]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - client/emv/cmdemv.c
reenable intermediate "Waiting for a response from the proxmark..." message
[proxmark3-svn] / client / emv / cmdemv.c
index 679c26edeb321705d546c3078d0379d263ac86e1..0e84260a87a548dce4c8a74b865be628f228467e 100644 (file)
@@ -1,5 +1,5 @@
 //-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
-// Copyright (C) 2017 Merlok
+// Copyright (C) 2017, 2018 Merlok
 //
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
 // at your option, any later version. See the LICENSE.txt file for the text of
 //
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
 // at your option, any later version. See the LICENSE.txt file for the text of
 
 #include "cmdemv.h"
 
 
 #include "cmdemv.h"
 
-int UsageCmdHFEMVSelect(void) {
-       PrintAndLog("HELP :  Executes select applet command:\n");
-       PrintAndLog("Usage:  hf emv select [-s][-k][-a][-t] <HEX applet AID>\n");
-       PrintAndLog("  Options:");
-       PrintAndLog("  -s       : select card");
-       PrintAndLog("  -k       : keep field for next command");
-       PrintAndLog("  -a       : show APDU reqests and responses\n");
-       PrintAndLog("  -t       : TLV decode results\n");
-       PrintAndLog("Samples:");
-       PrintAndLog(" hf emv select -s a00000000101 -> select card, select applet");
-       PrintAndLog(" hf emv select -s -t a00000000101 -> select card, select applet, show result in TLV");
+#include <ctype.h>
+#include <string.h>
+#include "proxmark3.h"
+#include "cmdparser.h"
+#include "ui.h"
+#include "util.h"
+#include "mifare.h"
+#include "emvjson.h"
+#include "emv_pki.h"
+#include "emvcore.h"
+#include "test/cryptotest.h"
+#include "cliparser/cliparser.h"
+#include "jansson.h"
+#include "emv_roca.h"
+#include "pcsc.h"
+#include "apduinfo.h"
+#include "dol.h"
+#include "emv_tags.h"
+#include "cmdhf14a.h"
+#include "cmdsmartcard.h"
+
+#define TLV_ADD(tag, value)( tlvdb_change_or_add_node(tlvRoot, tag, sizeof(value) - 1, (const unsigned char *)value) )
+void ParamLoadDefaults(struct tlvdb *tlvRoot) {
+       //9F02:(Amount, authorized (Numeric)) len:6
+       TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
+       //9F1A:(Terminal Country Code) len:2
+       TLV_ADD(0x9F1A, "ru");
+       //5F2A:(Transaction Currency Code) len:2
+       // USD 840, EUR 978, RUR 810, RUB 643, RUR 810(old), UAH 980, AZN 031, n/a 999
+       TLV_ADD(0x5F2A, "\x09\x80");
+       //9A:(Transaction Date) len:3
+       TLV_ADD(0x9A,   "\x00\x00\x00");
+       //9C:(Transaction Type) len:1   |  00 => Goods and service #01 => Cash
+       TLV_ADD(0x9C,   "\x00");
+       // 9F37 Unpredictable Number len:4
+       TLV_ADD(0x9F37, "\x01\x02\x03\x04");
+       // 9F6A Unpredictable Number (MSD for UDOL) len:4
+       TLV_ADD(0x9F6A, "\x01\x02\x03\x04");
+       //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
+       TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
+       //95:(Terminal Verification Results) len:5
+       // all OK TVR
+       TLV_ADD(0x95,   "\x00\x00\x00\x00\x00");
+}
+
+void PrintChannel(EMVCommandChannel channel) {
+       switch(channel) {
+       case ECC_CONTACTLESS:
+               PrintAndLogEx(INFO, "Channel: CONTACTLESS");
+               break;
+       case ECC_CONTACT:
+               PrintAndLogEx(INFO, "Channel: CONTACT, using %s", getAlternativeSmartcardReader());
+               break;
+       }
+}
+
+int CmdEMVSelect(const char *cmd) {
+       uint8_t data[APDU_DATA_LEN] = {0};
+       int datalen = 0;
+
+       CLIParserInit("emv select",
+               "Executes select applet command",
+               "Usage:\n\temv select -s a00000000101 -> select card, select applet\n\temv select -st a00000000101 -> select card, select applet, show result in TLV\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("sS",  "select",  "activate field and select card"),
+               arg_lit0("kK",  "keep",    "keep field for next command"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+               arg_lit0("tT",  "tlv",     "TLV decode results"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_strx0(NULL,  NULL,     "<HEX applet AID>", NULL),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool activateField = arg_get_lit(1);
+       bool leaveSignalON = arg_get_lit(2);
+       bool APDULogging = arg_get_lit(3);
+       bool decodeTLV = arg_get_lit(4);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(5))
+               channel = ECC_CONTACT;
+       PrintChannel(channel);
+       CLIGetHexWithReturn(6, data, &datalen);
+#else
+       CLIGetHexWithReturn(5, data, &datalen);
+#endif
+       CLIParserFree();
+
+       SetAPDULogging(APDULogging);
+
+       // exec
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       int res = EMVSelect(channel, activateField, leaveSignalON, data, datalen, buf, sizeof(buf), &len, &sw, NULL);
+
+       if (sw)
+               PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+
+       if (res)
+               return res;
+
+       if (decodeTLV)
+               TLVPrintFromBuffer(buf, len);
+
+       return 0;
+}
+
+int CmdEMVSearch(const char *cmd) {
+
+       CLIParserInit("emv search",
+               "Tries to select all applets from applet list:\n",
+               "Usage:\n\temv search -s -> select card and search\n\temv search -st -> select card, search and show result in TLV\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("sS",  "select",  "activate field and select card"),
+               arg_lit0("kK",  "keep",    "keep field ON for next command"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+               arg_lit0("tT",  "tlv",     "TLV decode results of selected applets"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool activateField = arg_get_lit(1);
+       bool leaveSignalON = arg_get_lit(2);
+       bool APDULogging = arg_get_lit(3);
+       bool decodeTLV = arg_get_lit(4);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(5))
+               channel = ECC_CONTACT;
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
+
+       SetAPDULogging(APDULogging);
+
+       struct tlvdb *t = NULL;
+       const char *al = "Applets list";
+       t = tlvdb_fixed(1, strlen(al), (const unsigned char *)al);
+
+       if (EMVSearch(channel, activateField, leaveSignalON, decodeTLV, t)) {
+               tlvdb_free(t);
+               return 2;
+       }
+
+       PrintAndLogEx(SUCCESS, "Search completed.");
+
+       // print list here
+       if (!decodeTLV) {
+               TLVPrintAIDlistFromSelectTLV(t);
+       }
+
+       tlvdb_free(t);
+
+       return 0;
+}
+
+int CmdEMVPPSE(const char *cmd) {
+
+       CLIParserInit("emv pse",
+               "Executes PSE/PPSE select command. It returns list of applet on the card:\n",
+               "Usage:\n\temv pse -s1 -> select, get pse\n\temv pse -st2 -> select, get ppse, show result in TLV\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("sS",  "select",  "activate field and select card"),
+               arg_lit0("kK",  "keep",    "keep field ON for next command"),
+               arg_lit0("1",   "pse",     "pse (1PAY.SYS.DDF01) mode"),
+               arg_lit0("2",   "ppse",    "ppse (2PAY.SYS.DDF01) mode (default mode)"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+               arg_lit0("tT",  "tlv",     "TLV decode results of selected applets"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool activateField = arg_get_lit(1);
+       bool leaveSignalON = arg_get_lit(2);
+       uint8_t PSENum = 2;
+       if (arg_get_lit(3))
+               PSENum = 1;
+       if (arg_get_lit(4))
+               PSENum = 2;
+       bool APDULogging = arg_get_lit(5);
+       bool decodeTLV = arg_get_lit(6);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(7))
+               channel = ECC_CONTACT;
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
+
+       SetAPDULogging(APDULogging);
+
+       // exec
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       int res = EMVSelectPSE(channel, activateField, leaveSignalON, PSENum, buf, sizeof(buf), &len, &sw);
+
+       if (sw)
+               PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+
+       if (res)
+               return res;
+
+
+       if (decodeTLV)
+               TLVPrintFromBuffer(buf, len);
+
        return 0;
 }
 
        return 0;
 }
 
-int CmdHFEMVSelect(const char *cmd) {
-       uint8_t data[APDU_AID_LEN] = {0};
+int CmdEMVGPO(const char *cmd) {
+       uint8_t data[APDU_RESPONSE_LEN] = {0};
        int datalen = 0;
        int datalen = 0;
-       bool activateField = false;
-       bool leaveSignalON = false;
-       bool decodeTLV = false;
 
 
-       if (strlen(cmd) < 1) {
-               UsageCmdHFEMVSelect();
-               return 0;
+       CLIParserInit("emv gpo",
+               "Executes Get Processing Options command. It returns data in TLV format (0x77 - format2) or plain format (0x80 - format1).\nNeeds a EMV applet to be selected.",
+               "Usage:\n\temv gpo -k -> execute GPO\n"
+                       "\temv gpo -t 01020304 -> execute GPO with 4-byte PDOL data, show result in TLV\n"
+                       "\temv gpo -pmt 9F 37 04 -> load params from file, make PDOL data from PDOL, execute GPO with PDOL, show result in TLV\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("kK",  "keep",    "keep field ON for next command"),
+               arg_lit0("pP",  "params",  "load parameters from `emv/defparams.json` file for PDOLdata making from PDOL and parameters"),
+               arg_lit0("mM",  "make",    "make PDOLdata from PDOL (tag 9F38) and parameters (by default uses default parameters)"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+               arg_lit0("tT",  "tlv",     "TLV decode results of selected applets"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_strx0(NULL,  NULL,     "<HEX PDOLdata/PDOL>", NULL),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool leaveSignalON = arg_get_lit(1);
+       bool paramsLoadFromFile = arg_get_lit(2);
+       bool dataMakeFromPDOL = arg_get_lit(3);
+       bool APDULogging = arg_get_lit(4);
+       bool decodeTLV = arg_get_lit(5);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(6))
+               channel = ECC_CONTACT;
+       CLIGetHexWithReturn(7, data, &datalen);
+#else
+       CLIGetHexWithReturn(6, data, &datalen);
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
+
+       SetAPDULogging(APDULogging);
+
+       // Init TLV tree
+       const char *alr = "Root terminal TLV tree";
+       struct tlvdb *tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
+
+       // calc PDOL
+       struct tlv *pdol_data_tlv = NULL;
+       struct tlv data_tlv = {
+               .tag = 0x83,
+               .len = datalen,
+               .value = (uint8_t *)data,
+       };
+       if (dataMakeFromPDOL) {
+               ParamLoadDefaults(tlvRoot);
+
+               if (paramsLoadFromFile) {
+                       PrintAndLogEx(INFO, "Params loading from file...");
+                       ParamLoadFromJson(tlvRoot);
+               };
+
+               pdol_data_tlv = dol_process((const struct tlv *)tlvdb_external(0x9f38, datalen, data), tlvRoot, 0x83);
+               if (!pdol_data_tlv){
+                       PrintAndLogEx(ERR, "Can't create PDOL TLV.");
+                       tlvdb_free(tlvRoot);
+                       return 4;
+               }
+       } else {
+               if (paramsLoadFromFile) {
+                       PrintAndLogEx(WARNING, "Don't need to load parameters. Sending plain PDOL data...");
+               }
+               pdol_data_tlv = &data_tlv;
        }
        }
-       
-       SetAPDULogging(false);
-       
-       int cmdp = 0;
-       while(param_getchar(cmd, cmdp) != 0x00) {
-               char c = param_getchar(cmd, cmdp);
-               if ((c == '-') && (param_getlength(cmd, cmdp) == 2))
-                       switch (param_getchar_indx(cmd, 1, cmdp)) {
-                               case 'h':
-                               case 'H':
-                                       UsageCmdHFEMVSelect();
-                                       return 0;
-                               case 's':
-                               case 'S':
-                                       activateField = true;
-                                       break;
-                               case 'k':
-                               case 'K':
-                                       leaveSignalON = true;
-                                       break;
-                               case 'a':
-                               case 'A':
-                                       SetAPDULogging(true);
-                                       break;
-                               case 't':
-                               case 'T':
-                                       decodeTLV = true;
-                                       break;
-                               default:
-                                       PrintAndLog("Unknown parameter '%c'", param_getchar_indx(cmd, 1, cmdp));
-                                       return 1;
-               }
-
-               if (isxdigit(c)) {
-                       switch(param_gethex_to_eol(cmd, cmdp, data, sizeof(data), &datalen)) {
-                       case 1:
-                               PrintAndLog("Invalid HEX value.");
-                               return 1;
-                       case 2:
-                               PrintAndLog("AID too large.");
-                               return 1;
-                       case 3:
-                               PrintAndLog("Hex must have even number of digits.");
-                               return 1;
-                       }
-                       
-                       // we get all the hex to end of line with spaces
-                       break;
+
+       size_t pdol_data_tlv_data_len = 0;
+       unsigned char *pdol_data_tlv_data = tlv_encode(pdol_data_tlv, &pdol_data_tlv_data_len);
+       if (!pdol_data_tlv_data) {
+               PrintAndLogEx(ERR, "Can't create PDOL data.");
+               tlvdb_free(tlvRoot);
+               return 4;
+       }
+       PrintAndLogEx(INFO, "PDOL data[%d]: %s", pdol_data_tlv_data_len, sprint_hex(pdol_data_tlv_data, pdol_data_tlv_data_len));
+
+       // exec
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       int res = EMVGPO(channel, leaveSignalON, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+       if (pdol_data_tlv != &data_tlv)
+               free(pdol_data_tlv);
+       tlvdb_free(tlvRoot);
+
+       if (sw)
+               PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+
+       if (res)
+               return res;
+
+       if (decodeTLV)
+               TLVPrintFromBuffer(buf, len);
+
+       return 0;
+}
+
+int CmdEMVReadRecord(const char *cmd) {
+       uint8_t data[APDU_RESPONSE_LEN] = {0};
+       int datalen = 0;
+
+       CLIParserInit("emv readrec",
+               "Executes Read Record command. It returns data in TLV format.\nNeeds a bank applet to be selected and sometimes needs GPO to be executed.",
+               "Usage:\n\temv readrec -k 0101 -> read file SFI=01, SFIrec=01\n\temv readrec -kt 0201-> read file 0201 and show result in TLV\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("kK",  "keep",    "keep field ON for next command"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+               arg_lit0("tT",  "tlv",     "TLV decode results of selected applets"),
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+               arg_strx1(NULL,  NULL,     "<SFI 1byte HEX><SFIrecord 1byte HEX>", NULL),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool leaveSignalON = arg_get_lit(1);
+       bool APDULogging = arg_get_lit(2);
+       bool decodeTLV = arg_get_lit(3);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(4))
+               channel = ECC_CONTACT;
+       CLIGetHexWithReturn(5, data, &datalen);
+#else
+       CLIGetHexWithReturn(4, data, &datalen);
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
+
+       if (datalen != 2) {
+               PrintAndLogEx(ERR, "Command needs to have 2 bytes of data");
+               return 1;
+       }
+
+       SetAPDULogging(APDULogging);
+
+       // exec
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       int res = EMVReadRecord(channel, leaveSignalON, data[0], data[1], buf, sizeof(buf), &len, &sw, NULL);
+
+       if (sw)
+               PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+
+       if (res)
+               return res;
+
+
+       if (decodeTLV)
+               TLVPrintFromBuffer(buf, len);
+
+       return 0;
+}
+
+int CmdEMVAC(const char *cmd) {
+       uint8_t data[APDU_RESPONSE_LEN] = {0};
+       int datalen = 0;
+
+       CLIParserInit("emv genac",
+               "Generate Application Cryptogram command. It returns data in TLV format .\nNeeds a EMV applet to be selected and GPO to be executed.",
+               "Usage:\n\temv genac -k 0102 -> generate AC with 2-byte CDOLdata and keep field ON after command\n"
+                       "\temv genac -t 01020304 -> generate AC with 4-byte CDOL data, show result in TLV\n"
+                       "\temv genac -Daac 01020304 -> generate AC with 4-byte CDOL data and terminal decision 'declined'\n"
+                       "\temv genac -pmt 9F 37 04 -> load params from file, make CDOL data from CDOL, generate AC with CDOL, show result in TLV");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("kK",  "keep",     "keep field ON for next command"),
+               arg_lit0("cC",  "cda",      "executes CDA transaction. Needs to get SDAD in results."),
+               arg_str0("dD",  "decision", "<aac|tc|arqc>", "Terminal decision. aac - declined, tc - approved, arqc - online authorisation requested"),
+               arg_lit0("pP",  "params",   "load parameters from `emv/defparams.json` file for CDOLdata making from CDOL and parameters"),
+               arg_lit0("mM",  "make",     "make CDOLdata from CDOL (tag 8C and 8D) and parameters (by default uses default parameters)"),
+               arg_lit0("aA",  "apdu",     "show APDU reqests and responses"),
+               arg_lit0("tT",  "tlv",      "TLV decode results of selected applets"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_strx1(NULL,  NULL,      "<HEX CDOLdata/CDOL>", NULL),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, false);
+
+       bool leaveSignalON = arg_get_lit(1);
+       bool trTypeCDA = arg_get_lit(2);
+       uint8_t termDecision = 0xff;
+       if (arg_get_str_len(3)) {
+               if (!strncmp(arg_get_str(3)->sval[0], "aac", 4))
+                       termDecision = EMVAC_AAC;
+               if (!strncmp(arg_get_str(3)->sval[0], "tc", 4))
+                       termDecision = EMVAC_TC;
+               if (!strncmp(arg_get_str(3)->sval[0], "arqc", 4))
+                       termDecision = EMVAC_ARQC;
+
+               if (termDecision == 0xff) {
+                       PrintAndLog("ERROR: can't find terminal decision '%s'", arg_get_str(3)->sval[0]);
+                       return 1;
                }
                }
+       } else {
+               termDecision = EMVAC_TC;
+       }
+       if (trTypeCDA)
+               termDecision = termDecision | EMVAC_CDAREQ;
+       bool paramsLoadFromFile = arg_get_lit(4);
+       bool dataMakeFromCDOL = arg_get_lit(5);
+       bool APDULogging = arg_get_lit(6);
+       bool decodeTLV = arg_get_lit(7);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(8))
+               channel = ECC_CONTACT;
+       CLIGetHexWithReturn(9, data, &datalen);
+#else
+       CLIGetHexWithReturn(8, data, &datalen);
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
 
