search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
recover_pk.py: replace secp192r1 by prime192v1
[RRG-proxmark3.git] / client / src / emv / emvcore.c
blobb2aa524ac31e0e4e5f70a81b9979058baf4db78c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // EMV core functions
17 //-----------------------------------------------------------------------------
18
19 #include "emvcore.h"
20 #include <string.h>
21 #include "commonutil.h" // ARRAYLEN
22 #include "comms.h" // DropField
23 #include "cmdparser.h"
24 #include "cmdsmartcard.h" // ExchangeAPDUSC
25 #include "ui.h"
26 #include "cmdhf14a.h"
27 #include "cmdhf14b.h"
28 #include "dol.h"
29 #include "emv_tags.h"
30 #include "emvjson.h"
31 #include "util_posix.h"
32 #include "protocols.h" // ISO7816 APDU return codes
33
34 // Got from here. Thanks!
35 // https://eftlab.co.uk/index.php/site-map/knowledge-base/211-emv-aid-rid-pix
36 static const char *PSElist [] = {
37 "325041592E5359532E4444463031", // 2PAY.SYS.DDF01 - Visa Proximity Payment System Environment - PPSE
38 "315041592E5359532E4444463031" // 1PAY.SYS.DDF01 - Visa Payment System Environment - PSE
39 };
40
41 const char *TransactionTypeStr[] = {
42 "MSD",
43 "VSDC",
44 "qVCDCMCHIP",
45 "CDA"
46 };
47
48 typedef struct {
49 enum CardPSVendor vendor;
50 const char *aid;
51 } AIDList_t;
52
53 static const AIDList_t AIDlist [] = {
54 // Visa International
55 { CV_VISA, "A00000000305076010" }, // VISA ELO Credit
56 { CV_VISA, "A0000000031010" }, // VISA Debit/Credit (Classic)
57 { CV_VISA, "A000000003101001" }, // VISA Credit
58 { CV_VISA, "A000000003101002" }, // VISA Debit
59 { CV_VISA, "A0000000032010" }, // VISA Electron
60 { CV_VISA, "A0000000032020" }, // VISA
61 { CV_VISA, "A0000000033010" }, // VISA Interlink
62 { CV_VISA, "A0000000034010" }, // VISA Specific
63 { CV_VISA, "A0000000035010" }, // VISA Specific
64 { CV_VISA, "A0000000036010" }, // Domestic Visa Cash Stored Value
65 { CV_VISA, "A0000000036020" }, // International Visa Cash Stored Value
66 { CV_VISA, "A0000000038002" }, // VISA Auth, VisaRemAuthen EMV-CAP (DPA)
67 { CV_VISA, "A0000000038010" }, // VISA Plus
68 { CV_VISA, "A0000000039010" }, // VISA Loyalty
69 { CV_VISA, "A000000003999910" }, // VISA Proprietary ATM
70 // Visa USA
71 { CV_VISA, "A000000098" }, // Debit Card
72 { CV_VISA, "A0000000980848" }, // Debit Card
73 // Mastercard International
74 { CV_MASTERCARD, "A00000000401" }, // MasterCard PayPass
75 { CV_MASTERCARD, "A0000000041010" }, // MasterCard Credit
76 { CV_MASTERCARD, "A00000000410101213" }, // MasterCard Credit
77 { CV_MASTERCARD, "A00000000410101215" }, // MasterCard Credit
78 { CV_MASTERCARD, "A0000000042010" }, // MasterCard Specific
79 { CV_MASTERCARD, "A0000000043010" }, // MasterCard Specific
80 { CV_MASTERCARD, "A0000000043060" }, // Maestro (Debit)
81 { CV_MASTERCARD, "A000000004306001" }, // Maestro (Debit)
82 { CV_MASTERCARD, "A0000000044010" }, // MasterCard Specific
83 { CV_MASTERCARD, "A0000000045010" }, // MasterCard Specific
84 { CV_MASTERCARD, "A0000000046000" }, // Cirrus
85 { CV_MASTERCARD, "A0000000048002" }, // SecureCode Auth EMV-CAP
86 { CV_MASTERCARD, "A0000000049999" }, // MasterCard PayPass
87 { CV_MASTERCARD, "B012345678" }, // Maestro TEST Used for development
88 // American Express
89 { CV_AMERICANEXPRESS, "A000000025" },
90 { CV_AMERICANEXPRESS, "A0000000250000" },
91 { CV_AMERICANEXPRESS, "A00000002501" },
92 { CV_AMERICANEXPRESS, "A000000025010402" },
93 { CV_AMERICANEXPRESS, "A000000025010701" },
94 { CV_AMERICANEXPRESS, "A000000025010801" },
95 // Groupement des Cartes Bancaires "CB"
96 { CV_CB, "A0000000421010" }, // Cartes Bancaire EMV Card
97 { CV_CB, "A0000000422010" },
98 { CV_CB, "A0000000423010" },
99 { CV_CB, "A0000000424010" },
100 { CV_CB, "A0000000425010" },
101 // JCB CO., LTD.
102 { CV_JCB, "A00000006510" }, // JCB
103 { CV_JCB, "A0000000651010" }, // JCB J Smart Credit
104 // Switch Card Services Ltd.
105 { CV_SWITCH, "A0000000050001" }, // Maestro UK
106 { CV_SWITCH, "A0000000050002" }, // Solo
107 // Diners Club International Ltd.
