search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix little endian vs big endian in the macros... again... but this time correct
[RRG-proxmark3.git] / client / src / emv / emvcore.c
blob7d0ab8ce4c27c0c3b349f82d0c1e5aa1401dba1e
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2017 Merlok
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // EMV core functions
9 //-----------------------------------------------------------------------------
10
11 #include "emvcore.h"
12
13 #include <string.h>
14
15 #include "commonutil.h" // ARRAYLEN
16 #include "comms.h" // DropField
17 #include "cmdparser.h"
18 #include "cmdsmartcard.h" // ExchangeAPDUSC
19 #include "ui.h"
20 #include "cmdhf14a.h"
21 #include "cmdhf14b.h"
22 #include "dol.h"
23 #include "emv_tags.h"
24 #include "emvjson.h"
25 #include "util_posix.h"
26
27 // Got from here. Thanks!
28 // https://eftlab.co.uk/index.php/site-map/knowledge-base/211-emv-aid-rid-pix
29 static const char *PSElist [] = {
30 "325041592E5359532E4444463031", // 2PAY.SYS.DDF01 - Visa Proximity Payment System Environment - PPSE
31 "315041592E5359532E4444463031" // 1PAY.SYS.DDF01 - Visa Payment System Environment - PSE
32 };
33
34 const char *TransactionTypeStr[] = {
35 "MSD",
36 "VSDC",
37 "qVCDCMCHIP",
38 "CDA"
39 };
40
41 typedef struct {
42 enum CardPSVendor vendor;
43 const char *aid;
44 } TAIDList;
45
46 static const TAIDList AIDlist [] = {
47 // Visa International
48 { CV_VISA, "A00000000305076010" }, // VISA ELO Credit
49 { CV_VISA, "A0000000031010" }, // VISA Debit/Credit (Classic)
50 { CV_VISA, "A000000003101001" }, // VISA Credit
51 { CV_VISA, "A000000003101002" }, // VISA Debit
52 { CV_VISA, "A0000000032010" }, // VISA Electron
53 { CV_VISA, "A0000000032020" }, // VISA
54 { CV_VISA, "A0000000033010" }, // VISA Interlink
55 { CV_VISA, "A0000000034010" }, // VISA Specific
56 { CV_VISA, "A0000000035010" }, // VISA Specific
57 { CV_VISA, "A0000000036010" }, // Domestic Visa Cash Stored Value
58 { CV_VISA, "A0000000036020" }, // International Visa Cash Stored Value
59 { CV_VISA, "A0000000038002" }, // VISA Auth, VisaRemAuthen EMV-CAP (DPA)
60 { CV_VISA, "A0000000038010" }, // VISA Plus
61 { CV_VISA, "A0000000039010" }, // VISA Loyalty
62 { CV_VISA, "A000000003999910" }, // VISA Proprietary ATM
63 // Visa USA
64 { CV_VISA, "A000000098" }, // Debit Card
65 { CV_VISA, "A0000000980848" }, // Debit Card
66 // Mastercard International
67 { CV_MASTERCARD, "A00000000401" }, // MasterCard PayPass
68 { CV_MASTERCARD, "A0000000041010" }, // MasterCard Credit
69 { CV_MASTERCARD, "A00000000410101213" }, // MasterCard Credit
70 { CV_MASTERCARD, "A00000000410101215" }, // MasterCard Credit
71 { CV_MASTERCARD, "A0000000042010" }, // MasterCard Specific
72 { CV_MASTERCARD, "A0000000043010" }, // MasterCard Specific
73 { CV_MASTERCARD, "A0000000043060" }, // Maestro (Debit)
74 { CV_MASTERCARD, "A000000004306001" }, // Maestro (Debit)
75 { CV_MASTERCARD, "A0000000044010" }, // MasterCard Specific
76 { CV_MASTERCARD, "A0000000045010" }, // MasterCard Specific
77 { CV_MASTERCARD, "A0000000046000" }, // Cirrus
78 { CV_MASTERCARD, "A0000000048002" }, // SecureCode Auth EMV-CAP
79 { CV_MASTERCARD, "A0000000049999" }, // MasterCard PayPass
80 { CV_MASTERCARD, "B012345678" }, // Maestro TEST Used for development
81 // American Express
82 { CV_AMERICANEXPRESS, "A000000025" },
83 { CV_AMERICANEXPRESS, "A0000000250000" },
84 { CV_AMERICANEXPRESS, "A00000002501" },
85 { CV_AMERICANEXPRESS, "A000000025010402" },
86 { CV_AMERICANEXPRESS, "A000000025010701" },
87 { CV_AMERICANEXPRESS, "A000000025010801" },
88 // Groupement des Cartes Bancaires "CB"
89 { CV_CB, "A0000000421010" }, // Cartes Bancaire EMV Card
90 { CV_CB, "A0000000422010" },
91 { CV_CB, "A0000000423010" },
92 { CV_CB, "A0000000424010" },
93 { CV_CB, "A0000000425010" },
94 // JCB CO., LTD.
95 { CV_JCB, "A00000006510" }, // JCB
96 { CV_JCB, "A0000000651010" }, // JCB J Smart Credit
97 // Switch Card Services Ltd.
98 { CV_SWITCH, "A0000000050001" }, // Maestro UK
99 { CV_SWITCH, "A0000000050002" }, // Solo
100 // Diners Club International Ltd.