 
+       SetAPDULogging(APDULogging);
 
 
-               cmdp++;
+       // Init TLV tree
+       const char *alr = "Root terminal TLV tree";
+       struct tlvdb *tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
+
+       // calc CDOL
+       struct tlv *cdol_data_tlv = NULL;
+       struct tlv data_tlv = {
+               .tag = 0x01,
+               .len = datalen,
+               .value = (uint8_t *)data,
+       };
+
+       if (dataMakeFromCDOL) {
+               ParamLoadDefaults(tlvRoot);
+
+               if (paramsLoadFromFile) {
+                       PrintAndLogEx(INFO, "Params loading from file...");
+                       ParamLoadFromJson(tlvRoot);
+               };
+
+               cdol_data_tlv = dol_process((const struct tlv *)tlvdb_external(0x8c, datalen, data), tlvRoot, 0x01); // 0x01 - dummy tag
+               if (!cdol_data_tlv){
+                       PrintAndLogEx(ERR, "Can't create CDOL TLV.");
+                       tlvdb_free(tlvRoot);
+                       return 4;
+               }
+       } else {
+               if (paramsLoadFromFile) {
+                       PrintAndLogEx(WARNING, "Don't need to load parameters. Sending plain CDOL data...");
+               }
+               cdol_data_tlv = &data_tlv;
        }
        }
-       
+
+       PrintAndLogEx(INFO, "CDOL data[%d]: %s", cdol_data_tlv->len, sprint_hex(cdol_data_tlv->value, cdol_data_tlv->len));
+
        // exec
        // exec
-       uint8_t buf[APDU_RES_LEN] = {0};
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
        size_t len = 0;
        uint16_t sw = 0;
        size_t len = 0;
        uint16_t sw = 0;
-       int res = EMVSelect(activateField, leaveSignalON, data, datalen, buf, sizeof(buf), &len, &sw, NULL);
+       int res = EMVAC(channel, leaveSignalON, termDecision, (uint8_t *)cdol_data_tlv->value, cdol_data_tlv->len, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+       if (cdol_data_tlv != &data_tlv)
+               free(cdol_data_tlv);
+       tlvdb_free(tlvRoot);
 
        if (sw)
 
        if (sw)
-               PrintAndLog("APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); 
-       
+               PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+
        if (res)
                return res;
        if (res)
                return res;
-       
+
        if (decodeTLV)
                TLVPrintFromBuffer(buf, len);
 
        return 0;
 }
 
        if (decodeTLV)
                TLVPrintFromBuffer(buf, len);
 
        return 0;
 }
 
-int UsageCmdHFEMVSearch(void) {
-       PrintAndLog("HELP :  Tries to select all applets from applet list:\n");
-       PrintAndLog("Usage:  hf emv search [-s][-k][-a][-t]\n");
-       PrintAndLog("  Options:");
-       PrintAndLog("  -s       : select card");
-       PrintAndLog("  -k       : keep field for next command");
-       PrintAndLog("  -a       : show APDU reqests and responses\n");
-       PrintAndLog("  -t       : TLV decode results of selected applets\n");
-       PrintAndLog("Samples:");
-       PrintAndLog(" hf emv search -s -> select card and search");
-       PrintAndLog(" hf emv search -s -t -> select card, search and show result in TLV");
+int CmdEMVGenerateChallenge(const char *cmd) {
+
+       CLIParserInit("emv challenge",
+               "Executes Generate Challenge command. It returns 4 or 8-byte random number from card.\nNeeds a EMV applet to be selected and GPO to be executed.",
+               "Usage:\n\temv challenge -> get challenge\n\temv challenge -k -> get challenge, keep fileld ON\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("kK",  "keep",    "keep field ON for next command"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool leaveSignalON = arg_get_lit(1);
+       bool APDULogging = arg_get_lit(2);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(3))
+               channel = ECC_CONTACT;
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
+
+       SetAPDULogging(APDULogging);
+
+       // exec
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       int res = EMVGenerateChallenge(channel, leaveSignalON, buf, sizeof(buf), &len, &sw, NULL);
+
+       if (sw)
+               PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+
+       if (res)
+               return res;
+
+       PrintAndLogEx(SUCCESS, "Challenge: %s", sprint_hex(buf, len));
+
+       if (len != 4 && len != 8)
+               PrintAndLogEx(WARNING, "Length of challenge must be 4 or 8, but it %d", len);
+
        return 0;
 }
 
        return 0;
 }
 
-int CmdHFEMVSearch(const char *cmd) {
+int CmdEMVInternalAuthenticate(const char *cmd) {
+       uint8_t data[APDU_RESPONSE_LEN] = {0};
+       int datalen = 0;
 
 
-       bool activateField = false;
-       bool leaveSignalON = false;
-       bool decodeTLV = false;
+       CLIParserInit("emv intauth",
+               "Generate Internal Authenticate command. Usually needs 4-byte random number. It returns data in TLV format .\n"
+               "Needs a EMV applet to be selected and GPO to be executed.",
 
 
-       if (strlen(cmd) < 1) {
-               UsageCmdHFEMVSearch();
-               return 0;
-       }
-       
-       SetAPDULogging(false);
-       
-       int cmdp = 0;
-       while(param_getchar(cmd, cmdp) != 0x00) {
-               char c = param_getchar(cmd, cmdp);
-               if ((c == '-') && (param_getlength(cmd, cmdp) == 2))
-                       switch (param_getchar_indx(cmd, 1, cmdp)) {
-                               case 'h':
-                               case 'H':
-                                       UsageCmdHFEMVSearch();
-                                       return 0;
-                               case 's':
-                               case 'S':
-                                       activateField = true;
-                                       break;
-                               case 'k':
-                               case 'K':
-                                       leaveSignalON = true;
-                                       break;
-                               case 'a':
-                               case 'A':
-                                       SetAPDULogging(true);
-                                       break;
-                               case 't':
-                               case 'T':
-                                       decodeTLV = true;
-                                       break;
-                               default:
-                                       PrintAndLog("Unknown parameter '%c'", param_getchar_indx(cmd, 1, cmdp));
-                                       return 1;
-               }
-               cmdp++;
+               "Usage:\n"
+               "\temv intauth -k 01020304 -> execute Internal Authenticate with 4-byte DDOLdata and keep field ON after command\n"
+                       "\temv intauth -t 01020304 -> execute Internal Authenticate with 4-byte DDOL data, show result in TLV\n"
+                       "\temv intauth -pmt 9F 37 04 -> load params from file, make DDOL data from DDOL, Internal Authenticate with DDOL, show result in TLV");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("kK",  "keep",    "keep field ON for next command"),
+               arg_lit0("pP",  "params",  "load parameters from `emv/defparams.json` file for DDOLdata making from DDOL and parameters"),
+               arg_lit0("mM",  "make",    "make DDOLdata from DDOL (tag 9F49) and parameters (by default uses default parameters)"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+               arg_lit0("tT",  "tlv",     "TLV decode results of selected applets"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_strx1(NULL,  NULL,     "<HEX DDOLdata/DDOL>", NULL),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, false);
+
+       bool leaveSignalON = arg_get_lit(1);
+       bool paramsLoadFromFile = arg_get_lit(2);
+       bool dataMakeFromDDOL = arg_get_lit(3);
+       bool APDULogging = arg_get_lit(4);
+       bool decodeTLV = arg_get_lit(5);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(6))
+               channel = ECC_CONTACT;
+       CLIGetHexWithReturn(7, data, &datalen);
+#else
+       CLIGetHexWithReturn(6, data, &datalen);
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
+
+       SetAPDULogging(APDULogging);
+
+       // Init TLV tree
+       const char *alr = "Root terminal TLV tree";
+       struct tlvdb *tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
+
+       // calc DDOL
+       struct tlv *ddol_data_tlv = NULL;
+       struct tlv data_tlv = {
+               .tag = 0x01,
+               .len = datalen,
+               .value = (uint8_t *)data,
+       };
+
+       if (dataMakeFromDDOL) {
+               ParamLoadDefaults(tlvRoot);
+
+               if (paramsLoadFromFile) {
+                       PrintAndLogEx(INFO, "Params loading from file...");
+                       ParamLoadFromJson(tlvRoot);
+               };
+
+               ddol_data_tlv = dol_process((const struct tlv *)tlvdb_external(0x9f49, datalen, data), tlvRoot, 0x01); // 0x01 - dummy tag
+               if (!ddol_data_tlv){
+                       PrintAndLogEx(ERR, "Can't create DDOL TLV.");
+                       tlvdb_free(tlvRoot);
+                       return 4;
+               }
+       } else {
+               if (paramsLoadFromFile) {
+                       PrintAndLogEx(WARNING, "Don't need to load parameters. Sending plain DDOL data...");
+               }
+               ddol_data_tlv = &data_tlv;
        }
 
