_COUNT; i++)
prepare_allocated_tag_modulation(&responses[i]);
int len = 0;
// To control where we are in the protocol
int order = 0;
int lastorder;
int currentblock = 1; //init to 1
int previousblock = 0; //used to store previous block counter
// Just to allow some checks
int happened = 0;
int happened2 = 0;
int cmdsRecvd = 0;
// We need to listen to the high-frequency, peak-detected path.
iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
cmdsRecvd = 0;
tag_response_info_t* p_response;
LED_A_ON();
for(;;) {
// Clean receive command buffer
if(!GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len)) {
DbpString("Button press");
break;
}
p_response = NULL;
// Okay, look at the command now.
previousblock = currentblock; //get previous block
lastorder = order;
currentblock = receivedCmd[0] & 0x01;
if(receivedCmd[0] == 0x26) { // Received a REQUEST
p_response = &responses[ATR]; order = REQA;
} else if(receivedCmd[0] == 0x52) { // Received a WAKEUP
p_response = &responses[ATR]; order = WUPA;
} else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) { // Received request for UID (cascade 1)
p_response = &responses[UID1]; order = SELUID1;
} else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x95) { // Received request for UID (cascade 2)
p_response = &responses[UID2]; order = SELUID2;
} else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x93) { // Received a SELECT (cascade 1)
p_response = &responses[SELACK1]; order = SEL1;
} else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x95) { // Received a SELECT (cascade 2)
p_response = &responses[SELACK2]; order = SEL2;
} else if((receivedCmd[0] & 0xA2) == 0xA2){ //R-Block received
if(previousblock == currentblock){ //rule 11, retransmit last block
p_response = &dynamic_response_info;
} else {
if((receivedCmd[0] & 0xB2) == 0xB2){ //RNAK, rule 12
if(currentblock == 0)
p_response = &responses[RACK0];
else
p_response = &responses[RACK1];
} else {
//rule 13
//TODO: implement chaining
}
}
}
else if(receivedCmd[0] == 0xD0){ //Protocol and parameter selection response
p_response = &responses[PPSresponse];
order = PPS;
}
else if(receivedCmd[0] == 0x30) { // Received a (plain) READ
//we're an EMV card - so no read commands
p_response = NULL;
} else if(receivedCmd[0] == 0x50) { // Received a HALT
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
p_response = NULL;
order = HLTA;
} else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request
p_response = &responses[AUTH_ANS];
order = AUTH;
} else if(receivedCmd[0] == 0xE0) { // Received a RATS request
readerPacketLen = GetReaderLength(receivedCmd); //get length of supported packet
p_response = &responses[ATS];
order = RATS;
} else if (order == AUTH && len == 8) { // Received {nr] and {ar} (part of authentication)
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
uint32_t nr = bytes_to_num(receivedCmd,4);
uint32_t ar = bytes_to_num(receivedCmd+4,4);
Dbprintf("Auth attempt {nr}{ar}: %08x %08x",nr,ar);
} else {
// Check for ISO 14443A-4 compliant commands, look at left nibble
switch (receivedCmd[0]) {
case 0x0B:
case 0x0A: // IBlock (command)
case 0x02:
case 0x03: {
dynamic_response_info.response_n = 0;
dynamic_response_info.response[0] = receivedCmd[0]; // copy PCB
//dynamic_response_info.response[1] = receivedCmd[1]; // copy PCB
dynamic_response_info.response_n++ ;
switch(receivedCmd[1]) {
case 0x00:
switch(receivedCmd[2]){
case 0xA4: //select
if(receivedCmd[5] == 0x0E){
}
else if(receivedCmd[5] == 0x07){
//selectOrder = 0;
}
else{ //send not supported msg
memcpy(dynamic_response_info.response+1, "\x6a\x82", 2);
dynamic_response_info.response_n += 2;
}
break;
case 0xB2: //read record
if(receivedCmd[3] == 0x01 && receivedCmd[4] == 0x0C){
dynamic_response_info.response_n += 2;
Dbprintf("READ RECORD 1 1");
}
break;
}
break;
case 0x80:
switch(receivedCmd[2]){
case 0xA8: //get processing options
break;
}
}
}break;
case 0x1A:
case 0x1B: { // Chaining command
dynamic_response_info.response[0] = 0xaa | ((receivedCmd[0]) & 1);
dynamic_response_info.response_n = 2;
} break;
case 0xaa:
case 0xbb: {
dynamic_response_info.response[0] = receivedCmd[0] ^ 0x11;
dynamic_response_info.response_n = 2;
} break;
case 0xBA: { //
memcpy(dynamic_response_info.response,"\xAB\x00",2);
dynamic_response_info.response_n = 2;
} break;
case 0xCA:
case 0xC2: { // Readers sends deselect command
//we send the command back - this is what tags do in android implemenation i believe - peterfillmore
memcpy(dynamic_response_info.response,receivedCmd,1);
dynamic_response_info.response_n = 1;
} break;
default: {
// Never seen this command before
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
Dbprintf("Received unknown command (len=%d):",len);
Dbhexdump(len,receivedCmd,false);
// Do not respond
dynamic_response_info.response_n = 0;
} break;
}
if (dynamic_response_info.response_n > 0) {
// Copy the CID from the reader query
//dynamic_response_info.response[1] = receivedCmd[1];
// Add CRC bytes, always used in ISO 14443A-4 compliant cards
AppendCrc14443a(dynamic_response_info.response,dynamic_response_info.response_n);
dynamic_response_info.response_n += 2;
if(dynamic_response_info.response_n > readerPacketLen){ //throw error if our reader doesn't support the send packet length
Dbprintf("Error: tag response is longer then what the reader supports, TODO:implement command chaining");
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break;
}
if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
Dbprintf("Error preparing tag response");
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break;
}
p_response = &dynamic_response_info;
}
}
// Count number of wakeups received after a halt
if(order == HLTA && lastorder == PPS) { happened++; }
// Count number of other messages after a halt
if(order != HLTA && lastorder == PPS) { happened2++; }
if(cmdsRecvd > 999) {
DbpString("1000 commands later...");
break;
}
cmdsRecvd++;
if (p_response != NULL) {
EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
// do the tracing for the previous reader request and this tag answer:
uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(p_response->response, p_response->response_n, par);
EmLogTrace(Uart.output,
Uart.len,
Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG,
Uart.parity,
p_response->response,
p_response->response_n,
LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG,
(LastTimeProxToAirStart + p_response->ProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG,
par);
}
if (!tracing) {
Dbprintf("Trace Full. Simulation stopped.");
break;
}
}
Dbprintf("%x %x %x", happened, happened2, cmdsRecvd);
LED_A_OFF();
BigBuf_free_keep_EM();
}

