Differences
This shows you the differences between two versions of the page.
|
ac:laboratoare:09 [2024/12/15 06:39] dimitrie.valu |
ac:laboratoare:09 [2025/11/20 11:37] (current) marios.choudary |
||
|---|---|---|---|
| Line 200: | Line 200: | ||
| **The card successfully verified the PIN sent by the terminal.** | **The card successfully verified the PIN sent by the terminal.** | ||
| </solution> | </solution> | ||
| + | |||
| ==== 5. Transaction authentication (2p) ==== | ==== 5. Transaction authentication (2p) ==== | ||
| Line 303: | Line 304: | ||
| **The response is concluded with 9000, meaning the operation was successful. This data will be sent to the issuer for further authentication.** | **The response is concluded with 9000, meaning the operation was successful. This data will be sent to the issuer for further authentication.** | ||
| </solution> | </solution> | ||
| - | ==== MAC generation (Bonus) (2p) ==== | + | |
| + | ==== Bonus 1: Get data from your card (or other card) (2 points) ==== | ||
| + | |||
| + | === First install some tools to work with a smartcard reader ==== | ||
| + | |||
| + | Do the following on Linux (this is for Ubuntu/Debian -- you might need root access): | ||
| + | |||
| + | * Install these packages: | ||
| + | |||
| + | <code> | ||
| + | sudo apt install libpcsclite-dev swig libpcsc-perl pcsc-tools python3-dev libudev-dev python3-pyscard python3-pyserial | ||
| + | </code> | ||
| + | |||
| + | Note: on some distributions the python3-pyserial package is python3-serial. | ||
| + | |||
| + | If this doesn't work, then get ''%%Pyserial%%'' from [[https://pypi.python.org/pypi/pyserial#downloads|here]] | ||
| + | |||
| + | * Install ''%%pcsc%%'' related libs: | ||
| + | |||
| + | <code> | ||
| + | sudo apt install libusb-dev libccid pcscd libpcsclite1 | ||
| + | </code> | ||
| + | |||
| + | * You might also want to install these additional card tools: | ||
| + | |||
| + | <code> | ||
| + | sudo apt install libpcsc-perl pcsc-tools | ||
| + | </code> | ||
| + | |||
| + | On Arch Linux, get the following packages (reference [[https://wiki.archlinux.org/title/Smartcards |the Arch wiki]] if you need to): | ||
| + | |||
| + | <code> | ||
| + | yay -S swig flex libusb ccid pcsclite pcsc-perl pcsc-tools python-pyscard python-pyserial | ||
| + | </code> | ||
| + | |||
| + | You may need to start the ''%%pcscd%%'' daemon: | ||
| + | |||
| + | <code> | ||
| + | systemctl start pcscd.service | ||
| + | </code> | ||
| + | |||
| + | See details [[http://www.audentia-gestion.fr/GEMALTO/PDF/How_to_install_the_PC-Link_reader_on_Linux.pdf |here]]. | ||
| + | |||
| + | For Windows drivers you can check [[https://supportportal.gemalto.com/csm/?id=kb_article_view&sys_kb_id=0adc96844f350700873b69d18110c76a&sysparm_article=KB0016522|here]]. However, we recommend using Linux, as the instructions below apply for the Linux installation. | ||
| + | |||
| + | For Mac OS, things should work by just installing pcsc_tools through mac ports or brew: | ||
| + | <code> | ||
| + | sudo port install pcsc-tools swig py-pyscard py-serial | ||
| + | </code> | ||
| + | |||
| + | |||
| + | === Get basic information about your card === | ||
| + | |||
| + | Try this with your card in the smartcard reader: | ||
| + | |||
| + | <code> | ||
| + | pcsc_scan | ||
| + | </code> | ||
| + | |||
| + | This should show you the ATR and some applications on the card. | ||
| + | |||
| + | What is the ATR from your card ? | ||
| + | |||
| + | === Use a terminal emulator to interact with your card === | ||
| + | |||
| + | Start with files for accessing the card data in {{:ac:laboratoare:lab_emv_py3.zip|this}} archive. | ||
| + | |||
| + | Create a file named ''%%terminal.txt%%'' that will be populated as mentioned below (perhaps already included in the zip file). | ||
| + | This file should end with a line containing the string ''%%0000000000%%''. | ||
| + | |||
| + | After updating this file (see below), we can run the terminal in this manner: | ||
| + | |||
| + | <code> | ||
| + | python3 sclink.py --scterminal terminal.txt gg | ||
| + | </code> | ||
| + | |||
| + | |||
| + | === Select financial app === | ||
| + | |||
| + | We shall now first select the main financial application on the card via the general ''%%1PAY.SYS.DDF01%%'' file available on some EMV cards followed by the selection of the Application ID. See [[https://www.emvco.com/specifications/book-1-application-independent-icc-to-terminal-interface-requirements-2/ |EMV Book 1]], sections 11.3 and 12 for details. | ||
| + | |||
| + | <note> | ||
| + | Newer EMV cards may not support the ''%%1PAY.SYS.DDF01%%'' selection method described below, but you may need to use the Application ID list method or some other variant, as explained in the [[https://www.emvco.com/specifications/book-1-application-independent-icc-to-terminal-interface-requirements-2/ |EMV Book 1]], chapter 12. | ||
| + | </note> | ||
| + | |||
| + | In summary, the main steps are these: | ||
| + | |||
| + | - Send the first ''%%SELECT%%'' command with ''%%1PAY.SYS.DDF01%%'': ''%%00A404000E315041592E5359532E4444463031%%'' | ||
| + | - Decode the response using [[http://www.emvlab.org|emvlab]]. Use the SFI response (e.g. ''%%01%%'', concatenated with the record number encoded in the last 3 bits): ''%%(SFI << 3) | REC_NUM%%''. E.g. If ''%%SFI=01%%'' and ''%%REC_NUM=1%%'', we get the Reference Control parameter (P2) ''%%0x0C%%'' for the ''%%READ RECORD%%'' command, leading to the ''%%READ RECORD%%'' command ''%%00B2010C00%%''. | ||
| + | - Check the available apps by sending ''%%READ RECORD%%'' commands of the form ''%%00B2010C00%%'', ''%%00B2020C00%%'', etc. Check the responses by decoding them with [[http://www.emvlab.org|emvlab]] | ||
| + | - Eventually select one of them using ''%%SELECT%%'', e.g. | ||
| + | * Select particular app: ''%%00A4040007XXXXXXXXXXXXXX%%'' (replace the X values based on the Application ID response to the ''%%00B2XXX%%'' command above). | ||
| + | E.g. to get something like ''%%00A4040007A0000000041010%%'' (if the application has 7 bytes -- 14 hex characters for the Application ID). | ||
| + | * ''%%00A4040007A0000000041010%%'' (this must be updated for your card, based on the response to the ''%%00B2XXX%%'' command above). | ||
| + | * Start transaction with ''%%GET PROCESSING OPTS%%'': ''%%80A80000028300%%'' | ||
| + | |||
| + | Now your ''%%terminal.txt%%'' file should look something like this (but again, replace the Application ID with the correct one and also use the correct ''%%READ RECORD%%'' commands -- from your trials). | ||
| + | |||
| + | <code - terminal.txt> | ||
| + | 00A404000E315041592E5359532E4444463031 | ||
| + | 00B2010C00 | ||
| + | 00A4040007A0000000041010 | ||
| + | 80A80000028300 | ||
| + | 0000000000 | ||
| + | </code> | ||
| + | |||
| + | As mentioned above, now run this terminal emulator with the following code: | ||
| + | |||
| + | <code> | ||
| + | python3 sclink.py --scterminal terminal.txt gg | ||
| + | </code> | ||
| + | |||
| + | What applications do you see on the card ? | ||
| + | |||
| + | Are you able to start communication ? | ||
| + | |||
| + | ==== Bonus 2: MAC generation (2 points) ==== | ||
| Say you know the card's master key to be: | Say you know the card's master key to be: | ||
| Line 322: | Line 439: | ||
| <solution -hidden> | <solution -hidden> | ||
| - | We should allow students to select the data somewhat arbitrarily as it's not **entirely* provided in the exercises above, as per the minimum spec mentioned in EMV Book 2, page 87, section 8.1.1, table 28. | + | We should allow students to select the data somewhat arbitrarily as it's not **entirely** provided in the exercises above, as per the minimum spec mentioned in EMV Book 2, page 87, section 8.1.1, table 28. |
| <code python> | <code python> | ||
| Line 352: | Line 469: | ||
| </code> | </code> | ||
| </solution> | </solution> | ||
| - | |||
| - | <hidden> | ||
| - | ==== Getting data from your card ==== | ||
| - | |||
| - | First, get pyscard from | ||
| - | [[https://pypi.python.org/pypi/pyscard|here]]. | ||
| - | |||
| - | Then, install pyscard (check the readme). Do the following (as root): | ||
| - | * Install pcsclite-dev: | ||
| - | <code> | ||
| - | sudo apt-get install libpcsclite-dev | ||
| - | </code> | ||
| - | * Only if the above doesn't work, then install these packages: | ||
| - | <code> | ||
| - | #apt-get install swig libudev-dev git autoconf libtool libsystemd-dev flex | ||
| - | </code> | ||
| - | * Get and install Pyscard from [[https://pypi.python.org/pypi/pyscard|here]] | ||
| - | <code> | ||
| - | #python setup.py build_ext install | ||
| - | </code> | ||
| - | * Install Pyserial | ||
| - | <code> | ||
| - | #sudo pip install pyserial | ||
| - | </code> | ||
| - | If this doesn't work, then get pyserial from [[https://pypi.python.org/pypi/pyserial#downloads|here]] | ||
| - | * Install pcsc related libs: | ||
| - | <code> | ||
| - | sudo apt-get install libusb-dev libusb++-0.1-4v5 libccid pcscd libpcsclite1 | ||
| - | </code> | ||
| - | * Only if desired, additional tools can be installed from here: | ||
| - | <code> | ||
| - | #apt-get install libpcsc-perl | ||
| - | #apt-get install pcsc-tools | ||
| - | </code> | ||
| - | See details [[http://support.gemalto.com/fileadmin/user_upload/IAM/FAQ/How_to_install_the_PC-Link_reader_on_Linux.pdf|here]]. | ||
| - | |||
| - | |||
| - | |||
| - | Files for accessing card data [[https://ocw.cs.pub.ro/courses/_media/ac/laboratoare/sclink.zip|here]]. | ||
| - | </hidden> | ||