        }
 
-       struct tlvdb *t = NULL;
-       const char *al = "Applets list";
-       t = tlvdb_fixed(1, strlen(al), (const unsigned char *)al);
+       PrintAndLogEx(INFO, "DDOL data[%d]: %s", ddol_data_tlv->len, sprint_hex(ddol_data_tlv->value, ddol_data_tlv->len));
 
 
-       if (EMVSearch(activateField, leaveSignalON, decodeTLV, t)) {
-               tlvdb_free(t);
-               return 2;
+       // exec
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       int res = EMVInternalAuthenticate(channel, leaveSignalON, data, datalen, buf, sizeof(buf), &len, &sw, NULL);
+
+       if (ddol_data_tlv != &data_tlv)
+               free(ddol_data_tlv);
+       tlvdb_free(tlvRoot);
+
+       if (sw)
+               PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+
+       if (res)
+               return res;
+
+       if (decodeTLV)
+               TLVPrintFromBuffer(buf, len);
+
+       return 0;
+}
+
+#define dreturn(n) {free(pdol_data_tlv); tlvdb_free(tlvSelect); tlvdb_free(tlvRoot); DropFieldEx( channel ); return n;}
+
+void InitTransactionParameters(struct tlvdb *tlvRoot, bool paramLoadJSON, enum TransactionType TrType, bool GenACGPO) {
+
+       ParamLoadDefaults(tlvRoot);
+
+       if (paramLoadJSON) {
+               PrintAndLog("* * Transaction parameters loading from JSON...");
+               ParamLoadFromJson(tlvRoot);
        }
        }
-       
-       PrintAndLog("Search completed.");
 
