Cloned Boy
Carder
The purpose of this guide is to study contactless payment technology using the MasterCard PayPass example.
In order to start your experiments you need equipment. We will use arduino nano and the module for this board is pn532.
IMPORTANT: This module on the pn532 chip can be found at different prices, so I saw on AliExpress I ordered from $ 3 and they did not work. I ordered them and for $ 5 on the same Ali and they did not work. They worked on ordinary cards but did not see bank cards. The Chinese do them poorly and sometimes they put the wrong chips at all, and they overwritten the marking on purpose. This Link On original elechouse boards, they are now just selling for $ 14.
When everything is on hand, we begin the assembly: (if something does not work, check the assembly)
[Arduino]==[PN532]
gnd=====>gnd
vcc=====>vcc
d13=====>sck
d12=====> miso
d11=====>mosi
d10=====>ss
After connecting, we switch the module itself into the desired mode, using the switch:
We check this: download from the off site Arduino IDE and use the CTRL + SHIFT + I key combination and go to the library manager. Then in the search we drive in PN532 and the first library link from Adafruit is ours. Download it:
(well, or download the version from the github, and select the menu item install library from zip)
In the IDE, create a new project and open a test example: file -> examples -> Adafruit PN532 -> iso14443a_uid
further from above and before the start of the void setup (void) function, we erase everything and paste this:
It turns out the final test sketch: https://pastebin.com/rBaHEHSr
With this sketch, we flash the arduin! We open the port monitor, set the speed there to 115200 baud and apply any bank card with support for contactless payment. If you see four bytes that the card returned to you in response - congratulations, we are working on
We read the number and exp in the card - let's go:
The card and terminal communicate with teams. APDU commands are just a set of bytes where each byte means something, a complicated topic is more clear: https://habr.com/ru/post/367241/
First of all, we (and we position ourselves as a terminal in the store) give the ATR command to the card, but this is too low level, and the library is done for us))
Therefore, the first thing we try to read is the file that is present on all cards called 2PAY.SYS.DDF01, we send the command to read the file to the card:
what are these bytes and what do they mean? I don’t really want to explain. We go to the site https://javacardos.com/tools/apdu-parser [/ url] drive these bytes, press PARSE and get in details for each byte of information. We sent commands, and the card answered us: enter the site https://www.emvlab.org/tlvutils/ re.../tlvutils/']https://www.emvlab.org/tlvutils/ and see:
as promised here is the full code that will help you understand the architecture in more detail: https://pastebin.com/MQb4Hvrz
the code contains instructions for the MIR card to show that EMV is the same for everyone and the MIR is no exception ... there are no exceptions, everyone works on the same protocol that is described in detail. This code also uses the library to work with the #include "ASOLED.h" display, if you do not use it, simply delete or comment out each line where the library is used.
Perhaps the light will be seen in the second part of the article where we will get acquainted with effective techniques and learn how to pay for a limit with a PIN card without a PIN code!
ARQC (Authorization Request Cryptogram) is cryptogram that generated by the card based on data from the terminal and session keys. This is the last info that the bank asks from the card before approving or rejecting the transaction, the most important info.
I increased the buffer on arduino today we will see only full answers. I will remind:
First of all, we activate the 2PAY.SYS.DDF01 applet in the main directory of the map
Sent:
0x00, 0xA4, 0x04, 0x00, 0x0E, 0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31, 0x00
Got:
6F 2F 84 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 1D BF 0C 1A 61 18 4F 07 A0 00 00 00 04 10 10 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 90 00
Do you remember that we study the answers received here https://www.emvlab.org/tlvutils/?
Now we know the AID and select the application
Sent:
0x00, 0xA4, 0x04, 0x00, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x04, 0x10, 0x10, 0x00
Got:
6F 39 84 07 A0 00 00 00 04 10 10 A5 2E 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 5F 2D 04 72 75 65 6E BF 0C 15 9F 5D 03 01 00 00 9F 4D 02 0B 0A 9F 6E 07 06 43 00 00 30 30 00 90 00
Send the card an empty PDOL (Processing Options Data Object List)
Sent:
0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00, 0x00
Got:
77 0E 82 02 19 80 94 08 08 01 01 00 10 02 06 01 90 00
We got AFL (Application File Locator) and from it we calculated where the files are on the map, we know exactly how many data the maps store, and we read them all in turns ....
