We have presented in class the basic communication mechanisms in EMV, the protocol used in banking transactions. We have seen the low-level communication layer, as well as the higher layers of communication, including the format of commands (CAPDUs) and responses (RAPDUs). Furthermore, we have also seen an example of transaction.

Throughout this lab you'll have to analyze the transcript of a transaction, specifying what commands are being sent and what data is received from the card.

For this, you should get the EMV specification for contact/acceptance device (books 1-3) from http://emvco.com:

• Book 0 (contact specs)
• Book 1
• Book 2
• Book 3

You are given the following ATR (each character represents a hexadecimal digit):

3B6500002063CB6600

Decode it in order to understand the ATR parameters. Mention the available parameters.

A card returns the following TLV as a response to a READ RECORD command (ignore the line breaks, this should be a single hexstring):

70538D06910A8A0295058E0C0000000000000000410000008C219F02069F03069F1A02950
55F2A029A039C019F37049F35019F45029F4C089F34039F561380000FFFFF000000000000
00000000000000009F5501809000

Find what are the cardholder verification methods allowed.

A short part of the communication between terminal (T) and card (C) is as follows:

T->C: 80CA9F1700
C->T: 6C04
T->C: 80CA9F1704
C->T: CA9F1701069000

1. What is the command being sent by the terminal ?
2. What is it asking for ?
3. What is the value obtained in the end for that item ?

A short part of the communication between terminal (T) and card (C) is as follows:

T->C: 0020008008241111FFFFFFFFFF
C->T: 9000

1. What is the command being sent by the terminal ?
2. What is the data being sent by the terminal ?
3. What is the response of the card? What does it mean ?

A short part of the communication between terminal (T) and card (C) is as follows:

T->C: 80AE80002B00000000000000000000000000008000000000000000000000000000003400000000000000000000410002
C->T: 612B
T->C: 00C000002B
C->T: C077299F2701809F360201349F2608817C3AAB208BE0659F10120310A00006250400000000000000000000FF9000

1. What is the command being sent by the terminal ?
2. What is the data being sent by the terminal ?
3. What is the response of the card? What does it mean ?

Do the following on Linux (this is for Ubuntu/Debian – you might need root access):

• Install these packages:

sudo apt install libpcsclite-dev swig libpcsc-perl pcsc-tools python3-dev libudev-dev python3-pyscard python3-pyserial

If this doesn't work, then get Pyserial from here

• Install pcsc related libs:

sudo apt install libusb-dev libccid pcscd libpcsclite1

• You might also want to install these additional card tools from here:

sudo apt install libpcsc-perl pcsc-tools

On Arch Linux, get the following packages (reference the Arch wiki if you need to):

yay -S swig flex libusb ccid pcsclite pcsc-perl pcsc-tools python-pyscard python-pyserial

You may need to start the pcscd daemon:

systemctl start pcscd.service

See details here.

For Windows drivers you can check here. However, we recommend using Linux, as the instructions below apply for the Linux installation.

For Mac OS, things should work by just installing pcsc_tools through mac ports or brew:

sudo port install pcsc-tools swig

Try this with your card in the smartcard reader:

pcsc_scan

This should show you the ATR and some applications on the card.

What is the ATR from your card ?

Say you know the card's master key to be:

79610497EFCB67E5546EF8CEBCB05D85

Can you regenerate the cryptogram (MAC) from the information obtained in the previous exercises ?

You know the encryption algorithm is 3DES.

Besides the data from previous exercises, you are also given the Application Interchange Profile is 0x1000.