 
-       // print list here
-       if (!decodeTLV) {  
-               TLVPrintAIDlistFromSelectTLV(t);
+       //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
+       char *qVSDC = "\x26\x00\x00\x00";
+       if (GenACGPO) {
+               qVSDC = "\x26\x80\x00\x00";
+       }
+       switch(TrType) {
+               case TT_MSD:
+                       TLV_ADD(0x9F66, "\x86\x00\x00\x00"); // MSD
+                       break;
+               // not standard for contactless. just for test.
+               case TT_VSDC:
+                       TLV_ADD(0x9F66, "\x46\x00\x00\x00"); // VSDC
+                       break;
+               case TT_QVSDCMCHIP:
+                       TLV_ADD(0x9F66, qVSDC); // qVSDC
+                       break;
+               case TT_CDA:
+                       TLV_ADD(0x9F66, qVSDC); // qVSDC (VISA CDA not enabled)
+                       break;
+               default:
+                       break;
+       }
+}
+
+void ProcessGPOResponseFormat1(struct tlvdb *tlvRoot, uint8_t *buf, size_t len, bool decodeTLV) {
+       if (buf[0] == 0x80) {
+               if (decodeTLV){
+                       PrintAndLog("GPO response format1:");
+                       TLVPrintFromBuffer(buf, len);
+               }
+
+               if (len < 4 || (len - 4) % 4) {
+                       PrintAndLogEx(ERR, "GPO response format1 parsing error. length=%d", len);
+               } else {
+                       // AIP
+                       struct tlvdb * f1AIP = tlvdb_fixed(0x82, 2, buf + 2);
+                       tlvdb_add(tlvRoot, f1AIP);
+                       if (decodeTLV){
+                               PrintAndLogEx(INFO, "\n* * Decode response format 1 (0x80) AIP and AFL:");
+                               TLVPrintFromTLV(f1AIP);
+                       }
+
+                       // AFL
+                       struct tlvdb * f1AFL = tlvdb_fixed(0x94, len - 4, buf + 2 + 2);
+                       tlvdb_add(tlvRoot, f1AFL);
+                       if (decodeTLV)
+                               TLVPrintFromTLV(f1AFL);
+               }
+       } else {
+               if (decodeTLV)
+                       TLVPrintFromBuffer(buf, len);
+       }
+}
+
+void ProcessACResponseFormat1(struct tlvdb *tlvRoot, uint8_t *buf, size_t len, bool decodeTLV) {
+       if (buf[0] == 0x80) {
+               if (decodeTLV){
+                       PrintAndLog("GPO response format1:");
+                       TLVPrintFromBuffer(buf, len);
+               }
+
+               uint8_t elmlen = len - 2; // wo 0x80XX
+
+               if (len < 4 + 2 || (elmlen - 2) % 4 || elmlen != buf[1]) {
+                       PrintAndLogEx(ERR, "GPO response format1 parsing error. length=%d", len);
+               } else {
+                       struct tlvdb *tlvElm = NULL;
+                       if (decodeTLV)
+                               PrintAndLog("\n------------ Format1 decoded ------------");
+
+                       // CID (Cryptogram Information Data)
+                       tlvdb_change_or_add_node_ex(tlvRoot, 0x9f27, 1, &buf[2], &tlvElm);
+                       if (decodeTLV)
+                               TLVPrintFromTLV(tlvElm);
+
+                       // ATC (Application Transaction Counter)
+                       tlvdb_change_or_add_node_ex(tlvRoot, 0x9f36, 2, &buf[3], &tlvElm);
+                       if (decodeTLV)
+                               TLVPrintFromTLV(tlvElm);
+
+                       // AC (Application Cryptogram)
+                       tlvdb_change_or_add_node_ex(tlvRoot, 0x9f26, MIN(8, elmlen - 3), &buf[5], &tlvElm);
+                       if (decodeTLV)
+                               TLVPrintFromTLV(tlvElm);
+
+                       // IAD (Issuer Application Data) - optional
+                       if (len > 11 + 2) {
+                               tlvdb_change_or_add_node_ex(tlvRoot, 0x9f10, elmlen - 11, &buf[13], &tlvElm);
+                               if (decodeTLV)
+                                       TLVPrintFromTLV(tlvElm);
+                       }
+               }
+       } else {
+               if (decodeTLV)
+                       TLVPrintFromBuffer(buf, len);
+       }
+}
+
+int CmdEMVExec(const char *cmd) {
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       uint8_t AID[APDU_DATA_LEN] = {0};
+       size_t AIDlen = 0;
+       uint8_t ODAiList[4096];
+       size_t ODAiListLen = 0;
+
+       int res;
+
+       struct tlvdb *tlvSelect = NULL;
+       struct tlvdb *tlvRoot = NULL;
+       struct tlv *pdol_data_tlv = NULL;
+
+       CLIParserInit("emv exec",
+               "Executes EMV contactless transaction",
+               "Usage:\n"
+                       "\temv exec -sat -> select card, execute MSD transaction, show APDU and TLV\n"
+                       "\temv exec -satc -> select card, execute CDA transaction, show APDU and TLV\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("sS",  "select",   "activate field and select card."),
+               arg_lit0("aA",  "apdu",     "show APDU reqests and responses."),
+               arg_lit0("tT",  "tlv",      "TLV decode results."),
+               arg_lit0("jJ",  "jload",    "Load transaction parameters from `emv/defparams.json` file."),
+               arg_lit0("fF",  "forceaid", "Force search AID. Search AID instead of execute PPSE."),
+               arg_rem("By default:",      "Transaction type - MSD"),
+               arg_lit0("vV",  "qvsdc",    "Transaction type - qVSDC or M/Chip."),
+               arg_lit0("cC",  "qvsdccda", "Transaction type - qVSDC or M/Chip plus CDA (SDAD generation)."),
+               arg_lit0("xX",  "vsdc",     "Transaction type - VSDC. For test only. Not a standart behavior."),
+               arg_lit0("gG",  "acgpo",    "VISA. generate AC from GPO."),
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool activateField = arg_get_lit(1);
+       bool showAPDU = arg_get_lit(2);
+       bool decodeTLV = arg_get_lit(3);
+       bool paramLoadJSON = arg_get_lit(4);
+       bool forceSearch = arg_get_lit(5);
+
+       enum TransactionType TrType = TT_MSD;
+       if (arg_get_lit(7))
+               TrType = TT_QVSDCMCHIP;
+       if (arg_get_lit(8))
+               TrType = TT_CDA;
+       if (arg_get_lit(9))
+               TrType = TT_VSDC;
+
+       bool GenACGPO = arg_get_lit(10);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(11))
+               channel = ECC_CONTACT;
+#endif
+       PrintChannel(channel);
+       uint8_t psenum = (channel == ECC_CONTACT) ? 1 : 2;
+       char *PSE_or_PPSE = psenum == 1 ? "PSE" : "PPSE";
+
+       CLIParserFree();
+
+       SetAPDULogging(showAPDU);
+
+       // init applets list tree
+       const char *al = "Applets list";
+       tlvSelect = tlvdb_fixed(1, strlen(al), (const unsigned char *)al);
+
+       // Application Selection
+       // https://www.openscdp.org/scripts/tutorial/emv/applicationselection.html
+       if (!forceSearch) {
+               // PPSE / PSE
+               PrintAndLogEx(NORMAL, "\n* %s.", PSE_or_PPSE);
+               SetAPDULogging(showAPDU);
+               res = EMVSearchPSE(channel, activateField, true, psenum, decodeTLV, tlvSelect);
+
+               // check PPSE / PSE and select application id
+               if (!res) {
+                       TLVPrintAIDlistFromSelectTLV(tlvSelect);
+                       EMVSelectApplication(tlvSelect, AID, &AIDlen);
+               }
+       }
+
+       // Search
+       if (!AIDlen) {
+               PrintAndLogEx(NORMAL, "\n* Search AID in list.");
+               SetAPDULogging(false);
+               if (EMVSearch(channel, activateField, true, decodeTLV, tlvSelect)) {
+                       dreturn(2);
+               }
+
+               // check search and select application id
+               TLVPrintAIDlistFromSelectTLV(tlvSelect);
+               EMVSelectApplication(tlvSelect, AID, &AIDlen);
+       }
+
+       // Init TLV tree
+       const char *alr = "Root terminal TLV tree";
+       tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
+
+       // check if we found EMV application on card
+       if (!AIDlen) {
+               PrintAndLogEx(WARNING, "Can't select AID. EMV AID not found");
+               dreturn(2);
+       }
+
+       // Select
+       PrintAndLogEx(NORMAL, "\n* Selecting AID:%s", sprint_hex_inrow(AID, AIDlen));
+       SetAPDULogging(showAPDU);
+       res = EMVSelect(channel, false, true, AID, AIDlen, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+       if (res) {
+               PrintAndLogEx(WARNING, "Can't select AID (%d). Exit...", res);
+               dreturn(3);
+       }
+
+       if (decodeTLV)
+               TLVPrintFromBuffer(buf, len);
+       PrintAndLogEx(INFO, "* Selected.");
+
+       PrintAndLogEx(INFO, "\n* Init transaction parameters.");
+       InitTransactionParameters(tlvRoot, paramLoadJSON, TrType, GenACGPO);
+       TLVPrintFromTLV(tlvRoot); // TODO delete!!!
+
+       PrintAndLogEx(NORMAL, "\n* Calc PDOL.");
+       pdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x9f38, NULL), tlvRoot, 0x83);
+       if (!pdol_data_tlv){
+               PrintAndLogEx(WARNING, "Error: can't create PDOL TLV.");
+               dreturn(4);
+       }
+
+       size_t pdol_data_tlv_data_len;
+       unsigned char *pdol_data_tlv_data = tlv_encode(pdol_data_tlv, &pdol_data_tlv_data_len);
+       if (!pdol_data_tlv_data) {
+               PrintAndLogEx(WARNING, "Error: can't create PDOL data.");
+               dreturn(4);
+       }
+       PrintAndLogEx(NORMAL, "PDOL data[%d]: %s", pdol_data_tlv_data_len, sprint_hex(pdol_data_tlv_data, pdol_data_tlv_data_len));
+
+       PrintAndLogEx(NORMAL, "\n* GPO.");
+       res = EMVGPO(channel, true, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+       free(pdol_data_tlv_data);
+       //free(pdol_data_tlv); --- free on exit.
+
+       if (res) {
+               PrintAndLogEx(NORMAL, "GPO error(%d): %4x. Exit...", res, sw);
+               dreturn(5);
+       }
+
+       // process response template format 1 [id:80  2b AIP + x4b AFL] and format 2 [id:77 TLV]
+       ProcessGPOResponseFormat1(tlvRoot, buf, len, decodeTLV);
+
+       // extract PAN from track2
+       {
+               const struct tlv *track2 = tlvdb_get(tlvRoot, 0x57, NULL);
+               if (!tlvdb_get(tlvRoot, 0x5a, NULL) && track2 && track2->len >= 8) {
+                       struct tlvdb *pan = GetPANFromTrack2(track2);
+                       if (pan) {
+                               tlvdb_add(tlvRoot, pan);
+
+                               const struct tlv *pantlv = tlvdb_get(tlvRoot, 0x5a, NULL);
+                               PrintAndLogEx(NORMAL, "\n* * Extracted PAN from track2: %s", sprint_hex(pantlv->value, pantlv->len));
+                       } else {
+                               PrintAndLogEx(NORMAL, "\n* * WARNING: Can't extract PAN from track2.");
+                       }
+               }
+       }
+
+       PrintAndLogEx(NORMAL, "\n* Read records from AFL.");
+       const struct tlv *AFL = tlvdb_get(tlvRoot, 0x94, NULL);
+       if (!AFL || !AFL->len) {
+               PrintAndLogEx(WARNING, "AFL not found.");
+       }
+
+       while(AFL && AFL->len) {
+               if (AFL->len % 4) {
+                       PrintAndLogEx(WARNING, "Error: Wrong AFL length: %d", AFL->len);
+                       break;
+               }
+
+               for (int i = 0; i < AFL->len / 4; i++) {
+                       uint8_t SFI = AFL->value[i * 4 + 0] >> 3;
+                       uint8_t SFIstart = AFL->value[i * 4 + 1];
+                       uint8_t SFIend = AFL->value[i * 4 + 2];
+                       uint8_t SFIoffline = AFL->value[i * 4 + 3];
+
+                       PrintAndLogEx(NORMAL, "* * SFI[%02x] start:%02x end:%02x offline count:%02x", SFI, SFIstart, SFIend, SFIoffline);
+                       if (SFI == 0 || SFI == 31 || SFIstart == 0 || SFIstart > SFIend) {
+                               PrintAndLogEx(NORMAL, "SFI ERROR! Skipped...");
+                               continue;
+                       }
+
+                       for(int n = SFIstart; n <= SFIend; n++) {
+                               PrintAndLogEx(NORMAL, "* * * SFI[%02x] %d", SFI, n);
+
+                               res = EMVReadRecord(channel, true, SFI, n, buf, sizeof(buf), &len, &sw, tlvRoot);
+                               if (res) {
+                                       PrintAndLogEx(WARNING, "Error SFI[%02x]. APDU error %4x", SFI, sw);
+                                       continue;
+                               }
+
+                               if (decodeTLV) {
+                                       TLVPrintFromBuffer(buf, len);
+                                       PrintAndLogEx(NORMAL, "");
+                               }
+
+                               // Build Input list for Offline Data Authentication
+                               // EMV 4.3 book3 10.3, page 96
+                               if (SFIoffline > 0) {
+                                       if (SFI < 11) {
+                                               const unsigned char *abuf = buf;
+                                               size_t elmlen = len;
+                                               struct tlv e;
+                                               if (tlv_parse_tl(&abuf, &elmlen, &e)) {
+                                                       memcpy(&ODAiList[ODAiListLen], &buf[len - elmlen], elmlen);
+                                                       ODAiListLen += elmlen;
+                                               } else {
+                                                       PrintAndLogEx(WARNING, "Error SFI[%02x]. Creating input list for Offline Data Authentication error.", SFI);
+                                               }
+                                       } else {
+                                               memcpy(&ODAiList[ODAiListLen], buf, len);
+                                               ODAiListLen += len;
+                                       }
+
+                                       SFIoffline--;
+                               }
+                       }
+               }
+
+               break;
+       }
+
+       // copy Input list for Offline Data Authentication
+       if (ODAiListLen) {
+               struct tlvdb *oda = tlvdb_fixed(0x21, ODAiListLen, ODAiList); // not a standard tag
+               tlvdb_add(tlvRoot, oda);
+               PrintAndLogEx(NORMAL, "* Input list for Offline Data Authentication added to TLV. len=%d \n", ODAiListLen);
+       }
+
+       // get AIP
+       uint16_t AIP = 0;
+       const struct tlv *AIPtlv = tlvdb_get(tlvRoot, 0x82, NULL);
+       if (AIPtlv) {
+               AIP = AIPtlv->value[0] + AIPtlv->value[1] * 0x100;
+               PrintAndLogEx(NORMAL, "* * AIP=%04x", AIP);
+       } else {
+               PrintAndLogEx(ERR, "Can't found AIP.");
+       }
+
+       // SDA
+       if (AIP & 0x0040) {
+               PrintAndLogEx(NORMAL, "\n* SDA");
+               trSDA(tlvRoot);
+       }
+
+       // DDA
+       if (AIP & 0x0020) {
+               PrintAndLogEx(NORMAL, "\n* DDA");
+               trDDA(channel, decodeTLV, tlvRoot);
+       }
+
+       // transaction check
+
+       // qVSDC
+       if (TrType == TT_QVSDCMCHIP|| TrType == TT_CDA){
+               // 9F26: Application Cryptogram
+               const struct tlv *AC = tlvdb_get(tlvRoot, 0x9F26, NULL);
+               if (AC) {
+                       PrintAndLogEx(NORMAL, "\n--> qVSDC transaction.");
+                       PrintAndLogEx(NORMAL, "* AC path");
+
+                       // 9F36: Application Transaction Counter (ATC)
+                       const struct tlv *ATC = tlvdb_get(tlvRoot, 0x9F36, NULL);
+                       if (ATC) {
+
+                               // 9F10: Issuer Application Data - optional
+                               const struct tlv *IAD = tlvdb_get(tlvRoot, 0x9F10, NULL);
+
+                               // print AC data
+                               PrintAndLogEx(NORMAL, "ATC: %s", sprint_hex(ATC->value, ATC->len));
+                               PrintAndLogEx(NORMAL, "AC: %s", sprint_hex(AC->value, AC->len));
+                               if (IAD){
+                                       PrintAndLogEx(NORMAL, "IAD: %s", sprint_hex(IAD->value, IAD->len));
+
+                                       if (IAD->len >= IAD->value[0] + 1) {
+                                               PrintAndLogEx(NORMAL, "\tKey index:  0x%02x", IAD->value[1]);
+                                               PrintAndLogEx(NORMAL, "\tCrypto ver: 0x%02x(%03d)", IAD->value[2], IAD->value[2]);
+                                               PrintAndLogEx(NORMAL, "\tCVR:", sprint_hex(&IAD->value[3], IAD->value[0] - 2));
+                                               struct tlvdb * cvr = tlvdb_fixed(0x20, IAD->value[0] - 2, &IAD->value[3]);
+                                               TLVPrintFromTLVLev(cvr, 1);
+                                       }
+                               } else {
+                                       PrintAndLogEx(WARNING, "IAD not found.");
+                               }
+
+                       } else {
+                               PrintAndLogEx(ERR, "AC: Application Transaction Counter (ATC) not found.");
+                       }
+               }
+       }
+
+       // Mastercard M/CHIP
+       if (GetCardPSVendor(AID, AIDlen) == CV_MASTERCARD && (TrType == TT_QVSDCMCHIP || TrType == TT_CDA)){
+               const struct tlv *CDOL1 = tlvdb_get(tlvRoot, 0x8c, NULL);
+               if (CDOL1 && GetCardPSVendor(AID, AIDlen) == CV_MASTERCARD) { // and m/chip transaction flag
+                       PrintAndLogEx(NORMAL, "\n--> Mastercard M/Chip transaction.");
+
+                       PrintAndLogEx(NORMAL, "* * Generate challenge");
+                       res = EMVGenerateChallenge(channel, true, buf, sizeof(buf), &len, &sw, tlvRoot);
+                       if (res) {
+                               PrintAndLogEx(WARNING, "GetChallenge. APDU error %4x", sw);
+                               dreturn(6);
+                       }
+                       if (len < 4) {
+                               PrintAndLogEx(WARNING, "GetChallenge. Wrong challenge length %d", len);
+                               dreturn(6);
+                       }
+
+                       // ICC Dynamic Number
+                       struct tlvdb * ICCDynN = tlvdb_fixed(0x9f4c, len, buf);
+                       tlvdb_add(tlvRoot, ICCDynN);
+                       if (decodeTLV){
+                               PrintAndLogEx(NORMAL, "\n* * ICC Dynamic Number:");
+                               TLVPrintFromTLV(ICCDynN);
+                       }
+
+                       PrintAndLogEx(NORMAL, "* * Calc CDOL1");
+                       struct tlv *cdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x8c, NULL), tlvRoot, 0x01); // 0x01 - dummy tag
+                       if (!cdol_data_tlv){
+                               PrintAndLogEx(WARNING, "Error: can't create CDOL1 TLV.");
+                               dreturn(6);
+                       }
+                       PrintAndLogEx(NORMAL, "CDOL1 data[%d]: %s", cdol_data_tlv->len, sprint_hex(cdol_data_tlv->value, cdol_data_tlv->len));
+
+                       PrintAndLogEx(NORMAL, "* * AC1");
+                       // EMVAC_TC + EMVAC_CDAREQ --- to get SDAD
+                       res = EMVAC(channel, true, (TrType == TT_CDA) ? EMVAC_TC + EMVAC_CDAREQ : EMVAC_TC, (uint8_t *)cdol_data_tlv->value, cdol_data_tlv->len, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+                       if (res) {
+                               PrintAndLogEx(NORMAL, "AC1 error(%d): %4x. Exit...", res, sw);
+                               dreturn(7);
+                       }
+
+                       if (decodeTLV)
+                               TLVPrintFromBuffer(buf, len);
+
+                       // CDA
+                       PrintAndLogEx(NORMAL, "\n* CDA:");
+                       struct tlvdb *ac_tlv = tlvdb_parse_multi(buf, len);
+                       res = trCDA(tlvRoot, ac_tlv, pdol_data_tlv, cdol_data_tlv);
+                       if (res) {
+                               PrintAndLogEx(NORMAL, "CDA error (%d)", res);
+                       }
+                       free(ac_tlv);
+                       free(cdol_data_tlv);
+
+                       PrintAndLogEx(NORMAL, "\n* M/Chip transaction result:");
+                       // 9F27: Cryptogram Information Data (CID)
+                       const struct tlv *CID = tlvdb_get(tlvRoot, 0x9F27, NULL);
+                       if (CID) {
+                               emv_tag_dump(CID, stdout, 0);
+                               PrintAndLogEx(NORMAL, "------------------------------");
+                               if (CID->len > 0) {
+                                       switch(CID->value[0] & EMVAC_AC_MASK){
+                                               case EMVAC_AAC:
+                                                       PrintAndLogEx(NORMAL, "Transaction DECLINED.");
+                                                       break;
+                                               case EMVAC_TC:
+                                                       PrintAndLogEx(NORMAL, "Transaction approved OFFLINE.");
+                                                       break;
+                                               case EMVAC_ARQC:
+                                                       PrintAndLogEx(NORMAL, "Transaction approved ONLINE.");
+                                                       break;
+                                               default:
+                                                       PrintAndLogEx(WARNING, "Error: CID transaction code error %2x", CID->value[0] & EMVAC_AC_MASK);
+                                                       break;
+                                       }
+                               } else {
+                                       PrintAndLogEx(WARNING, "Wrong CID length %d", CID->len);
+                               }
+                       } else {
+                               PrintAndLogEx(WARNING, "CID(9F27) not found.");
+                       }
+
+               }
+       }
+
+       // MSD
+       if (AIP & 0x8000 && TrType == TT_MSD) {
+               PrintAndLogEx(NORMAL, "\n--> MSD transaction.");
+
+               PrintAndLogEx(NORMAL, "* MSD dCVV path. Check dCVV");
+
+               const struct tlv *track2 = tlvdb_get(tlvRoot, 0x57, NULL);
+               if (track2) {
+                       PrintAndLogEx(NORMAL, "Track2: %s", sprint_hex(track2->value, track2->len));
+
+                       struct tlvdb *dCVV = GetdCVVRawFromTrack2(track2);
+                       PrintAndLogEx(NORMAL, "dCVV raw data:");
+                       TLVPrintFromTLV(dCVV);
+
+                       if (GetCardPSVendor(AID, AIDlen) == CV_MASTERCARD) {
+                               PrintAndLogEx(NORMAL, "\n* Mastercard calculate UDOL");
+
+                               // UDOL (9F69)
+                               const struct tlv *UDOL = tlvdb_get(tlvRoot, 0x9F69, NULL);
+                               // UDOL(9F69) default: 9F6A (Unpredictable number) 4 bytes
+                               const struct tlv defUDOL = {
+                                       .tag = 0x01,
+                                       .len = 3,
+                                       .value = (uint8_t *)"\x9f\x6a\x04",
+                               };
+                               if (!UDOL)
+                                       PrintAndLogEx(NORMAL, "Use default UDOL.");
+
+                               struct tlv *udol_data_tlv = dol_process(UDOL ? UDOL : &defUDOL, tlvRoot, 0x01); // 0x01 - dummy tag
+                               if (!udol_data_tlv){
+                                       PrintAndLogEx(WARNING, "can't create UDOL TLV.");
+                                       dreturn(8);
+                               }
+
+                               PrintAndLogEx(NORMAL, "UDOL data[%d]: %s", udol_data_tlv->len, sprint_hex(udol_data_tlv->value, udol_data_tlv->len));
+
+                               PrintAndLogEx(NORMAL, "\n* Mastercard compute cryptographic checksum(UDOL)");
+
+                               res = MSCComputeCryptoChecksum(channel, true, (uint8_t *)udol_data_tlv->value, udol_data_tlv->len, buf, sizeof(buf), &len, &sw, tlvRoot);
+                               if (res) {
+                                       PrintAndLogEx(WARNING, "Compute Crypto Checksum. APDU error %4x", sw);
+                                       free(udol_data_tlv);
+                                       dreturn(9);
+                               }
+
+                               // Mastercard compute cryptographic checksum result
+                               TLVPrintFromBuffer(buf, len);
+                               PrintAndLogEx(NORMAL, "");
+
+                               free(udol_data_tlv);
+
+                       }
+               } else {
+                       PrintAndLogEx(WARNING, "MSD: Track2 data not found.");
+               }
+       }
+
+       // VSDC
+       if (GetCardPSVendor(AID, AIDlen) == CV_VISA && (TrType == TT_VSDC || TrType == TT_CDA)){
+               PrintAndLogEx(NORMAL, "\n--> VSDC transaction.");
+
+               PrintAndLogEx(NORMAL, "* * Calc CDOL1");
+               struct tlv *cdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x8c, NULL), tlvRoot, 0x01); // 0x01 - dummy tag
+               if (!cdol_data_tlv) {
+                       PrintAndLogEx(WARNING, "Error: can't create CDOL1 TLV.");
+                       dreturn(6);
+               }
+
+               PrintAndLogEx(NORMAL, "CDOL1 data[%d]: %s", cdol_data_tlv->len, sprint_hex(cdol_data_tlv->value, cdol_data_tlv->len));
+
+               PrintAndLogEx(NORMAL, "* * AC1");
+               // EMVAC_TC + EMVAC_CDAREQ --- to get SDAD
+               res = EMVAC(channel, true, (TrType == TT_CDA) ? EMVAC_TC + EMVAC_CDAREQ : EMVAC_TC, (uint8_t *)cdol_data_tlv->value, cdol_data_tlv->len, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+               if (res) {
+                       PrintAndLogEx(NORMAL, "AC1 error(%d): %4x. Exit...", res, sw);
+                       dreturn(7);
+               }
+
+               // process Format1 (0x80) and print Format2 (0x77)
+               ProcessACResponseFormat1(tlvRoot, buf, len, decodeTLV);
+
+               uint8_t CID = 0;
+               tlvdb_get_uint8(tlvRoot, 0x9f27, &CID);
+
+               // AC1 print result
+               PrintAndLog("");
+               if ((CID & EMVAC_AC_MASK) == EMVAC_AAC)         PrintAndLogEx(INFO, "AC1 result: AAC (Transaction declined)");
+               if ((CID & EMVAC_AC_MASK) == EMVAC_TC)          PrintAndLogEx(INFO, "AC1 result: TC (Transaction approved)");
+               if ((CID & EMVAC_AC_MASK) == EMVAC_ARQC)        PrintAndLogEx(INFO, "AC1 result: ARQC (Online authorisation requested)");
+               if ((CID & EMVAC_AC_MASK) == EMVAC_AC_MASK)     PrintAndLogEx(INFO, "AC1 result: RFU");
+
+               // decode Issuer Application Data (IAD)
+               uint8_t CryptoVersion = 0;
+               const struct tlv *IAD = tlvdb_get(tlvRoot, 0x9f10, NULL);
+               if (IAD && (IAD->len > 1)) {
+                       PrintAndLogEx(NORMAL, "\n* * Issuer Application Data (IAD):");
+                       uint8_t VDDlen = IAD->value[0]; // Visa discretionary data length
+                       uint8_t IDDlen = 0;             // Issuer discretionary data length
+                       PrintAndLogEx(NORMAL, "IAD length: %d", IAD->len);
+                       PrintAndLogEx(NORMAL, "VDDlen: %d", VDDlen);
+                       if (VDDlen < IAD->len - 1) 
+                               IDDlen = IAD->value[VDDlen + 1];
+                       PrintAndLogEx(NORMAL, "IDDlen: %d", IDDlen);
+                                               
+                       uint8_t DerivKeyIndex = IAD->value[1];
+                       CryptoVersion = IAD->value[2];
+
+                       PrintAndLogEx(NORMAL, "CryptoVersion: %d", CryptoVersion);
+                       PrintAndLogEx(NORMAL, "DerivKeyIndex: %d", DerivKeyIndex);
+
+                       // Card Verification Results (CVR) decode
+                       if ((VDDlen - 2) > 0) {
+                               uint8_t CVRlen = IAD->value[3];
+                               if (CVRlen == (VDDlen - 2 - 1)) {
+                                       PrintAndLogEx(NORMAL, "CVR length: %d", CVRlen);
+                                       PrintAndLogEx(NORMAL, "CVR: %s", sprint_hex(&IAD->value[4], CVRlen));
+                               } else {
+                                       PrintAndLogEx(NORMAL, "Wrong CVR length! CVR: %s", sprint_hex(&IAD->value[3], VDDlen - 2));
+                               }
+                       }
+                       if (IDDlen)
+                               PrintAndLogEx(NORMAL, "IDD: %s", sprint_hex(&IAD->value[VDDlen + 1], IDDlen));          
+               } else {
+                       PrintAndLogEx(NORMAL, "Issuer Application Data (IAD) not found.");
+               }
+               
+               PrintAndLogEx(NORMAL, "\n* * Processing online request");
+
+               // authorization response code from acquirer
+               const char HostResponse[] = "00"; // 0x3030
+               size_t HostResponseLen = sizeof(HostResponse) - 1;
+               PrintAndLogEx(NORMAL, "Host Response: `%s`", HostResponse);
+               tlvdb_change_or_add_node(tlvRoot, 0x8a, HostResponseLen, (const unsigned char *)HostResponse);          
+               
+               if (CryptoVersion == 10) {
+                       PrintAndLogEx(NORMAL, "\n* * Generate ARPC");
+                       
+                       // Application Cryptogram (AC)
+                       const struct tlv *AC = tlvdb_get(tlvRoot, 0x9f26, NULL);
+                       if (AC && (AC->len > 0)) {
+                               PrintAndLogEx(NORMAL, "AC: %s", sprint_hex(AC->value, AC->len));
+
+                               size_t rawARPClen = AC->len;
+                               uint8_t rawARPC[rawARPClen];
+                               memcpy(rawARPC, AC->value, AC->len);
+                               for (int i = 0; (i < HostResponseLen) && (i < rawARPClen); i++)
+                                       rawARPC[i] ^= HostResponse[i];
+                               PrintAndLogEx(NORMAL, "raw ARPC: %s", sprint_hex(rawARPC, rawARPClen));
+                               
+                               // here must be calculation of ARPC, but we dont know a bank keys.
+                               PrintAndLogEx(NORMAL, "ARPC: n/a");
+                               
+                       } else {
+                               PrintAndLogEx(NORMAL, "Application Cryptogram (AC) not found.");
+                       }
+
+                       // here must be external authenticate, but we dont know ARPC
+                       
+       }
+               
+
+               // needs to send AC2 command (res == ARQC)
+               if ((CID & EMVAC_AC_MASK) == EMVAC_ARQC) {
+                       PrintAndLogEx(NORMAL, "\n* * Calc CDOL2");
+                       struct tlv *cdol2_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x8d, NULL), tlvRoot, 0x01); // 0x01 - dummy tag
+                       if (!cdol2_data_tlv) {
+                               PrintAndLogEx(WARNING, "Error: can't create CDOL2 TLV.");
+                               dreturn(6);
+                       }
+                       
+                       PrintAndLogEx(NORMAL, "CDOL2 data[%d]: %s", cdol2_data_tlv->len, sprint_hex(cdol2_data_tlv->value, cdol2_data_tlv->len));
+                       
+                       //PrintAndLogEx(NORMAL, "* * AC2");
+                       
+                       
+                       // here must be AC2, but we dont make external authenticate (
+               
+/*                     // AC2
+                       PRINT_INDENT(level);
+                       if ((CID & EMVAC_AC2_MASK) == EMVAC_AAC2)       fprintf(f, "\tAC2: AAC (Transaction declined)\n");
+                       if ((CID & EMVAC_AC2_MASK) == EMVAC_TC2)        fprintf(f, "\tAC2: TC (Transaction approved)\n");
+                       if ((CID & EMVAC_AC2_MASK) == EMVAC_ARQC2)      fprintf(f, "\tAC2: not requested (ARQC)\n");
+                       if ((CID & EMVAC_AC2_MASK) == EMVAC_AC2_MASK)   fprintf(f, "\tAC2: RFU\n");
+*/
+               }
+               
+       }
+       
+       DropFieldEx( channel );
+
+       // Destroy TLV's
+       free(pdol_data_tlv);
+       tlvdb_free(tlvSelect);
+       tlvdb_free(tlvRoot);
+
+       PrintAndLogEx(NORMAL, "\n* Transaction completed.");
+       return 0;
+}
+
+int CmdEMVScan(const char *cmd) {
+       uint8_t AID[APDU_DATA_LEN] = {0};
+       size_t AIDlen = 0;
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
+       size_t len = 0;
+       uint16_t sw = 0;
+       int res;
+       json_t *root;
+       json_error_t error;
+
+       CLIParserInit("emv scan",
+               "Scan EMV card and save it contents to a file.",
+               "It executes EMV contactless transaction and saves result to a file which can be used for emulation\n"
+                       "Usage:\n\temv scan -at -> scan MSD transaction mode and show APDU and TLV\n"
+                       "\temv scan -c -> scan CDA transaction mode\n");
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("aA",  "apdu",     "show APDU reqests and responses."),
+               arg_lit0("tT",  "tlv",      "TLV decode results."),
+               arg_lit0("eE",  "extract",  "Extract TLV elements and fill Application Data"),
+               arg_lit0("jJ",  "jload",    "Load transaction parameters from `emv/defparams.json` file."),
+               arg_rem("By default:",      "Transaction type - MSD"),
+               arg_lit0("vV",  "qvsdc",    "Transaction type - qVSDC or M/Chip."),
+               arg_lit0("cC",  "qvsdccda", "Transaction type - qVSDC or M/Chip plus CDA (SDAD generation)."),
+               arg_lit0("xX",  "vsdc",     "Transaction type - VSDC. For test only. Not a standart behavior."),
+               arg_lit0("gG",  "acgpo",    "VISA. generate AC from GPO."),
+               arg_lit0("mM",  "merge",    "Merge output file with card's data. (warning: the file may be corrupted!)"),
+#ifdef WITH_SMARTCARD
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+#endif
+               arg_str1(NULL,  NULL,       "output.json", "JSON output file name"),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       bool showAPDU = arg_get_lit(1);
+       bool decodeTLV = arg_get_lit(2);
+       bool extractTLVElements = arg_get_lit(3);
+       bool paramLoadJSON = arg_get_lit(4);
+
+       enum TransactionType TrType = TT_MSD;
+       if (arg_get_lit(6))
+               TrType = TT_QVSDCMCHIP;
+       if (arg_get_lit(7))
+               TrType = TT_CDA;
+       if (arg_get_lit(8))
+               TrType = TT_VSDC;
+
+       bool GenACGPO = arg_get_lit(9);
+       bool MergeJSON = arg_get_lit(10);
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+       uint8_t relfname[250] = {0};
+       char *crelfname = (char *)relfname;
+       int relfnamelen = 0;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(11)) {
+               channel = ECC_CONTACT;
+       }
+       CLIGetStrWithReturn(12, relfname, &relfnamelen);
+#else
+       CLIGetStrWithReturn(11, relfname, &relfnamelen);
+#endif
+       PrintChannel(channel);
+       uint8_t psenum = (channel == ECC_CONTACT) ? 1 : 2;
+       CLIParserFree();
+       
+       SetAPDULogging(showAPDU);
+       
+       // current path + file name
+       if (!strstr(crelfname, ".json"))
+               strcat(crelfname, ".json");
+       char fname[strlen(get_my_executable_directory()) + strlen(crelfname) + 1];
+       strcpy(fname, get_my_executable_directory());
+       strcat(fname, crelfname);
+
+       if (MergeJSON) {
+               root = json_load_file(fname, 0, &error);
+               if (!root) {
+                       PrintAndLogEx(ERR, "json error on line %d: %s", error.line, error.text);
+                       return 1;
+               }
+
+               if (!json_is_object(root)) {
+                       PrintAndLogEx(ERR, "Invalid json format. root must be an object.");
+                       return 1;
+               }
+       } else {
+               root = json_object();
+       }
+
+       // drop field at start
+       DropFieldEx( channel );
+
+       JsonSaveStr(root, "$.File.Created", "proxmark3 `emv scan`");
+       
+       if (channel == ECC_CONTACTLESS) {
+               // iso 14443 select
+               PrintAndLogEx(NORMAL, "--> GET UID, ATS.");
+
+               iso14a_card_select_t card;
+               if (Hf14443_4aGetCardData(&card)) {
+                       return 2;
+               }
+               if (!card.uidlen) {
+                       PrintAndLogEx(ERR, "get ATS error");
+                       return 2;
+               }
+
+               JsonSaveStr(root, "$.Card.Contactless.Communication", "iso14443-4a");
+               JsonSaveBufAsHex(root, "$.Card.Contactless.UID", (uint8_t *)&card.uid, card.uidlen);
+               JsonSaveHex(root, "$.Card.Contactless.ATQA", card.atqa[0] + (card.atqa[1] << 2), 2);
+               JsonSaveHex(root, "$.Card.Contactless.SAK", card.sak, 0);
+               JsonSaveBufAsHex(root, "$.Card.Contactless.ATS", (uint8_t *)card.ats, card.ats_len);
+       } else {
+               PrintAndLogEx(NORMAL, "--> GET ATR.");
+
+               smart_card_atr_t ccard;
+               smart_getATR(&ccard);
+               
+               if (!ccard.atr_len) {
+                       PrintAndLogEx(ERR, "get ATR error");
+                       return 2;
+               }
+
+               JsonSaveStr(root, "$.Card.Contact.Communication", "iso7816");
+               JsonSaveBufAsHex(root, "$.Card.Contact.ATR", (uint8_t *)ccard.atr, ccard.atr_len);
+       }
+       
+       // init applets list tree
+       const char *al = "Applets list";
+       struct tlvdb *tlvSelect = tlvdb_fixed(1, strlen(al), (const unsigned char *)al);
+
+       // EMV PPSE
+       PrintAndLogEx(NORMAL, "--> PPSE.");
+       res = EMVSelectPSE(channel, true, true, 2, buf, sizeof(buf), &len, &sw);
+
+       if (!res && sw == 0x9000){
+               if (decodeTLV)
+                       TLVPrintFromBuffer(buf, len);
+
+               JsonSaveBufAsHex(root, "$.PPSE.AID", (uint8_t *)"2PAY.SYS.DDF01", 14);
+
+               struct tlvdb *fci = tlvdb_parse_multi(buf, len);
+               if (extractTLVElements)
+                       JsonSaveTLVTree(root, root, "$.PPSE.FCITemplate", fci);
+               else
+                       JsonSaveTLVTreeElm(root, "$.PPSE.FCITemplate", fci, true, true, false);
+               JsonSaveTLVValue(root, "$.Application.KernelID", tlvdb_find_full(fci, 0x9f2a));
+               tlvdb_free(fci);
+       }
+
+       res = EMVSearchPSE(channel, false, true, psenum, decodeTLV, tlvSelect);
+
+       // check PPSE and select application id
+       if (!res) {
+               TLVPrintAIDlistFromSelectTLV(tlvSelect);
+       } else {
+               // EMV SEARCH with AID list
+               SetAPDULogging(false);
+               PrintAndLogEx(NORMAL, "--> AID search.");
+               if (EMVSearch(channel, false, true, decodeTLV, tlvSelect)) {
+                       PrintAndLogEx(ERR, "Can't found any of EMV AID. Exit...");
+                       tlvdb_free(tlvSelect);
+                       DropFieldEx( channel );
+                       return 3;
+               }
+
+               // check search and select application id
+               TLVPrintAIDlistFromSelectTLV(tlvSelect);
+       }
+
+       // EMV SELECT application
+       SetAPDULogging(showAPDU);
+       EMVSelectApplication(tlvSelect, AID, &AIDlen);
+
+       tlvdb_free(tlvSelect);
+
+       if (!AIDlen) {
+               PrintAndLogEx(INFO, "Can't select AID. EMV AID not found. Exit...");
+               DropFieldEx( channel );
+               return 4;
+       }
+
+       JsonSaveBufAsHex(root, "$.Application.AID", AID, AIDlen);
+
+       // Init TLV tree
+       const char *alr = "Root terminal TLV tree";
+       struct tlvdb *tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
+
+       // EMV SELECT applet
+
+       PrintAndLogEx(NORMAL, "\n-->Selecting AID:%s.", sprint_hex_inrow(AID, AIDlen));
+       SetAPDULogging(showAPDU);
+       res = EMVSelect(channel, false, true, AID, AIDlen, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+       if (res) {
+               PrintAndLogEx(ERR, "Can't select AID (%d). Exit...", res);
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 5;
+       }
+
+       if (decodeTLV)
+               TLVPrintFromBuffer(buf, len);
+
+       // save mode
+       if (tlvdb_get(tlvRoot, 0x9f38, NULL)) {
+               JsonSaveStr(root, "$.Application.Mode", TransactionTypeStr[TrType]);
+       }
+
+       struct tlvdb *fci = tlvdb_parse_multi(buf, len);
+       if (extractTLVElements)
+               JsonSaveTLVTree(root, root, "$.Application.FCITemplate", fci);
+       else
+               JsonSaveTLVTreeElm(root, "$.Application.FCITemplate", fci, true, true, false);
+       tlvdb_free(fci);
+
+       // create transaction parameters
+       PrintAndLogEx(NORMAL, "-->Init transaction parameters.");
+       InitTransactionParameters(tlvRoot, paramLoadJSON, TrType, GenACGPO);
+
+       PrintAndLogEx(NORMAL, "-->Calc PDOL.");
+       struct tlv *pdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x9f38, NULL), tlvRoot, 0x83);
+       if (!pdol_data_tlv){
+               PrintAndLogEx(ERR, "Can't create PDOL TLV.");
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 6;
+       }
+
+       size_t pdol_data_tlv_data_len;
+       unsigned char *pdol_data_tlv_data = tlv_encode(pdol_data_tlv, &pdol_data_tlv_data_len);
+       if (!pdol_data_tlv_data) {
+               PrintAndLogEx(ERR, "Can't create PDOL data.");
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 6;
+       }
+       PrintAndLogEx(INFO, "PDOL data[%d]: %s", pdol_data_tlv_data_len, sprint_hex(pdol_data_tlv_data, pdol_data_tlv_data_len));
+
+       PrintAndLogEx(INFO, "-->GPO.");
+       res = EMVGPO(channel, true, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+       free(pdol_data_tlv_data);
+       free(pdol_data_tlv);
+
+       if (res) {
+               PrintAndLogEx(ERR, "GPO error(%d): %4x. Exit...", res, sw);
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 7;
+       }
+       ProcessGPOResponseFormat1(tlvRoot, buf, len, decodeTLV);
+
+       struct tlvdb *gpofci = tlvdb_parse_multi(buf, len);
+       if (extractTLVElements)
+               JsonSaveTLVTree(root, root, "$.Application.GPO", gpofci);
+       else
+               JsonSaveTLVTreeElm(root, "$.Application.GPO", gpofci, true, true, false);
+
+       JsonSaveTLVValue(root, "$.ApplicationData.AIP", tlvdb_find_full(gpofci, 0x82));
+       JsonSaveTLVValue(root, "$.ApplicationData.AFL", tlvdb_find_full(gpofci, 0x94));
+
+       tlvdb_free(gpofci);
+
+       PrintAndLogEx(INFO, "-->Read records from AFL.");
+       const struct tlv *AFL = tlvdb_get(tlvRoot, 0x94, NULL);
+
+       while(AFL && AFL->len) {
+               if (AFL->len % 4) {
+                       PrintAndLogEx(ERR, "Wrong AFL length: %d", AFL->len);
+                       break;
+               }
+
+               json_t *sfijson = json_path_get(root, "$.Application.Records");
+               if (!sfijson) {
+                       json_t *app = json_path_get(root, "$.Application");
+                       json_object_set_new(app, "Records", json_array());
+
+                       sfijson = json_path_get(root, "$.Application.Records");
+               }
+               if (!json_is_array(sfijson)) {
+                       PrintAndLogEx(ERR, "Internal logic error. `$.Application.Records` is not an array.");
+                       break;
+               }
+               for (int i = 0; i < AFL->len / 4; i++) {
+                       uint8_t SFI = AFL->value[i * 4 + 0] >> 3;
+                       uint8_t SFIstart = AFL->value[i * 4 + 1];
+                       uint8_t SFIend = AFL->value[i * 4 + 2];
+                       uint8_t SFIoffline = AFL->value[i * 4 + 3];
+
+                       PrintAndLogEx(INFO, "--->SFI[%02x] start:%02x end:%02x offline:%02x", SFI, SFIstart, SFIend, SFIoffline);
+                       if (SFI == 0 || SFI == 31 || SFIstart == 0 || SFIstart > SFIend) {
+                               PrintAndLogEx(ERR, "SFI ERROR! Skipped...");
+                               continue;
+                       }
+
+                       for(int n = SFIstart; n <= SFIend; n++) {
+                               PrintAndLogEx(INFO, "---->SFI[%02x] %d", SFI, n);
+
+                               res = EMVReadRecord(channel, true, SFI, n, buf, sizeof(buf), &len, &sw, tlvRoot);
+                               if (res) {
+                                       PrintAndLogEx(ERR, "SFI[%02x]. APDU error %4x", SFI, sw);
+                                       continue;
+                               }
+
+                               if (decodeTLV) {
+                                       TLVPrintFromBuffer(buf, len);
+                                       PrintAndLogEx(NORMAL, "");
+                               }
+
+                               json_t *jsonelm = json_object();
+                               json_array_append_new(sfijson, jsonelm);
+
+                               JsonSaveHex(jsonelm, "SFI", SFI, 1);
+                               JsonSaveHex(jsonelm, "RecordNum", n, 1);
+                               JsonSaveHex(jsonelm, "Offline", SFIoffline, 1);
+
+                               struct tlvdb *rsfi = tlvdb_parse_multi(buf, len);
+                               if (extractTLVElements)
+                                       JsonSaveTLVTree(root, jsonelm, "$.Data", rsfi);
+                               else
+                                       JsonSaveTLVTreeElm(jsonelm, "$.Data", rsfi, true, true, false);
+                               tlvdb_free(rsfi);
+                       }
+               }
+
+               break;
        }
        }
-       
-       tlvdb_free(t);
-       
-       return 0;
-}
 
