Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

GET PROCESSING OPTIONS Response

I am trying to understand how to create a CDOL1 for a smart card, and the applet developer has been less than helpful. When I send a GET PROCESSING OPTIONS command to the card, I get this response:

80 0E 7D 00 40 01 01 00 48 01 03 01 50 01 03 00 90 00

I have been trying to understand what that 7D template is and how should I construct the CDOL, but have so far found nothing. I was hoping someone with more experience could help me.

like image 645
iMan Biglari Avatar asked Dec 14 '22 08:12

iMan Biglari


1 Answers

GET PROCESSING OPTIONS

According to "EMV Book 3 - Application Specification", Tag 0x80 Format 1 reply for GET PROCESSING OPTIONS contained:

  • x82: Application Interchange Profile (AIP),
  • x94: Application File Locator (AFL).

Please keep in mind that Tag 0x80 formats are different for different APDU Commands.

Your APDU Data reply with EMV TLV Tag 0x80 Format 1 data contains (2 bytes) with AIP and AFL with 3 Records (4 bytes each, 12 bytes in total):

TLVs:  # EMV, Tag + Length + Value (TLV) series
- x80:  # EMV, Template, Response Message Format 1
   tag: "80"
   len: "0E" #   // 14
   val: "7D00400101004801030150010300" # Template, Response Message Format 1.
   - AIP:  # Application Interchange Profile, Tag 0x82
       B01: "7D"
           # _1______ - bit 7, SDA supported
           # __1_____ - bit 6, DDA supported
           # ___1____ - bit 5, Cardholder verification is supported
           # ____1___ - bit 4, Terminal Risk Management is to be performed
           # _____1__ - bit 3, Issuer Authentication is supported
           # _______1 - bit 1, Combined DDA/AC Generation is supported
       B02: "00" # RFU
   - AFL:  # Application File Locator, Tag 0x94
    - S1:  # AFL Record
       B01: "40" # SFI [xxxxx___]  // 8
       B02: "01" # From record  // 1
       B03: "01" # To record  // 1
       B04: "00" # First hashed
    - S2:  # AFL Record
       B01: "48" # SFI [xxxxx___]  // 9
       B02: "01" # From record  // 1
       B03: "03" # To record  // 3
       B04: "01" # First hashed  // 1
    - S3:  # AFL Record
       B01: "50" # SFI [xxxxx___]  // 10
       B02: "01" # From record  // 1
       B03: "03" # To record  // 3
       B04: "00" # First hashed

Data Object List (DOL)

The format for EMV Data Object List (DOL) defined in the same EMV Book 3. There are several DOL tags used in EMV world. For sample:

  • x8C: Card Risk Management DOL 1 (CDOL1),
  • x8D: Card Risk Management DOL 2 (CDOL2),
  • x97: Transaction Certificate DOL (TDOL),
  • x9F38: Processing Options DOL (PDOL),
  • x9F49: Dynamic Data Object List (DDOL).

All DOL Tags follow the same format rule - The Tag Value contains the Series of Tag_ID + Length bytes without Value parts.

The sample with CDOL1 - Tag 0x8C, Length 0x15 (21 bytes) and Value parsing.

https://iso8583.info/cmd/EMV/TLVs?8C159F02069F03069F1A0295055F2A029A039C019F3704

---
TLVs:#"8C159F02069F03069F1A0295055F2A029A039C019F3704" # EMV, Tag + Length + Value (TLV) series
- x8C:#"8C159F02069F03069F1A0295055F2A029A039C019F3704" # EMV, Card Risk Management DOL 1 (CDOL1)
  - tag: "8C"
  - len: "15" #  // 21
  - val:#"9F02069F03069F1A0295055F2A029A039C019F3704" # Card Risk Management DOL 1 (CDOL1).
    - x9F02:#"9F0206" # EMV, Authorised Amount (Numeric)
      - tag: "9F02"
      - len: "06"
    - x9F03:#"9F0306" # EMV, Amount, Other (Numeric)
      - tag: "9F03"
      - len: "06"
    - x9F1A:#"9F1A02" # EMV, Country Code, Terminal
      - tag: "9F1A"
      - len: "02"
    - x95:#"9505" # EMV, Terminal Verification Results (TVR)
      - tag: "95"
      - len: "05"
    - x5F2A:#"5F2A02" # ISO 7816, Currency Code, Transaction
      - tag: "5F2A"
      - len: "02"
    - x9A:#"9A03" # EMV, Date, Transaction
      - tag: "9A"
      - len: "03"
    - x9C:#"9C01" # EMV, Transaction Type
      - tag: "9C"
      - len: "01"
    - x9F37:#"9F3704" # EMV, Unpredictable Number
      - tag: "9F37"
      - len: "04"

CDOL1 Tag describes the list of Tags and their Lengths which real Values need to be included into First GENERATE APPLICATION CRYPTOGRAM (AC) APDU Request Data.

GENERATE APPLICATION CRYPTOGRAM (AC)

SmartCard APDU Request data for First Generate AC Command contained Series of Values mentioned in CDOL1. CDOL2 used for Second Generate AC.

Here is the sample for Generate AC APDU Command and Tag 0x80 Format 1 template in the Response (related to Generate AC Command).

> 80 AE 80 00 1D 000000001000 000000000000 0442 0000000000 0978 150310 00 11223344
< 80 12 80 0001 0102030405060708 06010A03A40000 9000

AE: # EMV, Generate AC
- rq:  # ISO 7816-3, Case 4
   CLA: "80" # Class byte
   INS: "AE" # Instruction
 - P1P2:  # Parameters 1 and 2
  - P1: "80" # Parameter 1
       # 10______ - bits 8-7, Authorisation Request Cryptogram (ARQC)
    P2: "00" # Parameter 2
 - LcData: 
    len: "1D" # // 29
  - val: "0000000010000000000000000372000000000009781112120000000000"
     x9F02: "000000001000" # EMV, Authorised Amount (Numeric) // 100
     x9F03: "000000000000" # EMV, Amount, Other (Numeric) // 0
     x9F1A: "0442" # EMV, Country Code, Terminal // 442 - Luxembourg
     x95: "0000000000" # EMV, Terminal Verification Results (TVR)
     x5F2A: "0978" # ISO 7816, Currency Code, Transaction // 978 - euro
     x9A: "150310" # EMV, Date, Transaction.  // 2015.03.10
     x9C: "00" # EMV, Transaction Type.  // Purchase / Sale
     x9F37: "11223344" # EMV, Unpredictable Number
- rs:  # Response
 - SW1SW2:  # Status byte 1 and 2
    SW1: "90" # Status byte 1  // Normal processing
    SW2: "00" # Status byte 2
 - DATA:
  - x80: 
     tag: "80"
     len: "12" #   // 18
   - val:  # Template, Response Message Format 1.
    - x9F27:  # EMV, Cryptogram Information Data (CID)
       val: "80" # Cryptogram Information Data (CID).
       # 10______ - bits 8-7, ARQC
       # _____000 - bits 3-1 (Reason/Advice/Referral Code), No information given
     + x9F36: "0001" # EMV, Application Transaction Counter (ATC)
     + x9F26: "0102030405060708" # EMV, Cryptogram, Application
     + x9F10: "06010A03A40000" # EMV, Issuer Application Data (IAD)

More details about the procedures and flows in EMV specifications available for free at EMVCo site.

Parsing samples were done with online EMV and APDU data parsers.

like image 140
iso8583.info support Avatar answered Jan 31 '23 19:01

iso8583.info support