32
armsrc/emvcmd.h Normal file
View file

@ -0,0 +1,32 @@
//------------------------------------------------------------------------------
// Peter Fillmore -2012
// Based off MIFARECMD code
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Routines to support EMV Transactions.
//-----------------------------------------------------------------------------
#ifndef __EMVCMD_H
#define __EMVCMD_H
#include "proxmark3.h"
#include "apps.h"
#include "util.h"
#include "string.h"
#include "iso14443crc.h"
#include "iso14443a.h"
#include "common.h"
#include "emvutil.h"
#include "emvcard.h"
#define VISA_DCVV 0
#define VISA_CVN17 1
#define VISA_FDDA 2
#define VISA_EMV 3
#define MASTERCARD_MSR 0
#define MASTERCARD_MCHIP 1
#endif

127
armsrc/emvdataels.c Normal file
View file

@ -0,0 +1,127 @@
//Data elements for EMV transactions.
#include <stdint.h>
#ifndef __EMVDATAELS_H
#define __EMVDATAELS_H
#include "emvdataels.h"
//Known AIDs
typedef struct{
uint8_t tag[2];
char description[255];
}tagdescription;
const uint8_t AID_VISA[] = {0xa0,0x00,0x00,0x00,0x03};
const uint8_t AID_VISA_DB[] = {0xa0,0x00,0x00,0x00,0x03,0x10,0x10};
const uint8_t AID_VISA_C[] = {0xa0,0x00,0x00,0x00,0x03,0x10,0x10,0x01};
const uint8_t AID_VISA_D[] = {0xa0,0x00,0x00,0x00,0x03,0x10,0x10,0x02};
const uint8_t AID_VISA_E[] = {0xa0,0x00,0x00,0x00,0x03,0x20,0x10};
const uint8_t AID_VISA_I[] = {0xa0,0x00,0x00,0x00,0x03,0x30,0x10};
const uint8_t AID_VISA_P[] = {0xa0,0x00,0x00,0x00,0x03,0x80,0x10};
const uint8_t AID_VISA_ATM[]= {0xa0,0x00,0x00,0x00,0x03,0x99,0x99,0x10};
const uint8_t AID_MASTERCARD[]= {0xa0,0x00,0x00,0x00,0x04,0x10,0x10};
const uint8_t AID_MAESTRO[] = {0xa0,0x00,0x00,0x00,0x04,0x30,0x60};
const uint8_t AID_MAESTRO_UK[]= {0xa0,0x00,0x00,0x00,0x05,0x00,0x01};
const uint8_t AID_MAESTRO_TEST[]={0xb0,0x12,0x34,0x56,0x78};
const uint8_t AID_SELF_SERVICE[]={0xa0,0x00,0x00,0x00,0x24,0x01};
const uint8_t AID_AMEX[] = {0xa0,0x00,0x00,0x00,0x25};
const uint8_t AID_EXPRESSPAY[]= {0xa0,0x00,0x00,0x00,0x25,0x01,0x07,0x01};
const uint8_t AID_LINK[] = {0xa0,0x00,0x00,0x00,0x29,0x10,0x10};
const uint8_t AID_ALIAS[] = {0xa0,0x00,0x00,0x00,0x29,0x10,0x10};
//Master data file for PSE
//const uint8_t DF_PSE[] = {0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31};
const uint8_t DF_PSE[] = {0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31};
//TAGS
//SW1 return values
const uint8_t SW1_RESPONSE_BYTES[] = {0x61};
const uint8_t SW1_WRONG_LENGTH[] = {0x6c};
const uint8_t SW12_OK[] = {0x90,0x00};
const uint8_t SW12_NOT_SUPPORTED[] = {0x6a,0x81};
const uint8_t SW12_NOT_FOUND[] = {0x6a,0x82};
const uint8_t SW12_COND_NOT_SAT[] = {0x69,0x83};
const uint8_t PIN_BLOCKED[] = {0x69,0x84};
const uint8_t PIN_BLOCKED2[] = {0x69,0x84};
const uint8_t PIN_WRONG[] = {0x63};
const tagdescription EMV_TAG_LIST[] = {
{"\x4f\x00","Application Identifier (AID)"},
{"\x50\x00","Application Label"},
{"\x57\x00","Track 2 Equivalent Data"},
{"\x5a\x00","Application Primary Account Number (PAN)"},
{"\x6f\x00","File Control Information (FCI) Template"},
{"\x70\x00","Record Template"},
{"\x77\x00","response message template format 2"},
{"\x80\x00","response message template format 1"},
{"\x82\x00","application interchange profile"},
{"\x83\x00","command template"},
{"\x84\x00","df name"},
{"\x86\x00","issuer script command"},
{"\x87\x00","application priority indicator"},
{"\x88\x00","short file identifier"},
{"\x8a\x00","authorisation response code"},
{"\x8c\x00","card risk management data object list 1 (cdol1)"},
{"\x8d\x00","card risk management data object list 2 (cdol2)"},
{"\x8e\x00","cardholder verification method (cvm) list"},
{"\x8f\x00","certification authority public key index"},
{"\x93\x00","signed static application data"},
{"\x94\x00","application file locator"},
{"\x95\x00","terminal verification results"},
{"\x97\x00","transaction certificate data object list (tdol)",},
{"\x9c\x00","transaction type"},
{"\x9d\x00","directory definition file"},
{"\xa5\x00","proprietary information"},
{"\x5f\x20","cardholder name"},
{"\x5f\x24","application expiration date yymmdd"},
{"\x5f\x25","application effective date yymmdd"},
{"\x5f\x28","issuer country code"},
{"\x5f\x2a","transaction currency code"},
{"\x5f\x2d","language preference"},
{"\x5f\x30","service code"},
{"\x5f\x34","application primary account number (pan) sequence number"},
{"\x5f\x50","issuer url"},
{"\x92\x00","issuer public key remainder"},
{"\x9a\x00","transaction date"},
{"\x9f\x02","amount, authorised (numeric)"},
{"\x9f\x03","amount, other (numeric)"},
{"\x9f\x04","amount, other (binary)"},
{"\x9f\x05","application discretionary data"},
{"\x9f\x07","application usage control"},
{"\x9f\x08","application version number"},
{"\x9f\x0d","issuer action code - default"},
{"\x9f\x0e","issuer action code - denial"},
{"\x9f\x0f","issuer action code - online"},
{"\x9f\x11","issuer code table index"},
{"\x9f\x12","application preferred name"},
{"\x9f\x1a","terminal country code"},
{"\x9f\x1f","track 1 discretionary data"},
{"\x9f\x20","track 2 discretionary data"},
{"\x9f\x26","application cryptogram"},
{"\x9f\x32","issuer public key exponent"},
{"\x9f\x36","application transaction counter"},
{"\x9f\x37","unpredictable number"},
{"\x9f\x38","processing options data object list (pdol)"},
{"\x9f\x42","application currency code"},
{"\x9f\x44","application currency exponent"},
{"\x9f\x4a","static data authentication tag list"},
{"\x9f\x4d","log entry"},
{"\x9f\x66","card production life cycle"},
{"\xbf\x0c","file control information (fci) issuer discretionary data"}
};
//AIP bitmasks details
#define AIP_CHIP_SUPPORTED 0x80
#define AIP_MSR_SUPPORTED 0x40
#define AIP_SDA_SUPPORTED 0x40
#define AIP_DDA_SUPPORTED 0x20
#define AIP_CARDHOLDER_VERIFICATION 0x10
#define AIP_TERMINAL_RISK 0x08
#define AIP_ISSUER_AUTH 0x04
#define AIP_CDA_SUPPORTED 0x01
//human readable error messages
#endif //__EMVDATAELS_H