 
-int UsageCmdHFEMVPPSE(void) {
-       PrintAndLog("HELP :  Executes PSE/PPSE select command. It returns list of applet on the card:\n");
-       PrintAndLog("Usage:  hf emv pse [-s][-k][-1][-2][-a][-t]\n");
-       PrintAndLog("  Options:");
-       PrintAndLog("  -s       : select card");
-       PrintAndLog("  -k       : keep field for next command");
-       PrintAndLog("  -1       : ppse (1PAY.SYS.DDF01)");
-       PrintAndLog("  -2       : pse (2PAY.SYS.DDF01)");
-       PrintAndLog("  -a       : show APDU reqests and responses\n");
-       PrintAndLog("  -t       : TLV decode results\n");
-       PrintAndLog("Samples:");
-       PrintAndLog(" hf emv pse -s -1 -> select, get pse");
-       PrintAndLog(" hf emv pse -s -k -2 -> select, get ppse, keep field");
-       PrintAndLog(" hf emv pse -s -t -2 -> select, get ppse, show result in TLV");
-       return 0;
-}
+       // getting certificates
+       if (tlvdb_get(tlvRoot, 0x90, NULL)) {
+               PrintAndLogEx(INFO, "-->Recovering certificates.");
+               PKISetStrictExecution(false);
+               RecoveryCertificates(tlvRoot, root);
+               PKISetStrictExecution(true);
+       }
 
