]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - client/emv/emvcore.c
5c737b056a0543d6a05b95eb01ade1caa6c60319
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2017 Merlok
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
9 //-----------------------------------------------------------------------------
13 // Got from here. Thanks)
14 // https://eftlab.co.uk/index.php/site-map/knowledge-base/211-emv-aid-rid-pix
15 const char *PSElist
[] = {
16 "325041592E5359532E4444463031", // 2PAY.SYS.DDF01 - Visa Proximity Payment System Environment - PPSE
17 "315041592E5359532E4444463031" // 1PAY.SYS.DDF01 - Visa Payment System Environment - PSE
19 const size_t PSElistLen
= sizeof(PSElist
)/sizeof(char*);
21 const char *AIDlist
[] = {
23 "A00000000305076010", // VISA ELO Credit
24 "A0000000031010", // VISA Debit/Credit (Classic)
25 "A0000000031010", // ddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
26 "A000000003101001", // VISA Credit
27 "A000000003101002", // VISA Debit
28 "A0000000032010", // VISA Electron
29 "A0000000032020", // VISA
30 "A0000000033010", // VISA Interlink
31 "A0000000034010", // VISA Specific
32 "A0000000035010", // VISA Specific
33 "A0000000036010", // Domestic Visa Cash Stored Value
34 "A0000000036020", // International Visa Cash Stored Value
35 "A0000000038002", // VISA Auth, VisaRemAuthen EMV-CAP (DPA)
36 "A0000000038010", // VISA Plus
37 "A0000000039010", // VISA Loyalty
38 "A000000003999910", // VISA Proprietary ATM
40 "A000000098", // Debit Card
41 "A0000000980848", // Debit Card
42 // Mastercard International
43 "A00000000401", // MasterCard PayPass
44 "A0000000041010", // MasterCard Credit
45 "A00000000410101213", // MasterCard Credit
46 "A00000000410101215", // MasterCard Credit
47 "A0000000042010", // MasterCard Specific
48 "A0000000043010", // MasterCard Specific
49 "A0000000043060", // Maestro (Debit)
50 "A000000004306001", // Maestro (Debit)
51 "A0000000044010", // MasterCard Specific
52 "A0000000045010", // MasterCard Specific
53 "A0000000046000", // Cirrus
54 "A0000000048002", // SecureCode Auth EMV-CAP
55 "A0000000049999", // MasterCard PayPass
63 // Groupement des Cartes Bancaires "CB"
64 "A0000000421010", // Cartes Bancaire EMV Card
70 "A00000006510", // JCB
71 "A0000000651010", // JCB J Smart Credit
72 "A0000001544442", // Banricompras Debito - Banrisul - Banco do Estado do Rio Grande do SUL - S.A.
73 "F0000000030001", // BRADESCO
74 "A0000005241010", // RuPay - RuPay
75 "D5780000021010" // Bankaxept - Bankaxept
77 const size_t AIDlistLen
= sizeof(AIDlist
)/sizeof(char*);
79 static bool APDULogging
= false;
80 void SetAPDULogging(bool logging
) {
81 APDULogging
= logging
;
84 static bool print_cb(void *data
, const struct tlv
*tlv
, int level
, bool is_leaf
) {
85 emv_tag_dump(tlv
, stdout
, level
);
87 dump_buffer(tlv
->value
, tlv
->len
, stdout
, level
);
93 void TLVPrintFromBuffer(uint8_t *data
, int datalen
) {
94 struct tlvdb
*t
= NULL
;
95 t
= tlvdb_parse_multi(data
, datalen
);
97 PrintAndLog("-------------------- TLV decoded --------------------");
99 tlvdb_visit(t
, print_cb
, NULL
, 0);
102 PrintAndLog("TLV ERROR: Can't parse response as TLV tree.");
106 void TLVPrintFromTLV(struct tlvdb
*tlv
) {
110 tlvdb_visit(tlv
, print_cb
, NULL
, 0);
113 void TLVPrintAIDlistFromSelectTLV(struct tlvdb
*tlv
) {
114 PrintAndLog("|------------------|--------|-------------------------|");
115 PrintAndLog("| AID |Priority| Name |");
116 PrintAndLog("|------------------|--------|-------------------------|");
118 struct tlvdb
*ttmp
= tlvdb_find(tlv
, 0x6f);
120 PrintAndLog("| none |");
123 const struct tlv
*tgAID
= tlvdb_get_inchild(ttmp
, 0x84, NULL
);
124 const struct tlv
*tgName
= tlvdb_get_inchild(ttmp
, 0x50, NULL
);
125 const struct tlv
*tgPrio
= tlvdb_get_inchild(ttmp
, 0x87, NULL
);
128 PrintAndLog("|%s| %s |%s|",
129 sprint_hex_inrow_ex(tgAID
->value
, tgAID
->len
, 18),
130 (tgPrio
) ? sprint_hex(tgPrio
->value
, 1) : " ",
131 (tgName
) ? sprint_ascii_ex(tgName
->value
, tgName
->len
, 25) : " ");
133 ttmp
= tlvdb_find_next(ttmp
, 0x6f);
136 PrintAndLog("|------------------|--------|-------------------------|");
140 int EMVSelect(bool ActivateField
, bool LeaveFieldON
, uint8_t *AID
, size_t AIDLen
, uint8_t *Result
, size_t MaxResultLen
, size_t *ResultLen
, uint16_t *sw
, struct tlvdb
*tlv
) {
141 uint8_t data
[APDU_RES_LEN
] = {0};
152 memcpy(&data
[5], AID
, AIDLen
);
158 PrintAndLog(">>>> %s", sprint_hex(data
, AIDLen
+ 6));
160 int res
= ExchangeAPDU14a(data
, AIDLen
+ 6, ActivateField
, LeaveFieldON
, Result
, (int)MaxResultLen
, (int *)ResultLen
);
163 PrintAndLog("<<<< %s", sprint_hex(Result
, *ResultLen
));
169 if (*ResultLen
< 2) {
170 PrintAndLog("SELECT ERROR: returned %d bytes", *ResultLen
);
175 isw
= Result
[*ResultLen
] * 0x0100 + Result
[*ResultLen
+ 1];
181 PrintAndLog("SELECT ERROR: [%4X] %s", isw
, GetAPDUCodeDescription(*sw
>> 8, *sw
& 0xff));
187 struct tlvdb
*t
= tlvdb_parse_multi(Result
, *ResultLen
);
194 int EMVSelectPSE(bool ActivateField
, bool LeaveFieldON
, uint8_t PSENum
, uint8_t *Result
, size_t MaxResultLen
, size_t *ResultLen
, uint16_t *sw
) {
195 uint8_t buf
[APDU_AID_LEN
] = {0};
201 param_gethex_to_eol(PSElist
[1], 0, buf
, sizeof(buf
), &len
);
204 param_gethex_to_eol(PSElist
[0], 0, buf
, sizeof(buf
), &len
);
211 res
= EMVSelect(ActivateField
, LeaveFieldON
, buf
, len
, Result
, MaxResultLen
, ResultLen
, sw
, NULL
);
216 int EMVSearchPSE(bool ActivateField
, bool LeaveFieldON
, bool decodeTLV
, struct tlvdb
*tlv
) {
217 uint8_t data
[APDU_RES_LEN
] = {0};
223 res
= EMVSelectPSE(ActivateField
, true, 2, data
, sizeof(data
), &datalen
, &sw
);
226 struct tlvdb
*t
= NULL
;
227 t
= tlvdb_parse_multi(data
, datalen
);
230 struct tlvdb
*ttmp
= tlvdb_find_path(t
, (tlv_tag_t
[]){0x6f, 0xa5, 0xbf0c, 0x61, 0x00});
232 PrintAndLog("PPSE don't have records.");
235 const struct tlv
*tgAID
= tlvdb_get_inchild(ttmp
, 0x4f, NULL
);
237 res
= EMVSelect(false, true, (uint8_t *)tgAID
->value
, tgAID
->len
, data
, sizeof(data
), &datalen
, &sw
, tlv
);
239 // retry if error and not returned sw error
240 if (res
&& res
!= 5) {
244 // card select error, proxmark error
246 PrintAndLog("Exit...");
251 PrintAndLog("Retry failed [%s]. Skiped...", sprint_hex_inrow(tgAID
->value
, tgAID
->len
));
255 ttmp
= tlvdb_find_next(ttmp
, 0x61);
262 PrintAndLog("%s:", sprint_hex_inrow(tgAID
->value
, tgAID
->len
));
263 TLVPrintFromBuffer(data
, datalen
);
267 ttmp
= tlvdb_find_next(ttmp
, 0x61);
272 PrintAndLog("PPSE ERROR: Can't get TLV from response.");
275 PrintAndLog("PPSE ERROR: Can't select PPSE AID. Error: %d", res
);
284 int EMVSearch(bool ActivateField
, bool LeaveFieldON
, bool decodeTLV
, struct tlvdb
*tlv
) {
285 uint8_t aidbuf
[APDU_AID_LEN
] = {0};
287 uint8_t data
[APDU_RES_LEN
] = {0};
293 for(int i
= 0; i
< AIDlistLen
; i
++) {
294 param_gethex_to_eol(AIDlist
[i
], 0, aidbuf
, sizeof(aidbuf
), &aidlen
);
295 res
= EMVSelect((i
== 0) ? ActivateField
: false, (i
== AIDlistLen
- 1) ? LeaveFieldON
: true, aidbuf
, aidlen
, data
, sizeof(data
), &datalen
, &sw
, tlv
);
296 // retry if error and not returned sw error
297 if (res
&& res
!= 5) {
301 // card select error, proxmark error
303 PrintAndLog("Exit...");
308 PrintAndLog("Retry failed [%s]. Skiped...", AIDlist
[i
]);
318 PrintAndLog("%s:", AIDlist
[i
]);
319 TLVPrintFromBuffer(data
, datalen
);
326 int EMVSelectApplication(struct tlvdb
*tlv
, uint8_t *AID
, size_t *AIDlen
) {
327 // needs to check priority. 0x00 - highest
332 struct tlvdb
*ttmp
= tlvdb_find(tlv
, 0x6f);
337 const struct tlv
*tgAID
= tlvdb_get_inchild(ttmp
, 0x84, NULL
);
338 const struct tlv
*tgPrio
= tlvdb_get_inchild(ttmp
, 0x87, NULL
);
344 int pt
= bytes_to_num((uint8_t*)tgPrio
->value
, (tgPrio
->len
< 2) ? tgPrio
->len
: 2);
348 memcpy(AID
, tgAID
->value
, tgAID
->len
);
349 *AIDlen
= tgAID
->len
;
352 // takes the first application from list wo priority
354 memcpy(AID
, tgAID
->value
, tgAID
->len
);
355 *AIDlen
= tgAID
->len
;
359 ttmp
= tlvdb_find_next(ttmp
, 0x6f);
365 int EMVGPO(bool LeaveFieldON
, uint8_t *PDOL
, size_t PDOLLen
, uint8_t *Result
, size_t MaxResultLen
, size_t *ResultLen
, uint16_t *sw
, struct tlvdb
*tlv
) {
366 uint8_t data
[APDU_RES_LEN
] = {0};
378 memcpy(&data
[5], PDOL
, PDOLLen
);
382 PrintAndLog(">>>> %s", sprint_hex(data
, PDOLLen
+ 5));
384 int res
= ExchangeAPDU14a(data
, PDOLLen
+ 5, false, LeaveFieldON
, Result
, (int)MaxResultLen
, (int *)ResultLen
);
387 PrintAndLog("<<<< %s", sprint_hex(Result
, *ResultLen
));
393 if (*ResultLen
< 2) {
394 PrintAndLog("GPO ERROR: returned %d bytes", *ResultLen
);
399 isw
= Result
[*ResultLen
] * 0x0100 + Result
[*ResultLen
+ 1];
405 PrintAndLog("GPO ERROR: [%4X] %s", isw
, GetAPDUCodeDescription(*sw
>> 8, *sw
& 0xff));
411 struct tlvdb
*t
= tlvdb_parse_multi(Result
, *ResultLen
);
418 int EMVReadRecord(bool LeaveFieldON
, uint8_t SFI
, uint8_t SFIrec
, uint8_t *Result
, size_t MaxResultLen
, size_t *ResultLen
, uint16_t *sw
, struct tlvdb
*tlv
) {
419 uint8_t data
[10] = {0};
428 data
[3] = (SFI
<< 3) | 0x04;
432 PrintAndLog(">>>> %s", sprint_hex(data
, 5));
434 int res
= ExchangeAPDU14a(data
, 5, false, LeaveFieldON
, Result
, (int)MaxResultLen
, (int *)ResultLen
);
437 PrintAndLog("<<<< %s", sprint_hex(Result
, *ResultLen
));
444 isw
= Result
[*ResultLen
] * 0x0100 + Result
[*ResultLen
+ 1];
450 PrintAndLog("Read record ERROR: [%4X] %s", isw
, GetAPDUCodeDescription(*sw
>> 8, *sw
& 0xff));
456 struct tlvdb
*t
= tlvdb_parse_multi(Result
, *ResultLen
);