108 { CV_DINERS, "A0000001523010" }, // Discover, Pulse D Pas Discover Card
109 { CV_DINERS, "A0000001524010" }, // Discover, Discover Debit Common Card
110 // Other
111 { CV_OTHER, "A00000002401" }, // Midland Bank Plc - Self Service
112 { CV_OTHER, "A0000000291010" }, // LINK Interchange Network Ltd - Link / American Express
113 { CV_OTHER, "A00000006900" }, // Société Européenne de Monnaie Electronique SEME - Moneo
114 { CV_OTHER, "A000000077010000021000000000003B" }, // Oberthur Technologies France - Visa AEPN
115 { CV_OTHER, "A0000001211010" }, // PBS Danmark A/S - Denmark - Dankort (VISA GEM Vision) - Danish domestic debit card
116 { CV_OTHER, "A0000001410001" }, // Associazione Bancaria Italiana - Italy - PagoBANCOMAT - CoGeBan Consorzio BANCOMAT (Italian domestic debit card)
117 { CV_OTHER, "A0000001544442" }, // Banricompras Debito - Banrisul - Banco do Estado do Rio Grande do SUL - S.A.
118 { CV_OTHER, "A000000172950001" }, // Financial Information Service Co. Ltd. - Taiwan - BAROC Financial Application Taiwan- The Bankers Association of the Republic of China
119 { CV_OTHER, "A0000001850002" }, // Post Office Limited - United Kingdom - UK Post Office Account card
120 { CV_OTHER, "A0000002281010" }, // Saudi Arabian Monetary Agency (SAMA) - Kingdom of Saudi Arabia - SPAN (M/Chip) - SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)
121 { CV_OTHER, "A0000002282010" }, // Saudi Arabian Monetary Agency (SAMA) - Kingdom of Saudi Arabia - SPAN (VIS) - SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)
122 { CV_OTHER, "A0000002771010" }, // Interac Association - Canada - INTERAC - Canadian domestic credit/debit card
123 { CV_OTHER, "A00000031510100528" }, // Currence Holding/PIN BV - The Netherlands- Currence PuC
124 { CV_OTHER, "A0000003156020" }, // Currence Holding/PIN BV - The Netherlands - Chipknip
125 { CV_OTHER, "A0000003591010028001" }, // Euro Alliance of Payment Schemes s.c.r.l. (EAPS) - Belgium - Girocard EAPS - ZKA (Germany)
126 { CV_OTHER, "A0000003710001" }, // Verve - Nigeria - InterSwitch Verve Card - Nigerian local switch company
127 { CV_OTHER, "A0000004540010" }, // eTranzact - Nigeria - Etranzact Genesis Card - Nigerian local switch company
128 { CV_OTHER, "A0000004540011" }, // eTranzact - Nigeria - Etranzact Genesis Card 2 - Nigerian local switch company
129 { CV_OTHER, "A0000004766C" }, // Google - United States - GOOGLE_PAYMENT_AID
130 { CV_OTHER, "A0000005241010" }, // RuPay - India - RuPay - RuPay (India)
131 { CV_OTHER, "A0000006723010" }, // TROY - Turkey - TROY chip credit card - Turkey's Payment Method
132 { CV_OTHER, "A0000006723020" }, // TROY - Turkey - TROY chip debit card - Turkey's Payment Method
133 { CV_OTHER, "A0000007705850" }, // Indian Oil Corporation Limited - India - XTRAPOWER Fleet Card Program - Indian Oil’s Pre Paid Program
134 { CV_OTHER, "D27600002545500100" }, // ZKA - Germany - Girocard - ZKA Girocard (Geldkarte) (Germany)
135 { CV_OTHER, "D4100000030001" }, // KS X 6923/6924 (T-Money, South Korea and Snapper+, Wellington, New Zealand)
136 { CV_OTHER, "D5280050218002" }, // The Netherlands - ? - (Netherlands)
137 { CV_OTHER, "D5780000021010" }, // Bankaxept Norway Bankaxept Norwegian domestic debit card
138 { CV_OTHER, "F0000000030001" }, // BRADESCO - Brazilian Bank Banco Bradesco
139 { CV_OTHER, "A0000008381010" }, // SL Resekort - Swedish domestic transportation card with payment
140 };
141
142 enum CardPSVendor GetCardPSVendor(uint8_t *AID, size_t AIDlen) {
143 char buf[100] = {0};
144 if (AIDlen < 1)
145 return CV_NA;
146
147 hex_to_buffer((uint8_t *)buf, AID, AIDlen, sizeof(buf) - 1, 0, 0, true);
148
149 for (int i = 0; i < ARRAYLEN(AIDlist); i ++) {
150 if (strncmp(AIDlist[i].aid, buf, strlen(AIDlist[i].aid)) == 0) {
151 return AIDlist[i].vendor;
152 }
153 }
154
155 return CV_NA;
156 }
157
158 static void emv_print_cb(void *data, const struct tlv *tlv, int level, bool is_leaf) {
159 emv_tag_dump(tlv, level);
160 if (is_leaf) {
161 print_buffer(tlv->value, tlv->len, level);
162 }
163 }
164
165 bool TLVPrintFromBuffer(uint8_t *data, int datalen) {
166 struct tlvdb *t = tlvdb_parse_multi(data, datalen);
167 if (t) {
168 PrintAndLogEx(INFO, "-------------------- " _CYAN_("TLV decoded") " --------------------");
169
170 tlvdb_visit(t, emv_print_cb, NULL, 0);
171 tlvdb_free(t);
172 return true;
173 } else {
174 PrintAndLogEx(WARNING, "TLV ERROR: Can't parse response as TLV tree.");
175 }
176 return false;
177 }
178
179 void TLVPrintFromTLVLev(struct tlvdb *tlv, int level) {
180 if (tlv == NULL)
181 return;
182