 
-int CmdHFEMVPPSE(const char *cmd) {
-       
-       uint8_t PSENum = 2;
-       bool activateField = false;
-       bool leaveSignalON = false;
-       bool decodeTLV = false;
+       // free tlv object
+       tlvdb_free(tlvRoot);
 
 
-       if (strlen(cmd) < 1) {
-               UsageCmdHFEMVPPSE();
-               return 0;
-       }
+       DropFieldEx( channel );
 
 
-       SetAPDULogging(false);
-       
-       int cmdp = 0;
-       while(param_getchar(cmd, cmdp) != 0x00) {
-               char c = param_getchar(cmd, cmdp);
-               if ((c == '-') && (param_getlength(cmd, cmdp) == 2))
-                       switch (param_getchar_indx(cmd, 1, cmdp)) {
-                               case 'h':
-                               case 'H':
-                                       UsageCmdHFEMVPPSE();
-                                       return 0;
-                               case 's':
-                               case 'S':
-                                       activateField = true;
-                                       break;
-                               case 'k':
-                               case 'K':
-                                       leaveSignalON = true;
-                                       break;
-                               case 'a':
-                               case 'A':
-                                       SetAPDULogging(true);
-                                       break;
-                               case 't':
-                               case 'T':
-                                       decodeTLV = true;
-                                       break;
-                               case '1':
-                                       PSENum = 1;
-                                       break;
-                               case '2':
-                                       PSENum = 2;
-                                       break;
-                               default:
-                                       PrintAndLog("Unknown parameter '%c'", param_getchar_indx(cmd, 1, cmdp));
-                                       return 1;
-               }
-               cmdp++;
+       res = json_dump_file(root, fname, JSON_INDENT(2));
+       if (res) {
+               PrintAndLogEx(ERR, "Can't save the file: %s", fname);
+               return 200;
        }
        }
-       
-       // exec
-       uint8_t buf[APDU_RES_LEN] = {0};
-       size_t len = 0;
-       uint16_t sw = 0;
-       int res = EMVSelectPSE(activateField, leaveSignalON, PSENum, buf, sizeof(buf), &len, &sw);
-       
-       if (sw)
-               PrintAndLog("APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); 
+       PrintAndLogEx(SUCCESS, "File `%s` saved.", fname);
 
 
-       if (res)
-               return res;
-       
-       
-       if (decodeTLV)
-               TLVPrintFromBuffer(buf, len);
+       // free json object
+       json_decref(root);
 
        return 0;
 }
 
 
        return 0;
 }
 
-int UsageCmdHFEMVExec(void) {
-       PrintAndLog("HELP :  Executes EMV contactless transaction:\n");
-       PrintAndLog("Usage:  hf emv exec [-s][-a][-t]\n");
-       PrintAndLog("  Options:");
-       PrintAndLog("  -s       : select card");
-       PrintAndLog("  -a       : show APDU reqests and responses\n");
-       PrintAndLog("  -t       : TLV decode results\n");
-       PrintAndLog("  -f       : force search AID. Search AID instead of execute PPSE.\n");
-       PrintAndLog("Samples:");
-       PrintAndLog(" hf emv pse -s -> select card");
-       PrintAndLog(" hf emv pse -s -t -a -> select card, show responses in TLV, show APDU");
-       return 0;
+int CmdEMVTest(const char *cmd) {
+       return ExecuteCryptoTests(true);
 }
 
