1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2017, 2018 Merlok
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
9 //-----------------------------------------------------------------------------
13 #include "test/cryptotest.h"
14 #include "cliparser/cliparser.h"
16 int CmdHFEMVSelect(const char *cmd
) {
17 uint8_t data
[APDU_AID_LEN
] = {0};
21 CLIParserInit("hf 14a select",
22 "Executes select applet command",
23 "Usage:\n\thf emv select -s a00000000101 -> select card, select applet\n\thf emv select -st a00000000101 -> select card, select applet, show result in TLV\n");
27 arg_lit0("sS", "select", "activate field and select card"),
28 arg_lit0("kK", "keep", "keep field for next command"),
29 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
30 arg_lit0("tT", "tlv", "TLV decode results"),
31 arg_str0(NULL
, NULL
, "<HEX applet AID>", NULL
),
34 CLIExecWithReturn(cmd
, argtable
, true);
36 bool activateField
= arg_get_lit(1);
37 bool leaveSignalON
= arg_get_lit(2);
38 bool APDULogging
= arg_get_lit(3);
39 bool decodeTLV
= arg_get_lit(4);
40 CLIGetStrWithReturn(5, data
, &datalen
);
43 SetAPDULogging(APDULogging
);
46 uint8_t buf
[APDU_RES_LEN
] = {0};
49 int res
= EMVSelect(activateField
, leaveSignalON
, data
, datalen
, buf
, sizeof(buf
), &len
, &sw
, NULL
);
52 PrintAndLog("APDU response status: %04x - %s", sw
, GetAPDUCodeDescription(sw
>> 8, sw
& 0xff));
58 TLVPrintFromBuffer(buf
, len
);
63 int CmdHFEMVSearch(const char *cmd
) {
65 CLIParserInit("hf 14a select",
66 "Tries to select all applets from applet list:\n",
67 "Usage:\n\thf emv search -s -> select card and search\n\thf emv search -st -> select card, search and show result in TLV\n");
71 arg_lit0("sS", "select", "activate field and select card"),
72 arg_lit0("kK", "keep", "keep field ON for next command"),
73 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
74 arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
77 CLIExecWithReturn(cmd
, argtable
, true);
79 bool activateField
= arg_get_lit(1);
80 bool leaveSignalON
= arg_get_lit(2);
81 bool APDULogging
= arg_get_lit(3);
82 bool decodeTLV
= arg_get_lit(4);
85 SetAPDULogging(APDULogging
);
87 struct tlvdb
*t
= NULL
;
88 const char *al
= "Applets list";
89 t
= tlvdb_fixed(1, strlen(al
), (const unsigned char *)al
);
91 if (EMVSearch(activateField
, leaveSignalON
, decodeTLV
, t
)) {
96 PrintAndLog("Search completed.");
100 TLVPrintAIDlistFromSelectTLV(t
);
108 int CmdHFEMVPPSE(const char *cmd
) {
110 CLIParserInit("hf 14a pse",
111 "Executes PSE/PPSE select command. It returns list of applet on the card:\n",
112 "Usage:\n\thf emv pse -s1 -> select, get pse\n\thf emv pse -st2 -> select, get ppse, show result in TLV\n");
116 arg_lit0("sS", "select", "activate field and select card"),
117 arg_lit0("kK", "keep", "keep field ON for next command"),
118 arg_lit0("1", "pse", "pse (1PAY.SYS.DDF01) mode"),
119 arg_lit0("2", "ppse", "ppse (2PAY.SYS.DDF01) mode (default mode)"),
120 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
121 arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
124 CLIExecWithReturn(cmd
, argtable
, true);
126 bool activateField
= arg_get_lit(1);
127 bool leaveSignalON
= arg_get_lit(2);
133 bool APDULogging
= arg_get_lit(5);
134 bool decodeTLV
= arg_get_lit(6);
137 SetAPDULogging(APDULogging
);
140 uint8_t buf
[APDU_RES_LEN
] = {0};
143 int res
= EMVSelectPSE(activateField
, leaveSignalON
, PSENum
, buf
, sizeof(buf
), &len
, &sw
);
146 PrintAndLog("APDU response status: %04x - %s", sw
, GetAPDUCodeDescription(sw
>> 8, sw
& 0xff));
153 TLVPrintFromBuffer(buf