183 tlvdb_visit(tlv, emv_print_cb, NULL, level);
184 }
185
186 void TLVPrintFromTLV(struct tlvdb *tlv) {
187 TLVPrintFromTLVLev(tlv, 0);
188 }
189
190 void TLVPrintAIDlistFromSelectTLV(struct tlvdb *tlv) {
191 PrintAndLogEx(INFO, "|------------------+--------+-------------------------|");
192 PrintAndLogEx(INFO, "| AID |Priority| Name |");
193 PrintAndLogEx(INFO, "|------------------+--------+-------------------------|");
194
195 struct tlvdb *ttmp = tlvdb_find(tlv, 0x6f);
196 if (ttmp == NULL)
197 PrintAndLogEx(INFO, "| none |");
198
199 while (ttmp) {
200 const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x84, NULL);
201 const struct tlv *tgName = tlvdb_get_inchild(ttmp, 0x50, NULL);
202 const struct tlv *tgPrio = tlvdb_get_inchild(ttmp, 0x87, NULL);
203 if (!tgAID) {
204 break;
205 }
206 PrintAndLogEx(INFO, "| %s| %s | %s|",
207 sprint_hex_inrow_ex(tgAID->value, tgAID->len, 16),
208 (tgPrio) ? sprint_hex(tgPrio->value, 1) : " ",
209 (tgName) ? sprint_ascii_ex(tgName->value, tgName->len, 24) : " ");
210
211 ttmp = tlvdb_find_next(ttmp, 0x6f);
212 }
213
214 PrintAndLogEx(INFO, "|------------------+--------+-------------------------|");
215 }
216
217 struct tlvdb *GetPANFromTrack2(const struct tlv *track2) {
218 char track2Hex[200] = {0};
219 uint8_t PAN[100] = {0};
220 int PANlen = 0;
221 char *tmp = track2Hex;
222
223 if (!track2)
224 return NULL;
225
226 for (int i = 0; i < track2->len; ++i, tmp += 2)
227 snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]);
228
229 int posD = strchr(track2Hex, 'd') - track2Hex;
230 if (posD < 1)
231 return NULL;
232
233 track2Hex[posD] = 0;
234 if (strlen(track2Hex) % 2) {
235 track2Hex[posD] = 'F';
236 track2Hex[posD + 1] = '\0';
237 }
238
239 param_gethex_to_eol(track2Hex, 0, PAN, sizeof(PAN), &PANlen);
240
241 return tlvdb_fixed(0x5a, PANlen, PAN);
242 }
243
244 struct tlvdb *GetdCVVRawFromTrack2(const struct tlv *track2) {
245 char track2Hex[200] = {0};
246 char dCVVHex[100] = {0};
247 uint8_t dCVV[100] = {0};
248 int dCVVlen = 0;
249 const int PINlen = 5; // must calculated from 9F67 MSD Offset but i have not seen this tag)
250 char *tmp = track2Hex;
251
252 if (!track2)
253 return NULL;
254
255 for (int i = 0; i < track2->len; ++i, tmp += 2)
256 snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]);
257
258 int posD = strchr(track2Hex, 'd') - track2Hex;
259 if (posD < 1)
260 return NULL;
261
262 memset(dCVVHex, '0', 32);
263 // ATC
264 memcpy(dCVVHex + 0, track2Hex + posD + PINlen + 11, 4);
265 // PAN 5 hex
266 memcpy(dCVVHex + 4, track2Hex, 5);
267 // expire date
268 memcpy(dCVVHex + 9, track2Hex + posD + 1, 4);
269 // service code
270 memcpy(dCVVHex + 13, track2Hex + posD + 5, 3);
271
272 param_gethex_to_eol(dCVVHex, 0, dCVV, sizeof(dCVV), &dCVVlen);
273
274 return tlvdb_fixed(0x02, dCVVlen, dCVV);
275 }
276
277 static int EMVExchangeEx(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, sAPDU_t apdu, bool IncludeLe, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
278 int res = Iso7816ExchangeEx(channel, ActivateField, LeaveFieldON, apdu, IncludeLe, 0, Result, MaxResultLen, ResultLen, sw);
279 // add to tlv tree
280 if ((res == PM3_SUCCESS) && tlv) {
281 struct tlvdb *t = tlvdb_parse_multi(Result, *ResultLen);
282 tlvdb_add(tlv, t);
283 }
284 return res;
285 }
286
287 int EMVExchange(Iso7816CommandChannel channel, bool LeaveFieldON, sAPDU_t apdu, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
288 int res = Iso7816Exchange(channel, LeaveFieldON, apdu, Result, MaxResultLen, ResultLen, sw);
289 // add to tlv tree
290 if ((res == PM3_SUCCESS) && tlv) {
291 struct tlvdb *t = tlvdb_parse_multi(Result, *ResultLen);
292 tlvdb_add(tlv, t);
293 }
294 return res;
295 }
296
297 int EMVSelect(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
298 int res = Iso7816Select(channel, ActivateField, LeaveFieldON, AID, AIDLen, Result, MaxResultLen, ResultLen, sw);
299 // add to tlv tree
300 if ((res == PM3_SUCCESS) && tlv) {
301 struct tlvdb *t = tlvdb_parse_multi(Result, *ResultLen);
302 tlvdb_add(tlv, t);
303 }
304 return res;
305 }
306
307 int EMVSelectPSE(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) {
308 uint8_t buf[APDU_AID_LEN] = {0};
309 *ResultLen = 0;
310 int len = 0;
311 switch (PSENum) {
312 case 1:
313 param_gethex_to_eol(PSElist[1], 0, buf, sizeof(buf), &len);
314 break;
315 case 2:
316 param_gethex_to_eol(PSElist[0], 0, buf, sizeof(buf), &len);
317 break;
318 default:
319 return -1;
320 }
321 return EMVSelect(channel, ActivateField, LeaveFieldON, buf, len, Result, MaxResultLen, ResultLen, sw, NULL);
322 }
323