 }
 
-#define TLV_ADD(tag, value)( tlvdb_add(tlvRoot, tlvdb_fixed(tag, sizeof(value) - 1, (const unsigned char *)value)) )
-
-int CmdHFEMVExec(const char *cmd) {
-       bool activateField = false;
-       bool showAPDU = false;
-       bool decodeTLV = false;
-       bool forceSearch = false;
-
-       uint8_t buf[APDU_RES_LEN] = {0};
+int CmdEMVRoca(const char *cmd) {
+       uint8_t AID[APDU_DATA_LEN] = {0};
+       size_t AIDlen = 0;
+       uint8_t buf[APDU_RESPONSE_LEN] = {0};
        size_t len = 0;
        uint16_t sw = 0;
        size_t len = 0;
        uint16_t sw = 0;
-       uint8_t AID[APDU_AID_LEN] = {0};
-       size_t AIDlen = 0;
-       
        int res;
        int res;
-       
-       if (strlen(cmd) < 1) {
-               UsageCmdHFEMVExec();
-               return 0;
-       }
-       
-       int cmdp = 0;
-       while(param_getchar(cmd, cmdp) != 0x00) {
-               char c = param_getchar(cmd, cmdp);
-               if ((c == '-') && (param_getlength(cmd, cmdp) == 2))
-                       switch (param_getchar_indx(cmd, 1, cmdp)) {
-                               case 'h':
-                               case 'H':
-                                       UsageCmdHFEMVPPSE();
-                                       return 0;
-                               case 's':
-                               case 'S':
-                                       activateField = true;
-                                       break;
-                               case 'a':
-                               case 'A':
-                                       showAPDU = true;
-                                       break;
-                               case 't':
-                               case 'T':
-                                       decodeTLV = true;
-                                       break;
-                               case 'f':
-                               case 'F':
-                                       forceSearch = true;
-                                       break;
-                               default:
-                                       PrintAndLog("Unknown parameter '%c'", param_getchar_indx(cmd, 1, cmdp));
-                                       return 1;
-               }
-               cmdp++;
-       }
+       uint8_t ODAiList[4096];
+       size_t ODAiListLen = 0;
+
+       CLIParserInit("emv roca",
+               "Tries to extract public keys and run the ROCA test against them.\n",
+               "Usage:\n"
+                       "\temv roca -w -> select --CONTACT-- card and run test\n"
+                       "\temv roca -> select --CONTACTLESS-- card and run test\n"
+       );
+
+       void* argtable[] = {
+               arg_param_begin,
+               arg_lit0("tT",  "selftest",   "self test"),
+               arg_lit0("aA",  "apdu",    "show APDU reqests and responses"),
+               arg_lit0("wW",  "wired",   "Send data via contact (iso7816) interface. Contactless interface set by default."),
+               arg_param_end
+       };
+       CLIExecWithReturn(cmd, argtable, true);
+
+       if (arg_get_lit(1))
+               return roca_self_test();
+       bool showAPDU = arg_get_lit(2);
+
+       EMVCommandChannel channel = ECC_CONTACTLESS;
+#ifdef WITH_SMARTCARD
+       if (arg_get_lit(3))
+               channel = ECC_CONTACT;
+#endif
+       PrintChannel(channel);
+       CLIParserFree();
+
+       // select card
+       uint8_t psenum = (channel == ECC_CONTACT) ? 1 : 2;
+       char *PSE_or_PPSE = psenum == 1 ? "PSE" : "PPSE";
+
+       SetAPDULogging(showAPDU);
 
 
-       
        // init applets list tree
        // init applets list tree
-       struct tlvdb *tlvSelect = NULL;
        const char *al = "Applets list";
        const char *al = "Applets list";
-       tlvSelect = tlvdb_fixed(1, strlen(al), (const unsigned char *)al);
+       struct tlvdb *tlvSelect = tlvdb_fixed(1, strlen(al), (const unsigned char *)al);
 
 
-       // Application Selection
-       // https://www.openscdp.org/scripts/tutorial/emv/applicationselection.html
-       if (!forceSearch) {
-               // PPSE
-               PrintAndLog("\n* PPSE.");
-               SetAPDULogging(showAPDU);
-               res = EMVSearchPSE(activateField, true, decodeTLV, tlvSelect);
+       // EMV PSE/PPSE
+       PrintAndLogEx(NORMAL, "--> %s.", PSE_or_PPSE);
+       res = EMVSearchPSE(channel, true, true, psenum, false, tlvSelect);
 
 
-               // check PPSE and select application id
-               if (!res) {     
-                       TLVPrintAIDlistFromSelectTLV(tlvSelect);
-                       EMVSelectApplication(tlvSelect, AID, &AIDlen);
-               }
-       }
-       
-       // Search
-       if (!AIDlen) {
-               PrintAndLog("\n* Search AID in list.");
-               SetAPDULogging(false);
-               if (EMVSearch(activateField, true, decodeTLV, tlvSelect)) {
+       // check PSE/PPSE and select application id
+       if (!res) {
+               TLVPrintAIDlistFromSelectTLV(tlvSelect);
+       } else {
+               // EMV SEARCH with AID list
+               PrintAndLogEx(NORMAL, "--> AID search.");
+               if (EMVSearch(channel, false, true, false, tlvSelect)) {
+                       PrintAndLogEx(ERR, "Couldn't find any known EMV AID. Exit...");
                        tlvdb_free(tlvSelect);
                        tlvdb_free(tlvSelect);
-                       return 2;
+                       DropFieldEx( channel );
+                       return 3;
                }
 
                // check search and select application id
                TLVPrintAIDlistFromSelectTLV(tlvSelect);
                }
 
                // check search and select application id
                TLVPrintAIDlistFromSelectTLV(tlvSelect);
-               EMVSelectApplication(tlvSelect, AID, &AIDlen);
        }
        }
-       
-       // Init TLV tree
-       struct tlvdb *tlvRoot = NULL;
-       const char *alr = "Root terminal TLV tree";
-       tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
-       
-       // check if we found EMV application on card
+
+       // EMV SELECT application
+       EMVSelectApplication(tlvSelect, AID, &AIDlen);
+
+       tlvdb_free(tlvSelect);
+
        if (!AIDlen) {
        if (!AIDlen) {
-               PrintAndLog("Can't select AID. EMV AID not found");
-               return 2;
+               PrintAndLogEx(INFO, "Can't select AID. EMV AID not found. Exit...");
+               DropFieldEx( channel );
+               return 4;
        }
        }
-       
-       // Select
-       PrintAndLog("\n* Selecting AID:%s", sprint_hex_inrow(AID, AIDlen));
-       SetAPDULogging(showAPDU);
-       res = EMVSelect(false, true, AID, AIDlen, buf, sizeof(buf), &len, &sw, tlvRoot);
-       
-       if (res) {      
-               PrintAndLog("Can't select AID (%d). Exit...", res);
-               return 3;
+
+       // Init TLV tree
+       const char *alr = "Root terminal TLV tree";
+       struct tlvdb *tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
+
+       // EMV SELECT applet
+       PrintAndLogEx(NORMAL, "\n-->Selecting AID:%s.", sprint_hex_inrow(AID, AIDlen));
+       res = EMVSelect(channel, false, true, AID, AIDlen, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+       if (res) {
+               PrintAndLogEx(ERR, "Can't select AID (%d). Exit...", res);
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 5;
        }
        }
-       
-       if (decodeTLV)
-               TLVPrintFromBuffer(buf, len);
-       PrintAndLog("* Selected.");
-       
-       PrintAndLog("\n* Init transaction parameters.");
 
 
-    //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
-//     TLV_ADD(0x9F66, "\x86\x00\x00\x00"); // MSD
-       TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
-//     TLV_ADD(0x9F66, "\x8e\x00\x00\x00"); // CDA
-    //9F02:(Amount, Authorised (Numeric)) len:6
-       TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
-    //9F1A:(Terminal Country Code) len:2
-       TLV_ADD(0x9F1A, "ru");
-    //5F2A:(Transaction Currency Code) len:2
-    // USD 840, EUR 978, RUR 810, RUB 643, RUR 810(old), UAH 980, AZN 031, n/a 999
-       TLV_ADD(0x5F2A, "\x09\x80");
-    //9A:(Transaction Date) len:3
-       TLV_ADD(0x9A,   "\x00\x00\x00");
-    //9C:(Transaction Type) len:1   |  00 => Goods and service #01 => Cash
-       TLV_ADD(0x9C,   "\x00");
-       // 9F37 Unpredictable Number len:4
-       TLV_ADD(0x9F37, "\x01\x02\x03\x04");
-       // 9F6A Unpredictable Number (MSD for UDOL) len:4
-       TLV_ADD(0x9F6A, "\x01\x02\x03\x04");
+       PrintAndLog("\n* Init transaction parameters.");
+       InitTransactionParameters(tlvRoot, true, TT_QVSDCMCHIP, false);
 
 
-       TLVPrintFromTLV(tlvRoot); // TODO delete!!!
-       
-       PrintAndLog("\n* Calc PDOL.");
+       PrintAndLogEx(NORMAL, "-->Calc PDOL.");
        struct tlv *pdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x9f38, NULL), tlvRoot, 0x83);
        if (!pdol_data_tlv){
        struct tlv *pdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x9f38, NULL), tlvRoot, 0x83);
        if (!pdol_data_tlv){
-               PrintAndLog("ERROR: can't create PDOL TLV.");
-               return 4;
+               PrintAndLogEx(ERR, "Can't create PDOL TLV.");
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 6;
        }
        }
-       
+
        size_t pdol_data_tlv_data_len;
        unsigned char *pdol_data_tlv_data = tlv_encode(pdol_data_tlv, &pdol_data_tlv_data_len);
        if (!pdol_data_tlv_data) {
        size_t pdol_data_tlv_data_len;
        unsigned char *pdol_data_tlv_data = tlv_encode(pdol_data_tlv, &pdol_data_tlv_data_len);
        if (!pdol_data_tlv_data) {
-               PrintAndLog("ERROR: can't create PDOL data.");
-               return 4;
+               PrintAndLogEx(ERR, "Can't create PDOL data.");
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 6;
        }
        }
-       PrintAndLog("PDOL data[%d]: %s", pdol_data_tlv_data_len, sprint_hex(pdol_data_tlv_data, pdol_data_tlv_data_len));
+       PrintAndLogEx(INFO, "PDOL data[%d]: %s", pdol_data_tlv_data_len, sprint_hex(pdol_data_tlv_data, pdol_data_tlv_data_len));
 
 
-       PrintAndLog("\n* GPO.");
-       res = EMVGPO(true, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
-       
-       free(pdol_data_tlv);
-       
-       if (res) {      
-               PrintAndLog("GPO error(%d): %4x. Exit...", res, sw);
-               return 5;
-       }
+       PrintAndLogEx(INFO, "-->GPO.");
+       res = EMVGPO(channel, true, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
 
 
-       // process response template format 1 [id:80  2b AIP + x4b AFL] and format 2 [id:77 TLV]
-       if (buf[0] == 0x80) {
-               if (decodeTLV){
-                       PrintAndLog("GPO response format1:");
-                       TLVPrintFromBuffer(buf, len);
-               }
-               
-               if (len < 4 || (len - 4) % 4) {
-                       PrintAndLog("ERROR: GPO response format1 parsing error. length=%d", len);
-               } else {
-                       // AIP
-                       struct tlvdb * f1AIP = tlvdb_fixed(0x82, 2, buf + 2);
-                       tlvdb_add(tlvRoot, f1AIP);
-                       if (decodeTLV){
-                               PrintAndLog("\n* * Decode response format 1 (0x80) AIP and AFL:");
-                               TLVPrintFromTLV(f1AIP);
-                       }
+       free(pdol_data_tlv_data);
+       free(pdol_data_tlv);
 
 
-                       // AFL
-                       struct tlvdb * f1AFL = tlvdb_fixed(0x94, len - 4, buf + 2 + 2);
-                       tlvdb_add(tlvRoot, f1AFL);
-                       if (decodeTLV)
-                               TLVPrintFromTLV(f1AFL);
-               }               
-       } else {
-               if (decodeTLV)
-                       TLVPrintFromBuffer(buf, len);
-       }
-       
-       // extract PAN from track2
-       {
-               const struct tlv *track2 = tlvdb_get(tlvRoot, 0x57, NULL);
-               if (!tlvdb_get(tlvRoot, 0x5a, NULL) && track2 && track2->len >= 8) {
-                       struct tlvdb *pan = GetPANFromTrack2(track2);
-                       if (pan) {
-                               tlvdb_add(tlvRoot, pan); 
-                               
-                               const struct tlv *pantlv = tlvdb_get(tlvRoot, 0x5a, NULL);      
-                               PrintAndLog("\n* * Extracted PAN from track2: %s", sprint_hex(pantlv->value, pantlv->len));
-                       } else {
-                               PrintAndLog("\n* * WARNING: Can't extract PAN from track2.");
-                       }
-               }
+       if (res) {
+               PrintAndLogEx(ERR, "GPO error(%d): %4x. Exit...", res, sw);
+               tlvdb_free(tlvRoot);
+               DropFieldEx( channel );
+               return 7;
        }
        }
-       
-       PrintAndLog("\n* Read records from AFL.");
+       ProcessGPOResponseFormat1(tlvRoot, buf, len, false);
+
+       PrintAndLogEx(INFO, "-->Read records from AFL.");
        const struct tlv *AFL = tlvdb_get(tlvRoot, 0x94, NULL);
        const struct tlv *AFL = tlvdb_get(tlvRoot, 0x94, NULL);
-       if (!AFL || !AFL->len) {
-               PrintAndLog("WARNING: AFL not found.");
-       }
-       
+
        while(AFL && AFL->len) {
                if (AFL->len % 4) {
        while(AFL && AFL->len) {
                if (AFL->len % 4) {
-                       PrintAndLog("ERROR: Wrong AFL length: %d", AFL->len);
+                       PrintAndLogEx(ERR, "Wrong AFL length: %d", AFL->len);
                        break;
                }
 
