Differences
This shows you the differences between two versions of the page.
|
ac:laboratoare:09 [2024/12/15 06:42] dimitrie.valu |
ac:laboratoare:09 [2025/11/20 11:37] (current) marios.choudary |
||
|---|---|---|---|
| Line 200: | Line 200: | ||
| **The card successfully verified the PIN sent by the terminal.** | **The card successfully verified the PIN sent by the terminal.** | ||
| </solution> | </solution> | ||
| + | |||
| ==== 5. Transaction authentication (2p) ==== | ==== 5. Transaction authentication (2p) ==== | ||
| Line 303: | Line 304: | ||
| **The response is concluded with 9000, meaning the operation was successful. This data will be sent to the issuer for further authentication.** | **The response is concluded with 9000, meaning the operation was successful. This data will be sent to the issuer for further authentication.** | ||
| </solution> | </solution> | ||
| - | ==== MAC generation (Bonus) (2p) ==== | + | |
| + | ==== Bonus 1: Get data from your card (or other card) (2 points) ==== | ||
| + | |||
| + | === First install some tools to work with a smartcard reader ==== | ||
| + | |||
| + | Do the following on Linux (this is for Ubuntu/Debian -- you might need root access): | ||
| + | |||
| + | * Install these packages: | ||
| + | |||
| + | <code> | ||
| + | sudo apt install libpcsclite-dev swig libpcsc-perl pcsc-tools python3-dev libudev-dev python3-pyscard python3-pyserial | ||
| + | </code> | ||
| + | |||
| + | Note: on some distributions the python3-pyserial package is python3-serial. | ||
| + | |||
| + | If this doesn't work, then get ''%%Pyserial%%'' from [[https://pypi.python.org/pypi/pyserial#downloads|here]] | ||
| + | |||
| + | * Install ''%%pcsc%%'' related libs: | ||
| + | |||
| + | <code> | ||
| + | sudo apt install libusb-dev libccid pcscd libpcsclite1 | ||
| + | </code> | ||
| + | |||
| + | * You might also want to install these additional card tools: | ||
| + | |||
| + | <code> | ||
| + | sudo apt install libpcsc-perl pcsc-tools | ||
| + | </code> | ||
| + | |||
| + | On Arch Linux, get the following packages (reference [[https://wiki.archlinux.org/title/Smartcards |the Arch wiki]] if you need to): | ||
| + | |||
| + | <code> | ||
| + | yay -S swig flex libusb ccid pcsclite pcsc-perl pcsc-tools python-pyscard python-pyserial | ||
| + | </code> | ||
| + | |||
| + | You may need to start the ''%%pcscd%%'' daemon: | ||
| + | |||
| + | <code> | ||
| + | systemctl start pcscd.service | ||
| + | </code> | ||
| + | |||
| + | See details [[http://www.audentia-gestion.fr/GEMALTO/PDF/How_to_install_the_PC-Link_reader_on_Linux.pdf |here]]. | ||
| + | |||
| + | For Windows drivers you can check [[https://supportportal.gemalto.com/csm/?id=kb_article_view&sys_kb_id=0adc96844f350700873b69d18110c76a&sysparm_article=KB0016522|here]]. However, we recommend using Linux, as the instructions below apply for the Linux installation. | ||
| + | |||
| + | For Mac OS, things should work by just installing pcsc_tools through mac ports or brew: | ||
| + | <code> | ||
| + | sudo port install pcsc-tools swig py-pyscard py-serial | ||
| + | </code> | ||
| + | |||
| + | |||
| + | === Get basic information about your card === | ||
| + | |||
| + | Try this with your card in the smartcard reader: | ||
| + | |||
| + | <code> | ||
| + | pcsc_scan | ||
| + | </code> | ||
| + | |||
| + | This should show you the ATR and some applications on the card. | ||
| + | |||
| + | What is the ATR from your card ? | ||
| + | |||
| + | === Use a terminal emulator to interact with your card === | ||
| + | |||
| + | Start with files for accessing the card data in {{:ac:laboratoare:lab_emv_py3.zip|this}} archive. | ||