324 static int EMVSelectWithRetry(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
325 int retrycnt = 0;
326 int res = 0;
327 do {
328 res = EMVSelect(channel, false, true, AID, AIDLen, Result, MaxResultLen, ResultLen, sw, tlv);
329
330 // retry if error and not returned sw error
331 if (res && res != 5) {
332 if (++retrycnt < 3) {
333 continue;
334 } else {
335 // card select error, proxmark error
336 if (res == 1) {
337 PrintAndLogEx(WARNING, "exiting...");
338 return 1;
339 }
340
341 PrintAndLogEx(FAILED, "Retry failed [%s]. Skipped...", sprint_hex_inrow(AID, AIDLen));
342 return res;
343 }
344 }
345 } while (res && res != 5);
346
347 return res;
348 }
349
350 static int EMVCheckAID(Iso7816CommandChannel channel, bool decodeTLV, struct tlvdb *tlvdbelm, struct tlvdb *tlv) {
351 uint8_t data[APDU_RES_LEN] = {0};
352 size_t datalen = 0;
353 int res = 0;
354 uint16_t sw = 0;
355
356 while (tlvdbelm) {
357 const struct tlv *tgAID = tlvdb_get_inchild(tlvdbelm, 0x4f, NULL);
358 if (tgAID) {
359 res = EMVSelectWithRetry(channel, false, true, (uint8_t *)tgAID->value, tgAID->len, data, sizeof(data), &datalen, &sw, tlv);
360
361 // if returned sw error
362 if (res == 5) {
363 // next element
364 tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
365 continue;
366 }
367
368 if (res)
369 break;
370
371 // all is ok
372 if (decodeTLV) {
373 PrintAndLogEx(SUCCESS, "%s:", sprint_hex_inrow(tgAID->value, tgAID->len));
374 TLVPrintFromBuffer(data, datalen);
375 }
376 }
377 tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
378 }
379 return res;
380 }
381
382 int EMVSearchPSE(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, bool decodeTLV, struct tlvdb *tlv) {
383 uint8_t data[APDU_RES_LEN] = {0};
384 size_t datalen = 0;
385 uint16_t sw = 0;
386 int res;
387 const char *PSE_or_PPSE = PSENum == 1 ? "PSE" : "PPSE";
388
389 // select PPSE
390 res = EMVSelectPSE(channel, ActivateField, true, PSENum, data, sizeof(data), &datalen, &sw);
391
392 if (!res) {
393 if (sw != ISO7816_OK) {
394 PrintAndLogEx(FAILED, "Select PSE error. APDU error: %04x.", sw);
395 return 1;
396 }
397
398 struct tlvdb *t = tlvdb_parse_multi(data, datalen);
399 if (t) {
400 bool fileFound = false;
401 // PSE/PPSE with SFI
402 struct tlvdb *tsfi = tlvdb_find_path(t, (tlv_tag_t[]) {0x6f, 0xa5, 0x88, 0x00});
403 if (tsfi) {
404 uint8_t sfidata[0x11][APDU_RES_LEN];
405 size_t sfidatalen[0x11] = {0};
406 uint8_t sfin = 0;
407 tlv_get_uint8(tlvdb_get_tlv(tsfi), &sfin);
408 PrintAndLogEx(INFO, "* PPSE get SFI: 0x%02x.", sfin);
409
410 for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
411 PrintAndLogEx(INFO, "* * Get SFI: 0x%02x. num: 0x%02x", sfin, ui);
412 res = EMVReadRecord(channel, true, sfin, ui, sfidata[ui], APDU_RES_LEN, &sfidatalen[ui], &sw, NULL);
413
414 // end of records
415 if (sw == 0x6a83) {
416 sfidatalen[ui] = 0;
417 PrintAndLogEx(INFO, "* * PPSE get SFI. End of records.");
418 break;
419 }
420
421 // error catch!
422 if (sw != ISO7816_OK) {
423 sfidatalen[ui] = 0;
424 PrintAndLogEx(FAILED, "PPSE get Error. APDU error: %04x.", sw);
425 break;
426 }
427
428 if (decodeTLV) {
429 TLVPrintFromBuffer(sfidata[ui], sfidatalen[ui]);
430 }
431 }
432
433 for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
434 if (sfidatalen[ui]) {
435
436 struct tlvdb *tsfi_a = tlvdb_parse_multi(sfidata[ui], sfidatalen[ui]);
437 if (tsfi_a) {
438 struct tlvdb *tsfitmp = tlvdb_find_path(tsfi_a, (tlv_tag_t[]) {0x70, 0x61, 0x00});
439 if (!tsfitmp) {
440 PrintAndLogEx(FAILED, "SFI 0x%02zu doesn't have any records.", sfidatalen[ui]);
441 continue;
442 }
443 res = EMVCheckAID(channel, decodeTLV, tsfitmp, tlv);
444 fileFound = true;
445 }
446 tlvdb_free(tsfi_a);
447 }
448 }
449 }
450
451
452 // PSE/PPSE plain (wo SFI)
453 struct tlvdb *ttmp = tlvdb_find_path(t, (tlv_tag_t[]) {0x6f, 0xa5, 0xbf0c, 0x61, 0x00});
454 if (ttmp) {
455 res = EMVCheckAID(channel, decodeTLV, ttmp, tlv);
456 fileFound = true;
457 }
458
459 if (!fileFound)
460 PrintAndLogEx(FAILED, "PPSE doesn't have any records.");
461
462 tlvdb_free(t);
463 } else {
464 PrintAndLogEx(WARNING, "%s ERROR: Can't get TLV from response.", PSE_or_PPSE);
465 }
466 } else {
467 PrintAndLogEx(ERR, "%s ERROR: Can't select PPSE AID. Error: %d", PSE_or_PPSE, res);
468 }
469
470 if (!LeaveFieldON)
471 DropFieldEx(channel);
472
473 return res;
474 }
475
476 int EMVSearch(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFieldON, bool decodeTLV, struct tlvdb *tlv, bool verbose) {
477 uint8_t aidbuf[APDU_AID_LEN] = {0};
478 int aidlen = 0;
479 uint8_t data[APDU_RES_LEN] = {0};
480 size_t datalen = 0;
