Differences
This shows you the differences between two versions of the page.
|
ac:laboratoare:09 [2024/12/15 06:31] dimitrie.valu |
ac:laboratoare:09 [2025/11/20 11:37] (current) marios.choudary |
||
|---|---|---|---|
| Line 200: | Line 200: | ||
| **The card successfully verified the PIN sent by the terminal.** | **The card successfully verified the PIN sent by the terminal.** | ||
| </solution> | </solution> | ||
| + | |||
| ==== 5. Transaction authentication (2p) ==== | ==== 5. Transaction authentication (2p) ==== | ||
| Line 303: | Line 304: | ||
| **The response is concluded with 9000, meaning the operation was successful. This data will be sent to the issuer for further authentication.** | **The response is concluded with 9000, meaning the operation was successful. This data will be sent to the issuer for further authentication.** | ||
| </solution> | </solution> | ||
| - | ==== MAC generation (Bonus) (2p) ==== | ||
| - | Say you know the card's master key to be: | + | ==== Bonus 1: Get data from your card (or other card) (2 points) ==== |
| + | |||
| + | === First install some tools to work with a smartcard reader ==== | ||
| + | |||
| + | Do the following on Linux (this is for Ubuntu/Debian -- you might need root access): | ||
| + | |||
| + | * Install these packages: | ||
| <code> | <code> | ||
| - | 79610497EFCB67E5546EF8CEBCB05D85 | + | sudo apt install libpcsclite-dev swig libpcsc-perl pcsc-tools python3-dev libudev-dev python3-pyscard python3-pyserial |
| </code> | </code> | ||
| - | Can you regenerate the cryptogram (MAC) from the information obtained in the previous exercises ? | + | Note: on some distributions the python3-pyserial package is python3-serial. |
| - | You know the encryption algorithm is 3DES. | + | If this doesn't work, then get ''%%Pyserial%%'' from [[https://pypi.python.org/pypi/pyserial#downloads|here]] |
| - | Besides the data from previous exercises, you are also given the | + | * Install ''%%pcsc%%'' related libs: |
| - | Application Interchange Profile is 0x1000. | + | |
| - | <note tip> | + | <code> |
| - | See EMV book 2, section 8.1. | + | sudo apt install libusb-dev libccid pcscd libpcsclite1 |
| - | </note> | + | </code> |
| - | <solution -hidden> | + | * You might also want to install these additional card tools: |
| - | </solution> | + | |
| - | <hidden> | + | <code> |
| - | ==== Getting data from your card ==== | + | sudo apt install libpcsc-perl pcsc-tools |
| + | </code> | ||
| - | First, get pyscard from | + | On Arch Linux, get the following packages (reference [[https://wiki.archlinux.org/title/Smartcards |the Arch wiki]] if you need to): |
| - | [[https://pypi.python.org/pypi/pyscard|here]]. | + | |
| - | Then, install pyscard (check the readme). Do the following (as root): | ||
| - | * Install pcsclite-dev: | ||
| <code> | <code> | ||
| - | sudo apt-get install libpcsclite-dev | + | yay -S swig flex libusb ccid pcsclite pcsc-perl pcsc-tools python-pyscard python-pyserial |
| </code> | </code> | ||
| - | * Only if the above doesn't work, then install these packages: | + | |
| + | You may need to start the ''%%pcscd%%'' daemon: | ||
| <code> | <code> | ||
| - | #apt-get install swig libudev-dev git autoconf libtool libsystemd-dev flex | + | systemctl start pcscd.service |
| </code> | </code> | ||
| - | * Get and install Pyscard from [[https://pypi.python.org/pypi/pyscard|here]] | + | |
| + | See details [[http://www.audentia-gestion.fr/GEMALTO/PDF/How_to_install_the_PC-Link_reader_on_Linux.pdf |here]]. | ||
| + | |||