Here we stopped last time. After reading one of the entries, we found what we needed and calmed down, now we will read all the entries and see what is on the MasterCard:
We send:
0x00, 0xB2, 0x01, 0x0C, 0x00
we get:
70 75 9F 6C 02 00 01 9F 62 06 00 00 00 00 00 0E 9F 63 06 00 00 00 00 03 03 F0 56 34 42 35 33 32 31 33 30 30 32 38 31 30 36 32 35 35 39 5E 20 2F 5E 32 32 30 37 32 30 31 31 32 37 36 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 9F 64 01 03 9F 65 02 00 0E 9F 66 02 03 F0 9F 6B 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 70 00 00 00 00 0F 9F 67 01 03 90 00
We send:
0x00, 0xB2, 0x02, 0x14, 0x00
we get:
70 81 A6 57 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 76 80 00 00 44 1F 5A 08 53 21 30 02 81 06 25 59 5F 24 03 22 07 31 5F 25 03 17 04 01 5F 28 02 06 43 5F 34 01 00 8C 27 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34 03 9F 21 03 9F 7C 14 8D 0C 91 0A 8A 02 95 05 9F 37 04 9F 4C 08 8E 0E 00 00 00 00 00 00 00 00 00 42 03 1E 03 1F 03 9F 07 02 FF 00 9F 08 02 00 02 9F 0D 05 B4 50 84 00 00 9F 0E 05 00 00 00 00 00 9F 0F 05 B4 70 84 80 00 9F 42 02 06 43 9F 4A 01 82 90 00
We send:
0x00, 0xB2, 0x03, 0x14, 0x00
we get:
70 81 E0 8F 01 05 9F 32 01 03 92 24 FE 61 45 51 06 7E 97 14 18 49 1A C2 E2 E1 B0 28 94 7D 1F 35 1D 11 E8 94 F7 53 31 95 21 BD C2 F4 B4 84 F8 3B 90 81 B0 2F E5 6E 9F 9B F0 8D 25 82 41 57 C9 12 19 1F 5F B2 AC 6B 22 6B 3B B3 A0 0E 42 47 03 31 C8 38 64 76 1B 5B 47 D9 6C AB 14 CA B6 21 DB 08 A6 36 82 55 A7 4C 1E 34 CC 99 00 9E B3 40 A7 5A 5C 2D 7A 66 06 3F 01 45 46 09 32 39 69 8B 41 34 91 9E 2E 4B 50 76 BF 14 11 A9 CB 84 B2 9C B5 72 3E A4 A0 C1 32 1F 63 43 CE 84 73 8A 03 EC 9F 9D 2D 30 4D 28 17 FB F2 AF BA 2F C1 47 80 0E F3 F8 BB 68 E6 21 04 B9 74 15 D4 4F 02 D8 9A F1 92 AA 8F A5 04 0F B9 7C FD D0 D3 A3 17 A3 16 6D F3 D8 BA BC 7C 05 0C A4 2B 22 46 0F 2D 1F 86 03 AA 12 EC 7B 0E 90 00
We send:
0x00, 0xB2, 0x04, 0x14, 0x00
we get:
70 03 93 01 FF 90 00
We send:
0x00, 0xB2, 0x05, 0x14, 0x00
we get:
70 04 9F 47 01 03 90 00
We send:
0x00, 0xB2, 0x06, 0x14, 0x00
we get:
70 81 B4 9F 46 81 B0 9D 14 58 CD E6 A1 0F A8 FA CC 78 FD E0 6B 02 F9 4E 9F 50 43 3B 12 E4 06 68 9A A7 37 FC F9 22 81 82 06 DF 6C FF 88 8D F9 EB D0 1C 8C 42 75 C6 1A BC 86 A2 05 93 64 B5 A9 B8 B7 01 3E F7 0A 09 55 87 B6 8A 45 3E 07 86 B7 63 DC 83 7C CE 21 70 42 54 B4 52 D2 1D 69 BF 7A 9F 6A 51 B0 79 D8 62 27 AA 51 4F 85 41 F0 4F EE D7 17 FA C9 A2 EB 1E E3 78 05 36 0C F1 0C 69 C4 DA DC 70 84 9A A3 94 56 9F 4A 18 5F 23 B1 20 B7 78 41 6A 27 8D 76 70 13 FB C2 18 03 E2 94 03 DA 99 19 60 33 09 0A 86 8C FE 9E F1 66 FC 41 13 76 13 0E A4 4F 8A 34 8B 63 90 00
So here:
In the same file where the card number was stored and the exp is stored, and Card Risk Management Data Object List 1 (CDOL1).
