Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2017-02-14 10:41:40
- osys
- Contributor
- From: Nearby
- Registered: 2016-03-28
- Posts: 62
HF EMV implemenation for payPass, payWave
Thanks to Iceman, now his fork can be build with EMV support even on 256k device:
Nonvolatile Program Memory Size: 256K bytes. Used: 222420 bytes (85%). Free: 39724 bytes (15%).Transaction goes well
pm3 --> hf emv trans
#db# SELECT AID COMPLETED
#db# EMV TRANSACTION FINISHED
pm3 --> hf 14a list
Recorded Activity (TraceLen = 211 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 992 | Rdr |52 | | WUPA
2228 | 4596 | Tag |04 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10676 | 16564 | Tag |ef 91 43 88 b5 | |
18816 | 29344 | Rdr |93 70 ef 91 43 88 b5 ca 23 | ok | SELECT_UID
30516 | 34036 | Tag |28 b4 fc | |
35584 | 40352 | Rdr |e0 80 31 73 | ok | RATS
49460 | 70324 | Tag |10 78 80 70 02 00 31 c0 64 1f 27 01 00 00 90 00 | |
| | |38 57 | ok |
74880 | 102688 | Rdr |0a 00 00 a4 04 00 0e 32 50 41 59 2e 53 59 53 2e | |
| | |44 44 46 30 31 00 b0 54 | ok |
333236 | 382836 | Tag |0a 00 6f 23 84 0e 32 50 41 59 2e 53 59 53 2e 44 | |
| | |44 46 30 31 a5 11 bf 0c 0e 61 0c 4f 07 a0 00 00 | |
| | |00 04 10 10 87 01 01 90 00 86 5f | ok | But unfortunately dumping EMV tag values is not working, seems that some code adjustments required as the array of card data is not filled in:
pm3 --> hf emv dump
#db# currentcard->ATQA=
#db# 00 00
#db# currentcard->UID=
#db# currentcard->SAK1=
#db# 00
#db# currentcard->SAK2=
#db# 00
#db# currentcard->ATS=
#db# currentcard->tag_4F=
....As an outcome of some investigations, EMV cards can also provide transaction history, that's might be an interesting stuff to implement as well.
Last edited by osys (2017-02-14 10:42:09)
Offline
#2 2017-02-14 11:03:53
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: HF EMV implemenation for payPass, payWave
I've created a new category and moved it there.
Offline
#3 2017-02-14 13:16:50
- osys
- Contributor
- From: Nearby
- Registered: 2016-03-28
- Posts: 62
Re: HF EMV implemenation for payPass, payWave
Came across an interesting C implementation for EMV - emv-tools is a set of tools to handle EMV (Europay, MasterCard, Visa) chip cards. Tools are based on the EMV v4.3 standard.
The code can be found here: https://github.com/lumag/emv-tools/
I may assume that this handling should also apply for NFC way of communication.
Offline
#4 2017-02-14 13:23:08
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: HF EMV implemenation for payPass, payWave
The AID and commands should be similar. In Peter Fillmores imp, its placed on device side. We should move it over to the client. That will free a lot of space on device again.
Offline
#5 2017-02-14 13:35:20
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: HF EMV implemenation for payPass, payWave
My mastercard is ISO14b, so the hf emv * doesnt work. The current imp is using 14a.
I also needed a strong HF antenna to power/read card.
pm3 -_> hw tune
# HF antenna: 34.60 V @ 13.56 MHz
pm3 --> hf search
UID : xx xx xx 00
ATQB : 00 00 00 00 00 81 71
CHIPID : 00
App Data: 00 00 00 00
Protocol: 00 81 71
Bit Rate: 106 kbit/s only PICC <-> PCD
Max Frame Size: 256 bytes
Protocol Type: Protocol is compliant with ISO/IEC 14443-4
Frame Wait Integer: 7 - 4096 ETUs | 38656 us
App Data Code: Application is Proprietary
Frame Options: NAD is not supported
Frame Options: CID is supported
Tag :
Max Buf Length: 0 (MBLI) chained frames not supported
CDI : 0
Valid ISO14443-B Tag Found - Quiting Search
pm3 --> hf emv trans
#db# Can't select card
#db# EMV TRANSACTION FINISHEDRunning on a RDV2.0, 512 Kb, latest source from icemanfork, in a docker container.
This incl "with_LF", nothing is removed yet when compiling.
pm3 --> hw version
[[[ Cached information ]]]
Proxmark3 RFID instrument
bootrom: iceman/master/release-build(no_git)-suspect 2016-10-28 12:50:01
os: iceman/master/ 2017-02-14 11:57:31
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 241067 bytes (46%). Free: 283221 bytes (54%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash MemoryOffline
#6 2017-02-14 22:00:41
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: HF EMV implemenation for payPass, payWave
I've made a clip showing how to enable EMV on my docker container
Youtube: https://youtu.be/Naw5qo8UOLE
Offline
#7 2017-02-15 03:28:54
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: HF EMV implemenation for payPass, payWave
Coverity Scan found some bugs inside EMV source, I've pushed some fixes. @osys, would you mind testing?
Offline
#8 2017-11-10 18:49:12
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: HF EMV implemenation for payPass, payWave
The new EMV command implemented by Merlokk in PM3 Offical should be helpful
Offline
Pages: 1