#define DUMP(varname) Dbprintf("%s=", #varname);
-int EMV_DBGLEVEL = EMV_DBG_ALL;
//uint8_t PCB = 0x00; //track Protocol Control Byte externally
//util functions
//print detected tag name over the serial link
-int emv_printtag(uint8_t* selected_tag, emvtags* inputcard, uint8_t* outputstring, uint8_t* outputlen)
+int emv_printtag(uint8_t* selected_tag, emvcard* inputcard, uint8_t* outputstring, uint8_t* outputlen)
{
//search tag list and print the match
//get the value of the tag
return 0;
}
-//returns the value of the emv tag in the supplied emvtags structure
-int emv_lookuptag(uint8_t* tag, emvtags *currentcard, uint8_t* outputval, uint8_t* outputvallen)
+//returns the value of the emv tag in the supplied emvcard structure
+int emv_lookuptag(uint8_t* tag, emvcard *currentcard, uint8_t* outputval, uint8_t* outputvallen)
{
//loop through tag and return the appropriate value
uint8_t returnedtag[255];
}
//function to
-int emv_settag(uint32_t tag, uint8_t *datain, emvtags *currentcard){
+int emv_settag(uint32_t tag, uint8_t *datain, emvcard *currentcard){
char binarydata[255] = {0};
/*
}
/* generates an emv template based off tag values supplied */
-int emv_generatetemplate(uint8_t* templateval,emvtags* currentcard, uint8_t* returnedval, uint8_t* returnedlen,uint8_t numtags, ...)
+int emv_generatetemplate(uint8_t* templateval,emvcard* currentcard, uint8_t* returnedval, uint8_t* returnedlen,uint8_t numtags, ...)
{
va_list arguments;
uint8_t* currenttag; //value of the current tag
- uint8_t tagval[255]; //buffer to hold the extracted tag value
+ uint8_t tagval[256]; //buffer to hold the extracted tag value
uint8_t taglen = 0; //extracted tag length
- uint8_t bufferval[255];
+ uint8_t bufferval[256];
uint8_t counter = 0;
uint32_t encodedlen = 0;
va_start(arguments, numtags);
}
//generate a valid pdol list
-int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvtags* currentcard,uint8_t* DOLoutput, uint8_t* DOLoutputlen)
+int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvcard* currentcard,uint8_t* DOLoutput, uint8_t* DOLoutputlen)
{
if(!DOL || !currentcard || !DOLoutput) // null pointer checks
return 1;
//decode the tag inputted and fill in the supplied structure. clean up the cleanup_passpass function
-int emv_emvtags_decode_tag(tlvtag* inputtag, emvtags* currentcard)
+int emv_emvtags_decode_tag(tlvtag* inputtag, emvcard* currentcard)
{
if(!inputtag || !currentcard) {
return 1;
return 0;
}
-int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvtags *result)
+int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvcard *result)
{
uint16_t lengthcounter=0;
tlvtag newtag;
{
//decode the tlv tag
decode_ber_tlv_item((inputfield+lengthcounter),&newtag);
- //write the emvtags strucutre
+ //write the emvcard strucutre
emv_emvtags_decode_tag(&newtag,result);
//move to next value and decode
lengthcounter += newtag.fieldlength-1;
int emv_readrecord(uint8_t recordnumber, uint8_t sfi, void* data)
{
uint16_t readRecordCmd_len = 5;
- uint8_t readRecordCmd[readRecordCmd_len];
-
+ uint8_t readRecordCmd[readRecordCmd_len];
readRecordCmd[0] = 0x00;
readRecordCmd[1] = 0xB2;
readRecordCmd[2] = recordnumber;
int emv_getprocessingoptions(uint8_t* pdol, uint8_t pdol_len, void* data)
{