101 { CV_DINERS, "A0000001523010" }, // Discover, Pulse D Pas Discover Card
102 { CV_DINERS, "A0000001524010" }, // Discover, Discover Debit Common Card
103 // Other
104 { CV_OTHER, "A00000002401" }, // Midland Bank Plc - Self Service
105 { CV_OTHER, "A0000000291010" }, // LINK Interchange Network Ltd - Link / American Express
106 { CV_OTHER, "A00000006900" }, // Société Européenne de Monnaie Electronique SEME - Moneo
107 { CV_OTHER, "A000000077010000021000000000003B" }, // Oberthur Technologies France - Visa AEPN
108 { CV_OTHER, "A0000001211010" }, // PBS Danmark A/S - Denmark - Dankort (VISA GEM Vision) - Danish domestic debit card
109 { CV_OTHER, "A0000001410001" }, // Associazione Bancaria Italiana - Italy - PagoBANCOMAT - CoGeBan Consorzio BANCOMAT (Italian domestic debit card)
110 { CV_OTHER, "A0000001544442" }, // Banricompras Debito - Banrisul - Banco do Estado do Rio Grande do SUL - S.A.
111 { CV_OTHER, "A000000172950001" }, // Financial Information Service Co. Ltd. - Taiwan - BAROC Financial Application Taiwan- The Bankers Association of the Republic of China
112 { CV_OTHER, "A0000001850002" }, // Post Office Limited - United Kingdom - UK Post Office Account card
113 { CV_OTHER, "A0000002281010" }, // Saudi Arabian Monetary Agency (SAMA) - Kingdom of Saudi Arabia - SPAN (M/Chip) - SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)
114 { CV_OTHER, "A0000002282010" }, // Saudi Arabian Monetary Agency (SAMA) - Kingdom of Saudi Arabia - SPAN (VIS) - SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)
115 { CV_OTHER, "A0000002771010" }, // Interac Association - Canada - INTERAC - Canadian domestic credit/debit card
116 { CV_OTHER, "A00000031510100528" }, // Currence Holding/PIN BV - The Netherlands- Currence PuC
117 { CV_OTHER, "A0000003156020" }, // Currence Holding/PIN BV - The Netherlands - Chipknip
118 { CV_OTHER, "A0000003591010028001" }, // Euro Alliance of Payment Schemes s.c.r.l. (EAPS) - Belgium - Girocard EAPS - ZKA (Germany)
119 { CV_OTHER, "A0000003710001" }, // Verve - Nigeria - InterSwitch Verve Card - Nigerian local switch company
120 { CV_OTHER, "A0000004540010" }, // eTranzact - Nigeria - Etranzact Genesis Card - Nigerian local switch company
121 { CV_OTHER, "A0000004540011" }, // eTranzact - Nigeria - Etranzact Genesis Card 2 - Nigerian local switch company
122 { CV_OTHER, "A0000004766C" }, // Google - United States - GOOGLE_PAYMENT_AID
123 { CV_OTHER, "A0000005241010" }, // RuPay - India - RuPay - RuPay (India)
124 { CV_OTHER, "A0000006723010" }, // TROY - Turkey - TROY chip credit card - Turkey's Payment Method
125 { CV_OTHER, "A0000006723020" }, // TROY - Turkey - TROY chip debit card - Turkey's Payment Method
126 { CV_OTHER, "A0000007705850" }, // Indian Oil Corporation Limited - India - XTRAPOWER Fleet Card Program - Indian Oil’s Pre Paid Program
127 { CV_OTHER, "D27600002545500100" }, // ZKA - Germany - Girocard - ZKA Girocard (Geldkarte) (Germany)
128 { CV_OTHER, "D4100000030001" }, // KS X 6923/6924 (T-Money, South Korea and Snapper+, Wellington, New Zealand)
129 { CV_OTHER, "D5280050218002" }, // The Netherlands - ? - (Netherlands)
130 { CV_OTHER, "D5780000021010" }, // Bankaxept Norway Bankaxept Norwegian domestic debit card
131 { CV_OTHER, "F0000000030001" }, // BRADESCO - Brazilian Bank Banco Bradesco
132 };
133
134 enum CardPSVendor GetCardPSVendor(uint8_t *AID, size_t AIDlen) {
135 char buf[100] = {0};
136 if (AIDlen < 1)
137 return CV_NA;
138
139 hex_to_buffer((uint8_t *)buf, AID, AIDlen, sizeof(buf) - 1, 0, 0, true);
140
141 for (int i = 0; i < ARRAYLEN(AIDlist); i ++) {
142 if (strncmp(AIDlist[i].aid, buf, strlen(AIDlist[i].aid)) == 0) {
143 return AIDlist[i].vendor;
144 }
145 }
146
147 return CV_NA;
148 }
149
150 static void emv_print_cb(void *data, const struct tlv *tlv, int level, bool is_leaf) {
151 emv_tag_dump(tlv, level);
152 if (is_leaf) {
153 print_buffer(tlv->value, tlv->len, level);
154 }
155 }
156
157 bool TLVPrintFromBuffer(uint8_t *data, int datalen) {
158 struct tlvdb *t = tlvdb_parse_multi(data, datalen);
159 if (t) {
160 PrintAndLogEx(INFO, "-------------------- " _CYAN_("TLV decoded") " --------------------");
161
162 tlvdb_visit(t, emv_print_cb, NULL, 0);
163 tlvdb_free(t);
164 return true;
165 } else {
166 PrintAndLogEx(WARNING, "TLV ERROR: Can't parse response as TLV tree.");
167 }
168 return false;
169 }
170
171 void TLVPrintFromTLVLev(struct tlvdb *tlv, int level) {
172 if (!tlv)
173 return;
174
175 tlvdb_visit(tlv, emv_print_cb, NULL, level);