List of data objects (tag and length) to be passed to the ICC in the first GENERATE AC command
If you speak Russian: CDOL is a list of data that is required for the card during the analysis of the card.
The terminal uses processing rules to format the requested data, and then sends them to the card in requests for creating a cryptogram of the application.
In our case, CDOL1 is: 9F02069F03069F1A0295055F2A029A039C019F37049F35019F 45029F4C089F34039F21039F7C14
Which, in a detailed analysis, indicates to us the need to have these data:
9F02 (amount authorized) 6 bytes
9F03 (amount other) 6 bytes
9F1A (terminal country code) 2 bytes
95 (TVR - Terminal Verification Results) 5 bytes
5F2A (terminal currency code) 2 bytes
9A (transaction date) 3 bytes
9C (transaction type) 1 bytes
9F37 (unpredictable number) 4 bytes
9F35 (terminal type) 1 bytes
9F45 (data authentication code) 2 bytes
9F4C (ICC dynamic number) 8 bytes
9F34 (CVM Results - Cardholder Verification Results) 3 bytes
9F21 (transaction time) 3 bytes
9F7C (?) 20 bytes
Well, where do you get all this data, you ask? Take where I want to answer
In fact, not all of these data are on the Internet, you will quickly understand this when you conduct experiments on YOUR map.
But you are very lucky because you have me, 2018-01-31 at 14:29:20 I made a purchase somewhere, something and something I looked at the dialogue of the card and from the terminal, well and exclusive to you my friend I share this information:
amount authorized = 00 00 00 01 79 79 80 (the purchase was 179 rubles 80 kopecks)
amount other = 00 00 00 00 00 00
terminal country code = 06 43
TVR - Terminal Verification Results = 00 00 00 80 00
terminal currency code = 06 43
transaction date = 18 01 31
transaction type = 00
unpredictable number = 5e 06 39 ae (very important, this is a random number from the terminal)
terminal type = 22
data authentication code = 00 00
ICC dynamic number = 00 00 00 00 00 00 00 00 00
CVM Results - Cardholder Verification Results = 1f 03 00 (we can still play with this topic, but not in this article)
transaction time = 00 00 00
Cram all this sausage into our team and wait for the finale of our first act!
We send:
0x80, 0xAE, 0x90, 0x00, 0x42, 0x00, 0x00, 0x00, 0x01, 0x79, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x43, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x43, 0x18, 0x01, 0x31, 0x00, 0x5E, 0x06, 0x39, 0xAE, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x03, 0x00
We get:
77 81 A2 9F 27 01 80 9F 36 02 06 80 9F 4B 81 80 75 18 B8 8A 62 FC DE B4 7B AB 70 3A B4 B5 A6 58 B2 E7 76 32 49 21 55 1D 3C D2 BF FD 54 92 74 A3 E0 5A C7 EC 96 E9 1C 9D 2E 1A 10 62 FC 02 8E D3 E1 3B 6C CE 13 9C 2E 04 33 39 F8 2C 21 42 BD D5 A4 EF B2 C4 A3 EF EB 9C 93 16 DD 49 5D 09 2E FC C6 65 25 80 E7 64 9E 02 AA 34 51 F2 F7 E7 2A 8B 62 DC 9A 22 F9 99 C1 97 3D 54 90 A2 11 07 6A 94 23 7E ED A6 1C 2C 51 BB 79 2A 2C 00 C2 FF FC 18 9F 10 12 01 10 A0 40 03 22 00 00 00 00 00 00 00 00 00 00 00 00 FF 90 00
And what did we get this? and nothing more than the treasured Signed Dynamic Application Data Riptogram, which the card sends to the bank !! The very ARQC, whose generator was sold somewhere on the forum
Give my friend, putting a card to the terminal when buying ice cream, they communicate with these teams at a frantic speed sending them to each other. For example, according to my sniffer, a cryptogram request is sent in just 32 milliseconds:
000059 - LOG_INFO_CODEC_RX_DATA [75 bytes] (+32 ms) [03 80 ae 90 00 42 00 00 00 01 79 80 00 00 00 00 00 00 06 43 00 00 00 80 00 06 43 18 01 31 00 5e 06 39 ae 22 00 00 00 00 00 00 00 00 00 00 00 1f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 9c] {APDU: NONE RECOGNIZED}
Afterword:
Let’s summarize what we understood after reading all this?