| + | For Windows drivers you can check [[https://supportportal.gemalto.com/csm/?id=kb_article_view&sys_kb_id=0adc96844f350700873b69d18110c76a&sysparm_article=KB0016522|here]]. However, we recommend using Linux, as the instructions below apply for the Linux installation. | ||
| + | |||
| + | For Mac OS, things should work by just installing pcsc_tools through mac ports or brew: | ||
| <code> | <code> | ||
| - | #python setup.py build_ext install | + | sudo port install pcsc-tools swig py-pyscard py-serial |
| </code> | </code> | ||
| - | * Install Pyserial | + | |
| + | |||
| + | === Get basic information about your card === | ||
| + | |||
| + | Try this with your card in the smartcard reader: | ||
| <code> | <code> | ||
| - | #sudo pip install pyserial | + | pcsc_scan |
| </code> | </code> | ||
| - | If this doesn't work, then get pyserial from [[https://pypi.python.org/pypi/pyserial#downloads|here]] | + | |
| - | * Install pcsc related libs: | + | This should show you the ATR and some applications on the card. |
| + | |||
| + | What is the ATR from your card ? | ||
| + | |||
| + | === Use a terminal emulator to interact with your card === | ||
| + | |||
| + | Start with files for accessing the card data in {{:ac:laboratoare:lab_emv_py3.zip|this}} archive. | ||
| + | |||
| + | Create a file named ''%%terminal.txt%%'' that will be populated as mentioned below (perhaps already included in the zip file). | ||
| + | This file should end with a line containing the string ''%%0000000000%%''. | ||
| + | |||
| + | After updating this file (see below), we can run the terminal in this manner: | ||
| <code> | <code> | ||
| - | sudo apt-get install libusb-dev libusb++-0.1-4v5 libccid pcscd libpcsclite1 | + | python3 sclink.py --scterminal terminal.txt gg |
| </code> | </code> | ||
| - | * Only if desired, additional tools can be installed from here: | + | |
| + | |||
| + | === Select financial app === | ||
| + | |||
| + | We shall now first select the main financial application on the card via the general ''%%1PAY.SYS.DDF01%%'' file available on some EMV cards followed by the selection of the Application ID. See [[https://www.emvco.com/specifications/book-1-application-independent-icc-to-terminal-interface-requirements-2/ |EMV Book 1]], sections 11.3 and 12 for details. | ||
| + | |||
| + | <note> | ||
| + | Newer EMV cards may not support the ''%%1PAY.SYS.DDF01%%'' selection method described below, but you may need to use the Application ID list method or some other variant, as explained in the [[https://www.emvco.com/specifications/book-1-application-independent-icc-to-terminal-interface-requirements-2/ |EMV Book 1]], chapter 12. | ||
| + | </note> | ||
| + | |||
| + | In summary, the main steps are these: | ||
| + | |||
| + | - Send the first ''%%SELECT%%'' command with ''%%1PAY.SYS.DDF01%%'': ''%%00A404000E315041592E5359532E4444463031%%'' | ||
| + | - Decode the response using [[http://www.emvlab.org|emvlab]]. Use the SFI response (e.g. ''%%01%%'', concatenated with the record number encoded in the last 3 bits): ''%%(SFI << 3) | REC_NUM%%''. E.g. If ''%%SFI=01%%'' and ''%%REC_NUM=1%%'', we get the Reference Control parameter (P2) ''%%0x0C%%'' for the ''%%READ RECORD%%'' command, leading to the ''%%READ RECORD%%'' command ''%%00B2010C00%%''. | ||
| + | - Check the available apps by sending ''%%READ RECORD%%'' commands of the form ''%%00B2010C00%%'', ''%%00B2020C00%%'', etc. Check the responses by decoding them with [[http://www.emvlab.org|emvlab]] | ||
| + | - Eventually select one of them using ''%%SELECT%%'', e.g. | ||