, len
);
158 #define TLV_ADD(tag, value)( tlvdb_add(tlvRoot, tlvdb_fixed(tag, sizeof(value) - 1, (const unsigned char *)value)) )
160 int CmdHFEMVGPO(const char *cmd
) {
161 uint8_t data
[APDU_RES_LEN
] = {0};
164 CLIParserInit("hf 14a gpo",
165 "Executes Get Processing Options command. It returns data in TLV format (0x77 - format2) or plain format (0x80 - format1).\nNeeds a EMV applet to be selected.",
166 "Usage:\n\thf emv gpo -k -> execute GPO\n\thf emv gpo -st 01020304 -> execute GPO with 4-byte PDOL data, show result in TLV\n");
167 // here need to add load params from file and gen pdol
171 arg_lit0("kK", "keep", "keep field ON for next command"),
172 arg_lit0("pP", "params", "load parameters for PDOL making from `emv/defparams.json` file (by default uses default parameters) (NOT WORK!!!)"),
173 arg_lit0("mM", "make", "make PDOLdata from PDOL (tag 9F38) and parameters (NOT WORK!!!)"),
174 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
175 arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
176 arg_str0(NULL
, NULL
, "<HEX PDOLdata/PDOL>", NULL
),
179 CLIExecWithReturn(cmd
, argtable
, true);
181 bool leaveSignalON
= arg_get_lit(1);
182 bool paramsLoadFromFile
= arg_get_lit(2);
183 bool dataMakeFromPDOL
= arg_get_lit(3);
184 bool APDULogging
= arg_get_lit(4);
185 bool decodeTLV
= arg_get_lit(5);
186 CLIGetStrWithReturn(6, data
, &datalen
);
189 SetAPDULogging(APDULogging
);
192 const char *alr
= "Root terminal TLV tree";
193 struct tlvdb
*tlvRoot
= tlvdb_fixed(1, strlen(alr
), (const unsigned char *)alr
);
196 struct tlv
*pdol_data_tlv
= NULL
;
197 struct tlv data_tlv
= {
200 .value
= (uint8_t *)data
,
202 if (dataMakeFromPDOL
) {
204 PrintAndLog("Make PDOL data not implemented!");
206 //9F02:(Amount, authorized (Numeric)) len:6
207 TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
208 //9F1A:(Terminal Country Code) len:2
209 TLV_ADD(0x9F1A, "ru");
210 //5F2A:(Transaction Currency Code) len:2
211 // USD 840, EUR 978, RUR 810, RUB 643, RUR 810(old), UAH 980, AZN 031, n/a 999
212 TLV_ADD(0x5F2A, "\x09\x80");
213 //9A:(Transaction Date) len:3
214 TLV_ADD(0x9A, "\x00\x00\x00");
215 //9C:(Transaction Type) len:1 | 00 => Goods and service #01 => Cash
216 TLV_ADD(0x9C, "\x00");
217 // 9F37 Unpredictable Number len:4
218 TLV_ADD(0x9F37, "\x01\x02\x03\x04");
219 // 9F6A Unpredictable Number (MSD for UDOL) len:4
220 TLV_ADD(0x9F6A, "\x01\x02\x03\x04");
221 //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
222 TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
224 if (paramsLoadFromFile
) {
226 /* pdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x9f38, NULL), tlvRoot, 0x83);
228 PrintAndLog("ERROR: can't create PDOL TLV.");
234 pdol_data_tlv
= &data_tlv
;
237 size_t pdol_data_tlv_data_len
= 0;
238 unsigned char *pdol_data_tlv_data
= tlv_encode(pdol_data_tlv
, &pdol_data_tlv_data_len
);
239 if (!pdol_data_tlv_data
) {
240 PrintAndLog("ERROR: can't create PDOL data.");
244 PrintAndLog("PDOL data[%d]: %s", pdol_data_tlv_data_len
, sprint_hex(pdol_data_tlv_data
, pdol_data_tlv_data_len
));
247 uint8_t buf
[APDU_RES_LEN
] = {0};
250 int res
= EMVGPO(leaveSignalON
, pdol_data_tlv_data
, pdol_data_tlv_data_len
, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
252 free(pdol_data_tlv_data
);
256 PrintAndLog("APDU response status: %04x - %s", sw
, GetAPDUCodeDescription(sw
>> 8, sw
& 0xff));
262 TLVPrintFromBuffer(buf
, len
);
267 int CmdHFEMVReadRecord(const char *cmd
) {
268 uint8_t data
[APDU_RES_LEN
] = {0};
271 CLIParserInit("hf 14a readrec",
272 "Executes Read Record command. It returns data in TLV format.\nNeeds a bank applet to be selected and sometimes needs GPO to be executed.",
273 "Usage:\n\thf emv readrec -k 0101 -> read file SFI=01, SFIrec=01\n\thf emv readrec -kt 0201-> read file 0201 and show result in TLV\n");
277 arg_lit0("kK", "keep", "keep field ON for next command"),
278 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
279 arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
280 arg_str1(NULL
, NULL
, "<SFI 1byte HEX><SFIrec 1byte HEX>", NULL
),
283 CLIExecWithReturn(cmd
, argtable
, true);
285 bool leaveSignalON
= arg_get_lit(1);
286 bool APDULogging
= arg_get_lit(2);
287 bool decodeTLV
= arg_get_lit(3);
288 CLIGetStrWithReturn(4, data
, &datalen
);
292 PrintAndLog("ERROR: Command needs to have 2 bytes of data");
296 SetAPDULogging(APDULogging
);
299 uint8_t buf
[APDU_RES_LEN
] = {0};
302 int res
= EMVReadRecord(leaveSignalON
, data
[0], data
[1], buf
, sizeof(buf
), &len
, &sw
, NULL
);
305 PrintAndLog("APDU response status: %04x - %s", sw
, GetAPDUCodeDescription(sw
>> 8, sw
& 0xff));
312 TLVPrintFromBuffer(buf
, len
);
317 int CmdHFEMVAC(const char *cmd
) {
318 uint8_t data
[APDU_RES_LEN
] = {0};
321 CLIParserInit("hf 14a genac",
322 "Generate Application Cryptogram command. It returns data in TLV format .\nNeeds a EMV applet to be selected and GPO to be executed.",
323 "Usage:\n\thf emv genac -k 0102-> execute GPO with 2-byte CDOLdata and keep field ON after command\n\thf emv genac -t 01020304 -> execute GPO with 4-byte CDOL data, show result in TLV\n");
327 arg_lit0("kK", "keep", "keep field ON for next command"),
328 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
329 arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
330 arg_str1(NULL
, NULL
, "<HEX CDOLdata>", NULL
),
333 CLIExecWithReturn(cmd
, argtable
, false);
335 bool leaveSignalON
= arg_get_lit(1);
336 bool APDULogging
= arg_get_lit(2);
337 bool decodeTLV
= arg_get_lit(3);
338 CLIGetStrWithReturn(4, data
, &datalen
);
341 SetAPDULogging(APDULogging
);
344 const char *alr
= "Root terminal TLV tree";
345 struct tlvdb
*tlvRoot
= tlvdb_fixed(1, strlen(alr
), (const unsigned char *)alr
);
348 struct tlv
*cdol_data_tlv
= NULL
;
349 // struct tlv *cdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x8c, NULL), tlvRoot, 0x01); // 0x01 - dummy tag
350 struct tlv data_tlv
= {
353 .value
= (uint8_t *)data
,
355 cdol_data_tlv
= &data_tlv
;
356 PrintAndLog("CDOL data[%d]: %s", cdol_data_tlv
->len
, sprint_hex(cdol_data_tlv
->value
, cdol_data_tlv
->len
));
359 uint8_t buf
[APDU_RES_LEN
] = {0};
362 // EMVAC_TC + EMVAC_CDAREQ --- to get SDAD
363 // res = EMVAC(true, (TrType == TT_CDA) ? EMVAC_TC + EMVAC_CDAREQ : EMVAC_TC, (uint8_t *)cdol_data_tlv->value, cdol_data_tlv->len, buf, sizeof(buf), &len, &sw, tlvRoot);
364 int res
= EMVAC(leaveSignalON
, EMVAC_TC
, (uint8_t *)cdol_data_tlv
->value
, cdol_data_tlv
->len
, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
366 // free(cdol_data_tlv);
370 PrintAndLog("APDU response status: %04x - %s", sw
, GetAPDUCodeDescription(sw
>> 8, sw
& 0xff));
376 TLVPrintFromBuffer(buf
, len
);
381 int CmdHFEMVGenerateChallenge(const char *cmd
) {
383 CLIParserInit("hf 14a challenge",
384 "Executes Generate Challenge command. It returns 4 or 8-byte random number from card:\n",
385 "Usage:\n\thf emv challenge -> get challenge\n\thf emv challenge -k -> get challenge, keep fileld ON\n");
389 arg_lit0("kK", "keep", "keep field ON for next command"),
390 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
393 CLIExecWithReturn(cmd
, argtable
, true);
395 bool leaveSignalON
= arg_get_lit(1);
396 bool APDULogging
= arg_get_lit(2);
399 SetAPDULogging(APDULogging
);
402 uint8_t buf
[APDU_RES_LEN
] = {0};
405 int res
= EMVGenerateChallenge(leaveSignalON
, buf
, sizeof(buf
), &len
, &sw
, NULL
);
408 PrintAndLog("APDU response status: %04x - %s", sw
, GetAPDUCodeDescription(sw
>> 8, sw
& 0xff));
413 PrintAndLog("Challenge: %s", sprint_hex(buf
, len
));
415 if (len
!= 4 && len
!= 8)
416 PrintAndLog("WARNING: length of challenge must be 4 or 8, but it %d", len
);
421 int CmdHFEMVInternalAuthenticate(const char *cmd
) {
422 uint8_t data
[APDU_RES_LEN
] = {0};
425 CLIParserInit("hf 14a intauth",
426 "Generate Internal Authenticate command. Usually needs 4-byte random number. It returns data in TLV format .\nNeeds a EMV applet to be selected and GPO to be executed.",
427 "Usage:\n\thf emv intauth -k 01020304 -> execute Internal Authenticate with 4-byte DDOLdata and keep field ON after command\n"
428 "\thf emv intauth -t 01020304 -> execute Internal Authenticate with 4-byte DDOL data, show result in TLV\n");
432 arg_lit0("kK", "keep", "keep field ON for next command"),
433 arg_lit0("aA", "apdu", "show APDU reqests and responses"),
434 arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
435 arg_str1(NULL
, NULL
, "<HEX DDOLdata>", NULL
),
438 CLIExecWithReturn(cmd
, argtable
, false);
440 bool leaveSignalON
= arg_get_lit(1);
441 bool APDULogging
= arg_get_lit(2);
442 bool decodeTLV
= arg_get_lit(3);
443 CLIGetStrWithReturn(4, data
, &datalen
);
446 SetAPDULogging(APDULogging
);
449 PrintAndLog("DDOL data[%d]: %s", datalen
, sprint_hex(data
, datalen
));
452 uint8_t buf
[APDU_RES_LEN
] = {0};
455 int res
= EMVInternalAuthenticate(leaveSignalON
, data
, datalen
, buf
, sizeof(buf
), &len
, &sw
, NULL
);
458 PrintAndLog("APDU response status: %04x - %s", sw
, GetAPDUCodeDescription(sw
>> 8, sw
& 0xff));
464 TLVPrintFromBuffer(buf
, len
);
469 int UsageCmdHFEMVExec(void) {
470 PrintAndLog("HELP : Executes EMV contactless transaction:\n");
471 PrintAndLog("Usage: hf emv exec [-s][-a][-t][-f][-v][-c][-x][-g]\n");
472 PrintAndLog(" Options:");
473 PrintAndLog(" -s : select card");
474 PrintAndLog(" -a : show APDU reqests and responses\n");
475 PrintAndLog(" -t : TLV decode results\n");
476 PrintAndLog(" -f : force search AID. Search AID instead of execute PPSE.\n");
477 PrintAndLog(" -v : transaction type - qVSDC or M/Chip.\n");
478 PrintAndLog(" -c : transaction type - qVSDC or M/Chip plus CDA (SDAD generation).\n");
479 PrintAndLog(" -x : transaction type - VSDC. For test only. Not a standart behavior.\n");
480 PrintAndLog(" -g : VISA. generate AC from GPO\n");
481 PrintAndLog("By default : transaction type - MSD.\n");
482 PrintAndLog("Samples:");
483 PrintAndLog(" hf emv exec -s -a -t -> execute MSD transaction");
484 PrintAndLog(" hf emv exec -s -a -t -c -> execute CDA transaction");
488 #define dreturn(n) {free(pdol_data_tlv);tlvdb_free(tlvSelect);tlvdb_free(tlvRoot);DropField();return n;}
490 int CmdHFEMVExec(const char *cmd
) {
491 bool activateField
= false;
492 bool showAPDU
= false;
493 bool decodeTLV
= false;
494 bool forceSearch
= false;
495 enum TransactionType TrType
= TT_MSD
;
496 bool GenACGPO
= false;
498 uint8_t buf
[APDU_RES_LEN
] = {0};
501 uint8_t AID
[APDU_AID_LEN
] = {0};
503 uint8_t ODAiList
[4096];
504 size_t ODAiListLen
= 0;
508 struct tlvdb
*tlvSelect
= NULL
;
509 struct tlvdb
*tlvRoot
= NULL
;
510 struct tlv
*pdol_data_tlv
= NULL
;
512 if (strlen(cmd
) < 1) {
518 while(param_getchar(cmd
, cmdp
) != 0x00) {
519 char c
= param_getchar(cmd
, cmdp
);
520 if ((c
== '-') && (param_getlength(cmd
, cmdp
) == 2))
521 switch (param_getchar_indx(cmd
, 1, cmdp
)) {
528 activateField
= true;
548 TrType
= TT_QVSDCMCHIP
;
559 PrintAndLog("Unknown parameter '%c'", param_getchar_indx(cmd
, 1, cmdp
));
566 // init applets list tree
567 const char *al
= "Applets list";
568 tlvSelect
= tlvdb_fixed(1, strlen(al
), (const unsigned char *)al
);
570 // Application Selection
571 // https://www.openscdp.org/scripts/tutorial/emv/applicationselection.html
574 PrintAndLog("\n* PPSE.");
575 SetAPDULogging(showAPDU
);
576 res
= EMVSearchPSE(activateField
, true, decodeTLV
, tlvSelect
);
578 // check PPSE and select application id
580 TLVPrintAIDlistFromSelectTLV(tlvSelect
);
581 EMVSelectApplication(tlvSelect
, AID
, &AIDlen
);
587 PrintAndLog("\n* Search AID in list.");
588 SetAPDULogging(false);
589 if (EMVSearch(activateField
, true, decodeTLV
, tlvSelect
)) {
593 // check search and select application id
594 TLVPrintAIDlistFromSelectTLV(tlvSelect
);
595 EMVSelectApplication(tlvSelect
, AID
, &AIDlen
);
599 const char *alr
= "Root terminal TLV tree";
600 tlvRoot
= tlvdb_fixed(1, strlen(alr
), (const unsigned char *)alr
);
602 // check if we found EMV application on card
604 PrintAndLog("Can't select AID. EMV AID not found");
609 PrintAndLog("\n* Selecting AID:%s", sprint_hex_inrow(AID
, AIDlen
));
610 SetAPDULogging(showAPDU
);
611 res
= EMVSelect(false, true, AID
, AIDlen
, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
614 PrintAndLog("Can't select AID (%d). Exit...", res
);
619 TLVPrintFromBuffer(buf
, len
);
620 PrintAndLog("* Selected.");
622 PrintAndLog("\n* Init transaction parameters.");
624 //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
625 char *qVSDC
= "\x26\x00\x00\x00";
627 qVSDC
= "\x26\x80\x00\x00";
631 TLV_ADD(0x9F66, "\x86\x00\x00\x00"); // MSD
633 // not standard for contactless. just for test.
635 TLV_ADD(0x9F66, "\x46\x00\x00\x00"); // VSDC
638 TLV_ADD(0x9F66, qVSDC
); // qVSDC
641 TLV_ADD(0x9F66, qVSDC
); // qVSDC (VISA CDA not enabled)
644 TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
648 //9F02:(Amount, authorized (Numeric)) len:6
649 TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
650 //9F1A:(Terminal Country Code) len:2
651 TLV_ADD(0x9F1A, "ru");
652 //5F2A:(Transaction Currency Code) len:2
653 // USD 840, EUR 978, RUR 810, RUB 643, RUR 810(old), UAH 980, AZN 031, n/a 999
654 TLV_ADD(0x5F2A, "\x09\x80");
655 //9A:(Transaction Date) len:3
656 TLV_ADD(0x9A, "\x00\x00\x00");
657 //9C:(Transaction Type) len:1 | 00 => Goods and service #01 => Cash
658 TLV_ADD(0x9C, "\x00");
659 // 9F37 Unpredictable Number len:4
660 TLV_ADD(0x9F37, "\x01\x02\x03\x04");
661 // 9F6A Unpredictable Number (MSD for UDOL) len:4
662 TLV_ADD(0x9F6A, "\x01\x02\x03\x04");
664 TLVPrintFromTLV(tlvRoot
); // TODO delete!!!
666 PrintAndLog("\n* Calc PDOL.");
667 pdol_data_tlv
= dol_process(tlvdb_get(tlvRoot
, 0x9f38, NULL
), tlvRoot
, 0x83);
669 PrintAndLog("ERROR: can't create PDOL TLV.");
673 size_t pdol_data_tlv_data_len
;
674 unsigned char *pdol_data_tlv_data
= tlv_encode(pdol_data_tlv
, &pdol_data_tlv_data_len
);
675 if (!pdol_data_tlv_data
) {
676 PrintAndLog("ERROR: can't create PDOL data.");
679 PrintAndLog("PDOL data[%d]: %s", pdol_data_tlv_data_len
, sprint_hex(pdol_data_tlv_data
, pdol_data_tlv_data_len
));
681 PrintAndLog("\n* GPO.");
682 res
= EMVGPO(true, pdol_data_tlv_data
, pdol_data_tlv_data_len
, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
684 free(pdol_data_tlv_data
);
685 //free(pdol_data_tlv); --- free on exit.
688 PrintAndLog("GPO error(%d): %4x. Exit...", res
, sw
);
692 // process response template format 1 [id:80 2b AIP + x4b AFL] and format 2 [id:77 TLV]
693 if (buf
[0] == 0x80) {
695 PrintAndLog("GPO response format1:");
696 TLVPrintFromBuffer(buf
, len
);
699 if (len
< 4 || (len
- 4) % 4) {
700 PrintAndLog("ERROR: GPO response format1 parsing error. length=%d", len
);
703 struct tlvdb
* f1AIP
= tlvdb_fixed(0x82, 2, buf
+ 2);
704 tlvdb_add(tlvRoot
, f1AIP
);
706 PrintAndLog("\n* * Decode response format 1 (0x80) AIP and AFL:");
707 TLVPrintFromTLV(f1AIP
);
711 struct tlvdb
* f1AFL
= tlvdb_fixed(0x94, len
- 4, buf
+ 2 + 2);
712 tlvdb_add(tlvRoot
, f1AFL
);
714 TLVPrintFromTLV(f1AFL
);
718 TLVPrintFromBuffer(buf
, len
);
721 // extract PAN from track2
723 const struct tlv
*track2
= tlvdb_get(tlvRoot
, 0x57, NULL
);
724 if (!tlvdb_get(tlvRoot
, 0x5a, NULL
) && track2
&& track2
->len
>= 8) {
725 struct tlvdb
*pan
= GetPANFromTrack2(track2
);
727 tlvdb_add(tlvRoot
, pan
);
729 const struct tlv
*pantlv
= tlvdb_get(tlvRoot
, 0x5a, NULL
);
730 PrintAndLog("\n* * Extracted PAN from track2: %s", sprint_hex(pantlv
->value
, pantlv
->len
));
732 PrintAndLog("\n* * WARNING: Can't extract PAN from track2.");
737 PrintAndLog("\n* Read records from AFL.");
738 const struct tlv
*AFL
= tlvdb_get(tlvRoot
, 0x94, NULL
);
739 if (!AFL
|| !AFL
->len
) {
740 PrintAndLog("WARNING: AFL not found.");
743 while(AFL
&& AFL
->len
) {
745 PrintAndLog("ERROR: Wrong AFL length: %d", AFL
->len
);
749 for (int i
= 0; i
< AFL
->len
/ 4; i
++) {
750 uint8_t SFI
= AFL
->value
[i
* 4 + 0] >> 3;
751 uint8_t SFIstart
= AFL
->value
[i
* 4 + 1];
752 uint8_t SFIend
= AFL
->value
[i
* 4 + 2];
753 uint8_t SFIoffline
= AFL
->value
[i
* 4 + 3];
755 PrintAndLog("* * SFI[%02x] start:%02x end:%02x offline:%02x", SFI
, SFIstart
, SFIend
, SFIoffline
);
756 if (SFI
== 0 || SFI
== 31 || SFIstart
== 0 || SFIstart
> SFIend
) {
757 PrintAndLog("SFI ERROR! Skipped...");
761 for(int n
= SFIstart
; n
<= SFIend
; n
++) {
762 PrintAndLog("* * * SFI[%02x] %d", SFI
, n
);
764 res
= EMVReadRecord(true, SFI
, n
, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
766 PrintAndLog("ERROR SFI[%02x]. APDU error %4x", SFI
, sw
);
771 TLVPrintFromBuffer(buf
, len
);
775 // Build Input list for Offline Data Authentication
776 // EMV 4.3 book3 10.3, page 96
779 const unsigned char *abuf
= buf
;
782 if (tlv_parse_tl(&abuf
, &elmlen
, &e
)) {
783 memcpy(&ODAiList
[ODAiListLen
], &buf
[len
- elmlen
], elmlen
);
784 ODAiListLen
+= elmlen
;
786 PrintAndLog("ERROR SFI[%02x]. Creating input list for Offline Data Authentication error.", SFI
);
789 memcpy(&ODAiList
[ODAiListLen
], buf
, len
);
799 // copy Input list for Offline Data Authentication
801 struct tlvdb
*oda
= tlvdb_fixed(0x21, ODAiListLen
, ODAiList
); // not a standard tag
802 tlvdb_add(tlvRoot
, oda
);
803 PrintAndLog("* Input list for Offline Data Authentication added to TLV. len=%d \n", ODAiListLen
);
807 const struct tlv
*AIPtlv
= tlvdb_get(tlvRoot
, 0x82, NULL
);
808 uint16_t AIP
= AIPtlv
->value
[0] + AIPtlv
->value
[1] * 0x100;
809 PrintAndLog("* * AIP=%04x", AIP
);
813 PrintAndLog("\n* SDA");
819 PrintAndLog("\n* DDA");
820 trDDA(decodeTLV
, tlvRoot
);
826 if (TrType
== TT_QVSDCMCHIP
|| TrType
== TT_CDA
){
827 // 9F26: Application Cryptogram
828 const struct tlv
*AC
= tlvdb_get(tlvRoot
, 0x9F26, NULL
);
830 PrintAndLog("\n--> qVSDC transaction.");
831 PrintAndLog("* AC path");
833 // 9F36: Application Transaction Counter (ATC)
834 const struct tlv
*ATC
= tlvdb_get(tlvRoot
, 0x9F36, NULL
);
837 // 9F10: Issuer Application Data - optional
838 const struct tlv
*IAD
= tlvdb_get(tlvRoot
, 0x9F10, NULL
);
841 PrintAndLog("ATC: %s", sprint_hex(ATC
->value
, ATC
->len
));
842 PrintAndLog("AC: %s", sprint_hex(AC
->value
, AC
->len
));
844 PrintAndLog("IAD: %s", sprint_hex(IAD
->value
, IAD
->len
));
846 if (IAD
->len
>= IAD
->value
[0] + 1) {
847 PrintAndLog("\tKey index: 0x%02x", IAD
->value
[1]);
848 PrintAndLog("\tCrypto ver: 0x%02x(%03d)", IAD
->value
[2], IAD
->value
[2]);
849 PrintAndLog("\tCVR:", sprint_hex(&IAD
->value
[3], IAD
->value
[0] - 2));
850 struct tlvdb
* cvr
= tlvdb_fixed(0x20, IAD
->value
[0] - 2, &IAD
->value
[3]);
851 TLVPrintFromTLVLev(cvr
, 1);
854 PrintAndLog("WARNING: IAD not found.");
858 PrintAndLog("ERROR AC: Application Transaction Counter (ATC) not found.");
864 if (GetCardPSVendor(AID
, AIDlen
) == CV_MASTERCARD
&& (TrType
== TT_QVSDCMCHIP
|| TrType
== TT_CDA
)){
865 const struct tlv
*CDOL1
= tlvdb_get(tlvRoot
, 0x8c, NULL
);
866 if (CDOL1
&& GetCardPSVendor(AID
, AIDlen
) == CV_MASTERCARD
) { // and m/chip transaction flag
867 PrintAndLog("\n--> Mastercard M/Chip transaction.");
869 PrintAndLog("* * Generate challenge");
870 res
= EMVGenerateChallenge(true, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
872 PrintAndLog("ERROR GetChallenge. APDU error %4x", sw
);
876 PrintAndLog("ERROR GetChallenge. Wrong challenge length %d", len
);
880 // ICC Dynamic Number
881 struct tlvdb
* ICCDynN
= tlvdb_fixed(0x9f4c, len
, buf
);
882 tlvdb_add(tlvRoot
, ICCDynN
);
884 PrintAndLog("\n* * ICC Dynamic Number:");
885 TLVPrintFromTLV(ICCDynN
);
888 PrintAndLog("* * Calc CDOL1");
889 struct tlv
*cdol_data_tlv
= dol_process(tlvdb_get(tlvRoot
, 0x8c, NULL
), tlvRoot
, 0x01); // 0x01 - dummy tag
891 PrintAndLog("ERROR: can't create CDOL1 TLV.");
894 PrintAndLog("CDOL1 data[%d]: %s", cdol_data_tlv
->len
, sprint_hex(cdol_data_tlv
->value
, cdol_data_tlv
->len
));
896 PrintAndLog("* * AC1");
897 // EMVAC_TC + EMVAC_CDAREQ --- to get SDAD
898 res
= EMVAC(true, (TrType
== TT_CDA
) ? EMVAC_TC
+ EMVAC_CDAREQ
: EMVAC_TC
, (uint8_t *)cdol_data_tlv
->value
, cdol_data_tlv
->len
, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
901 PrintAndLog("AC1 error(%d): %4x. Exit...", res
, sw
);
906 TLVPrintFromBuffer(buf
, len
);
909 PrintAndLog("\n* CDA:");
910 struct tlvdb
*ac_tlv
= tlvdb_parse_multi(buf
, len
);
911 res
= trCDA(tlvRoot
, ac_tlv
, pdol_data_tlv
, cdol_data_tlv
);
913 PrintAndLog("CDA error (%d)", res
);
918 PrintAndLog("\n* M/Chip transaction result:");
919 // 9F27: Cryptogram Information Data (CID)
920 const struct tlv
*CID
= tlvdb_get(tlvRoot
, 0x9F27, NULL
);
922 emv_tag_dump(CID
, stdout
, 0);
923 PrintAndLog("------------------------------");
925 switch(CID
->value
[0] & EMVAC_AC_MASK
){
927 PrintAndLog("Transaction DECLINED.");
930 PrintAndLog("Transaction approved OFFLINE.");
933 PrintAndLog("Transaction approved ONLINE.");
936 PrintAndLog("ERROR: CID transaction code error %2x", CID
->value
[0] & EMVAC_AC_MASK
);
940 PrintAndLog("ERROR: Wrong CID length %d", CID
->len
);
943 PrintAndLog("ERROR: CID(9F27) not found.");
950 if (AIP
& 0x8000 && TrType
== TT_MSD
) {
951 PrintAndLog("\n--> MSD transaction.");
953 PrintAndLog("* MSD dCVV path. Check dCVV");
955 const struct tlv
*track2
= tlvdb_get(tlvRoot
, 0x57, NULL
);
957 PrintAndLog("Track2: %s", sprint_hex(track2
->value
, track2
->len
));
959 struct tlvdb
*dCVV
= GetdCVVRawFromTrack2(track2
);
960 PrintAndLog("dCVV raw data:");
961 TLVPrintFromTLV(dCVV
);
963 if (GetCardPSVendor(AID
, AIDlen
) == CV_MASTERCARD
) {
964 PrintAndLog("\n* Mastercard calculate UDOL");
967 const struct tlv
*UDOL
= tlvdb_get(tlvRoot
, 0x9F69, NULL
);
968 // UDOL(9F69) default: 9F6A (Unpredictable number) 4 bytes
969 const struct tlv defUDOL
= {
972 .value
= (uint8_t *)"\x9f\x6a\x04",
975 PrintAndLog("Use default UDOL.");
977 struct tlv
*udol_data_tlv
= dol_process(UDOL
? UDOL
: &defUDOL
, tlvRoot
, 0x01); // 0x01 - dummy tag
979 PrintAndLog("ERROR: can't create UDOL TLV.");
983 PrintAndLog("UDOL data[%d]: %s", udol_data_tlv
->len
, sprint_hex(udol_data_tlv
->value
, udol_data_tlv
->len
));
985 PrintAndLog("\n* Mastercard compute cryptographic checksum(UDOL)");
987 res
= MSCComputeCryptoChecksum(true, (uint8_t *)udol_data_tlv
->value
, udol_data_tlv
->len
, buf
, sizeof(buf
), &len
, &sw
, tlvRoot
);
989 PrintAndLog("ERROR Compute Crypto Checksum. APDU error %4x", sw
);
995 TLVPrintFromBuffer(buf
, len
);
1002 PrintAndLog("ERROR MSD: Track2 data not found.");
1010 free(pdol_data_tlv
);
1011 tlvdb_free(tlvSelect
);
1012 tlvdb_free(tlvRoot
);
1014 PrintAndLog("\n* Transaction completed.");
1019 int CmdHFEMVTest(const char *cmd
) {
1020 return ExecuteCryptoTests(true);
1023 int CmdHelp(const char *Cmd
);
1024 static command_t CommandTable
[] = {
1025 {"help", CmdHelp
, 1, "This help"},
1026 {"exec", CmdHFEMVExec
, 0, "Executes EMV contactless transaction."},
1027 {"pse", CmdHFEMVPPSE
, 0, "Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory."},
1028 {"search", CmdHFEMVSearch
, 0, "Try to select all applets from applets list and print installed applets."},
1029 {"select", CmdHFEMVSelect
, 0, "Select applet."},
1030 {"gpo", CmdHFEMVGPO
, 0, "Execute GetProcessingOptions."},
1031 {"readrec", CmdHFEMVReadRecord
, 0, "Read files from card."},
1032 {"genac", CmdHFEMVAC
, 0, "Generate ApplicationCryptogram."},
1033 {"challenge", CmdHFEMVGenerateChallenge
, 0, "Generate challenge."},
1034 {"intauth", CmdHFEMVInternalAuthenticate
, 0, "Internal authentication."},
1035 {"test", CmdHFEMVTest
, 0, "Crypto logic test."},
1036 {NULL
, NULL
, 0, NULL
}
1039 int CmdHFEMV(const char *Cmd
) {
1040 CmdsParse(CommandTable
, Cmd
);
1044 int CmdHelp(const char *Cmd
) {
1045 CmdsHelp(CommandTable
);