The terminal does not write any data to the card. The terminal only reads the data and sends commands to the card! The card has a microcontroller, which itself modifies the internal files of the card. Access to the protected area of the memory card is IMPOSSIBLE, that is, reading the coveted private key is IMPOSSIBLE !! The card gives only the public key to the terminal!
The 9F36 Application Transaction Counter (ATC) transaction counter is incremented by one each time we send a PDOL card. It increases by the card itself from outside; we are not able to influence it.
Since this counter is never the same, it is used to generate a cryptogram. It is impossible to generate two cryptograms with one counter value, i.e. the data will always be different!
In order for the cryptograms to be realistically different from each other, another unpredictable number was introduced, which takes up 4 bytes (in our example, 5e 06 39 ae). This is a random number that the terminal sends to the map to generate a dynamic signature
As we know, each byte (unsigned of course, that is, also with a sign) can store values from 0 to 255. Multiplying 255 four times we get the number 4228250625 but what is it? And this is the number of combinations of random numbers that the terminal can send to the card.
I read somewhere that at the dawn of EMV terminals used a function of time to generate this number, but now everything is wrong, and it is IMPOSSIBLE to predict which 4 bytes the terminal will generate for the card!
Perhaps the light will be seen in the second part of the article where we will get acquainted with effective tricks, and learn how to pay with a smart card for goods at a limit without a PIN code, or maybe even with a PIN code (dick knows us).
I APPLY THE CODE FROM THE ARTICLE Suddenly, AT THOSE WHO WILL BUY IRON AND DECIDE TO PLAY, THE FULLY WORKING CODE ONLY INSERT AND FILL IN: https://pastebin.com/Ebym2EhG
In order to start your experiments you need equipment. We will use arduino nano and the module for this board is pn532.
IMPORTANT: This module on the pn532 chip can be found at different prices, so I saw on AliExpress I ordered from $ 3 and they did not work. I ordered them and for $ 5 on the same Ali and they did not work. They worked on ordinary cards but did not see bank cards. The Chinese do them poorly and sometimes they put the wrong chips at all, and they overwritten the marking on purpose. This Link On original elechouse boards, they are now just selling for $ 14.
When everything is on hand, we begin the assembly: (if something does not work, check the assembly)
[Arduino]==[PN532]
gnd=====>gnd
vcc=====>vcc
d13=====>sck
d12=====> miso
d11=====>mosi
d10=====>ss
After connecting, we switch the module itself into the desired mode, using the switch:
We check this: download from the off site Arduino IDE and use the CTRL + SHIFT + I key combination and go to the library manager. Then in the search we drive in PN532 and the first library link from Adafruit is ours. Download it:
(well, or download the version from the github, and select the menu item install library from zip)
In the IDE, create a new project and open a test example: file -> examples -> Adafruit PN532 -> iso14443a_uid
further from above and before the start of the void setup (void) function, we erase everything and paste this:
It turns out the final test sketch: https://pastebin.com/rBaHEHSr
With this sketch, we flash the arduin! We open the port monitor, set the speed there to 115200 baud and apply any bank card with support for contactless payment. If you see four bytes that the card returned to you in response - congratulations, we are working on
We read the number and exp in the card - let's go:
The card and terminal communicate with teams. APDU commands are just a set of bytes where each byte means something, a complicated topic is more clear: https://habr.com/ru/post/367241/
First of all, we (and we position ourselves as a terminal in the store) give the ATR command to the card, but this is too low level, and the library is done for us))
Therefore, the first thing we try to read is the file that is present on all cards called 2PAY.SYS.DDF01, we send the command to read the file to the card:
what are these bytes and what do they mean? I don’t really want to explain. We go to the site https://javacardos.com/tools/apdu-parser [/ url] drive these bytes, press PARSE and get in details for each byte of information. We sent commands, and the card answered us: enter the site https://www.emvlab.org/tlvutils/ re.../tlvutils/']https://www.emvlab.org/tlvutils/ and see:
as promised here is the full code that will help you understand the architecture in more detail: https://pastebin.com/MQb4Hvrz
the code contains instructions for the MIR card to show that EMV is the same for everyone and the MIR is no exception ... there are no exceptions, everyone works on the same protocol that is described in detail. This code also uses the library to work with the #include "ASOLED.h" display, if you do not use it, simply delete or comment out each line where the library is used.
Perhaps the light will be seen in the second part of the article where we will get acquainted with effective techniques and learn how to pay for a limit with a PIN card without a PIN code!
ARQC (Authorization Request Cryptogram) is cryptogram that generated by the card based on data from the terminal and session keys. This is the last info that the bank asks from the card before approving or rejecting the transaction, the most important info.
I increased the buffer on arduino today we will see only full answers. I will remind:
First of all, we activate the 2PAY.SYS.DDF01 applet in the main directory of the map
Sent:
0x00, 0xA4, 0x04, 0x00, 0x0E, 0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31, 0x00
Got:
6F 2F 84 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 1D BF 0C 1A 61 18 4F 07 A0 00 00 00 04 10 10 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 90 00
Do you remember that we study the answers received here https://www.emvlab.org/tlvutils/?
Now we know the AID and select the application
Sent:
0x00, 0xA4, 0x04, 0x00, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x04, 0x10, 0x10, 0x00
Got:
6F 39 84 07 A0 00 00 00 04 10 10 A5 2E 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 5F 2D 04 72 75 65 6E BF 0C 15 9F 5D 03 01 00 00 9F 4D 02 0B 0A 9F 6E 07 06 43 00 00 30 30 00 90 00
Send the card an empty PDOL (Processing Options Data Object List)
Sent:
0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00, 0x00
Got:
77 0E 82 02 19 80 94 08 08 01 01 00 10 02 06 01 90 00
We got AFL (Application File Locator) and from it we calculated where the files are on the map, we know exactly how many data the maps store, and we read them all in turns ....
Here we stopped last time. After reading one of the entries, we found what we needed and calmed down, now we will read all the entries and see what is on the MasterCard:
We send:
0x00, 0xB2, 0x01, 0x0C, 0x00
we get:
70 75 9F 6C 02 00 01 9F 62 06 00 00 00 00 00 0E 9F 63 06 00 00 00 00 03 03 F0 56 34 42 35 33 32 31 33 30 30 32 38 31 30 36 32 35 35 39 5E 20 2F 5E 32 32 30 37 32 30 31 31 32 37 36 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 9F 64 01 03 9F 65 02 00 0E 9F 66 02 03 F0 9F 6B 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 70 00 00 00 00 0F 9F 67 01 03 90 00
We send:
0x00, 0xB2, 0x02, 0x14, 0x00
we get:
70 81 A6 57 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 76 80 00 00 44 1F 5A 08 53 21 30 02 81 06 25 59 5F 24 03 22 07 31 5F 25 03 17 04 01 5F 28 02 06 43 5F 34 01 00 8C 27 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34 03 9F 21 03 9F 7C 14 8D 0C 91 0A 8A 02 95 05 9F 37 04 9F 4C 08 8E 0E 00 00 00 00 00 00 00 00 00 42 03 1E 03 1F 03 9F 07 02 FF 00 9F 08 02 00 02 9F 0D 05 B4 50 84 00 00 9F 0E 05 00 00 00 00 00 9F 0F 05 B4 70 84 80 00 9F 42 02 06 43 9F 4A 01 82 90 00
We send:
0x00, 0xB2, 0x03, 0x14, 0x00
we get:
70 81 E0 8F 01 05 9F 32 01 03 92 24 FE 61 45 51 06 7E 97 14 18 49 1A C2 E2 E1 B0 28 94 7D 1F 35 1D 11 E8 94 F7 53 31 95 21 BD C2 F4 B4 84 F8 3B 90 81 B0 2F E5 6E 9F 9B F0 8D 25 82 41 57 C9 12 19 1F 5F B2 AC 6B 22 6B 3B B3 A0 0E 42 47 03 31 C8 38 64 76 1B 5B 47 D9 6C AB 14 CA B6 21 DB 08 A6 36 82 55 A7 4C 1E 34 CC 99 00 9E B3 40 A7 5A 5C 2D 7A 66 06 3F 01 45 46 09 32 39 69 8B 41 34 91 9E 2E 4B 50 76 BF 14 11 A9 CB 84 B2 9C B5 72 3E A4 A0 C1 32 1F 63 43 CE 84 73 8A 03 EC 9F 9D 2D 30 4D 28 17 FB F2 AF BA 2F C1 47 80 0E F3 F8 BB 68 E6 21 04 B9 74 15 D4 4F 02 D8 9A F1 92 AA 8F A5 04 0F B9 7C FD D0 D3 A3 17 A3 16 6D F3 D8 BA BC 7C 05 0C A4 2B 22 46 0F 2D 1F 86 03 AA 12 EC 7B 0E 90 00
We send:
0x00, 0xB2, 0x04, 0x14, 0x00
we get:
70 03 93 01 FF 90 00
We send:
0x00, 0xB2, 0x05, 0x14, 0x00
we get:
70 04 9F 47 01 03 90 00
We send:
0x00, 0xB2, 0x06, 0x14, 0x00
we get:
70 81 B4 9F 46 81 B0 9D 14 58 CD E6 A1 0F A8 FA CC 78 FD E0 6B 02 F9 4E 9F 50 43 3B 12 E4 06 68 9A A7 37 FC F9 22 81 82 06 DF 6C FF 88 8D F9 EB D0 1C 8C 42 75 C6 1A BC 86 A2 05 93 64 B5 A9 B8 B7 01 3E F7 0A 09 55 87 B6 8A 45 3E 07 86 B7 63 DC 83 7C CE 21 70 42 54 B4 52 D2 1D 69 BF 7A 9F 6A 51 B0 79 D8 62 27 AA 51 4F 85 41 F0 4F EE D7 17 FA C9 A2 EB 1E E3 78 05 36 0C F1 0C 69 C4 DA DC 70 84 9A A3 94 56 9F 4A 18 5F 23 B1 20 B7 78 41 6A 27 8D 76 70 13 FB C2 18 03 E2 94 03 DA 99 19 60 33 09 0A 86 8C FE 9E F1 66 FC 41 13 76 13 0E A4 4F 8A 34 8B 63 90 00
So here:
In the same file where the card number was stored and the exp is stored, and Card Risk Management Data Object List 1 (CDOL1).
List of data objects (tag and length) to be passed to the ICC in the first GENERATE AC command
If you speak Russian: CDOL is a list of data that is required for the card during the analysis of the card.
The terminal uses processing rules to format the requested data, and then sends them to the card in requests for creating a cryptogram of the application.
In our case, CDOL1 is: 9F02069F03069F1A0295055F2A029A039C019F37049F35019F 45029F4C089F34039F21039F7C14
Which, in a detailed analysis, indicates to us the need to have these data:
9F02 (amount authorized) 6 bytes
9F03 (amount other) 6 bytes
9F1A (terminal country code) 2 bytes
95 (TVR - Terminal Verification Results) 5 bytes
5F2A (terminal currency code) 2 bytes
9A (transaction date) 3 bytes
9C (transaction type) 1 bytes
9F37 (unpredictable number) 4 bytes
9F35 (terminal type) 1 bytes
9F45 (data authentication code) 2 bytes
9F4C (ICC dynamic number) 8 bytes
9F34 (CVM Results - Cardholder Verification Results) 3 bytes
9F21 (transaction time) 3 bytes
9F7C (?) 20 bytes
Well, where do you get all this data, you ask? Take where I want to answer
In fact, not all of these data are on the Internet, you will quickly understand this when you conduct experiments on YOUR map.
But you are very lucky because you have me, 2018-01-31 at 14:29:20 I made a purchase somewhere, something and something I looked at the dialogue of the card and from the terminal, well and exclusive to you my friend I share this information:
amount authorized = 00 00 00 01 79 79 80 (the purchase was 179 rubles 80 kopecks)
amount other = 00 00 00 00 00 00
terminal country code = 06 43
TVR - Terminal Verification Results = 00 00 00 80 00
terminal currency code = 06 43
transaction date = 18 01 31
transaction type = 00
unpredictable number = 5e 06 39 ae (very important, this is a random number from the terminal)
terminal type = 22
data authentication code = 00 00
ICC dynamic number = 00 00 00 00 00 00 00 00 00
CVM Results - Cardholder Verification Results = 1f 03 00 (we can still play with this topic, but not in this article)
transaction time = 00 00 00
Cram all this sausage into our team and wait for the finale of our first act!