uint16_t processingCmd_len = 4 + 1 + 2 + pdol_len + 1;
- uint8_t processingCmd[processingCmd_len];
-
+ uint8_t processingCmd[processingCmd_len];
processingCmd[0] = 0x80;
processingCmd[1] = 0xA8;
processingCmd[2] = 0x00;
int emv_computecryptogram(uint8_t* UDOL, uint8_t UDOL_len, void *data)
{
uint16_t cryptogramCmd_len = 4 + 1 + UDOL_len + 1;
- uint8_t cryptogramCmd[cryptogramCmd_len];
-
+ uint8_t cryptogramCmd[cryptogramCmd_len];
cryptogramCmd[0] = 0x80;
cryptogramCmd[1] = 0x2A;
cryptogramCmd[2] = 0x8E;
cryptogramCmd[4] = UDOL_len;
memcpy(&(cryptogramCmd[5]), UDOL, UDOL_len);
cryptogramCmd[cryptogramCmd_len-1] = 0x00;
-
return iso14_apdu(cryptogramCmd, cryptogramCmd_len, data);
}
{
uint16_t challengeCmd_len = 5;
uint8_t challengeCmd[challengeCmd_len];
-
challengeCmd[0] = 0x00;
challengeCmd[1] = 0x84;
challengeCmd[2] = 0x00;
challengeCmd[3] = 0x00;
- challengeCmd[4] = 0x00;
-
+ challengeCmd[4] = 0x00;
return iso14_apdu(challengeCmd, challengeCmd_len, data);
}
{
uint16_t loopbackCmd_len = 4 + 1 + transData_len + 1;
uint8_t loopbackCmd[loopbackCmd_len];
-
loopbackCmd[0] = 0x00;
loopbackCmd[1] = 0xEE;
loopbackCmd[2] = 0x00;
int emv_generateAC(uint8_t refcontrolparam, uint8_t* cdolinput, uint8_t cdolinputlen, void* data)
{
uint16_t acCmd_len = 4 + 1 + cdolinputlen + 1;
- uint8_t acCmd[acCmd_len];
-
+ uint8_t acCmd[acCmd_len];
acCmd[0] = 0x80;
acCmd[1] = 0xAE;
acCmd[2] = refcontrolparam;
//Print out AIP Bit meanings
int emv_decodeAIP(uint8_t* AIP)
{
- if((AIP[0] & AIP_SDA_SUPPORTED) == AIP_SDA_SUPPORTED)
- Dbprintf("SDA supported");
- if((AIP[0] & AIP_DDA_SUPPORTED) == AIP_DDA_SUPPORTED)
- Dbprintf("DDA supported");
- if((AIP[0] & AIP_CARDHOLDER_VERIFICATION)==AIP_CARDHOLDER_VERIFICATION)
- Dbprintf("Cardholder verification is supported");
- if((AIP[0] & AIP_TERMINAL_RISK) == AIP_TERMINAL_RISK)
- Dbprintf("Terminal risk management is to be performed");
- if((AIP[0] & AIP_ISSUER_AUTH) == AIP_ISSUER_AUTH)
- Dbprintf("Issuer authentication is supported ");
- if((AIP[0] & AIP_CDA_SUPPORTED) == AIP_CDA_SUPPORTED)
- Dbprintf("CDA supported");
- if((AIP[1] & AIP_CHIP_SUPPORTED) == AIP_CHIP_SUPPORTED)
- Dbprintf("Chip supported");
- if((AIP[1] & AIP_MSR_SUPPORTED) == AIP_MSR_SUPPORTED)
- Dbprintf("MSR supported");
+ if ((AIP[0] & AIP_SDA_SUPPORTED) == AIP_SDA_SUPPORTED) Dbprintf("SDA supported");
+ if ((AIP[0] & AIP_DDA_SUPPORTED) == AIP_DDA_SUPPORTED) Dbprintf("DDA supported");
+ if ((AIP[0] & AIP_CARDHOLDER_VERIFICATION) == AIP_CARDHOLDER_VERIFICATION) Dbprintf("Cardholder verification is supported");
+ if ((AIP[0] & AIP_TERMINAL_RISK) == AIP_TERMINAL_RISK) Dbprintf("Terminal risk management is to be performed");
+ if ((AIP[0] & AIP_ISSUER_AUTH) == AIP_ISSUER_AUTH) Dbprintf("Issuer authentication is supported ");
+ if ((AIP[0] & AIP_CDA_SUPPORTED) == AIP_CDA_SUPPORTED) Dbprintf("CDA supported");
+ if ((AIP[1] & AIP_CHIP_SUPPORTED) == AIP_CHIP_SUPPORTED) Dbprintf("Chip supported");
+ if ((AIP[1] & AIP_MSR_SUPPORTED) == AIP_MSR_SUPPORTED) Dbprintf("MSR supported");
return 0;
}
amountX = bytes_to_num(CVM, 4);
amountY = bytes_to_num(CVM+4, 4);
counter +=8;
- while(counter < CVMlen)
+ while (counter < CVMlen)
{
- if((CVM[counter] & 0x40) == 0x40){
- if((CVM[counter] & 0x3F)== 0x00){
- Dbprintf("Fail CVM processing");
- }
- if((CVM[counter] & 0x3F) == 0x01){
- Dbprintf("Plaintext PIN verification performed by ICC");
- }
- if((CVM[counter] & 0x3F) == 0x02){
- Dbprintf("Enciphered PIN verified online");
- }
- if((CVM[counter] & 0x3F) == 0x03){
- Dbprintf("Plaintext PIN verification performed by ICC and signature (paper)");
- }
- if((CVM[counter] & 0x3F) == 0x04){
- Dbprintf("Enciphered PIN verification performed by ICC");
- }
- if((CVM[counter] & 0x3F) == 0x05){
- Dbprintf("Enciphered PIN verification performed by ICC and signature (paper)");
- }
- if((CVM[counter] & 0x3F) == 0x30){
- Dbprintf("Signature (paper)");
- }
- if((CVM[counter] & 0x7F) == 0x40){ // iceman, wrong masked used? changed from 0x3f -> 0x7f
- Dbprintf("No CVM required");
- }
+ if ((CVM[counter] & 0x40) == 0x40){
+ if ((CVM[counter] & 0x3F)== 0x00){ Dbprintf("Fail CVM processing");}
+ if ((CVM[counter] & 0x3F) == 0x01){ Dbprintf("Plaintext PIN verification performed by ICC");}
+ if ((CVM[counter] & 0x3F) == 0x02){ Dbprintf("Enciphered PIN verified online");}
+ if ((CVM[counter] & 0x3F) == 0x03){ Dbprintf("Plaintext PIN verification performed by ICC and signature (paper)");}
+ if ((CVM[counter] & 0x3F) == 0x04){ Dbprintf("Enciphered PIN verification performed by ICC");}
+ if ((CVM[counter] & 0x3F) == 0x05){ Dbprintf("Enciphered PIN verification performed by ICC and signature (paper)");}
+ if ((CVM[counter] & 0x3F) == 0x30){ Dbprintf("Signature (paper)");}
+ // iceman, wrong masked used? changed from 0x3f -> 0x7f
+ if ((CVM[counter] & 0x7F) == 0x40){ Dbprintf("No CVM required");}
counter +=2;
- }
- else{
+ } else {
Dbprintf("Fail cardholder verification if this CVM is unsuccessful");
counter +=2;
}
- if(CVM[counter+1] == 0x00){
- Dbprintf("Always");}
- if(CVM[counter+1] == 0x01){
- Dbprintf("If unattended cash");}
- if(CVM[counter+1] == 0x02){
- Dbprintf("If not unattended cash and not manual cash and not purchase with cashback");}
- if(CVM[counter+1] == 0x03){
- Dbprintf("If terminal supports the CVM");}
- if(CVM[counter+1] == 0x04){
- Dbprintf("If manual cash");}
- if(CVM[counter+1] == 0x05){
- Dbprintf("If purchase with cashback");}
- if(CVM[counter+1] == 0x06){
- Dbprintf("If transaction is in the application currency and is under %lu value", amountX);}
- if(CVM[counter+1] == 0x07){
- Dbprintf("If transaction is in the application currency and is over %lu value", amountX);}
- if(CVM[counter+1] == 0x08){
- Dbprintf("If transaction is in the application currency and is under %lu value", amountY);}
- if(CVM[counter+1] == 0x09){
- Dbprintf("If transaction is in the application currency and is over %lu value", amountY);}
+ if (CVM[counter+1] == 0x00){ Dbprintf("Always");}
+ if (CVM[counter+1] == 0x01){ Dbprintf("If unattended cash");}
+ if (CVM[counter+1] == 0x02){ Dbprintf("If not unattended cash and not manual cash and not purchase with cashback");}
+ if (CVM[counter+1] == 0x03){ Dbprintf("If terminal supports the CVM");}
+ if (CVM[counter+1] == 0x04){ Dbprintf("If manual cash");}
+ if (CVM[counter+1] == 0x05){ Dbprintf("If purchase with cashback");}
+ if (CVM[counter+1] == 0x06){ Dbprintf("If transaction is in the application currency and is under %" PRIu32 " value", amountX);}