56
armsrc/emvdataels.h Normal file
View file

@ -0,0 +1,56 @@
//Data elements for EMV transactions.
#include <stdint.h>
#ifndef __EMVDATAELS_H
#define __EMVDATAELS_H
//Known AIDs
extern const uint8_t AID_VISA[5];
extern const uint8_t AID_VISA_DB[7] ;
extern const uint8_t AID_VISA_C[8] ;
extern const uint8_t AID_VISA_D[8] ;
extern const uint8_t AID_VISA_E[7] ;
extern const uint8_t AID_VISA_I[7] ;
extern const uint8_t AID_VISA_P[7] ;
extern const uint8_t AID_VISA_ATM[8];
extern const uint8_t AID_MASTERCARD[7];
extern const uint8_t AID_MAESTRO[7];
extern const uint8_t AID_MAESTRO_UK[7];
extern const uint8_t AID_MAESTRO_TEST[5];
extern const uint8_t AID_SELF_SERVICE[6];
extern const uint8_t AID_AMEX[5];
extern const uint8_t AID_EXPRESSPAY[];
extern const uint8_t AID_LINK[7];
extern const uint8_t AID_ALIAS[7];
//Master data file for PSE
extern const uint8_t DF_PSE[];
typedef struct{
uint8_t tag[2];
char description[255];
}tagdescription;
extern const tagdescription EMV_TAG_LIST[62]; //SW1 return values
extern const uint8_t SW1_RESPONSE_BYTES[];
extern const uint8_t SW1_WRONG_LENGTH[] ;
extern const uint8_t SW12_OK[];
extern const uint8_t SW12_NOT_SUPPORTED[] ;
extern const uint8_t SW12_NOT_FOUND[];
extern const uint8_t SW12_COND_NOT_SAT[];
extern const uint8_t PIN_BLOCKED[] ;
extern const uint8_t PIN_BLOCKED2[] ;
extern const uint8_t PIN_WRONG[] ;
//AIP bitmasks details
#define AIP_CHIP_SUPPORTED 0x80
#define AIP_MSR_SUPPORTED 0x40
#define AIP_SDA_SUPPORTED 0x40
#define AIP_DDA_SUPPORTED 0x20
#define AIP_CARDHOLDER_VERIFICATION 0x10
#define AIP_TERMINAL_RISK 0x08
#define AIP_ISSUER_AUTH 0x04
#define AIP_CDA_SUPPORTED 0x01
//human readable error messages
//file structure, read from AFL
#endif //__EMVDATAELS_H

1837
armsrc/emvutil.c Normal file
View file

File diff suppressed because it is too large Load diff

89
armsrc/emvutil.h Normal file
View file

@ -0,0 +1,89 @@
//-----------------------------------------------------------------------------
// Peter Fillmore 2014
// code derived off merloks mifare code
//
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// code for work with EMV cards.
//-----------------------------------------------------------------------------
#ifndef __EMVUTIL_H
#define __EMVUTIL_H
#include <stdarg.h>
#include <stdint.h>
#include "iso14443a.h"
#include "tlv.h"
#include "emvtags.h"
#include "emvdataels.h"
// mifare 4bit card answers
// reader voltage field detector
#define EMV_MINFIELDV 4000
// debug
// 0 - no debug messages 1 - error messages 2 - all messages 4 - extended debug mode
#define EMV_DBG_NONE 0
#define EMV_DBG_ERROR 1
#define EMV_DBG_ALL 2
#define EMV_DBG_EXTENDED 4
extern int EMV_DBGLEVEL;
//EMV emulator states need to update
#define EMVEMUL_NOFIELD 0
#define EMVEMUL_IDLE 1
#define EMVEMUL_SELECT1 2
#define EMVEMUL_SELECT2 3
#define EMVEMUL_SELECT3 4
#define EMVEMUL_AUTH1 5
#define EMVEMUL_AUTH2 6
#define EMVEMUL_WORK 7
#define EMVEMUL_HALTED 8
#define EMVEMUL_ACK 9
//#define cardSTATE_TO_IDLE() cardSTATE = EMVEMUL_IDLE; LED_B_OFF(); LED_C_OFF();
//grabbed from iso14443a.c
//static int EmGetCmd(uint8_t *received, int *len);
//int EmSendCmdEx(uint8_t *resp, size_t respLen, bool correctionNeeded);//tag types
//int EmSendCmd(uint8_t *resp, size_t respLen);
//#define cardSTATE_TO_IDLE() cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF();
//extern int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data);
//functions
//int emv_sendapdu( uint8_t cla, uint8_t ins, uint8_t p1, uint8_t p2, uint8_t lc, uint8_t* data, uint8_t le);
int emv_select(uint8_t* AID, uint8_t AID_len, void* data);
int emv_selectPPSE();
int emv_readrecord(uint8_t recordnumber, uint8_t sfi, void* data);
int emv_getprocessingoptions(uint8_t* pdol, uint8_t pdol_len, void* data
);
int emv_computecryptogram(uint8_t* UDOL, uint8_t UDOL_len, void *data);
//return 8 8byte ICC random number.
int emv_getchallenge(void *data);
int emv_loopback(uint8_t* transData , uint8_t transData_len, void *data);
int emv_generateAC(uint8_t refcontrolparam, uint8_t* cdolinput, uint8_t cdolinputlen, void* data);
int emv_decodeAFL(uint8_t* AFL, uint8_t AFLlen);
int emv_decodeAIP(uint8_t* AIP);
int emv_decodeCVM(uint8_t* CVM, uint8_t CVMlen);
//memory management
//uint8_t* emv_get_bigbufptr(void);
//uint8_t* emv_get_bigbufptr_sendbuf(void);
//uint8_t* emv_get_bigbufptr_recbuf(void);
//emulator
//void EMVsim();
//utils
int emv_printtag(uint8_t* selected_tag,emvtags* inputcard, uint8_t* outputstring, uint8_t* outputlen);
int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvtags *result);
int emv_emvtags_decode_tag(tlvtag* inputtag, emvtags* currentcard);
//look up a tag in the current structure
int emv_lookuptag(uint8_t* tag, emvtags* currentcard, uint8_t* outputval, uint8_t* outputvallen);
//set a tag from external impurt
int emv_settag(uint32_t tag, uint8_t *datain, emvtags *currentcard) ;
void dumpCard(emvtags* currentcard);
//generate a valid PDOL list from the returned card value, used in get processing options
int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvtags* currentcard, uint8_t* DOLoutput, uint8_t* DOLoutputlen);
int emv_generatetemplate(uint8_t* templateval,emvtags* currentcard, uint8_t* returnedval, uint8_t* returnedlen, uint8_t numtags, ...);
#endif