We send:
0x80, 0xAE, 0x90, 0x00, 0x42, 0x00, 0x00, 0x00, 0x01, 0x79, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x43, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x43, 0x18, 0x01, 0x31, 0x00, 0x5E, 0x06, 0x39, 0xAE, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x03, 0x00
We get:
77 81 A2 9F 27 01 80 9F 36 02 06 80 9F 4B 81 80 75 18 B8 8A 62 FC DE B4 7B AB 70 3A B4 B5 A6 58 B2 E7 76 32 49 21 55 1D 3C D2 BF FD 54 92 74 A3 E0 5A C7 EC 96 E9 1C 9D 2E 1A 10 62 FC 02 8E D3 E1 3B 6C CE 13 9C 2E 04 33 39 F8 2C 21 42 BD D5 A4 EF B2 C4 A3 EF EB 9C 93 16 DD 49 5D 09 2E FC C6 65 25 80 E7 64 9E 02 AA 34 51 F2 F7 E7 2A 8B 62 DC 9A 22 F9 99 C1 97 3D 54 90 A2 11 07 6A 94 23 7E ED A6 1C 2C 51 BB 79 2A 2C 00 C2 FF FC 18 9F 10 12 01 10 A0 40 03 22 00 00 00 00 00 00 00 00 00 00 00 00 FF 90 00
And what did we get this? and nothing more than the treasured Signed Dynamic Application Data Riptogram, which the card sends to the bank !! The very ARQC, whose generator was sold somewhere on the forum
Give my friend, putting a card to the terminal when buying ice cream, they communicate with these teams at a frantic speed sending them to each other. For example, according to my sniffer, a cryptogram request is sent in just 32 milliseconds:
000059 - LOG_INFO_CODEC_RX_DATA [75 bytes] (+32 ms) [03 80 ae 90 00 42 00 00 00 01 79 80 00 00 00 00 00 00 06 43 00 00 00 80 00 06 43 18 01 31 00 5e 06 39 ae 22 00 00 00 00 00 00 00 00 00 00 00 1f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 9c] {APDU: NONE RECOGNIZED}
Afterword:
Let’s summarize what we understood after reading all this?
The terminal does not write any data to the card. The terminal only reads the data and sends commands to the card! The card has a microcontroller, which itself modifies the internal files of the card. Access to the protected area of the memory card is IMPOSSIBLE, that is, reading the coveted private key is IMPOSSIBLE !! The card gives only the public key to the terminal!
The 9F36 Application Transaction Counter (ATC) transaction counter is incremented by one each time we send a PDOL card. It increases by the card itself from outside; we are not able to influence it.
Since this counter is never the same, it is used to generate a cryptogram. It is impossible to generate two cryptograms with one counter value, i.e. the data will always be different!
In order for the cryptograms to be realistically different from each other, another unpredictable number was introduced, which takes up 4 bytes (in our example, 5e 06 39 ae). This is a random number that the terminal sends to the map to generate a dynamic signature
As we know, each byte (unsigned of course, that is, also with a sign) can store values from 0 to 255. Multiplying 255 four times we get the number 4228250625 but what is it? And this is the number of combinations of random numbers that the terminal can send to the card.
I read somewhere that at the dawn of EMV terminals used a function of time to generate this number, but now everything is wrong, and it is IMPOSSIBLE to predict which 4 bytes the terminal will generate for the card!
Perhaps the light will be seen in the second part of the article where we will get acquainted with effective tricks, and learn how to pay with a smart card for goods at a limit without a PIN code, or maybe even with a PIN code (dick knows us).
I APPLY THE CODE FROM THE ARTICLE Suddenly, AT THOSE WHO WILL BUY IRON AND DECIDE TO PLAY, THE FULLY WORKING CODE ONLY INSERT AND FILL IN: https://pastebin.com/Ebym2EhG