176 }
177
178 void TLVPrintFromTLV(struct tlvdb *tlv) {
179 TLVPrintFromTLVLev(tlv, 0);
180 }
181
182 void TLVPrintAIDlistFromSelectTLV(struct tlvdb *tlv) {
183 PrintAndLogEx(INFO, "|------------------+--------+-------------------------|");
184 PrintAndLogEx(INFO, "| AID |Priority| Name |");
185 PrintAndLogEx(INFO, "|------------------+--------+-------------------------|");
186
187 struct tlvdb *ttmp = tlvdb_find(tlv, 0x6f);
188 if (!ttmp)
189 PrintAndLogEx(INFO, "| none |");
190
191 while (ttmp) {
192 const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x84, NULL);
193 const struct tlv *tgName = tlvdb_get_inchild(ttmp, 0x50, NULL);
194 const struct tlv *tgPrio = tlvdb_get_inchild(ttmp, 0x87, NULL);
195 if (!tgAID)
196 break;
197 PrintAndLogEx(INFO, "| %s| %s | %s|",
198 sprint_hex_inrow_ex(tgAID->value, tgAID->len, 17),
199 (tgPrio) ? sprint_hex(tgPrio->value, 1) : " ",
200 (tgName) ? sprint_ascii_ex(tgName->value, tgName->len, 24) : " ");
201
202 ttmp = tlvdb_find_next(ttmp, 0x6f);
203 }
204
205 PrintAndLogEx(INFO, "|------------------+--------+-------------------------|");
206 }
207
208 struct tlvdb *GetPANFromTrack2(const struct tlv *track2) {
209 char track2Hex[200] = {0};
210 uint8_t PAN[100] = {0};
211 int PANlen = 0;
212 char *tmp = track2Hex;
213
214 if (!track2)
215 return NULL;
216
217 for (int i = 0; i < track2->len; ++i, tmp += 2)
218 sprintf(tmp, "%02x", (unsigned int)track2->value[i]);
219
220 int posD = strchr(track2Hex, 'd') - track2Hex;
221 if (posD < 1)
222 return NULL;
223
224 track2Hex[posD] = 0;
225 if (strlen(track2Hex) % 2) {
226 track2Hex[posD] = 'F';
227 track2Hex[posD + 1] = '\0';
228 }
229
230 param_gethex_to_eol(track2Hex, 0, PAN, sizeof(PAN), &PANlen);
231
232 return tlvdb_fixed(0x5a, PANlen, PAN);
233 }
234
235 struct tlvdb *GetdCVVRawFromTrack2(const struct tlv *track2) {
236 char track2Hex[200] = {0};
237 char dCVVHex[100] = {0};
238 uint8_t dCVV[100] = {0};
239 int dCVVlen = 0;
240 const int PINlen = 5; // must calculated from 9F67 MSD Offset but i have not seen this tag)
241 char *tmp = track2Hex;
242
243 if (!track2)
244 return NULL;
245
246 for (int i = 0; i < track2->len; ++i, tmp += 2)
247 sprintf(tmp, "%02x", (unsigned int)track2->value[i]);
248
249 int posD = strchr(track2Hex, 'd') - track2Hex;
250 if (posD < 1)
251 return NULL;
252
253 memset(dCVVHex, '0', 32);
254 // ATC
255 memcpy(dCVVHex + 0, track2Hex + posD + PINlen + 11, 4);
256 // PAN 5 hex
257 memcpy(dCVVHex + 4, track2Hex, 5);
258 // expire date
259 memcpy(dCVVHex + 9, track2Hex + posD + 1, 4);
260 // service code
261 memcpy(dCVVHex + 13, track2Hex + posD + 5, 3);
262
263 param_gethex_to_eol(dCVVHex, 0, dCVV, sizeof(dCVV), &dCVVlen);
264
265 return tlvdb_fixed(0x02, dCVVlen, dCVV);
266 }
267
268 static int EMVExchangeEx(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, sAPDU apdu, bool IncludeLe, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
269 int res = Iso7816ExchangeEx(channel, ActivateField, LeaveFieldON, apdu, IncludeLe, 0, Result, MaxResultLen, ResultLen, sw);
270 // add to tlv tree
271 if ((res == PM3_SUCCESS) && tlv) {
272 struct tlvdb *t = tlvdb_parse_multi(Result, *ResultLen);
273 tlvdb_add(tlv, t);
274 }
275 return res;
276 }
277
278 int EMVExchange(Iso7816CommandChannel channel, bool LeaveFieldON, sAPDU apdu, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
279 int res = Iso7816Exchange(channel, LeaveFieldON, apdu, Result, MaxResultLen, ResultLen, sw);
280 // add to tlv tree
281 if ((res == PM3_SUCCESS) && tlv) {
282 struct tlvdb *t = tlvdb_parse_multi(Result, *ResultLen);
283 tlvdb_add(tlv, t);
284 }
285 return res;
286 }
287
288 int EMVSelect(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
289 int res = Iso7816Select(channel, ActivateField, LeaveFieldON, AID, AIDLen, Result, MaxResultLen, ResultLen, sw);
290 // add to tlv tree
291 if ((res == PM3_SUCCESS) && tlv) {
292 struct tlvdb *t = tlvdb_parse_multi(Result, *ResultLen);
293 tlvdb_add(tlv, t);
294 }
295 return res;
296 }
297
298 int EMVSelectPSE(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) {
299 uint8_t buf[APDU_AID_LEN] = {0};
300 *ResultLen = 0;
301 int len = 0;
302 switch (PSENum) {
303 case 1:
304 param_gethex_to_eol(PSElist[1], 0, buf, sizeof(buf), &len);
305 break;
306 case 2:
307 param_gethex_to_eol(PSElist[0], 0, buf, sizeof(buf), &len);
308 break;
309 default:
310 return -1;
311 }
312 return EMVSelect(channel, ActivateField, LeaveFieldON, buf, len, Result, MaxResultLen, ResultLen, sw, NULL);