| + | * Select particular app: ''%%00A4040007XXXXXXXXXXXXXX%%'' (replace the X values based on the Application ID response to the ''%%00B2XXX%%'' command above). | ||
| + | E.g. to get something like ''%%00A4040007A0000000041010%%'' (if the application has 7 bytes -- 14 hex characters for the Application ID). | ||
| + | * ''%%00A4040007A0000000041010%%'' (this must be updated for your card, based on the response to the ''%%00B2XXX%%'' command above). | ||
| + | * Start transaction with ''%%GET PROCESSING OPTS%%'': ''%%80A80000028300%%'' | ||
| + | |||
| + | Now your ''%%terminal.txt%%'' file should look something like this (but again, replace the Application ID with the correct one and also use the correct ''%%READ RECORD%%'' commands -- from your trials). | ||
| + | |||
| + | <code - terminal.txt> | ||
| + | 00A404000E315041592E5359532E4444463031 | ||
| + | 00B2010C00 | ||
| + | 00A4040007A0000000041010 | ||
| + | 80A80000028300 | ||
| + | 0000000000 | ||
| + | </code> | ||
| + | |||
| + | As mentioned above, now run this terminal emulator with the following code: | ||
| <code> | <code> | ||
| - | #apt-get install libpcsc-perl | + | python3 sclink.py --scterminal terminal.txt gg |
| - | #apt-get install pcsc-tools | + | |
| </code> | </code> | ||
| - | See details [[http://support.gemalto.com/fileadmin/user_upload/IAM/FAQ/How_to_install_the_PC-Link_reader_on_Linux.pdf|here]]. | ||
| + | What applications do you see on the card ? | ||
| + | Are you able to start communication ? | ||
| - | Files for accessing card data [[https://ocw.cs.pub.ro/courses/_media/ac/laboratoare/sclink.zip|here]]. | + | ==== Bonus 2: MAC generation (2 points) ==== |
| - | </hidden> | + | |
| + | Say you know the card's master key to be: | ||
| + | <code> | ||
| + | 79610497EFCB67E5546EF8CEBCB05D85 | ||
| + | </code> | ||
| + | |||
| + | Can you regenerate the cryptogram (MAC) from the information obtained in the previous exercises ? | ||
| + | |||
| + | You know the encryption algorithm is 3DES. | ||
| + | |||
| + | Besides the data from previous exercises, you are also given the | ||
| + | Application Interchange Profile is 0x1000. | ||
| + | |||
| + | <note tip> | ||
| + | See EMV book 2, section 8.1. | ||
| + | </note> | ||
| + | |||
| + | <solution -hidden> | ||
| + | We should allow students to select the data somewhat arbitrarily as it's not **entirely** provided in the exercises above, as per the minimum spec mentioned in EMV Book 2, page 87, section 8.1.1, table 28. | ||
| + | |||
| + | <code python> | ||
| + | from Crypto.Cipher import DES3 | ||
| + | from Crypto.Util.Padding import pad | ||
| + | |||
| + | master_key = bytes.fromhex("79610497EFCB67E5546EF8CEBCB05D85") | ||
| + | aip = bytes.fromhex("1000") | ||
| + | |||
| + | # concatenation of amount authorised and amount other, | ||
| + | # terminal country code, transaction currency code, | ||
| + | # transaction date, transaction type, | ||
| + | # unpredictable number, given AIP and the ATC | ||
| + | # we aren't given the terminal verification results, | ||
| + | # so I assumed that it's gonna be 5 * b'00' | ||
| + | transaction_data = bytes.fromhex( | ||
| + | "00000000000000000000000008000000000000000000000034000000000000000010000134" | ||
| + | ) # from task 5 | ||
| + | |||
| + | # 3DES block size is 8 bytes | ||
| + | padded_data = pad(transaction_data, 8) | ||
| + | |||
| + | # 3DES encryption | ||
| + | cipher = DES3.new(master_key, DES3.MODE_ECB) | ||
| + | mac = cipher.encrypt(padded_data) | ||
| + | |||
| + | mac = mac.hex() | ||
| + | print(mac) | ||
| + | </code> | ||
| + | </solution> | ||