+ if (CVM[counter+1] == 0x07){ Dbprintf("If transaction is in the application currency and is over %" PRIu32 " value", amountX);}
+ if (CVM[counter+1] == 0x08){ Dbprintf("If transaction is in the application currency and is under %" PRIu32 " value", amountY);}
+ if (CVM[counter+1] == 0x09){ Dbprintf("If transaction is in the application currency and is over %" PRIu32 " value", amountY);}
}
return 0;
}
+//simulate a emvcard card
+//input is a structure containing values to simulate
+//clones an EMV card
+void emvsnoop() {
+ //states
+ int cardSTATE = EMVEMUL_NOFIELD;
+ int vHf = 0;
+ int res;
+ uint16_t len = 0;
+ uint8_t* receivedCmd = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);
+ uint8_t par[MAX_MIFARE_PARITY_SIZE] = {0x00};
+ uint8_t rATQA[] = {0x04,0x00};
+ uint8_t rUIDBCC[] = {0x8F,0x2F,0x27,0xE1, 0x66};
+ uint8_t rSAK[] = {0x28, 0xB4, 0xFC};
+
+ iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
+ bool finished = FALSE;
+
+ while (!BUTTON_PRESS() && !finished){
+ WDT_HIT();
+ //find reader field
+ if(cardSTATE == EMVEMUL_NOFIELD){
+ vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10;
+ if(vHf > EMV_MINFIELDV){
+ cardSTATE_TO_IDLE();
+ LED_A_ON();
+ }
+ }
+ if(cardSTATE == EMVEMUL_NOFIELD) continue;
+
+ //get data
+
+ res = EmGetCmd(receivedCmd, &len, par);
+ if(res == 2) { //field is off
+ cardSTATE = EMVEMUL_NOFIELD;
+ LEDsoff();
+ continue;
+ }
+ else if(res==1){
+ break; // button press
+ }
+
+ if(len==1 && ((receivedCmd[0] == 0x26 && cardSTATE != EMVEMUL_HALTED) || receivedCmd[0] == 0x52)){
+ EmSendCmd(rATQA, sizeof(rATQA));
+ cardSTATE = EMVEMUL_SELECT1;
+ continue;
+ }
+ switch(cardSTATE){
+ case EMVEMUL_NOFIELD:
+ case EMVEMUL_HALTED:
+ case EMVEMUL_IDLE:{
+ break;
+ }
+ case EMVEMUL_SELECT1:{
+ //select all
+ if(len==2 && (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x20)) {
+ EmSendCmd(rUIDBCC, sizeof(rUIDBCC));
+ break;
+ }
+ if(len==2 && (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC, 4) == 0)) {
+ EmSendCmd(rSAK, sizeof(rSAK));
+ break;
+ }
+ }
+ }
+ }
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LEDsoff();
+}
//ICEMAN: move to client
//dump the current card to the console
-void dumpCard(emvtags* currentcard){
+void dumpCard(emvcard* currentcard){
DUMP(currentcard->ATQA);
Dbhexdump(sizeof(currentcard->ATQA), currentcard->ATQA, false);
DUMP(currentcard->UID);
Dbhexdump(currentcard->UID_len, currentcard->UID, false);
- DUMP(currentcard->SAK1);
- Dbhexdump(1, ¤tcard->SAK1, false);
- DUMP(currentcard->SAK2);
- Dbhexdump(1, ¤tcard->SAK2, false);
+ DUMP(currentcard->SAK);
+ Dbhexdump(1, ¤tcard->SAK, false);
DUMP(currentcard->ATS);
- Dbhexdump(currentcard->ATS_len, currentcard->ATS, false);
-
+ Dbhexdump(currentcard->ATS_len, currentcard->ATS, false);
DUMP(currentcard->tag_4F);
Dbhexdump(currentcard->tag_4F_len, currentcard->tag_4F, false);
DUMP(currentcard->tag_50);
Dbhexdump(currentcard->tag_86_len, currentcard->tag_86, false);
DUMP(currentcard->tag_87);
Dbhexdump(1, currentcard->tag_87, false);
-DUMP(currentcard->tag_88);
+ DUMP(currentcard->tag_88);
Dbhexdump(1, currentcard->tag_88, false);
-DUMP(currentcard->tag_8A);
+ DUMP(currentcard->tag_8A);
Dbhexdump(2, currentcard->tag_8A, false);
DUMP(currentcard->tag_8C);
Dbhexdump(currentcard->tag_8C_len, currentcard->tag_8C, false);