313 }
314
315 static int EMVSelectWithRetry(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
316 int retrycnt = 0;
317 int res = 0;
318 do {
319 res = EMVSelect(channel, false, true, AID, AIDLen, Result, MaxResultLen, ResultLen, sw, tlv);
320
321 // retry if error and not returned sw error
322 if (res && res != 5) {
323 if (++retrycnt < 3) {
324 continue;
325 } else {
326 // card select error, proxmark error
327 if (res == 1) {
328 PrintAndLogEx(WARNING, "exiting...");
329 return 1;
330 }
331
332 retrycnt = 0;
333 PrintAndLogEx(FAILED, "Retry failed [%s]. Skipped...", sprint_hex_inrow(AID, AIDLen));
334 return res;
335 }
336 }
337 } while (res && res != 5);
338
339 return res;
340 }
341
342 static int EMVCheckAID(Iso7816CommandChannel channel, bool decodeTLV, struct tlvdb *tlvdbelm, struct tlvdb *tlv) {
343 uint8_t data[APDU_RES_LEN] = {0};
344 size_t datalen = 0;
345 int res = 0;
346 uint16_t sw = 0;
347
348 while (tlvdbelm) {
349 const struct tlv *tgAID = tlvdb_get_inchild(tlvdbelm, 0x4f, NULL);
350 if (tgAID) {
351 res = EMVSelectWithRetry(channel, false, true, (uint8_t *)tgAID->value, tgAID->len, data, sizeof(data), &datalen, &sw, tlv);
352
353 // if returned sw error
354 if (res == 5) {
355 // next element
356 tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
357 continue;
358 }
359
360 if (res)
361 break;
362
363 // all is ok
364 if (decodeTLV) {
365 PrintAndLogEx(SUCCESS, "%s:", sprint_hex_inrow(tgAID->value, tgAID->len));
366 TLVPrintFromBuffer(data, datalen);
367 }
368 }
369 tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
370 }
371 return res;
372 }
373
374 int EMVSearchPSE(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, bool decodeTLV, struct tlvdb *tlv) {
375 uint8_t data[APDU_RES_LEN] = {0};
376 size_t datalen = 0;
377 uint8_t sfidata[0x11][APDU_RES_LEN];
378 size_t sfidatalen[0x11] = {0};
379 uint16_t sw = 0;
380 int res;
381 const char *PSE_or_PPSE = PSENum == 1 ? "PSE" : "PPSE";
382
383 // select PPSE
384 res = EMVSelectPSE(channel, ActivateField, true, PSENum, data, sizeof(data), &datalen, &sw);
385
386 if (!res) {
387 if (sw != 0x9000) {
388 PrintAndLogEx(FAILED, "Select PSE error. APDU error: %04x.", sw);
389 return 1;
390 }
391
392 bool fileFound = false;
393
394 struct tlvdb *t = tlvdb_parse_multi(data, datalen);
395 if (t) {
396 // PSE/PPSE with SFI
397 struct tlvdb *tsfi = tlvdb_find_path(t, (tlv_tag_t[]) {0x6f, 0xa5, 0x88, 0x00});
398 if (tsfi) {
399 uint8_t sfin = 0;
400 tlv_get_uint8(tlvdb_get_tlv(tsfi), &sfin);
401 PrintAndLogEx(INFO, "* PPSE get SFI: 0x%02x.", sfin);
402
403 for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
404 PrintAndLogEx(INFO, "* * Get SFI: 0x%02x. num: 0x%02x", sfin, ui);
405 res = EMVReadRecord(channel, true, sfin, ui, sfidata[ui], APDU_RES_LEN, &sfidatalen[ui], &sw, NULL);
406
407 // end of records
408 if (sw == 0x6a83) {
409 sfidatalen[ui] = 0;
410 PrintAndLogEx(INFO, "* * PPSE get SFI. End of records.");
411 break;
412 }
413
414 // error catch!
415 if (sw != 0x9000) {
416 sfidatalen[ui] = 0;
417 PrintAndLogEx(FAILED, "PPSE get Error. APDU error: %04x.", sw);
418 break;
419 }
420
421 if (decodeTLV) {
422 TLVPrintFromBuffer(sfidata[ui], sfidatalen[ui]);
423 }
424 }
425
426 for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
427 if (sfidatalen[ui]) {
428
429 struct tlvdb *tsfi_a = tlvdb_parse_multi(sfidata[ui], sfidatalen[ui]);
430 if (tsfi_a) {
431 struct tlvdb *tsfitmp = tlvdb_find_path(tsfi_a, (tlv_tag_t[]) {0x70, 0x61, 0x00});
432 if (!tsfitmp) {
433 PrintAndLogEx(FAILED, "SFI 0x%02zu doesn't have any records.", sfidatalen[ui]);
434 continue;
435 }
436 res = EMVCheckAID(channel, decodeTLV, tsfitmp, tlv);
437 fileFound = true;
438 }
439 tlvdb_free(tsfi_a);
440 }
441 }
442 }
443
444
445 // PSE/PPSE plain (wo SFI)
446 struct tlvdb *ttmp = tlvdb_find_path(t, (tlv_tag_t[]) {0x6f, 0xa5, 0xbf0c, 0x61, 0x00});
447 if (ttmp) {
448 res = EMVCheckAID(channel, decodeTLV, ttmp, tlv);
449 fileFound = true;
450 }
451
452 if (!fileFound)
453 PrintAndLogEx(FAILED, "PPSE doesn't have any records.");
454
455 tlvdb_free(t);
456 } else {
457 PrintAndLogEx(WARNING, "%s ERROR: Can't get TLV from response.", PSE_or_PPSE);
458 }
459 } else {
460 PrintAndLogEx(ERR, "%s ERROR: Can't select PPSE AID. Error: %d", PSE_or_PPSE, res);
461 }
462
463 if (!LeaveFieldON)
464 DropFieldEx(channel);
465
466 return res;
467 }
468
469 int EMVSearch(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, bool decodeTLV, struct tlvdb *tlv) {
470 uint8_t aidbuf[APDU_AID_LEN] = {0};
471 int aidlen = 0;
472 uint8_t data[APDU_RES_LEN] = {0};
473 size_t datalen = 0;
474 uint16_t sw = 0;
475
476 int res = 0;
477 int retrycnt = 0;
478 for (int i = 0; i < ARRAYLEN(AIDlist); i ++) {
479
480 if (kbd_enter_pressed()) {
481 PrintAndLogEx(INFO, "user aborted...");
482 break;
483 }
484
485 param_gethex_to_eol(AIDlist[i].aid, 0, aidbuf, sizeof(aidbuf), &aidlen);
486 res = EMVSelect(channel, (i == 0) ? ActivateField : false, true, aidbuf, aidlen, data, sizeof(data), &datalen, &sw, tlv);
487 // retry if error and not returned sw error
488 if (res && res != 5) {
489 if (++retrycnt < 3) {
490 i--;
491 } else {
492 // (1) - card select error, (4) reply timeout, (200) - result length = 0
493 if (res == 1 || res == 4 || res == 200) {
494 if (!LeaveFieldON)
495 DropFieldEx(channel);
496
497 PrintAndLogEx(WARNING, "exiting...");
498 return 1;
499 }
500
501 retrycnt = 0;
502 PrintAndLogEx(FAILED, "Retry failed [%s]. Skipped...", AIDlist[i].aid);
503 }
504 continue;
505 }
506 retrycnt = 0;
507
508 if (res)
509 continue;
510
511 if (!datalen)
512 continue;
513
514 if (decodeTLV) {
515 PrintAndLogEx(SUCCESS, "%s", AIDlist[i].aid);
516 TLVPrintFromBuffer(data, datalen);
517 }
518 }
519
520 if (!LeaveFieldON)
521 DropFieldEx(channel);
522
523 return 0;
524 }
525
526 int EMVSelectApplication(struct tlvdb *tlv, uint8_t *AID, size_t *AIDlen) {
527 // check priority. 0x00 - highest
528 int prio = 0xffff;
529
530 *AIDlen = 0;
531
532 struct tlvdb *ttmp = tlvdb_find(tlv, 0x6f);
533 if (!ttmp)
534 return 1;
535
536 while (ttmp) {
537 const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x84, NULL);
538 const struct tlv *tgPrio = tlvdb_get_inchild(ttmp, 0x87, NULL);
539
540 if (!tgAID)
541 break;
542
543 if (tgPrio) {
544 int pt = bytes_to_num((uint8_t *)tgPrio->value, (tgPrio->len < 2) ? tgPrio->len : 2);
545 if (pt < prio) {
546 prio = pt;
547
548 memcpy(AID, tgAID->value, tgAID->len);
549 *AIDlen = tgAID->len;
550 }
551 } else {
552 // takes the first application from list wo priority
553 if (!*AIDlen) {
554 memcpy(AID, tgAID->value, tgAID->len);
555 *AIDlen = tgAID->len;
556 }
557 }
558
559 ttmp = tlvdb_find_next(ttmp, 0x6f);
560 }
561
562 return 0;
563 }
564
565 int EMVGPO(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *PDOL, size_t PDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
566 return EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x80, 0xa8, 0x00, 0x00, PDOLLen, PDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
567 }
568
569 int EMVReadRecord(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t SFI, uint8_t SFIrec, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
570 int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x00, 0xb2, SFIrec, (SFI << 3) | 0x04, 0, NULL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
571 if (*sw == 0x6700 || *sw == 0x6f00) {
572 PrintAndLogEx(INFO, ">>> trying to reissue command without Le...");
573 res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x00, 0xb2, SFIrec, (SFI << 3) | 0x04, 0, NULL}, false, Result, MaxResultLen, ResultLen, sw, tlv);
574 }
575 return res;
576 }
577
578 int EMVAC(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t RefControl, uint8_t *CDOL, size_t CDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
579 return EMVExchange(channel, LeaveFieldON, (sAPDU) {0x80, 0xae, RefControl, 0x00, CDOLLen, CDOL}, Result, MaxResultLen, ResultLen, sw, tlv);
580 }
581
582 int EMVGenerateChallenge(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
583 int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x00, 0x84, 0x00, 0x00, 0x00, NULL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
584 if (*sw == 0x6700 || *sw == 0x6f00) {
585 PrintAndLogEx(INFO, ">>> trying to reissue command without Le...");
586 res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x00, 0x84, 0x00, 0x00, 0x00, NULL}, false, Result, MaxResultLen, ResultLen, sw, tlv);
587 }
588 return res;
589 }
590
591 int EMVInternalAuthenticate(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *DDOL, size_t DDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
592 return EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x00, 0x88, 0x00, 0x00, DDOLLen, DDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
593 }
594
595 int MSCComputeCryptoChecksum(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
596 int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x80, 0x2a, 0x8e, 0x80, UDOLlen, UDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
597 if (*sw == 0x6700 || *sw == 0x6f00) {
598 PrintAndLogEx(INFO, ">>> trying to reissue command without Le...");
599 res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU) {0x80, 0x2a, 0x8e, 0x80, UDOLlen, UDOL}, false, Result, MaxResultLen, ResultLen, sw, tlv);
600 }
601 return res;
602 }
603
604 // Authentication
605 struct emv_pk *get_ca_pk(struct tlvdb *db) {
606 const struct tlv *df_tlv = tlvdb_get(db, 0x84, NULL);
607 const struct tlv *caidx_tlv = tlvdb_get(db, 0x8f, NULL);
608
609 if (!df_tlv || !caidx_tlv || df_tlv->len < 6 || caidx_tlv->len != 1)
610 return NULL;
611
612 PrintAndLogEx(INFO, "CA public key index 0x%0x", caidx_tlv->value[0]);
613 return emv_pk_get_ca_pk(df_tlv->value, caidx_tlv->value[0]);
614 }
615
616 int trSDA(struct tlvdb *tlv) {
617
618 struct emv_pk *pk = get_ca_pk(tlv);
619 if (!pk) {
620 PrintAndLogEx(ERR, "Error: Key not found, exiting");
621 return 2;
622 }
623
624 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
625 if (!issuer_pk) {
626 emv_pk_free(pk);
627 PrintAndLogEx(ERR, "Error: Issuer certificate not found, exiting");
628 return 2;
629 }
630
631 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
632 sprint_hex(issuer_pk->rid, 5),
633 issuer_pk->index,
634 sprint_hex(issuer_pk->serial, 3)
635 );
636
637 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
638 if (!sda_tlv || sda_tlv->len < 1) {
639 emv_pk_free(issuer_pk);
640 emv_pk_free(pk);
641 PrintAndLogEx(WARNING, "Can't find input list for Offline Data Authentication, exiting");
642 return 3;
643 }
644
645 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
646 if (dac_db) {
647 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
648 PrintAndLogEx(INFO, "SDA verified (%s) (Data Authentication Code: %02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
649 tlvdb_add(tlv, dac_db);
650 } else {
651 emv_pk_free(issuer_pk);
652 emv_pk_free(pk);
653 PrintAndLogEx(ERR, "SSAD verify error");
654 return 4;
655 }
656
657 emv_pk_free(issuer_pk);
658 emv_pk_free(pk);
659 return 0;
660 }
661
662 static const unsigned char default_ddol_value[] = {0x9f, 0x37, 0x04};
663 static struct tlv default_ddol_tlv = {.tag = 0x9f49, .len = 3, .value = default_ddol_value };
664
665 int trDDA(Iso7816CommandChannel channel, bool decodeTLV, struct tlvdb *tlv) {
666 uint8_t buf[APDU_RES_LEN] = {0};
667 size_t len = 0;
668 uint16_t sw = 0;
669
670 struct emv_pk *pk = get_ca_pk(tlv);
671 if (!pk) {
672 PrintAndLogEx(ERR, "Error: Key not found, exiting");
673 return 2;
674 }
675
676 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
677 /* if (!sda_tlv || sda_tlv->len < 1) { it may be 0!!!!
678 emv_pk_free(pk);
679 PrintAndLogEx(ERR, "Error: Can't find input list for Offline Data Authentication, exiting");
680 return 3;
681 }
682 */
683 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
684 if (!issuer_pk) {
685 emv_pk_free(pk);
686 PrintAndLogEx(ERR, "Error: Issuer certificate not found, exiting");
687 return 2;
688 }
689
690 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
691 sprint_hex(issuer_pk->rid, 5),
692 issuer_pk->index,
693 sprint_hex(issuer_pk->serial, 3)
694 );
695
696 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlv, sda_tlv);
697 if (!icc_pk) {
698 emv_pk_free(pk);
699 emv_pk_free(issuer_pk);
700 PrintAndLogEx(ERR, "Error: ICC certificate not found, exiting");
701 return 2;
702 }
703
704 PrintAndLogEx(SUCCESS, "ICC Public key recovered. RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
705 sprint_hex(icc_pk->rid, 5),
706 icc_pk->index,
707 sprint_hex(icc_pk->serial, 3)
708 );
709
710 if (tlvdb_get(tlv, 0x9f2d, NULL)) {
711 struct emv_pk *icc_pe_pk = emv_pki_recover_icc_pe_cert(issuer_pk, tlv);
712 if (!icc_pe_pk) {
713 PrintAndLogEx(WARNING, "WARNING: ICC PE Public key recover error");
714 } else {
715 PrintAndLogEx(SUCCESS, "ICC PE Public key recovered. RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
716 sprint_hex(icc_pe_pk->rid, 5),
717 icc_pe_pk->index,
718 sprint_hex(icc_pe_pk->serial, 3)
719 );
720 }
721 } else {
722 PrintAndLogEx(INFO, "ICC PE Public Key (PIN Encipherment Public Key Certificate) not found.\n");
723 }
724
725 // 9F4B: Signed Dynamic Application Data
726 const struct tlv *sdad_tlv = tlvdb_get(tlv, 0x9f4b, NULL);
727 // DDA with internal authenticate OR fDDA with filled 0x9F4B tag (GPO result)
728 // EMV kernel3 v2.4, contactless book C-3, C.1., page 147
729 if (sdad_tlv) {