                        break;
                }
 
@@ -513,181 +1880,141 @@ int CmdHFEMVExec(const char *cmd) {
                        uint8_t SFIstart = AFL->value[i * 4 + 1];
                        uint8_t SFIend = AFL->value[i * 4 + 2];
                        uint8_t SFIoffline = AFL->value[i * 4 + 3];
                        uint8_t SFIstart = AFL->value[i * 4 + 1];
                        uint8_t SFIend = AFL->value[i * 4 + 2];
                        uint8_t SFIoffline = AFL->value[i * 4 + 3];
-                       
-                       PrintAndLog("* * SFI[%02x] start:%02x end:%02x offline:%02x", SFI, SFIstart, SFIend, SFIoffline);
+
+                       PrintAndLogEx(INFO, "--->SFI[%02x] start:%02x end:%02x offline:%02x", SFI, SFIstart, SFIend, SFIoffline);
                        if (SFI == 0 || SFI == 31 || SFIstart == 0 || SFIstart > SFIend) {
                        if (SFI == 0 || SFI == 31 || SFIstart == 0 || SFIstart > SFIend) {
-                               PrintAndLog("SFI ERROR! Skipped...");
+                               PrintAndLogEx(ERR, "SFI ERROR! Skipped...");
                                continue;
                        }
                                continue;
                        }
-                       
+
                        for(int n = SFIstart; n <= SFIend; n++) {
                        for(int n = SFIstart; n <= SFIend; n++) {
-                               PrintAndLog("* * * SFI[%02x] %d", SFI, n);
-                               
-                               res = EMVReadRecord(true, SFI, n, buf, sizeof(buf), &len, &sw, tlvRoot);
+                               PrintAndLogEx(INFO, "---->SFI[%02x] %d", SFI, n);
+
+                               res = EMVReadRecord(channel, true, SFI, n, buf, sizeof(buf), &len, &sw, tlvRoot);
                                if (res) {
                                if (res) {
-                                       PrintAndLog("ERROR SFI[%02x]. APDU error %4x", SFI, sw);
+                                       PrintAndLogEx(ERR, "SFI[%02x]. APDU error %4x", SFI, sw);
                                        continue;
                                }
                                        continue;
                                }
-                               
-                               if (decodeTLV) {
-                                       TLVPrintFromBuffer(buf, len);
-                                       PrintAndLog("");
-                               }
-                               
-                               if (SFIoffline) {
-                                       // here will be offline records storing...
-                                       // dont foget: if (sfi < 11)
-                               }
-                       }
-               }
-               
-               break;
-       }       
-       
-       // transaction check
-       const struct tlv *AIPtlv = tlvdb_get(tlvRoot, 0x82, NULL);      
-       uint16_t AIP = AIPtlv->value[0] + AIPtlv->value[1] * 0x100;
-       PrintAndLog("* * AIP=%x", AIP);
-
-       // qVSDC
-       {
-               // 9F26: Application Cryptogram
-               const struct tlv *AC = tlvdb_get(tlvRoot, 0x9F26, NULL);
-               if (AC) {
-                       PrintAndLog("\n--> qVSDC transaction.");
-                       PrintAndLog("* AC path");
-                       
-                       // 9F36: Application Transaction Counter (ATC)
-                       const struct tlv *ATC = tlvdb_get(tlvRoot, 0x9F36, NULL);
-                       if (ATC) {
-                       
-                               // 9F10: Issuer Application Data - optional
-                               const struct tlv *IAD = tlvdb_get(tlvRoot, 0x9F10, NULL);
 
 
-                               // print AC data
-                               PrintAndLog("ATC: %s", sprint_hex(ATC->value, ATC->len));
-                               PrintAndLog("AC: %s", sprint_hex(AC->value, AC->len));
-                               if (IAD){
-                                       PrintAndLog("IAD: %s", sprint_hex(IAD->value, IAD->len));
-                                       
-                                       if (IAD->len >= IAD->value[0] + 1) {
-                                               PrintAndLog("\tKey index:  0x%02x", IAD->value[1]);
-                                               PrintAndLog("\tCrypto ver: 0x%02x(%03d)", IAD->value[2], IAD->value[2]);
-                                               PrintAndLog("\tCVR:", sprint_hex(&IAD->value[3], IAD->value[0] - 2));
-                                               struct tlvdb * cvr = tlvdb_fixed(0x20, IAD->value[0] - 2, &IAD->value[3]);
-                                               TLVPrintFromTLVLev(cvr, 1);
+                               // Build Input list for Offline Data Authentication
+                               // EMV 4.3 book3 10.3, page 96
+                               if (SFIoffline > 0) {
+                                       if (SFI < 11) {
+                                               const unsigned char *abuf = buf;
+                                               size_t elmlen = len;
+                                               struct tlv e;
+                                               if (tlv_parse_tl(&abuf, &elmlen, &e)) {
+                                                       memcpy(&ODAiList[ODAiListLen], &buf[len - elmlen], elmlen);
+                                                       ODAiListLen += elmlen;
+                                               } else {
+                                                       PrintAndLogEx(WARNING, "Error SFI[%02x]. Creating input list for Offline Data Authentication error.", SFI);
+                                               }
+                                       } else {
+                                               memcpy(&ODAiList[ODAiListLen], buf, len);
+                                               ODAiListLen += len;
                                        }
                                        }
-                               } else {
-                                       PrintAndLog("WARNING: IAD not found.");
+
+                                       SFIoffline--;
                                }
                                }
-                               
-                       } else {
-                               PrintAndLog("ERROR AC: Application Transaction Counter (ATC) not found.");
                        }
                }
                        }
                }
+
+               break;
        }
        }
-       
-       // TODO: Mastercard M/CHIP
-       {
-               const struct tlv *CDOL1 = tlvdb_get(tlvRoot, 0x8c, NULL);
-               if (CDOL1 && GetCardPSVendor(AID, AIDlen) == CV_MASTERCARD) { // and m/chip transaction flag
-               
-               }
+
+       // copy Input list for Offline Data Authentication
+       if (ODAiListLen) {
+               struct tlvdb *oda = tlvdb_fixed(0x21, ODAiListLen, ODAiList); // not a standard tag
+               tlvdb_add(tlvRoot, oda);
+               PrintAndLogEx(NORMAL, "* Input list for Offline Data Authentication added to TLV. len=%d \n", ODAiListLen);
        }
        }
-               
-       // MSD
-       if (AIP & 0x8000) {
-               PrintAndLog("\n--> MSD transaction.");
-               
-               
-               PrintAndLog("* MSD dCVV path. Check dCVV");
 
 
-               const struct tlv *track2 = tlvdb_get(tlvRoot, 0x57, NULL);
-               if (track2) {
-                       PrintAndLog("Track2: %s", sprint_hex(track2->value, track2->len));
+       // getting certificates
+       if (tlvdb_get(tlvRoot, 0x90, NULL)) {
+               PrintAndLogEx(INFO, "-->Recovering certificates.");
+               PKISetStrictExecution(false);
 
 
-                       struct tlvdb *dCVV = GetdCVVRawFromTrack2(track2);
-                       PrintAndLog("dCVV raw data:");
-                       TLVPrintFromTLV(dCVV);
-                       
-                       if (GetCardPSVendor(AID, AIDlen) == CV_MASTERCARD) {
-                               PrintAndLog("\n* Mastercard calculate UDOL");
+               struct emv_pk *pk = get_ca_pk(tlvRoot);
+               if (!pk) {
+                       PrintAndLogEx(ERR, "CA Public Key not found. Exit.");
+                       goto out;
+               }
 
 
-                               // UDOL (9F69)
-                               const struct tlv *UDOL = tlvdb_get(tlvRoot, 0x9F69, NULL);
-                               // UDOL(9F69) default: 9F6A (Unpredictable number) 4 bytes
-                               const struct tlv defUDOL = {
-                                       .tag = 0x01,
-                                       .len = 3,
-                                       .value = (uint8_t *)"\x9f\x6a\x04",
-                               };
-                               if (!UDOL)
-                                       PrintAndLog("Use default UDOL.");
+               struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlvRoot);
+               if (!issuer_pk) {
+                       emv_pk_free(pk);
+                       PrintAndLogEx(WARNING, "WARNING: Issuer certificate not found. Exit.");
+                       goto out;
+               }
 
 
-                               struct tlv *udol_data_tlv = dol_process(UDOL ? UDOL : &defUDOL, tlvRoot, 0x01); // 0x01 - fake tag!
-                               if (!udol_data_tlv){
-                                       PrintAndLog("ERROR: can't create UDOL TLV.");
-                                       return 4;
-                               }
-                               
-                               size_t udol_data_tlv_data_len;
-                               unsigned char *udol_data_tlv_data = tlv_encode(udol_data_tlv, &udol_data_tlv_data_len);
-                               if (!udol_data_tlv_data) {
-                                       PrintAndLog("ERROR: can't create UDOL data.");
-                                       return 4;
-                               }
+               char RID[15] = {0};
+               memcpy(RID, sprint_hex(issuer_pk->rid, 5), 14);
+               PrintAndLogEx(SUCCESS, "Issuer Public Key recovered. RID %s IDX %02hhx CSN %s",
+                               RID,
+                               issuer_pk->index,
+                               sprint_hex(issuer_pk->serial, 3)
+                               );
 
 
-                               // eliminate fake tag
-                               udol_data_tlv_data_len -= 2;
-                               udol_data_tlv_data += 2;
-                               
-                               PrintAndLog("UDOL data[%d]: %s", udol_data_tlv_data_len, sprint_hex(udol_data_tlv_data, udol_data_tlv_data_len));
-                               
-                               PrintAndLog("\n* Mastercard compute cryptographic checksum(UDOL)");
-                               
-                               res = MSCComputeCryptoChecksum(true, udol_data_tlv_data, udol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
-                               if (res) {
-                                       PrintAndLog("ERROR Compute Crypto Checksum. APDU error %4x", sw);
-                                       return 5;
-                               }
-                               
-                               if (decodeTLV) {
-                                       TLVPrintFromBuffer(buf, len);
-                                       PrintAndLog("");
-                               }
+               const struct tlv *sda_tlv = tlvdb_get(tlvRoot, 0x21, NULL);
+               struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlvRoot, sda_tlv);
+               if (!icc_pk) {
+                       emv_pk_free(pk);
+                       emv_pk_free(issuer_pk);
+                       PrintAndLogEx(WARNING, "WARNING: ICC certificate not found. Exit.");
+                       goto out;
+               }
+
+               memcpy(RID, sprint_hex(icc_pk->rid, 5), 14);
+               PrintAndLogEx(SUCCESS, "ICC Public Key recovered. RID %s IDX %02hhx CSN %s\n",
+                               RID,
+                               icc_pk->index,
+                               sprint_hex(icc_pk->serial, 3)
+                               );
 
 
+               PrintAndLogEx(INFO, "ICC Public Key modulus: %s\n", sprint_hex_inrow(icc_pk->modulus, icc_pk->mlen));
+
+               //  icc_pk->exp, icc_pk->elen
+               //  icc_pk->modulus, icc_pk->mlen
+               if (icc_pk->elen > 0 && icc_pk->mlen > 0) {
+                       if (emv_rocacheck(icc_pk->modulus, icc_pk->mlen, false)) {
+                               PrintAndLogEx(INFO, "ICC Public Key is subject to ROCA vulnerability (it is NOT secure).");
+                       } else {
+                               PrintAndLogEx(INFO, "ICC Public Key is not subject to ROCA vulnerability (it is secure)");
                        }
                        }
-               } else {
-                       PrintAndLog("ERROR MSD: Track2 data not found.");
                }
                }
+
+               PKISetStrictExecution(true);
        }
        }
-       
-       // additional contacless EMV commands (fDDA, external authenticate)
-       
-       
-       // DropField
-       DropField();
-       
-       // Destroy TLV's
-       tlvdb_free(tlvSelect);
+
+out:
+
+       // free tlv object
        tlvdb_free(tlvRoot);
 
        tlvdb_free(tlvRoot);
 
-       PrintAndLog("\n* Transaction completed.");
-       
+       DropFieldEx( channel );
        return 0;
 }
 
 int CmdHelp(const char *Cmd);
        return 0;
 }
 
 int CmdHelp(const char *Cmd);
+
 static command_t CommandTable[] =  {
 static command_t CommandTable[] =  {
-       {"help",        CmdHelp,                1,      "This help"},
-       {"exec",        CmdHFEMVExec,   0,      "Executes EMV contactless transaction."},
-       {"pse",         CmdHFEMVPPSE,   0,      "Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory."},
-       {"search",      CmdHFEMVSearch, 0,      "Try to select all applets from applets list and print installed applets."},
-       {"select",      CmdHFEMVSelect, 0,      "Select applet."},
-       {NULL, NULL, 0, NULL}
+       {"help",        CmdHelp,                    1,  "This help"},
+       {"exec",        CmdEMVExec,                 1,  "Executes EMV contactless transaction."},
+       {"pse",         CmdEMVPPSE,                 1,  "Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory."},
+       {"search",      CmdEMVSearch,               1,  "Try to select all applets from applets list and print installed applets."},
+       {"select",      CmdEMVSelect,               1,  "Select applet."},
+       {"gpo",         CmdEMVGPO,                  1,  "Execute GetProcessingOptions."},
+       {"readrec",     CmdEMVReadRecord,           1,  "Read files from card."},
+       {"genac",       CmdEMVAC,                   1,  "Generate ApplicationCryptogram."},
+       {"challenge",   CmdEMVGenerateChallenge,    1,  "Generate challenge."},
+       {"intauth",     CmdEMVInternalAuthenticate, 1,  "Internal authentication."},
+       {"scan",        CmdEMVScan,                 1,  "Scan EMV card and save it contents to json file for emulator."},
+       {"test",        CmdEMVTest,                 1,  "Crypto logic test."},
+       {"roca",        CmdEMVRoca,                 1,  "Extract public keys and run ROCA test"},
+       {NULL,          NULL,                       0,  NULL}
 };
 
 };
 
-int CmdHFEMV(const char *Cmd) {
+int CmdEMV(const char *Cmd) {
        CmdsParse(CommandTable, Cmd);
        return 0;
 }
        CmdsParse(CommandTable, Cmd);
        return 0;
 }
Impressum, Datenschutz