Hi all, I am one of the most that is trying to read (accepting a strong headache) public data from a Credit/Debit card via NFC.
I was using to read the good old magnetic band (very easy task) and picking from it all public infos of the card...but the world is evolving and so I was shure (!!!) that performing a similar task from the card using NFC should be more or less the same job (what a mistake!).
NFC is a very large and complex world and first of all we have to understand that Credit/Debit cards are just one (or more than one) kind of structures that we can find in this ocean.
You have to keep in mind that I am not an expert in this area, but only a "swimmer" that is trying to cross this large swimming-pool at his best.
In this trial I want to share all the steps that I reached, hoping that these points could help other "swimmers" like me and thanking all the guys (expert or not-expert) that can help me and others on this path.
Well, the first concept I have discovered is that the most of the Credit Cards players use rules called EMV. This is not a fixing arrive point, but unfortunately is only a good starting point.
To read from Credit Cards a lot of infos we have to use APDUs, that is a set of hex command/response to interoperate with EMV cards. You can google infos about this from eftlab.com, envlab.com or others.
Then I have found a very useful job from Johan Schoeman, that has embedded a TapCard library. This library is able to self construct the chain of commands and relative responses, parsing them and so helping in uderstanding their meanings. It is a good base for study APDUs, but I think that cannot be the final solutions, for some reasons:
In the next days I will link an example of how to perform APDUs commands/responses
I want to thank drgottjr for his help in these first steps.
The first command we always have to post is this:
that asks which logical cards (AID) are inside the plastic connected (should be more than one)
the second command is to select the AID we want to inspect:
In this case is selected the only AID present (A0 00 00 00 03 10 10)
The third command is to Get Processin Options (GPU). In the response is contained the Track2 Equivalent Data, that contains Card Number (that I have masqueraded with wwxxyyzz):
This is actual border I have reached, because at now I cannot undesrtand haw is composed the Parameter Data of this third command (83 21 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 50 00 00 00 00 00 09 78 24 03 15 00 EE 40 FB 4B 00)
Is there someone that can help me to understand how to construct this Parameter Data? If so I can go on from this point, sharing with all of you the next steps.
If some of the concepts I have fixed is not complete or wrong I will appreciate to have from anybody the corrections/implementations that can rearrange the study path I am following in this area.
Thank you
Roberto
I was using to read the good old magnetic band (very easy task) and picking from it all public infos of the card...but the world is evolving and so I was shure (!!!) that performing a similar task from the card using NFC should be more or less the same job (what a mistake!).
NFC is a very large and complex world and first of all we have to understand that Credit/Debit cards are just one (or more than one) kind of structures that we can find in this ocean.
You have to keep in mind that I am not an expert in this area, but only a "swimmer" that is trying to cross this large swimming-pool at his best.
In this trial I want to share all the steps that I reached, hoping that these points could help other "swimmers" like me and thanking all the guys (expert or not-expert) that can help me and others on this path.
Well, the first concept I have discovered is that the most of the Credit Cards players use rules called EMV. This is not a fixing arrive point, but unfortunately is only a good starting point.
To read from Credit Cards a lot of infos we have to use APDUs, that is a set of hex command/response to interoperate with EMV cards. You can google infos about this from eftlab.com, envlab.com or others.
Then I have found a very useful job from Johan Schoeman, that has embedded a TapCard library. This library is able to self construct the chain of commands and relative responses, parsing them and so helping in uderstanding their meanings. It is a good base for study APDUs, but I think that cannot be the final solutions, for some reasons:
- it has total control over the configuration of the commands and where it cannot reach the goal of returning card id it goes in a loop and finally crashes.
- no way to implement library for cards not working
In the next days I will link an example of how to perform APDUs commands/responses
I want to thank drgottjr for his help in these first steps.
The first command we always have to post is this:
command PPSE:
COMMAND = 00 A4 04 00 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00
RESPONSE =
6F 3B -- File Control Information (FCI) Template
84 0E -- Dedicated File (DF) Name
32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 (BINARY)
A5 29 -- File Control Information (FCI) Proprietary Template
BF 0C 26 -- File Control Information (FCI) Issuer Discretionary Data
61 24 -- Application Template
4F 07 -- Application Identifier (AID) - card
A0 00 00 00 03 10 10 (BINARY)
50 0B -- Application Label
56 69 73 61 20 43 72 65 64 69 74 (=Visa Credit)
87 01 -- Application Priority Indicator
01 (BINARY)
9F 0A 08 -- [UNKNOWN TAG]
00 01 05 02 00 00 00 00 (BINARY)
90 00 -- Command successfully executed (OK)the second command is to select the AID we want to inspect:
comand select AID:
COMMAND = 00 A4 04 00 07 A0 00 00 00 03 10 10 00
RESPONSE =
6F 70 -- File Control Information (FCI) Template
84 07 -- Dedicated File (DF) Name
A0 00 00 00 03 10 10 (BINARY)
A5 65 -- File Control Information (FCI) Proprietary Template
50 0B -- Application Label
56 69 73 61 20 43 72 65 64 69 74 (=Visa Credit)
87 01 -- Application Priority Indicator
01 (BINARY)
9F 38 18 -- Processing Options Data Object List (PDOL)
9F 66 04 -- Terminal Transaction Qualifiers
9F 02 06 -- Amount, Authorised (Numeric)
9F 03 06 -- Amount, Other (Numeric)
9F 1A 02 -- Terminal Country Code
95 05 -- Terminal Verification Results (TVR)
5F 2A 02 -- Transaction Currency Code
9A 03 -- Transaction Date
9C 01 -- Transaction Type
9F 37 04 -- Unpredictable Number
5F 2D 08 -- Language Preference
69 74 65 6E 66 72 64 65 (=itenfrde)
BF 0C 2C -- File Control Information (FCI) Issuer Discretionary Data
9F 5A 05 -- [UNKNOWN TAG]
31 09 78 03 80 (BINARY)
BF 63 04 -- [UNKNOWN TAG]
DF 20 01 -- [UNKNOWN TAG]
80 (BINARY)
DF 01 0F -- [UNKNOWN TAG]
30 33 30 38 33 30 30 31 39 32 35 30 30 30 31 (BINARY)
9F 0A 08 -- [UNKNOWN TAG]
00 01 05 02 00 00 00 00 (BINARY)
90 00 -- Command successfully executed (OK)The third command is to Get Processin Options (GPU). In the response is contained the Track2 Equivalent Data, that contains Card Number (that I have masqueraded with wwxxyyzz):
command GPO:
COMMAND = 80 A8 00 00 23 83 21 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 50 00 00 00 00 00 09 78 24 03 15 00 EE 40 FB 4B 00
RESPONSE =
77 59 -- Response Message Template Format 2
82 02 -- Application Interchange Profile
20 20 (BINARY)
94 08 -- Application File Locator (AFL)
10 01 02 00 18 03 06 00 (BINARY)
57 10 -- Track 2 Equivalent Data
ww ww xx xx yy yy zz zz D2 50 12 06 14 94 40 48 (BINARY)
5F 20 02 -- Cardholder Name
20 2F (= /)
5F 34 01 -- Application Primary Account Number (PAN) Sequence Number
01 (NUMERIC)
9F 10 07 -- Issuer Application Data
06 02 12 03 90 00 00 (BINARY)
9F 26 08 -- Application Cryptogram
97 00 49 F4 27 BC 1E 92 (BINARY)
9F 27 01 -- Cryptogram Information Data
40 (BINARY)
9F 36 02 -- Application Transaction Counter (ATC)
00 42 (BINARY)
9F 6C 02 -- Mag Stripe Application Version Number (Card)
38 00 (BINARY)
9F 6E 04 -- Visa Low-Value Payment (VLP) Issuer Authorisation Code
20 70 00 00 (BINARY)
9F 7C 03 -- Merchant Custom Data
01 01 01 (BINARY)
90 00 -- Command successfully executed (OK)Is there someone that can help me to understand how to construct this Parameter Data? If so I can go on from this point, sharing with all of you the next steps.
If some of the concepts I have fixed is not complete or wrong I will appreciate to have from anybody the corrections/implementations that can rearrange the study path I am following in this area.
Thank you
Roberto