730 PrintAndLogEx(INFO, "* * Got Signed Dynamic Application Data (9F4B) form GPO. Maybe fDDA...");
731
732 struct tlvdb *atc_db = emv_pki_recover_atc_ex(icc_pk, tlv, true);
733 if (!atc_db) {
734 PrintAndLogEx(ERR, "Error: Can't recover IDN (ICC Dynamic Number)");
735 emv_pk_free(pk);
736 emv_pk_free(issuer_pk);
737 emv_pk_free(icc_pk);
738 return 8;
739 }
740
741 // 9f36 Application Transaction Counter (ATC)
742 const struct tlv *atc_tlv = tlvdb_get(atc_db, 0x9f36, NULL);
743 if (atc_tlv) {
744 PrintAndLogEx(INFO, "ATC (Application Transaction Counter) [%zu] %s", atc_tlv->len, sprint_hex_inrow(atc_tlv->value, atc_tlv->len));
745
746 const struct tlv *core_atc_tlv = tlvdb_get(tlv, 0x9f36, NULL);
747 if (tlv_equal(core_atc_tlv, atc_tlv)) {
748 PrintAndLogEx(SUCCESS, "ATC check OK.");
749 PrintAndLogEx(SUCCESS, "fDDA (fast DDA) verified OK.");
750 } else {
751 PrintAndLogEx(WARNING, "Error: fDDA verified, but ATC in the certificate and ATC in the record not the same.");
752 }
753 } else {
754 PrintAndLogEx(WARNING, "ERROR: fDDA (fast DDA) verify error");
755 emv_pk_free(pk);
756 emv_pk_free(issuer_pk);
757 emv_pk_free(icc_pk);
758 tlvdb_free(atc_db);
759 return 9;
760 }
761
762 } else {
763 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
764 if (dac_db) {
765 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
766 PrintAndLogEx(INFO, "SDAD verified (%s) (Data Authentication Code: %02hhx:%02hhx)\n", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
767 tlvdb_add(tlv, dac_db);
768 } else {
769 PrintAndLogEx(ERR, "Error: SSAD verify error");
770 emv_pk_free(pk);
771 emv_pk_free(issuer_pk);
772 emv_pk_free(icc_pk);
773 return 4;
774 }
775
776 PrintAndLogEx(INFO, "* Calc DDOL");
777 const struct tlv *ddol_tlv = tlvdb_get(tlv, 0x9f49, NULL);
778 if (!ddol_tlv) {
779 ddol_tlv = &default_ddol_tlv;
780 PrintAndLogEx(INFO, "DDOL [9f49] not found. Using default DDOL");
781 }
782
783 struct tlv *ddol_data_tlv = dol_process(ddol_tlv, tlv, 0);
784 if (!ddol_data_tlv) {
785 PrintAndLogEx(ERR, "Error: Can't create DDOL TLV");
786 emv_pk_free(pk);
787 emv_pk_free(issuer_pk);
788 emv_pk_free(icc_pk);
789 return 5;
790 }
791
792 PrintAndLogEx(INFO, "DDOL data[%zu]: %s", ddol_data_tlv->len, sprint_hex(ddol_data_tlv->value, ddol_data_tlv->len));
793
794 PrintAndLogEx(INFO, "* Internal Authenticate");
795 int res = EMVInternalAuthenticate(channel, true, (uint8_t *)ddol_data_tlv->value, ddol_data_tlv->len, buf, sizeof(buf), &len, &sw, NULL);
796 if (res) {
797 PrintAndLogEx(ERR, "Internal Authenticate error(%d): %4x, exiting..", res, sw);
798 free(ddol_data_tlv);
799 emv_pk_free(pk);
800 emv_pk_free(issuer_pk);
801 emv_pk_free(icc_pk);
802 return 6;
803 }
804
805 struct tlvdb *dda_db = NULL;
806 if (buf[0] == 0x80) {
807 if (len < 3) {
808 PrintAndLogEx(WARNING, "Warning: Internal Authenticate format1 parsing error. length=%zu", len);
809 } else {
810 // parse response 0x80
811 struct tlvdb *t80 = tlvdb_parse_multi(buf, len);
812 const struct tlv *t80tlv = tlvdb_get_tlv(t80);
813
814 // 9f4b Signed Dynamic Application Data
815 dda_db = tlvdb_fixed(0x9f4b, t80tlv->len, t80tlv->value);
816 tlvdb_add(tlv, dda_db);
817
818 tlvdb_free(t80);
819
820 if (decodeTLV) {
821 PrintAndLogEx(INFO, "* * Decode response format 1:");
822 TLVPrintFromTLV(dda_db);
823 }
824 }
825 } else {
826 dda_db = tlvdb_parse_multi(buf, len);
827 if (!dda_db) {
828 PrintAndLogEx(ERR, "Error: Can't parse Internal Authenticate result as TLV");
829 free(ddol_data_tlv);
830 emv_pk_free(pk);
831 emv_pk_free(issuer_pk);
832 emv_pk_free(icc_pk);
833 return 7;
834 }
835 tlvdb_add(tlv, dda_db);
836
837 if (decodeTLV)
838 TLVPrintFromTLV(dda_db);
839 }
840
841 struct tlvdb *idn_db = emv_pki_recover_idn_ex(icc_pk, dda_db, ddol_data_tlv, true);
842 free(ddol_data_tlv);
843 if (!idn_db) {
844 PrintAndLogEx(ERR, "Error: Can't recover IDN (ICC Dynamic Number)");
845 tlvdb_free(dda_db);
846 emv_pk_free(pk);
847 emv_pk_free(issuer_pk);
848 emv_pk_free(icc_pk);
849 return 8;
850 }
851 tlvdb_free(dda_db);
852
853 // 9f4c ICC Dynamic Number
854 const struct tlv *idn_tlv = tlvdb_get(idn_db, 0x9f4c, NULL);
855 if (idn_tlv) {
856 PrintAndLogEx(INFO, "IDN (ICC Dynamic Number) [%zu] %s", idn_tlv->len, sprint_hex_inrow(idn_tlv->value, idn_tlv->len));
857 PrintAndLogEx(INFO, "DDA verified OK.");
858 tlvdb_add(tlv, idn_db);
859 tlvdb_free(idn_db);
860 } else {
861 PrintAndLogEx(ERR, "DDA verify error");
862 tlvdb_free(idn_db);
863
864 emv_pk_free(pk);
865 emv_pk_free(issuer_pk);
866 emv_pk_free(icc_pk);
867 return 9;