481 uint16_t sw = 0;
482
483 int retrycnt = 0;
484 for (int i = 0; i < ARRAYLEN(AIDlist); i ++) {
485
486 if (kbd_enter_pressed()) {
487 PrintAndLogEx(INFO, "user aborted...");
488 break;
489 }
490
491 param_gethex_to_eol(AIDlist[i].aid, 0, aidbuf, sizeof(aidbuf), &aidlen);
492 int res = EMVSelect(channel, (i == 0) ? ActivateField : false, true, aidbuf, aidlen, data, sizeof(data), &datalen, &sw, tlv);
493 // retry if error and not returned sw error
494 if (res && res != 5) {
495 if (++retrycnt < 3) {
496 i--;
497 } else {
498 // (1) - card select error, (4) reply timeout, (200) - result length = 0
499 if (res == 1 || res == 4 || res == 200) {
500 if (LeaveFieldON == false)
501 DropFieldEx(channel);
502
503 if (verbose) {
504 PrintAndLogEx(WARNING, "exiting...");
505 }
506 return 1;
507 }
508
509 retrycnt = 0;
510 if (verbose) {
511 PrintAndLogEx(FAILED, "Retry failed [%s]. Skipped...", AIDlist[i].aid);
512 }
513 }
514 continue;
515 }
516 retrycnt = 0;
517
518 if (res)
519 continue;
520
521 if (!datalen)
522 continue;
523
524 if (decodeTLV) {
525 PrintAndLogEx(SUCCESS, "%s", AIDlist[i].aid);
526 TLVPrintFromBuffer(data, datalen);
527 }
528 }
529
530 if (LeaveFieldON == false) {
531 DropFieldEx(channel);
532 }
533
534 return 0;
535 }
536
537 int EMVSelectApplication(struct tlvdb *tlv, uint8_t *AID, size_t *AIDlen) {
538 // check priority. 0x00 - highest
539 int prio = 0xffff;
540
541 *AIDlen = 0;
542
543 struct tlvdb *ttmp = tlvdb_find(tlv, 0x6f);
544 if (!ttmp)
545 return 1;
546
547 while (ttmp) {
548 const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x84, NULL);
549 const struct tlv *tgPrio = tlvdb_get_inchild(ttmp, 0x87, NULL);
550
551 if (!tgAID)
552 break;
553
554 if (tgPrio) {
555 int pt = bytes_to_num((uint8_t *)tgPrio->value, (tgPrio->len < 2) ? tgPrio->len : 2);
556 if (pt < prio) {
557 prio = pt;
558
559 memcpy(AID, tgAID->value, tgAID->len);
560 *AIDlen = tgAID->len;
561 }
562 } else {
563 // takes the first application from list wo priority
564 if (!*AIDlen) {
565 memcpy(AID, tgAID->value, tgAID->len);
566 *AIDlen = tgAID->len;
567 }
568 }
569
570 ttmp = tlvdb_find_next(ttmp, 0x6f);
571 }
572
573 return 0;
574 }
575
576 int EMVGPO(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *PDOL, size_t PDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
577 return EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x80, 0xa8, 0x00, 0x00, PDOLLen, PDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
578 }
579
580 int EMVReadRecord(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t SFI, uint8_t SFIrec, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
581 int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x00, 0xb2, SFIrec, (SFI << 3) | 0x04, 0, NULL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
582 if (*sw == 0x6700 || *sw == 0x6f00) {
583 PrintAndLogEx(INFO, ">>> trying to reissue command without Le...");
584 res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x00, 0xb2, SFIrec, (SFI << 3) | 0x04, 0, NULL}, false, Result, MaxResultLen, ResultLen, sw, tlv);
585 }
586 return res;
587 }
588
589 int EMVGetData(Iso7816CommandChannel channel, bool LeaveFieldON, uint16_t foo, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
590 return EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x80, 0xCA, ((foo >> 8) & 0xFF), (foo & 0xFF), 0, NULL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
591 }
592
593 int EMVAC(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t RefControl, uint8_t *CDOL, size_t CDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
594 return EMVExchange(channel, LeaveFieldON, (sAPDU_t) {0x80, 0xae, RefControl, 0x00, CDOLLen, CDOL}, Result, MaxResultLen, ResultLen, sw, tlv);
595 }
596
597 int EMVGenerateChallenge(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
598 int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x00, 0x84, 0x00, 0x00, 0x00, NULL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
599 if (*sw == 0x6700 || *sw == 0x6f00) {
600 PrintAndLogEx(INFO, ">>> trying to reissue command without Le...");
601 res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x00, 0x84, 0x00, 0x00, 0x00, NULL}, false, Result, MaxResultLen, ResultLen, sw, tlv);
602 }
603 return res;
604 }
605
606 int EMVInternalAuthenticate(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *DDOL, size_t DDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
607 return EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x00, 0x88, 0x00, 0x00, DDOLLen, DDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
608 }
609
610 int MSCComputeCryptoChecksum(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
611 int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x80, 0x2a, 0x8e, 0x80, UDOLlen, UDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
612 if (*sw == 0x6700 || *sw == 0x6f00) {
613 PrintAndLogEx(INFO, ">>> trying to reissue command without Le...");
614 res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x80, 0x2a, 0x8e, 0x80, UDOLlen, UDOL}, false, Result, MaxResultLen, ResultLen, sw, tlv);
615 }
616 return res;
617 }
618
619 // Authentication
620 struct emv_pk *get_ca_pk(struct tlvdb *db) {
621 const struct tlv *df_tlv = tlvdb_get(db, 0x84, NULL);
622 const struct tlv *caidx_tlv = tlvdb_get(db, 0x8f, NULL);
623
624 if (!df_tlv || !caidx_tlv || df_tlv->len < 6 || caidx_tlv->len != 1)
625 return NULL;
626
627 PrintAndLogEx(INFO, "CA public key index 0x%0x", caidx_tlv->value[0]);
628 return emv_pk_get_ca_pk(df_tlv->value, caidx_tlv->value[0]);
629 }
630
631 int trSDA(struct tlvdb *tlv) {
632
633 struct emv_pk *pk = get_ca_pk(tlv);
634 if (!pk) {
635 PrintAndLogEx(ERR, "Error: Key not found, exiting");
636 return 2;
637 }
638
639 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
640 if (!issuer_pk) {
641 emv_pk_free(pk);
642 PrintAndLogEx(ERR, "Error: Issuer certificate not found, exiting");
643 return 2;
644 }
645
646 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
647 sprint_hex(issuer_pk->rid, 5),
648 issuer_pk->index,
649 sprint_hex(issuer_pk->serial, 3)
650 );
651
652 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
653 if (!sda_tlv || sda_tlv->len < 1) {
654 emv_pk_free(issuer_pk);
655 emv_pk_free(pk);
656 PrintAndLogEx(WARNING, "Can't find input list for Offline Data Authentication, exiting");
657 return 3;
658 }
659
660 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
661 if (dac_db) {
662 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
663 PrintAndLogEx(INFO, "SDA verified ( %s ) (Data Authentication Code: %02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
664 tlvdb_add(tlv, dac_db);
665 } else {
666 emv_pk_free(issuer_pk);
667 emv_pk_free(pk);
668 PrintAndLogEx(ERR, "SSAD verify error");
669 return 4;
670 }
671
672 emv_pk_free(issuer_pk);
673 emv_pk_free(pk);
674 return 0;
675 }
676
677 static const unsigned char default_ddol_value[] = {0x9f, 0x37, 0x04};
678 static struct tlv default_ddol_tlv = {.tag = 0x9f49, .len = 3, .value = default_ddol_value };
679
680 int trDDA(Iso7816CommandChannel channel, bool decodeTLV, struct tlvdb *tlv) {
681 struct emv_pk *pk = get_ca_pk(tlv);
682 if (!pk) {
683 PrintAndLogEx(ERR, "Error: Key not found, exiting");
684 return 2;
685 }
686
687 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
688 /* if (!sda_tlv || sda_tlv->len < 1) { it may be 0!!!!
689 emv_pk_free(pk);
690 PrintAndLogEx(ERR, "Error: Can't find input list for Offline Data Authentication, exiting");
691 return 3;
692 }
693 */
694 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
695 if (!issuer_pk) {
696 emv_pk_free(pk);
697 PrintAndLogEx(ERR, "Error: Issuer certificate not found, exiting");
698 return 2;
699 }
700
701 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
702 sprint_hex(issuer_pk->rid, 5),
703 issuer_pk->index,
704 sprint_hex(issuer_pk->serial, 3)
705 );
706
707 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlv, sda_tlv);
708 if (!icc_pk) {
709 emv_pk_free(pk);
710 emv_pk_free(issuer_pk);
711 PrintAndLogEx(ERR, "Error: ICC certificate not found, exiting");
712 return 2;
713 }
714
715 PrintAndLogEx(SUCCESS, "ICC Public key recovered. RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
716 sprint_hex(icc_pk->rid, 5),
717 icc_pk->index,
718 sprint_hex(icc_pk->serial, 3)
719 );
720
721 if (tlvdb_get(tlv, 0x9f2d, NULL)) {
722 struct emv_pk *icc_pe_pk = emv_pki_recover_icc_pe_cert(issuer_pk, tlv);
723 if (!icc_pe_pk) {
724 PrintAndLogEx(WARNING, "WARNING: ICC PE Public key recover error");
725 } else {
726 PrintAndLogEx(SUCCESS, "ICC PE Public key recovered. RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
727 sprint_hex(icc_pe_pk->rid, 5),
728 icc_pe_pk->index,
729 sprint_hex(icc_pe_pk->serial, 3)
730 );
731 }
732 } else {
733 PrintAndLogEx(INFO, "ICC PE Public Key (PIN Encipherment Public Key Certificate) not found.\n");
734 }
735
736 // 9F4B: Signed Dynamic Application Data
737 const struct tlv *sdad_tlv = tlvdb_get(tlv, 0x9f4b, NULL);
738 // DDA with internal authenticate OR fDDA with filled 0x9F4B tag (GPO result)
739 // EMV kernel3 v2.4, contactless book C-3, C.1., page 147
740 if (sdad_tlv) {
741 PrintAndLogEx(INFO, "* * Got Signed Dynamic Application Data (9F4B) form GPO. Maybe fDDA...");