78
armsrc/tlv.c Normal file
View file

@ -0,0 +1,78 @@
#include <tlv.h>
#include <stddef.h>
int decode_ber_tlv_item(uint8_t* data, tlvtag* returnedtag)
{
uint8_t tag[TAG_LENGTH] = {0x00,0x00};
uint16_t length = 0;
//uint8_t value[VALUE_LENGTH];
uint8_t lenlen = 0;
int i = 0;
int z = 0;
//decode tag
tag[0] = data[0];
if((tag[0] & TLV_TAG_NUMBER_MASK) == TLV_TAG_NUMBER_MASK) { //see subsequent bytes
i++;
tag[i] = data[i];
//assume tag is only two bytes long for now
/*
while((data[i] & TLV_TAG_MASK) == TLV_TAG_MASK){
i++;
tag[i] = data[i];
}
*/
}
i++;
//decode length
if((data[i] & TLV_LENGTH_MASK) == TLV_LENGTH_MASK) {
lenlen = data[i] ^ TLV_LENGTH_MASK;
i++;
length = (uint16_t)data[i];
z = 1;
while(z < lenlen){
i++;
z++;
length <<= 8;
length += (uint16_t)data[i];
}
i++;
}
else {
length = (uint16_t)data[i];
i++;
}
//copy results into the structure and return
memcpy(returnedtag->tag, tag, TAG_LENGTH);
(*returnedtag).valuelength = length; //return length of tag value
(*returnedtag).fieldlength = length + i + 1; //return length of total field
memcpy(returnedtag->value, &(data[i]), length);
return 0;
}
//generate a TLV tag off input data
int encode_ber_tlv_item(uint8_t* tag, uint8_t taglen, uint8_t* data, uint32_t datalen, uint8_t* outputtag, uint32_t* outputtaglen)
{
if(!tag || !data || !outputtag || !outputtaglen) //null pointer check
return 0;
uint8_t datafieldlen = (datalen / 128) + 1; //field length of the tag
uint8_t tlvtotallen = taglen + datafieldlen + datalen; //total length of the tag
uint8_t returnedtag[tlvtotallen]; //buffer for the returned tag
uint8_t counter = 0;
memcpy(returnedtag, tag, taglen); //copy tag into buffer
counter += taglen;
if(datalen < 128){ // 1 byte length value
returnedtag[counter++] = datalen;
}
else{
returnedtag[counter++] = datafieldlen | 0x80; //high bit set and number of length bytes
for(uint8_t i=datafieldlen; i !=0; i--){
returnedtag[counter++] = (datalen >> (i * 8)) & 0xFF; //get current byte
}
}
memcpy(&returnedtag[counter], data, datalen);
*outputtaglen = tlvtotallen;
memcpy(outputtag, returnedtag,tlvtotallen);
return 0;
}

34
armsrc/tlv.h Normal file
View file

@ -0,0 +1,34 @@
#ifndef __TLV_H
#define __TLV_H
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
//structure buffer definitions
#define TAG_LENGTH 2
#define VALUE_LENGTH 1024
//masks
//if TLV_TAG_NUMBER_MASK bits are set, refer to the next byte for the tag number
//otherwise its located in bits 1-5
#define TLV_TAG_NUMBER_MASK 0x1f
//if TLV_DATA_MASK set then its a 'constructed data object'
//otherwise a 'primitive data object'
#define TLV_DATA_MASK 0x20
#define TLV_TAG_MASK 0x80
#define TLV_LENGTH_MASK 0x80
//tlv tag structure, tag can be max of 2 bytes, length up to 65535 and value 1024 bytes long
typedef struct {
uint8_t tag[TAG_LENGTH];
uint16_t fieldlength;
uint16_t valuelength;
uint8_t value[VALUE_LENGTH];
}tlvtag;
//decode a BER TLV
extern int decode_ber_tlv_item(uint8_t* data, tlvtag* returnedtag);
extern int encode_ber_tlv_item(uint8_t* tag, uint8_t taglen, uint8_t*data, uint32_t datalen, uint8_t* outputtag, uint32_t* outputtaglen);
#endif //__TLV_H

249
common/emvtags.h Normal file
View file

@ -0,0 +1,249 @@
//-----------------------------------------------------------------------------
// Peter Fillmore 2014
// code derived off merloks mifare code
//
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// structure to hold EMV card and terminal parameters
//-----------------------------------------------------------------------------
#ifndef __EMVCARD_H
#define __EMVCARD_H
#include <stdint.h>
#include <stddef.h>
//structure to hold received/set tag values
//variable data inputs have length specifiers
typedef struct {
//ISO14443-A card stuff
uint8_t ATQA[2]; //Answer to Request
uint8_t UID_len;
uint8_t UID[10];
uint8_t SAK1; //SAK for UID 1
uint8_t SAK2; //SAK for UID 2
uint8_t ATS_len; //Answer to select
uint8_t ATS[256];
//ATS
uint8_t TL;
uint8_t T0;
uint8_t TA1;
uint8_t TB1;
uint8_t TC1;
uint8_t* historicalbytes;
//PPS response
uint8_t PPSS;
//SFI 2 record 1
uint8_t tag_4F_len; //length of AID
uint8_t tag_4F[16]; //Application Identifier (AID)
uint8_t tag_50_len; //length of application label
uint8_t tag_50[16]; //Application Label
uint8_t tag_56_len; //track1 length
uint8_t tag_56[76]; //Track 1 Data
uint8_t tag_57_len; //track2 equiv len
uint8_t tag_57[19]; //Track 2 Equivalent Data
uint8_t tag_5A_len; //PAN length
uint8_t tag_5A[10]; //Application Primary Account Number (PAN)
//uint8_t tag_6F[]; //File Control Information (FCI) Template
//uint8_t tag_70[255]; //Record Template
//uint8_t tag_77[]; //Response Message Template Format 2
//uint8_t tag_80[]; //Response Message Template Format 1
uint8_t tag_82[2]; //Application Interchange Profile AIP
//uint8_t tag_83[]; //Command Template
uint8_t tag_84_len;
uint8_t tag_84[16]; //DF Name
uint8_t tag_86_len;
uint8_t tag_86[261]; //Issuer Script Command
uint8_t tag_87[1]; //Application Priority Indicator
uint8_t tag_88[1]; //Short File Identifier
uint8_t tag_8A[2]; //Authorisation Response Code
uint8_t tag_8C_len;
uint8_t tag_8C[252]; //CDOL1
uint8_t tag_8D_len;
uint8_t tag_8D[252]; //CDOL2
uint8_t tag_8E_len;
uint8_t tag_8E[252]; //Cardholder Verification Method (CVM) List
uint8_t tag_8F[1]; //Certification Authority Public Key Index
uint8_t tag_90_len;
uint8_t tag_90[255]; //ssuer Public Key Certificate
uint8_t tag_92_len;
uint8_t tag_92[255]; //Issuer Public Key Remainder
uint8_t tag_93_len;
uint8_t tag_93[255]; //Signed Static Application Data
uint8_t tag_94_len;
uint8_t tag_94[252]; //Application File Locator AFL
uint8_t tag_95[5]; //Terminal Verification Results
uint8_t tag_97_len;
uint8_t tag_97[252]; //Transaction Certificate Data Object List (TDOL)
uint8_t tag_98[20]; //Transaction Certificate (TC) Hash Value
//assume 20 bytes, change after testing
uint8_t tag_99_len;
uint8_t tag_99[20]; //Transaction Personal Identification Number (PIN) Data
uint8_t tag_9A[3]; //Transaction Date
uint8_t tag_9B[2]; //Transaction Status Information
uint8_t tag_9C[1]; //Transaction Type
uint8_t tag_9D_len;
uint8_t tag_9D[16]; //Directory Definition File
uint8_t tag_CD[3]; //Card Issuer Action Codes Paypass
uint8_t tag_CE[3];
uint8_t tag_CF[3];
uint8_t tag_D7[3]; //Application Control (PayPass)
uint8_t tag_D8[2]; //Application Interchange Profile (PayPass)
uint8_t tag_D9_len; //Application File Locator (PayPass)
uint8_t tag_D9[16];
uint8_t tag_DA[2]; //Static CVC3track1
uint8_t tag_DB[2]; //Static CVC3track2
uint8_t tag_DC[2]; //IVCVC3 CVC3track1
uint8_t tag_DD[2]; //IVCVC3 CVC3track2
uint8_t tag_AF_len;
uint8_t tag_AF[255]; //Proprietary Information
uint8_t tag_5F20_len;
uint8_t tag_5F20[26]; //Cardholder Name
uint8_t tag_5F24[3]; //Application Expiry Date
uint8_t tag_5F25[3]; //Application Effective Date YYMMDD
uint8_t tag_5F28[2]; //Issuer Country Code
uint8_t tag_5F2A[2]; //Transaction Currency Code
uint8_t tag_5F2D_len;
uint8_t tag_5F2D[8]; //Language Preference
uint8_t tag_5F30[2]; //Service Code
uint8_t tag_5F34[1]; //Application Primary Account Number (PAN) Sequence Number
uint8_t tag_5F36[2]; //ATC
uint8_t tag_5F50_len;
uint8_t tag_5F50[255]; //Issuer URL
uint8_t tag_5F54_len;
uint8_t tag_5F54[11]; //Bank Identifier Code (BIC)
uint8_t tag_9F01[6]; //Acquirer Identifier
uint8_t tag_9F02[6]; // Amount, Authorised (Numeric)
uint8_t tag_9F03[6]; //Amount, Other (Numeric)
uint8_t tag_9F04[4]; //Amount, Other (Binary)
uint8_t tag_9F05_len;
uint8_t tag_9F05[32]; //Application Discretionary Data
uint8_t tag_9F06_len;
uint8_t tag_9F06[16]; //AID terminal
uint8_t tag_9F07[2]; //Application Usage Control
uint8_t tag_9F08[2]; //Application Version Number
uint8_t tag_9F09[2]; //Application Version Number
//uint8_t tag_9F0A[2]
uint8_t tag_9F0B_len;
uint8_t tag_9F0B[45]; //Cardholder Name Extended
uint8_t tag_9F0D[5]; //Issuer Action Code - Default
uint8_t tag_9F0E[5]; //Issuer Action Code - Denial
uint8_t tag_9F0F[5]; //Issuer Action Code - Online
uint8_t tag_9F10_len; //Issuer Application Data
uint8_t tag_9F10[32];
uint8_t tag_9F11[1]; //Issuer Code Table Index
uint8_t tag_9F12_len;
uint8_t tag_9F12[255]; //Application Preferred Name
uint8_t tag_9F13[2]; //Last Online Application Transaction Counter (ATC) Registerjk
uint8_t tag_9F14[1]; //Lower Consecutive Offline Limit
uint8_t tag_9F15[2]; //Merchant Category Code
uint8_t tag_9F16[15]; //Merchant Identifier
uint8_t tag_9F17[1]; //Personal Identification Number (PIN) Try Counter
uint8_t tag_9F18[4]; //Issuer Script Identifier
//uint8_t tag_9F19[]
uint8_t tag_9F1A[2]; //Terminal Country Code
uint8_t tag_9F1B[4]; //Terminal Floor Limit
uint8_t tag_9F1C[8]; //Terminal Identification
uint8_t tag_9F1D_len;
uint8_t tag_9F1D[8]; //Terminal Risk Management Data
uint8_t tag_9F1E[8]; //Interface Device (IFD) Serial Number
uint8_t tag_9F1F_len;
uint8_t tag_9F1F[255]; //Track 1 Discretionary Data
uint8_t tag_9F20_len;
uint8_t tag_9F20[255]; //Track 2 DD
uint8_t tag_9F21[3]; //Transaction Time
uint8_t tag_9F22[1]; //Certification Authority Public Key Index
uint8_t tag_9F23[1]; //Upper Consecutive Offline Limit
//uint8_t tag_9F24
//uint8_t tag_9F25
uint8_t tag_9F26[8]; //Application Cryptogram
uint8_t tag_9F27[1]; //Cryptogram Information Data
//uint8_t tag_9F28
//uint8_t tag_9F29
//uint8_t tag_9F2A
//uint8_t tag_9F2B
//uint8_t tag_9F2C
uint8_t tag_9F2D_len;