868 }
869 }
870
871 emv_pk_free(pk);
872 emv_pk_free(issuer_pk);
873 emv_pk_free(icc_pk);
874 return 0;
875 }
876
877 int trCDA(struct tlvdb *tlv, struct tlvdb *ac_tlv, struct tlv *pdol_data_tlv, struct tlv *ac_data_tlv) {
878
879 struct emv_pk *pk = get_ca_pk(tlv);
880 if (!pk) {
881 PrintAndLogEx(ERR, "Error: Key not found, exiting");
882 return 2;
883 }
884
885 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
886 if (!sda_tlv || sda_tlv->len < 1) {
887 PrintAndLogEx(ERR, "Error: Can't find input list for Offline Data Authentication, exiting");
888 emv_pk_free(pk);
889 return 3;
890 }
891
892 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
893 if (!issuer_pk) {
894 PrintAndLogEx(ERR, "Error: Issuer certificate not found, exiting");
895 emv_pk_free(pk);
896 return 2;
897 }
898
899 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
900 sprint_hex(issuer_pk->rid, 5),
901 issuer_pk->index,
902 sprint_hex(issuer_pk->serial, 3)
903 );
904
905 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlv, sda_tlv);
906 if (!icc_pk) {
907 PrintAndLogEx(ERR, "Error: ICC certificate not found, exiting");
908 emv_pk_free(pk);
909 emv_pk_free(issuer_pk);
910 return 2;
911 }
912
913 PrintAndLogEx(SUCCESS, "ICC Public key recovered. RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
914 sprint_hex(icc_pk->rid, 5),
915 icc_pk->index,
916 sprint_hex(icc_pk->serial, 3)
917 );
918
919 // Signed Static Application Data (SSAD) check
920 const struct tlv *ssad_tlv = tlvdb_get(tlv, 0x93, NULL);
921 if (ssad_tlv && ssad_tlv->len > 1) {
922 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
923 if (dac_db) {
924 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
925 PrintAndLogEx(SUCCESS, "Signed Static Application Data (SSAD) verified (%s) (%02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
926 tlvdb_add(tlv, dac_db);
927 } else {
928 PrintAndLogEx(ERR, "Error: Signed Static Application Data (SSAD) verify error");
929 emv_pk_free(pk);
930 emv_pk_free(issuer_pk);
931 emv_pk_free(icc_pk);
932 return 4;
933 }
934 }
935
936 PrintAndLogEx(INFO, "* * Check Signed Dynamic Application Data (SDAD)");
937 struct tlvdb *idn_db = emv_pki_perform_cda_ex(icc_pk, tlv, ac_tlv,
938 pdol_data_tlv, // pdol
939 ac_data_tlv, // cdol1
940 NULL, // cdol2
941 true);
942 if (idn_db) {
943 const struct tlv *idn_tlv = tlvdb_get(idn_db, 0x9f4c, NULL);
944 PrintAndLogEx(INFO, "IDN (ICC Dynamic Number) [%zu] %s", idn_tlv->len, sprint_hex_inrow(idn_tlv->value, idn_tlv->len));
945 PrintAndLogEx(SUCCESS, "CDA verified (%s)", _GREEN_("ok"));
946 tlvdb_add(tlv, idn_db);
947 } else {
948 PrintAndLogEx(ERR, "ERROR: CDA verify error");
949 }
950
951 emv_pk_free(pk);
952 emv_pk_free(issuer_pk);
953 emv_pk_free(icc_pk);
954 return 0;
955 }
956
957 int RecoveryCertificates(struct tlvdb *tlvRoot, json_t *root) {
958 struct emv_pk *pk = get_ca_pk(tlvRoot);
959 if (!pk) {
960 PrintAndLogEx(ERR, "ERROR: Key not found, exiting");
961 return 1;
962 }
963
964 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlvRoot);
965 if (!issuer_pk) {
966 emv_pk_free(pk);
967 PrintAndLogEx(WARNING, "WARNING: Issuer certificate not found, exiting");
968 return 2;
969 }
970
971 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
972 sprint_hex(issuer_pk->rid, 5),
973 issuer_pk->index,
974 sprint_hex(issuer_pk->serial, 3)
975 );
976
977 JsonSaveBufAsHex(root, "$.ApplicationData.RID", issuer_pk->rid, 5);
978
979 char *issuer_pk_c = emv_pk_dump_pk(issuer_pk);
980 JsonSaveStr(root, "$.ApplicationData.IssuerPublicKeyDec", issuer_pk_c);
981 JsonSaveBufAsHex(root, "$.ApplicationData.IssuerPublicKeyModulus", issuer_pk->modulus, issuer_pk->mlen);
982 free(issuer_pk_c);
983
984 const struct tlv *sda_tlv = tlvdb_get(tlvRoot, 0x21, NULL);
985 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlvRoot, sda_tlv);
986 if (!icc_pk) {
987 emv_pk_free(pk);
988 emv_pk_free(issuer_pk);
989 PrintAndLogEx(WARNING, "WARNING: ICC certificate not found, exiting");
990 return 2;
991 }
992
993 PrintAndLogEx(SUCCESS, "ICC Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
994 sprint_hex(icc_pk->rid, 5),
995 icc_pk->index,
996 sprint_hex(icc_pk->serial, 3)
997 );
998
999 char *icc_pk_c = emv_pk_dump_pk(icc_pk);
1000 JsonSaveStr(root, "$.ApplicationData.ICCPublicKeyDec", icc_pk_c);
1001 JsonSaveBufAsHex(root, "$.ApplicationData.ICCPublicKeyModulus", icc_pk->modulus, icc_pk->mlen);
1002 free(icc_pk_c);
1003 return 0;
1004 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware