in Programming, SmartCard

OpenEMV Javacard applet test

Summary

Recently download the JCIDE and OpenEMV and tested by APDU script, with successful result, this OpenEMV Java applet has the basic concept of the EMV applet, can give you an idea how does EMV applet works.

JCIDE/OpenEMV download and debug

JCIDE is a free tool and similar as IBM JCOP, and OpenEMV is a open source applet, though it is very simple applet.
JCIDE

The right window debugging session download applet to the virtual environment, the script is as below, if you select the real card reader, this OpenEMV applet can be downloaded to the real smart card.

Start jcvm_gp successfully.
Connect Simulator:Default successfully.
>> /card -a ""
ATR=3B 70 13 00 00

>> 00 A4 04 00 00
<< 6F 5C 84 08 A0 00 00 00 03 00 00 00 A5 04 73 4A 06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09 2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04 01 2A 02 6E 01 02 9F 65 01 FF 90 00

>> set-key 255/1/DES-ECB/404142434445464748494A4B4C4D4E4F 255/2/DES-ECB/404142434445464748494A4B4C4D4E4F 255/3/DES-ECB/404142434445464748494A4B4C4D4E4F
>> init-update 255
>> 80 50 00 00 08 9B 83 F8 38 72 E7 BB 85 1C
00 00 00 00 00 00 00 00 00 00 FF 02 00 00 3D 02 9C 31 C7 89 29 64 EC 0E DE 8E 37 AB 90 00
>> ext-auth
>> 84 82 00 00 10 26 2F 20 B2 90 31 27 6F 4B 11 C3 08 4F D8 02 EE
<< 90 00
>> upload "E:\Tools\JavaCard\OpenEMV-master\OpenEMV\bin\openemv\javacard\openemv.cap"
>> 80 E6 02 00 12 05 45 4D 56 00 00 08 A0 00 00 00 03 00 00 00 00 00 00 01
<< 00 90 00

>> 80 E8 00 00 FF C4 82 0D 80 01 00 17 DE CA FF ED 02 02 04 00 01 05 45 4D 56 00 00 07 6F 70 65 6E 65 6D 76 02 00 21 00 17 00 21 00 0A 00 29 01 6E 00 73 0A 0A 00 0A 01 05 00 00 03 D9 13 F4 00 02 00 00 00 00 04 01 00 04 00 29 04 00 01 07 A0 00 00 00 62 00 01 02 01 07 A0 00 00 00 62 01 01 02 01 07 A0 00 00 00 62 01 02 02 01 07 A0 00 00 00 62 02 01 03 00 0A 01 06 45 4D 56 00 00 01 07 28 06 00 73 00 00 81 81 00 02 80 00 08 00 08 01 02 00 00 01 7E 01 94 81 00 00 00 02 00 02 80 00 05 00 03 01 0B 00 00 02 0B 02 12 02 1A 02 21 02 29 02 30 02 38 02 47 02 67 02 7D 02 85 81 00 00 00 02 00 02 80 00 05 00 05 01 07 00 00 06 3B 06 40 06 46 06 4B 06 50 06 55 06 5B 81 00 00 00 02 00 02 81 03 06 00 06 07 03 00 00 07 35 09 6E 09 BB 81 00 00 00 02 00 07 0A 0A 00 05 20 18 8C 00 26 18 19 87 00 01
<< 00 90 00

>> 80 E8 00 01 FF 10 64 90 0B 7F 00 1D 18 10 08 05 8D 00 20 87 01 18 10 10 05 8D 00 20 87 02 18 11 01 00 05 8D 00 20 87 03 18 06 03 8D 00 21 87 04 18 10 06 03 8D 00 34 87 05 18 06 11 00 80 03 8D 00 1E 94 00 00 1F 87 06 AD 06 10 10 90 0B 3D 03 04 38 3D 04 05 38 3D 05 06 38 3D 06 07 38 3D 07 08 38 3D 08 10 06 38 3D 10 06 10 07 38 3D 10 07 10 08 38 3D 10 08 10 09 38 3D 10 09 10 10 38 3D 10 0A 10 11 38 3D 10 0B 10 12 38 3D 10 0C 10 13 38 3D 10 0D 10 14 38 3D 10 0E 10 15 38 3D 10 0F 10 16 38 03 8E 03 00 1F 05 18 06 11 00 80 03 8D 00 1E 94 00 00 1F 87 07 7A 06 10 AD 01 03 AD 00 83 08 8B 00 27 8D 00 28 3B AD 01 05 10 06 03 8D 00 29 3B AD 04 AD 06 05 8B 00 2A AD 01 05 10 F0 38 AD 04 AD 01 03 10 08 AD 02 03 8B 00 2E 3B AD 01 05 10 0F 38 AD 04 AD 01 03 10 08 7B 00 1D 03 8B 00 2E 3B 01
<< 00 90 00

>> 80 E8 00 02 FF 7B 00 1D 03 AD 02 10 08 10 08 8D 00 31 3B AD 07 AD 02 03 8E 03 00 1F 05 7A 06 60 1A 08 AD 03 03 1F 8D 00 31 3B AD 03 1F AD 00 83 09 8B 00 3B 8D 00 28 3B AD 03 1F 05 41 AD 00 83 08 8B 00 27 8D 00 28 3B AD 03 1F 07 41 10 80 38 AD 03 1F 08 41 03 38 AD 03 1F 10 06 41 03 38 AD 05 AD 07 04 8B 00 18 AD 05 AD 03 03 1F 10 07 41 15 04 16 05 8B 00 19 3B 7A 08 80 18 8C 00 1A 18 1D 1A 1F 15 04 16 05 15 06 16 07 8B 00 1B 7A 07 80 15 06 16 07 10 80 38 15 04 67 0D 15 06 16 07 04 41 10 0B 38 70 0F 15 06 16 07 04 41 10 0B 16 05 41 5B 38 15 06 16 07 05 41 1D 38 15 06 16 07 06 41 AD 00 83 08 8B 00 27 8D 00 28 3B 18 1D 1A 1F 15 06 16 07 08 41 8C 00 1C 15 04 66 12 15 04 03 15 06 16 07 10 0D 41 10 12 8D 00 31 3B 15 06 16 07 04 41 10 1D 38 15 06 16 07 10 0D 41 10 12 03 8D 00 29 01
<< 00 90 00

>> 80 E8 00 03 FF 3B 7A 02 10 AD 0A 04 25 78 03 20 AD 0A 04 1D 38 7A 02 10 AD 0A 05 25 78 03 20 AD 0A 05 1D 38 7A 02 10 AD 0A 03 25 78 03 20 AD 0A 03 1D 38 7A 01 10 AF 0B 78 03 10 18 AF 0B 04 41 89 0B 7A 01 10 AF 0C 78 03 20 18 8C 00 26 18 19 87 0D 18 06 05 8D 00 20 87 0A 18 05 05 8D 00 20 87 0E 7A 02 10 18 03 8B 00 22 18 03 8B 00 23 18 03 8B 00 24 18 8C 00 25 7A 02 10 18 AF 0B 89 0C 7A 01 10 01 77 05 10 18 8C 00 26 18 07 90 0B 3D 03 10 08 38 3D 04 04 38 3D 05 06 38 3D 06 04 38 87 0F 18 10 27 90 0B 3D 03 10 6F 38 3D 04 10 25 38 3D 05 10 84 38 3D 06 10 07 38 3D 07 10 A0 38 3D 08 03 38 3D 10 06 03 38 3D 10 07 03 38 3D 10 08 07 38 3D 10 09 10 80 38 3D 10 0A 05 38 3D 10 0B 10 A5 38 3D 10 0C 10 1A 38 3D 10 0D 10 50 38 3D 10 0E 10 0E 38 3D 10 0F 10 53 38 3D 10 10 10 65 38 3D 10 01
<< 00 90 00

>> 80 E8 00 04 FF 11 10 63 38 3D 10 12 10 75 38 3D 10 13 10 72 38 3D 10 14 10 65 38 3D 10 15 10 43 38 3D 10 16 10 6F 38 3D 10 17 10 64 38 3D 10 18 10 65 38 3D 10 19 10 20 38 3D 10 1A 10 41 38 3D 10 1B 10 75 38 3D 10 1C 10 74 38 3D 10 1D 10 87 38 3D 10 1E 04 38 3D 10 1F 03 38 3D 10 20 10 5F 38 3D 10 21 10 2D 38 3D 10 22 07 38 3D 10 23 10 6E 38 3D 10 24 10 6C 38 3D 10 25 10 65 38 3D 10 26 10 6E 38 87 10 18 10 5F 90 0B 3D 03 10 70 38 3D 04 03 38 3D 05 10 8C 38 3D 06 10 21 38 3D 07 10 9F 38 3D 08 05 38 3D 10 06 10 06 38 3D 10 07 10 9F 38 3D 10 08 06 38 3D 10 09 10 06 38 3D 10 0A 10 9F 38 3D 10 0B 10 1A 38 3D 10 0C 05 38 3D 10 0D 10 95 38 3D 10 0E 08 38 3D 10 0F 10 5F 38 3D 10 10 10 2A 38 3D 10 11 05 38 3D 10 12 10 9A 38 3D 10 13 06 38 3D 10 14 10 9C 38 3D 10 15 04 38 3D 10 16 01
<< 00 90 00

>> 80 E8 00 05 FF 10 9F 38 3D 10 17 10 37 38 3D 10 18 07 38 3D 10 19 10 9F 38 3D 10 1A 10 35 38 3D 10 1B 04 38 3D 10 1C 10 9F 38 3D 10 1D 10 45 38 3D 10 1E 05 38 3D 10 1F 10 9F 38 3D 10 20 10 4C 38 3D 10 21 10 08 38 3D 10 22 10 9F 38 3D 10 23 10 34 38 3D 10 24 06 38 3D 10 25 10 8D 38 3D 10 26 10 0C 38 3D 10 27 10 91 38 3D 10 28 10 0A 38 3D 10 29 10 8A 38 3D 10 2A 05 38 3D 10 2B 10 95 38 3D 10 2C 08 38 3D 10 2D 10 9F 38 3D 10 2E 10 37 38 3D 10 2F 07 38 3D 10 30 10 9F 38 3D 10 31 10 4C 38 3D 10 32 10 08 38 3D 10 33 10 5A 38 3D 10 34 08 38 3D 10 35 10 12 38 3D 10 36 10 34 38 3D 10 37 10 56 38 3D 10 38 10 78 38 3D 10 39 10 90 38 3D 10 3A 10 5F 38 3D 10 3B 10 34 38 3D 10 3C 04 38 3D 10 3D 05 38 3D 10 3E 10 8E 38 3D 10 3F 10 0A 38 3D 10 40 03 38 3D 10 41 03 38 3D 10 42 03 38 3D 01
<< 00 90 00

>> 80 E8 00 06 FF 10 43 03 38 3D 10 44 03 38 3D 10 45 03 38 3D 10 46 03 38 3D 10 47 03 38 3D 10 48 04 38 3D 10 49 03 38 3D 10 4A 10 9F 38 3D 10 4B 10 55 38 3D 10 4C 04 38 3D 10 4D 10 80 38 3D 10 4E 10 9F 38 3D 10 4F 10 56 38 3D 10 50 10 0C 38 3D 10 51 03 38 3D 10 52 03 38 3D 10 53 10 7F 38 3D 10 54 02 38 3D 10 55 02 38 3D 10 56 10 E0 38 3D 10 57 03 38 3D 10 58 03 38 3D 10 59 03 38 3D 10 5A 03 38 3D 10 5B 03 38 3D 10 5C 03 38 3D 10 5D 03 38 3D 10 5E 03 38 87 11 18 10 0B 90 0B 3D 03 10 70 38 3D 04 03 38 3D 05 10 8F 38 3D 06 03 38 3D 07 10 90 38 3D 08 03 38 3D 10 06 10 92 38 3D 10 07 03 38 3D 10 08 10 9F 38 3D 10 09 10 32 38 3D 10 0A 03 38 87 12 18 10 11 90 0B 3D 03 10 70 38 3D 04 03 38 3D 05 10 9F 38 3D 06 10 46 38 3D 07 03 38 3D 08 10 9F 38 3D 10 06 10 47 38 3D 10 07 03 38 01
<< 00 90 00

>> 80 E8 00 07 FF 3D 10 08 10 9F 38 3D 10 09 10 48 38 3D 10 0A 03 38 3D 10 0B 10 9F 38 3D 10 0C 10 49 38 3D 10 0D 06 38 3D 10 0E 10 9F 38 3D 10 0F 10 37 38 3D 10 10 07 38 87 13 7A 01 10 AD 0F 77 01 10 11 58 00 78 01 10 10 2B 78 01 10 10 1D 78 01 10 AD 10 77 01 10 AD 10 92 78 05 30 19 06 25 10 0C 6B 1F 19 05 25 04 6B 19 AD 11 03 1A 03 AD 11 92 8D 00 2B 3B 1A 04 AD 11 92 05 43 5B 38 70 50 19 06 25 10 0C 6B 1F 19 05 25 05 6B 19 AD 12 03 1A 03 AD 12 92 8D 00 2B 3B 1A 04 AD 12 92 05 43 5B 38 70 2C 19 06 25 10 0C 6B 1F 19 05 25 06 6B 19 AD 13 03 1A 03 AD 13 92 8D 00 2B 3B 1A 04 AD 13 92 05 43 5B 38 70 08 11 6A 82 8D 00 2C 7A 05 10 18 8C 00 2D 18 11 01 00 05 8D 00 20 87 14 18 8F 00 2F 3D 06 05 8C 00 30 87 15 AD 15 05 90 0B 3D 03 10 12 38 3D 04 10 34 38 03 05 8B 00 32 18 04 8D 00 01
<< 00 90 00

>> 80 E8 00 08 FF 33 87 16 18 8F 00 35 3D 18 8C 00 36 87 08 18 8F 00 37 3D 8C 00 38 87 09 18 8F 00 39 3D 18 8C 00 3A 87 17 7A 02 30 8F 00 3C 3D 8C 00 3D 8B 00 3E 7A 04 24 19 8B 00 3F 2D 1A 03 25 32 1A 04 25 29 04 18 8B 00 40 60 25 AD 08 8B 00 41 19 8B 00 42 3B 19 AD 09 8B 00 43 8B 00 44 19 AD 09 8B 00 45 03 AD 09 8B 00 43 8B 00 46 7A 16 04 75 00 C9 00 0C FF 82 00 35 FF 84 00 38 FF 88 00 41 FF A8 00 4D FF AE 00 7C FF B2 00 44 FF CA 00 55 00 16 00 C9 00 18 00 C9 00 1E 00 C9 00 20 00 5D 00 24 00 C9 A8 00 9A 18 19 1A 8C 00 47 A8 00 91 A8 00 8E 18 19 1A 8C 00 48 A8 00 85 18 19 1A 8C 00 49 70 7C 18 19 1A 8C 00 4A 70 74 1A 07 25 11 00 FF 53 29 05 16 05 19 8B 00 4B 6A 08 11 67 00 8D 00 2C 18 19 1A 8C 00 4C 70 55 1A 07 25 11 00 FF 53 29 05 16 05 19 8B 00 4B 6A 08 11 67 00 8D 00 2C 01
<< 00 90 00

>> 80 E8 00 09 FF 1A 05 25 10 10 53 10 10 6B 08 11 6B 00 8D 00 2C AD 08 8B 00 4D 61 0A 18 19 1A 8B 00 4E 70 1F AD 08 8B 00 4F 61 0A 18 19 1A 8B 00 50 70 10 11 6D 00 8D 00 2C 70 08 11 6D 00 8D 00 2C 7A 04 30 1A 06 25 10 80 6A 08 11 6B 00 8D 00 2C AD 15 8B 00 51 61 09 11 69 83 8D 00 2C 7A AD 15 1A 08 05 8B 00 52 60 10 AD 08 04 8B 00 24 19 03 03 8B 00 53 70 0E 11 63 C0 AD 15 8B 00 51 41 8D 00 2C 7A 04 30 AD 16 1A 03 10 08 8B 00 54 19 03 10 08 8B 00 53 7A 04 30 1A 05 25 10 9F 6B 6D 1A 03 10 9F 38 1A 04 1A 06 25 38 1A 06 25 75 00 57 00 04 00 13 00 40 00 17 00 2C 00 36 00 15 00 4F 00 57 1A 07 05 38 1A 08 AD 08 8B 00 27 8D 00 28 3B 19 05 08 8B 00 53 70 33 1A 07 04 38 1A 08 AD 15 8B 00 51 38 19 05 07 8B 00 53 70 1F 1A 07 05 38 1A 08 AD 08 8B 00 55 8D 00 28 3B 19 05 08 8B 00 53 70 01
<< 00 90 00

>> 80 E8 00 0A FF 08 11 6B 00 8D 00 2C 7A 05 30 AD 09 1A AD 14 8B 00 56 19 8B 00 42 3B 19 AD 14 04 25 05 41 8B 00 44 19 AD 14 03 AD 14 04 25 05 41 8B 00 46 7A 05 30 AD 14 03 10 80 38 AD 14 04 10 06 38 AD 14 05 AD 09 8B 00 3B 8D 00 28 3B AD 09 8B 00 57 03 AD 14 07 07 8D 00 2B 3B 19 8B 00 42 3B 19 10 08 8B 00 44 19 AD 14 03 10 08 8B 00 46 7A 08 31 1A 05 25 11 00 C0 53 5B 32 1F 10 C0 6A 05 1F 61 08 11 6B 00 8D 00 2C AD 17 1F 1A AD 09 8B 00 58 01 03 AD 14 03 8B 00 59 AD 08 1F 8B 00 22 19 8B 00 42 3B 19 AD 14 04 25 05 41 8B 00 44 19 AD 14 03 AD 14 04 25 05 41 8B 00 46 7A 08 31 1A 05 25 11 00 C0 53 5B 32 1F 10 C0 6A 07 1F 10 80 6B 08 11 6B 00 8D 00 2C AD 17 1F 1A AD 09 8B 00 5A 01 03 AD 14 03 8B 00 1B AD 08 1F 8B 00 23 19 8B 00 42 3B 19 AD 14 04 25 05 41 8B 00 44 19 AD 14 03 AD 01
<< 00 90 00

>> 80 E8 00 0B FF 14 04 25 05 41 8B 00 46 7A 08 00 0A 00 02 00 01 00 00 00 00 00 00 05 01 6E 00 5B 02 00 05 00 02 00 05 06 02 00 05 01 02 00 05 07 02 00 05 03 02 00 05 04 02 00 05 02 02 00 05 05 02 00 5D 03 02 00 5D 04 02 00 19 01 02 00 19 03 02 00 19 04 02 00 19 00 02 00 19 02 02 00 3F 00 02 00 3F 01 02 00 3F 02 02 00 3F 03 02 00 3F 04 02 00 5D 05 02 00 5D 00 02 00 5D 01 02 00 5D 02 03 82 0F 03 03 82 0F 05 06 00 00 BF 03 00 05 02 06 00 01 23 05 00 00 00 06 82 0D 00 01 82 0A 00 06 81 08 0D 06 83 01 00 03 00 19 02 03 00 19 04 03 00 19 06 06 00 02 3D 06 80 00 00 03 00 19 07 06 81 10 06 06 81 10 03 03 83 01 03 06 81 10 02 06 81 07 01 06 81 03 00 03 83 01 01 01 81 09 00 06 81 09 00 06 81 10 01 03 81 09 08 06 82 0E 00 06 82 0F 00 01 00 19 00 06 00 02 4C 01 00 3F 00 06 00 02 89 01
<< 00 90 00

>> 80 E8 00 0C FF 01 00 05 00 06 00 00 01 03 00 3F 02 01 00 5D 00 06 00 06 D0 03 81 03 01 03 81 0A 01 03 81 03 03 03 00 19 09 03 81 0A 07 03 00 3F 06 03 81 0A 09 03 00 3F 05 03 81 0A 05 06 00 08 82 06 00 09 0A 06 00 09 31 06 00 08 95 03 81 0A 06 06 00 08 40 03 00 19 01 03 00 5D 08 03 00 19 03 03 00 5D 09 03 81 09 02 03 81 09 01 03 81 0A 08 03 82 0E 01 03 00 19 08 03 00 3F 07 03 00 3F 01 03 00 3F 03 03 00 05 01 03 00 3F 04 09 01 05 00 7A 0A 10 09 0A 08 09 0F 02 6E 05 03 02 09 0A 02 06 06 02 05 07 06 02 11 0A 02 0D 08 03 02 09 05 02 09 08 07 08 02 06 02 59 02 44 07 08 07 08 07 08 06 04 05 0B 08 08 1C 02 22 E3 FF FF 14 3E 61 05 15 05 13 05 09 16 05 09 16 05 09 1E 0C 02 19 0B 0A 0B 26 0B 09 06 AE 0F 2D 0E 0A 11 0C 43 17 14 1A 03 0B 0A 03 0C 06 06 03 09 06 14 22 04 07 06 0C 0A 01
<< 00 90 00

>> 80 E8 80 0D 91 03 25 04 07 06 0C 0A 03 00 87 05 0B 07 09 0A 08 09 0B 04 62 0A 04 0F 03 0A 09 13 11 04 04 0A 0A 0D 0B 03 0D 03 20 10 08 0F 3B 03 0E 13 17 49 0A 08 0A 05 05 04 13 FF FF FF E9 24 24 12 07 08 06 06 16 05 06 05 06 04 06 05 08 04 03 07 0E 07 04 07 03 06 06 03 41 0C 09 08 11 08 06 11 08 10 05 08 07 08 08 08 10 05 08 09 08 06 0A 04 0C 07 38 03 07 0D 07 0D 03 07 08 0B 04 0B 0D 17 03 06 08 05 07 09 1A 09 08 06 04 0B 0D 1C 09 08 06 04 0B 0D 01
<< 00 90 00

>> install 454D560000 454D56000001 112233445566 00 1122334455667788
>> 80 E6 0C 00 22 05 45 4D 56 00 00 06 45 4D 56 00 00 01 06 11 22 33 44 55 66 01 00 0A C9 08 11 22 33 44 55 66 77 88 00 00
<< 00 90 00

>> cardinfo
>> 80 F2 80 00 02 4F 00 00
<< 08 A0 00 00 00 03 00 00 00 01 9E 90 00

>> 80 F2 40 00 02 4F 00 00
<< 06 45 4D 56 00 00 01 07 00 90 00

>> 80 F2 10 00 02 4F 00 00
<< 05 45 4D 56 00 00 01 00 01 06 45 4D 56 00 00 01 90 00

Card Manager AID   :  A000000003000000
Card Manager state :  OP_READY

    Application:  SELECTABLE (--------) 454D56000001
    Load File  :      LOADED (--------) 454D560000
     Module    :                        454D56000001

APDU Test Script

Shell command

The shell command is easy to use, a few example
Select AID. Select Applet, return File Control Information (FCI) Proprietary Template, it contains Dedicated File(DF), File Control Information and Application Tag.

/select 454D56000001

result:

>> /select 454D56000001
>> 00 A4 04 00 06 45 4D 56 00 00 01 00
<< 6F 25 84 07 A0 00 00 00 04 80 02 A5 1A 50 0E 53 65 63 75 72 65 43 6F 64 65 20 41 75 74 87 01 00 5F 2D 04 6E 6C 65 6E 90 00

External authentication
Shell command as:

/card -a ""
set-key 255/1/DES-ECB/404142434445464748494A4B4C4D4E4F 255/2/DES-ECB/404142434445464748494A4B4C4D4E4F 255/3/DES-ECB/404142434445464748494A4B4C4D4E4F
init-update 255
ext-auth

The command result is as below,

>> /card -a ""
ATR=3B 70 13 00 00

>> 00 A4 04 00 00
<< 6F 5C 84 08 A0 00 00 00 03 00 00 00 A5 04 73 4A 06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09 2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04 01 2A 02 6E 01 02 9F 65 01 FF 90 00

>> set-key 255/1/DES-ECB/404142434445464748494A4B4C4D4E4F 255/2/DES-ECB/404142434445464748494A4B4C4D4E4F 255/3/DES-ECB/404142434445464748494A4B4C4D4E4F
set-key: Invalid arguments.
>> init-update 255
>> 80 50 00 00 08 51 D8 B9 C8 3B 88 43 04 1C
00 00 00 00 00 00 00 00 00 00 FF 02 00 02 59 8D D3 96 1B FD 63 85 DF C6 3D AA 0D 3C 90 00
init-update: Invalid arguments.
>> ext-auth
>> 84 82 00 00 10 CE E4 76 B0 27 C4 9D 64 17 A9 65 38 2B F1 BC C4
<< 90 00

Verify PIN command

>> /select 454D56000001
>> 00 A4 04 00 06 45 4D 56 00 00 01 00
<< 6F 25 84 07 A0 00 00 00 04 80 02 A5 1A 50 0E 53 65 63 75 72 65 43 6F 64 65 20 41 75 74 87 01 00 5F 2D 04 6E 6C 65 6E 90 00

>> /send 00200080021234
>> 00 20 00 80 02 12 34
<< 90 00

When construct/install the applet, the applet will create the PIN.
First declare the PIN variable,

    final OwnerPIN pin;

Then create the PIN in the construct function,

pin = new OwnerPIN((byte) 3, (byte) 2);
pin.update(new byte[] { (byte) 0x12, (byte) 0x34 }, (short) 0, (byte) 2);

Below code is processing the incoming verify PIN command,

case INS_VERIFY: // 0x20
// get remaining data
         short len = (short) (apduBuffer[OFFSET_LC] & 0xFF);
         if (len != apdu.setIncomingAndReceive()) {
            ISOException.throwIt(SW_WRONG_LENGTH);
            }
    verifyPIN(apdu, apduBuffer);
    break;

Generates an 8 byte random number

It will generate random data in getChallenge(apdu, apduBuffer);

>> /send 8084000000
>> 80 84 00 00 00
<< A1 6B 32 33 6F 90 DD 53 90 00

READ RECORD Command

//READ RECORD Command: '00B2' + Record number + Reference control parameter. (See Book 3, Section 6.5.11)
//Get the record of SFI 1, Record 1,It contains  Primary account number, Bank identifier code, Cardholder Verification Method (CVM) List and other fields.

>> /send 00B2010C
>> 00 B2 01 0C
<< 70 5D 8C 21 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34 03 8D 0C 91 0A 8A 02 95 05 9F 37 04 9F 4C 08 5A 05 12 34 56 78 90 5F 34 01 02 8E 0A 00 00 00 00 00 00 00 00 01 00 9F 55 01 80 9F 56 0C 00 00 7F FF FF E0 00 00 00 00 00 00 00 00 90 00

//Get the Read record message template, record 2, It contains Certification Authority Public Key Index, Issuer Public Key Certificate, Issuer Public Key Remainder and Issuer Public Key Exponent.

>> /send 00B2020C
>> 00 B2 02 0C
<< 70 09 8F 00 90 00 92 00 9F 32 00 90 00

//Get the Read record message template, record 3, It contains ICC Public Key Certificate, ICC Public Key Exponent, ICC Public Key Remainder and Dynamic Data Authentication Data Object List (DDOL).

>> /send 00B2030C
>> 00 B2 03 0C
<< 70 0F 9F 46 00 9F 47 00 9F 48 00 9F 49 03 9F 37 04 90 00

GET PROCESSING OPTIONS(GPO)

//GET PROCESSING OPTIONS(GPO) Command: 80A80000 + Lc + PDOL related data + 00,(See Book 3, Section 6.5.8), PDOL (Processing Options Data Object List)

//In this applet, PDOL is not checked,The response message is a primitive data object with tag equal to '80'.the format is:

//80 + Length + AIP(Application Interchange Profile) + AFL(Application File Locator)

//AFL can refer to EMV Book 3, Section 10.2, Read Application Data

//private final byte[] theAFL = new byte[]{ (byte)0x08, 0x01, 0x03, 0x01}; // AFL from Dutch bank cards;

>> /send 80A80000
>> 80 A8 00 00
<< 80 06 58 00 08 01 03 01 90 00

GET DATA command

//GET DATA command: in EMV Specification, the value of P1P2 will be '9F36', '9F13', '9F17', or '9F4F'(Log Format) (See Book 3, Section 6.5.7)
//Get the data of ATC(Application Transaction Counter, tag '9F36')),

>> /send 80CA9F36
>> 80 CA 9F 36
<< 9F 36 02 00 01 90 00

>> /send 80CA9F17
>> 80 CA 9F 17
<< 9F 17 01 03 90 00

>> /send 80CA9F13
>> 80 CA 9F 13
<< 9F 13 02 00 00 90 00

GENERATE AC command

AC means Application Cryptogram.
ARQC means Authorisation Request Cryptogram, Online authorisation requested
Application Transaction Counter (ATC)
TC means Transaction Certificate, Transaction approved
Cryptogram Information Data (CID)
Combined DDA/Application Cryptogram Generation (CDA)


//GENERATE AC command: It sends transaction-related data to the ICC, which computes and returns a cryptogram.in this applet of generateFirstAC only supporting request TC and ARQC.(See Book 3, Section 6.5.5) >> /send 80AE4000 >> 80 AE 40 00 << 80 1D 40 00 01 72 E1 F4 CE E6 89 72 A1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 //request TC >> /send 80AE2000 >> 80 AE 20 00 << 80 1D 00 00 01 55 93 1B DE F9 E5 F4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00

The procedure of calculation of the applet for above two commands are as below.
ICC Master Key: 0x01020304050607080910111213141516
The session key derivation from Master key,
//ATC + F00000000000
//ATC + OF0000000000
ATC = 0001

diversification_data = 0001F00000000000, 3DES-CBC encrypt by 01020304050607080910111213141516, result is: 1E014C1C3DED5EF7
diversification_data = 00010F0000000000, 3DES-CBC encrypt by 01020304050607080910111213141516, result is: A98C39AB760F7D5F

Then session key is: 1E014C1C3DED5EF7A98C39AB760F7D5F

For first AC,
Data = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 5800 + 0001 + 800000
= 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000058000001800000

Use above data as input, and use session key is: 1E014C1C3DED5EF7A98C39AB760F7D5F to calculate the full MAC, the result is 72E1F4CEE68972A1, this is matching the APDU result as below,
80 1D 40 00 01 72 E1 F4 CE E6 89 72 A1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
it is 80 + Length (1D) + CID (40) + ATC (0001) + AC (72E1F4CEE68972A1).

The full MAC calculation procedure is as below,
Original data Padding 80 as below,
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000058000001800000800000000000
3DES-CBC Encrypted by session MAC key: 1E014C1C3DED5EF7A98C39AB760F7D5F
Result: 1F35DF4F3F2E09D8AE24998240E8E881CBDFBF6FB6859FB38E4AB2D6F356F90E87E85F1A9E2D3AF9961FFF8271074DCB72E1F4CEE68972A1
Take the last 8 bytes as the MAC result, i.e. 72E1F4CEE68972A1

For 2nd AC,
Data as below, and padding 80,
0000000000000000000000000000000000000000000000000000000000 + 5800 + 0001 + 800000
Input data,
000000000000000000000000000000000000000000000000000000000058000001800000
Session MAC key: 1E014C1C3DED5EF7A98C39AB760F7D5F
Full MAC result: 55931BDEF9E5F402
It is matching the APDU command,

The full MAC calculation procedure is as below,
Input data,
000000000000000000000000000000000000000000000000000000000058000001800000
3DES-CBC Encrypted by MAC key: 1E014C1C3DED5EF7A98C39AB760F7D5F
result: 1F35DF4F3F2E09D8AE24998240E8E881CBDFBF6FB6859FB3E6223A0DD9C041DA55931BDEF9E5F402
last 8 bytes is 55931BDEF9E5F402, it is matching the APDU result below.

80 1D 00 00 01 55 93 1B DE F9 E5 F4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
it is 80 + Length (1D) + CID (00) + ATC (0001) + AC (55931BDEF9E5F402).

EMVCrypto class construct function as below,

    public EMVCrypto(SimpleEMVApplet x){
        theApplet = x; // reference back to the applet

        temporary= new byte[100]; 

        diversification_data = JCSystem.makeTransientByteArray((short)8, JCSystem.CLEAR_ON_DESELECT);
        sessionkey = JCSystem.makeTransientByteArray((short)16, JCSystem.CLEAR_ON_DESELECT);
        transaction_data = JCSystem.makeTransientByteArray((short)256, JCSystem.CLEAR_ON_DESELECT);
        //transaction_data = JCSystem.makeTransientByteArray((short)10, JCSystem.CLEAR_ON_DESELECT);

        desCipher = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M2, false);
        desMAC = Signature.getInstance(Signature.ALG_DES_MAC8_ISO9797_M2, false);

        mk = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
        //Master key is : //0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
        mk.setKey(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
                0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16 },
                (short) 0);
        sk = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
    }

Derive the session MAC key function is as below,

    /* Sets the current 3DES session key, based on the Application Transaction Counter (ATC).
     * 
     * It is done as described in Book 2, Annex A1.3.1, by encrypting
     *     ATC || F0 || 00 || 00 || 00 || 00 || 00  
     *  with the card's 3DES Master Key to obtain the left 8 bytes, and encrypting
     *     ATC || OF || 00 || 00 || 00 || 00 || 00  
     *  with the card's 3DES Master Key to obtain the right 8 bytes. 
     * */
    private void setSessionKey(){
        // as 8-byte diversification data we take the ATC followed by all zeroes
        Util.setShort(diversification_data, (short)0, theApplet.protocolState.getATC());
        Util.arrayFillNonAtomic(diversification_data, (short)2, (short)6, (byte)0);

        desCipher.init(mk, Cipher.MODE_ENCRYPT);

        //compute left 8 bytes of the session key
        diversification_data[2] = (byte)0xF0;
        desCipher.doFinal(diversification_data , (short)0, (short)8, sessionkey, (short)0);

        //compute right 8 byte  of the session key
        diversification_data[2] = (byte)0x0F;
        //desCipher.doFinal(diversification_data, (short)0, (short)8, sessionkey, (short)0);
        //here I use variable temporary, as the des encryption will generate 16 bytes result (although I only use the first 8 bytes), session key array offset from 8 cannot include 16 bytes, so I use temporary array to transit.
        desCipher.doFinal(diversification_data, (short)0, (short)8, temporary, (short)0);

        Util.arrayCopy(temporary, (short)0, sessionkey, (short)8, (short)8);

        sk.setKey(sessionkey, (short)0);
    }

computeAC function.

    /*
     * Computes a cryptogram, as described in Book 2, Sec 8.1, and stores it in the 
     * given response buffer at the given offset.
     * 
     * The cryptogram is an 8 byte MAC over data supplied by the terminal 
     * (as specified by the CDOL1 or CDOL2) and data provided by the ICC.
     * 
     * The data supplied by the terminal is in the ADPU buffer. This method does
     * not need to know what this data is, ie. does not need to know the CDOLs, 
     * but only needs to know the total length of these data elements. 
     * 
     * As data provided by the ICC this method just uses the minimum recommended 
     * set of data elements, ie the AIP and ATC (see Book 2, Sect 8.1.1), for
     * both the first and the second AC. Hence one method can be used for both.
     * 
     * @requires apduBuffer != response, to avoid problems overwriting the apduBuffer??
     * 
     * @param cid        the type of AC, ie. AAC_CODE, TC_CODE, or ARCQ_CODE
     * @param apduBuffer contains the terminal-supplied data to be signed in the AC
     * @param length     length of the terminal-supplied data 
     * @param response   the destination array where the AC is stored at given offset
     * @param offset     offset in this response array
     */
    private void computeAC(byte cid, byte[] apduBuffer, short length, 
            byte[] response, short offset){ 
        /* Collect the data to be MAC-ed in the array transaction_data */

        // Copy CDOL from the APDU buffer, at offset 0: OFFSET_CDATA = 5
        Util.arrayCopy(apduBuffer, OFFSET_CDATA, transaction_data, (short)0, length);
        // 2 bytes AIP, at offset length:
        Util.setShort(transaction_data, length, theApplet.staticData.getAIP());
        // 2 bytes ATC, at offset length + 2:
        Util.setShort(transaction_data, (short)(length+2), theApplet.protocolState.getATC());

        //TODO What is the following data?
        transaction_data[(short)(length+4)] = (byte) 0x80;
        transaction_data[(short)(length+5)] = (byte) 0x0;
        transaction_data[(short)(length+6)] = (byte) 0x0;

        // MAC is a CBC-MAC computed according to ISO/IEC 9797-1, padding method 2
        desMAC.init(sk, Signature.MODE_SIGN);
        desMAC.sign(transaction_data, (short)0, (short)(length+7), response, offset);

    }

Reference

ISO IEC 9797-1 spec
Online DES calculator
JavaCardOS/OpenEMV
The APDU test script of OpenEMV
OpenEMV Instructions & Applet Source Code
The EMV 4.3 Specifications
Java Card Development Kit


Write a Comment

Comment