uint8_t tag_9F2D[255]; //Integrated Circuit Card (ICC) PIN Encipherment Public Key Certificate
uint8_t tag_9F2E[3]; //Integrated Circuit Card (ICC) PIN Encipherment Public Key Exponent
uint8_t tag_9F2F_len;
uint8_t tag_9F2F[255]; //Integrated Circuit Card (ICC) PIN Encipherment Public Key Remainder
//uint8_t tag_9F30
//uint8_t tag_9F31
uint8_t tag_9F32_len;
uint8_t tag_9F32[3]; //Issuer Public Key Exponent
uint8_t tag_9F33[3]; //Terminal Capabilities
uint8_t tag_9F34[3]; //Cardholder Verification Method (CVM) Results
uint8_t tag_9F35[1]; //Terminal Type
uint8_t tag_9F36[2]; //Application Transaction Counter (ATC)
uint8_t tag_9F37[4]; //Unpredictable Number
uint8_t tag_9F38_len;
uint8_t tag_9F38[255]; //PDOL
uint8_t tag_9F39[1]; //Point-of-Service (POS) Entry Mode
uint8_t tag_9F40[5]; //Additional Terminal Capabilities
uint8_t tag_9F41[4]; //Transaction Sequence Counter
uint8_t tag_9F42[2]; //Application Currency Code
uint8_t tag_9F43[4]; //Application Reference Currency Exponent
uint8_t tag_9F44[1]; //Application Currency Exponent
uint8_t tag_9F45[2]; //Data Authentication Code
uint8_t tag_9F46_len;
uint8_t tag_9F46[255]; //ICC Public Key Certificate
uint8_t tag_9F47_len;
uint8_t tag_9F47[3]; //ICC Public Key Exponent
uint8_t tag_9F48_len;
uint8_t tag_9F48[255]; //ICC Public Key Remainder
uint8_t tag_9F49_len;
uint8_t tag_9F49[252];
uint8_t tag_9F4A[1]; //SDA Tag list
uint8_t tag_9F4B_len;
uint8_t tag_9F4B[255]; //Signed Dynamic Application Data
uint8_t tag_9F4C[8]; //ICC Dynamic Number
uint8_t tag_9F4D[2]; //Log Entry
uint8_t tag_9F4E[255]; //Merchant Name and Location
//9F50-9F7F are payment system specific
uint8_t tag_9F60[2]; //CVC3 track1
uint8_t tag_9F61[2]; //CVC3 track2
uint8_t tag_9F62[6]; //Track 1 Bit Map for CVC3 (PCVC3TRACK1)
uint8_t tag_9F63[6]; //Track 1 Bit Map for UN and ATC (PUNATCTRACK1)
uint8_t tag_9F64[1]; //Track 1 Number of ATC Digits (NATCTRACK1)
uint8_t tag_9F65[2]; //rack 2 Bit Map for CVC3 (PCVC3TRACK2)
uint8_t tag_9F66[2]; //Track 2 Bit Map for UN and ATC (PUNATCTRACK2), or VISA card type
uint8_t tag_9F67[1]; //Track 2 Number of ATC Digits (NATCTRACK2)
uint8_t tag_9F68_len;
uint8_t tag_9F68[252]; //Mag Stripe CVM List
uint8_t tag_9F69_len;
uint8_t tag_9F69[255]; //Unpredictable Number Data Object List (UDOL)
uint8_t tag_9F6A[8]; //Unpredictable Number (Numeric)
uint8_t tag_9F6B_len;
uint8_t tag_9F6B[19]; //track 2 data
uint8_t tag_9F6C[2]; //Mag Stripe Application Version Number(Card)
//template holders
uint8_t tag_61_len;
uint8_t tag_61[255]; //Application template
uint8_t tag_6F_len;
uint8_t tag_6F[255]; //6F template
uint8_t tag_A5_len;
uint8_t tag_A5[255]; //A5 template
uint8_t tag_DFNAME_len;
uint8_t tag_DFNAME[255]; //A5 template
uint8_t tag_70_len;
uint8_t tag_70[255]; //70 template
uint8_t tag_77_len;
uint8_t tag_77[255]; //77 template
uint8_t tag_80_len;
uint8_t tag_80[255]; //80 template
uint8_t tag_91_len; //Issuer Authentication Data
uint8_t tag_91[16];
uint8_t tag_BF0C_len;
uint8_t tag_BF0C[222]; //File Control Information (FCI) Issuer Discretionary Data
uint8_t tag_DFName[16];
uint8_t tag_DFName_len;
}emvtags;
#endif //__EMVCARD_H

5
traces/EMV/mastercardtags.txt Normal file
View file

@ -0,0 +1,5 @@
0x95:0000000000
0x9F45:0000
0x9F4C:0000000000000000
0x9F35:12
0x9F34:3F000000

4
traces/EMV/testcard.txt Normal file
View file

@ -0,0 +1,4 @@
ATQA:0400
UID:8f2f27e166
SAK1:28b4fc
RATS:0b788081024b4f4e4114118a76

9
traces/EMV/visaCVN17.txt Normal file
View file

@ -0,0 +1,9 @@
0x9f02:000000000001
0x9f03:000000000000
0x9f1a:0826
0x95:0000000000
0x5f2a:0826
0x9a:080401
0x9c:01
0x9f37:badf000d
0x9f66:80800000

9
traces/EMV/visaDCVV.txt Normal file
View file

@ -0,0 +1,9 @@
0x9f02:000000000100
0x9f03:000000000000
0x9f1a:0036
0x95:0000000000
0x5f2a:0036
0x9a:080401
0x9c:00
0x9f37:badf000d
0x9f66:20800000

9
traces/EMV/visaEMV.txt Normal file
View file

@ -0,0 +1,9 @@
0x9f02:000000000100
0x9f03:000000000000
0x9f1a:0036
0x95:0000000000
0x5f2a:0036
0x9a:140101
0x9c:00
0x9f37:badf000d
0x9f66:18000000

9
traces/EMV/visaFDDA.txt Normal file
View file

@ -0,0 +1,9 @@
0x9f02:000000000100
0x9f03:000000000000
0x9f1a:0036
0x95:0000000000
0x5f2a:0036
0x9a:140101
0x9c:00
0x9f37:badf000d
0x9f66:28000000

9
traces/EMV/visatags.txt Normal file
View file

@ -0,0 +1,9 @@
0x9f02:000000000001
0x9f03:000000000000
0x9f1a:0826
0x95:0000000000
0x5f2a:0826
0x9a:080401
0x9c:01
0x9f37:badf000d
0x9f66:d720c000