742
743 struct tlvdb *atc_db = emv_pki_recover_atc_ex(icc_pk, tlv, true);
744 if (!atc_db) {
745 PrintAndLogEx(ERR, "Error: Can't recover IDN (ICC Dynamic Number)");
746 emv_pk_free(pk);
747 emv_pk_free(issuer_pk);
748 emv_pk_free(icc_pk);
749 return 8;
750 }
751
752 // 9f36 Application Transaction Counter (ATC)
753 const struct tlv *atc_tlv = tlvdb_get(atc_db, 0x9f36, NULL);
754 if (atc_tlv) {
755 PrintAndLogEx(INFO, "ATC (Application Transaction Counter) [%zu] %s", atc_tlv->len, sprint_hex_inrow(atc_tlv->value, atc_tlv->len));
756
757 const struct tlv *core_atc_tlv = tlvdb_get(tlv, 0x9f36, NULL);
758 if (tlv_equal(core_atc_tlv, atc_tlv)) {
759 PrintAndLogEx(SUCCESS, "ATC check OK.");
760 PrintAndLogEx(SUCCESS, "fDDA (fast DDA) verified OK.");
761 } else {
762 PrintAndLogEx(WARNING, "Error: fDDA verified, but ATC in the certificate and ATC in the record not the same.");
763 }
764 } else {
765 PrintAndLogEx(WARNING, "ERROR: fDDA (fast DDA) verify error");
766 emv_pk_free(pk);
767 emv_pk_free(issuer_pk);
768 emv_pk_free(icc_pk);
769 tlvdb_free(atc_db);
770 return 9;
771 }
772 tlvdb_free(atc_db);
773
774 } else {
775 uint8_t buf[APDU_RES_LEN] = {0};
776 size_t len = 0;
777 uint16_t sw = 0;
778 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
779 if (dac_db) {
780 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
781 PrintAndLogEx(INFO, "SDAD verified ( %s ) (Data Authentication Code: %02hhx:%02hhx)\n", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
782 tlvdb_add(tlv, dac_db);
783 } else {
784 PrintAndLogEx(ERR, "Error: SSAD verify error");
785 emv_pk_free(pk);
786 emv_pk_free(issuer_pk);
787 emv_pk_free(icc_pk);
788 return 4;
789 }
790
791 PrintAndLogEx(INFO, "* Calc DDOL");
792 const struct tlv *ddol_tlv = tlvdb_get(tlv, 0x9f49, NULL);
793 if (!ddol_tlv) {
794 ddol_tlv = &default_ddol_tlv;
795 PrintAndLogEx(INFO, "DDOL [9f49] not found. Using default DDOL");
796 }
797
798 struct tlv *ddol_data_tlv = dol_process(ddol_tlv, tlv, 0);
799 if (!ddol_data_tlv) {
800 PrintAndLogEx(ERR, "Error: Can't create DDOL TLV");
801 emv_pk_free(pk);
802 emv_pk_free(issuer_pk);
803 emv_pk_free(icc_pk);
804 return 5;
805 }
806
807 PrintAndLogEx(INFO, "DDOL data[%zu]: %s", ddol_data_tlv->len, sprint_hex(ddol_data_tlv->value, ddol_data_tlv->len));
808
809 PrintAndLogEx(INFO, "* Internal Authenticate");
810 int res = EMVInternalAuthenticate(channel, true, (uint8_t *)ddol_data_tlv->value, ddol_data_tlv->len, buf, sizeof(buf), &len, &sw, NULL);
811 if (res) {
812 PrintAndLogEx(ERR, "Internal Authenticate error(%d): %4x, exiting..", res, sw);
813 free(ddol_data_tlv);
814 emv_pk_free(pk);
815 emv_pk_free(issuer_pk);
816 emv_pk_free(icc_pk);
817 return 6;
818 }
819
820 struct tlvdb *dda_db = NULL;
821 if (buf[0] == 0x80) {
822 if (len < 3) {
823 PrintAndLogEx(WARNING, "Warning: Internal Authenticate format1 parsing error. length=%zu", len);
824 } else {
825 // parse response 0x80
826 struct tlvdb *t80 = tlvdb_parse_multi(buf, len);
827 const struct tlv *t80tlv = tlvdb_get_tlv(t80);
828
829 // 9f4b Signed Dynamic Application Data
830 dda_db = tlvdb_fixed(0x9f4b, t80tlv->len, t80tlv->value);
831 tlvdb_add(tlv, dda_db);
832
833 tlvdb_free(t80);
834
835 if (decodeTLV) {
836 PrintAndLogEx(INFO, "* * Decode response format 1:");
837 TLVPrintFromTLV(dda_db);
838 }
839 }
840 } else {
841 dda_db = tlvdb_parse_multi(buf, len);
842 if (!dda_db) {
843 PrintAndLogEx(ERR, "Error: Can't parse Internal Authenticate result as TLV");
844 free(ddol_data_tlv);
845 emv_pk_free(pk);
846 emv_pk_free(issuer_pk);
847 emv_pk_free(icc_pk);
848 return 7;
849 }
850 tlvdb_add(tlv, dda_db);
851
852 if (decodeTLV)
853 TLVPrintFromTLV(dda_db);
854 }
855
856 struct tlvdb *idn_db = emv_pki_recover_idn_ex(icc_pk, dda_db, ddol_data_tlv, true);
857 free(ddol_data_tlv);
858 if (!idn_db) {
859 PrintAndLogEx(ERR, "Error: Can't recover IDN (ICC Dynamic Number)");
860 tlvdb_free(dda_db);
861 emv_pk_free(pk);
862 emv_pk_free(issuer_pk);
863 emv_pk_free(icc_pk);
864 return 8;
865 }
866 tlvdb_free(dda_db);
867
868 // 9f4c ICC Dynamic Number
869 const struct tlv *idn_tlv = tlvdb_get(idn_db, 0x9f4c, NULL);
870 if (idn_tlv) {
871 PrintAndLogEx(INFO, "IDN (ICC Dynamic Number) [%zu] %s", idn_tlv->len, sprint_hex_inrow(idn_tlv->value, idn_tlv->len));
872 PrintAndLogEx(INFO, "DDA verified OK.");
873 tlvdb_add(tlv, idn_db);
874 tlvdb_free(idn_db);
875 } else {
876 PrintAndLogEx(ERR, "DDA verify error");
877 tlvdb_free(idn_db);
878
879 emv_pk_free(pk);
880 emv_pk_free(issuer_pk);
881 emv_pk_free(icc_pk);
882 return 9;