| + | |||
| + | Create a file named ''%%terminal.txt%%'' that will be populated as mentioned below (perhaps already included in the zip file). | ||
| + | This file should end with a line containing the string ''%%0000000000%%''. | ||
| + | |||
| + | After updating this file (see below), we can run the terminal in this manner: | ||
| + | |||
| + | <code> | ||
| + | python3 sclink.py --scterminal terminal.txt gg | ||
| + | </code> | ||
| + | |||
| + | |||
| + | === Select financial app === | ||
| + | |||
| + | We shall now first select the main financial application on the card via the general ''%%1PAY.SYS.DDF01%%'' file available on some EMV cards followed by the selection of the Application ID. See [[https://www.emvco.com/specifications/book-1-application-independent-icc-to-terminal-interface-requirements-2/ |EMV Book 1]], sections 11.3 and 12 for details. | ||
| + | |||
| + | <note> | ||
| + | Newer EMV cards may not support the ''%%1PAY.SYS.DDF01%%'' selection method described below, but you may need to use the Application ID list method or some other variant, as explained in the [[https://www.emvco.com/specifications/book-1-application-independent-icc-to-terminal-interface-requirements-2/ |EMV Book 1]], chapter 12. | ||
| + | </note> | ||
| + | |||
| + | In summary, the main steps are these: | ||
| + | |||
| + | - Send the first ''%%SELECT%%'' command with ''%%1PAY.SYS.DDF01%%'': ''%%00A404000E315041592E5359532E4444463031%%'' | ||
| + | - Decode the response using [[http://www.emvlab.org|emvlab]]. Use the SFI response (e.g. ''%%01%%'', concatenated with the record number encoded in the last 3 bits): ''%%(SFI << 3) | REC_NUM%%''. E.g. If ''%%SFI=01%%'' and ''%%REC_NUM=1%%'', we get the Reference Control parameter (P2) ''%%0x0C%%'' for the ''%%READ RECORD%%'' command, leading to the ''%%READ RECORD%%'' command ''%%00B2010C00%%''. | ||
| + | - Check the available apps by sending ''%%READ RECORD%%'' commands of the form ''%%00B2010C00%%'', ''%%00B2020C00%%'', etc. Check the responses by decoding them with [[http://www.emvlab.org|emvlab]] | ||
| + | - Eventually select one of them using ''%%SELECT%%'', e.g. | ||
| + | * Select particular app: ''%%00A4040007XXXXXXXXXXXXXX%%'' (replace the X values based on the Application ID response to the ''%%00B2XXX%%'' command above). | ||
| + | E.g. to get something like ''%%00A4040007A0000000041010%%'' (if the application has 7 bytes -- 14 hex characters for the Application ID). | ||
| + | * ''%%00A4040007A0000000041010%%'' (this must be updated for your card, based on the response to the ''%%00B2XXX%%'' command above). | ||
| + | * Start transaction with ''%%GET PROCESSING OPTS%%'': ''%%80A80000028300%%'' | ||
| + | |||
| + | Now your ''%%terminal.txt%%'' file should look something like this (but again, replace the Application ID with the correct one and also use the correct ''%%READ RECORD%%'' commands -- from your trials). | ||
| + | |||
| + | <code - terminal.txt> | ||
| + | 00A404000E315041592E5359532E4444463031 | ||
| + | 00B2010C00 | ||
| + | 00A4040007A0000000041010 | ||
| + | 80A80000028300 | ||
| + | 0000000000 | ||
| + | </code> | ||
| + | |||
| + | As mentioned above, now run this terminal emulator with the following code: | ||
| + | |||
| + | <code> | ||
| + | python3 sclink.py --scterminal terminal.txt gg | ||
| + | </code> | ||
| + | |||
| + | What applications do you see on the card ? | ||
| + | |||
| + | Are you able to start communication ? | ||
| + | |||
| + | ==== Bonus 2: MAC generation (2 points) ==== | ||
| Say you know the card's master key to be: | Say you know the card's master key to be: | ||