883 }
884 }
885
886 emv_pk_free(pk);
887 emv_pk_free(issuer_pk);
888 emv_pk_free(icc_pk);
889 return 0;
890 }
891
892 int trCDA(struct tlvdb *tlv, struct tlvdb *ac_tlv, struct tlv *pdol_data_tlv, struct tlv *ac_data_tlv) {
893
894 struct emv_pk *pk = get_ca_pk(tlv);
895 if (!pk) {
896 PrintAndLogEx(ERR, "Error: Key not found, exiting");
897 return 2;
898 }
899
900 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
901 if (!sda_tlv || sda_tlv->len < 1) {
902 PrintAndLogEx(ERR, "Error: Can't find input list for Offline Data Authentication, exiting");
903 emv_pk_free(pk);
904 return 3;
905 }
906
907 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
908 if (!issuer_pk) {
909 PrintAndLogEx(ERR, "Error: Issuer certificate not found, exiting");
910 emv_pk_free(pk);
911 return 2;
912 }
913
914 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
915 sprint_hex(issuer_pk->rid, 5),
916 issuer_pk->index,
917 sprint_hex(issuer_pk->serial, 3)
918 );
919
920 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlv, sda_tlv);
921 if (!icc_pk) {
922 PrintAndLogEx(ERR, "Error: ICC certificate not found, exiting");
923 emv_pk_free(pk);
924 emv_pk_free(issuer_pk);
925 return 2;
926 }
927
928 PrintAndLogEx(SUCCESS, "ICC Public key recovered. RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
929 sprint_hex(icc_pk->rid, 5),
930 icc_pk->index,
931 sprint_hex(icc_pk->serial, 3)
932 );
933
934 // Signed Static Application Data (SSAD) check
935 const struct tlv *ssad_tlv = tlvdb_get(tlv, 0x93, NULL);
936 if (ssad_tlv && ssad_tlv->len > 1) {
937 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
938 if (dac_db) {
939 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
940 PrintAndLogEx(SUCCESS, "Signed Static Application Data (SSAD) verified ( %s ) (%02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]);
941 tlvdb_add(tlv, dac_db);
942 } else {
943 PrintAndLogEx(ERR, "Error: Signed Static Application Data (SSAD) verify error");
944 emv_pk_free(pk);
945 emv_pk_free(issuer_pk);
946 emv_pk_free(icc_pk);
947 return 4;
948 }
949 }
950
951 PrintAndLogEx(INFO, "* * Check Signed Dynamic Application Data (SDAD)");
952 struct tlvdb *idn_db = emv_pki_perform_cda_ex(icc_pk, tlv, ac_tlv,
953 pdol_data_tlv, // pdol
954 ac_data_tlv, // cdol1
955 NULL, // cdol2
956 true);
957 if (idn_db) {
958 const struct tlv *idn_tlv = tlvdb_get(idn_db, 0x9f4c, NULL);
959 PrintAndLogEx(INFO, "IDN (ICC Dynamic Number) [%zu] %s", idn_tlv->len, sprint_hex_inrow(idn_tlv->value, idn_tlv->len));
960 PrintAndLogEx(SUCCESS, "CDA verified ( %s )", _GREEN_("ok"));
961 tlvdb_add(tlv, idn_db);
962 } else {
963 PrintAndLogEx(ERR, "ERROR: CDA verify error");
964 }
965
966 emv_pk_free(pk);
967 emv_pk_free(issuer_pk);
968 emv_pk_free(icc_pk);
969 return 0;
970 }
971
972 int RecoveryCertificates(struct tlvdb *tlvRoot, json_t *root) {
973 struct emv_pk *pk = get_ca_pk(tlvRoot);
974 if (!pk) {
975 PrintAndLogEx(ERR, "ERROR: Key not found, exiting");
976 return 1;
977 }
978
979 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlvRoot);
980 if (!issuer_pk) {
981 emv_pk_free(pk);
982 PrintAndLogEx(WARNING, "WARNING: Issuer certificate not found, exiting");
983 return 2;
984 }
985
986 PrintAndLogEx(SUCCESS, "Issuer Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
987 sprint_hex(issuer_pk->rid, 5),
988 issuer_pk->index,
989 sprint_hex(issuer_pk->serial, 3)
990 );
991
992 JsonSaveBufAsHex(root, "$.ApplicationData.RID", issuer_pk->rid, 5);
993
994 char *issuer_pk_c = emv_pk_dump_pk(issuer_pk);
995 JsonSaveStr(root, "$.ApplicationData.IssuerPublicKeyDec", issuer_pk_c);
996 JsonSaveBufAsHex(root, "$.ApplicationData.IssuerPublicKeyModulus", issuer_pk->modulus, issuer_pk->mlen);
997 free(issuer_pk_c);
998
999 const struct tlv *sda_tlv = tlvdb_get(tlvRoot, 0x21, NULL);
1000 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlvRoot, sda_tlv);
1001 if (!icc_pk) {
1002 emv_pk_free(pk);
1003 emv_pk_free(issuer_pk);
1004 PrintAndLogEx(WARNING, "WARNING: ICC certificate not found, exiting");
1005 return 2;
1006 }
1007
1008 PrintAndLogEx(SUCCESS, "ICC Public key recovered RID " _YELLOW_("%s") " IDX " _YELLOW_("%02hhx") " CSN " _YELLOW_("%s"),
1009 sprint_hex(icc_pk->rid, 5),
1010 icc_pk->index,
1011 sprint_hex(icc_pk->serial, 3)
1012 );
1013
1014 char *icc_pk_c = emv_pk_dump_pk(icc_pk);
1015 JsonSaveStr(root, "$.ApplicationData.ICCPublicKeyDec", icc_pk_c);
1016 JsonSaveBufAsHex(root, "$.ApplicationData.ICCPublicKeyModulus", icc_pk->modulus, icc_pk->mlen);
1017 free(icc_pk_c);
1018 return 0;
1019 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware