1

I read here that EVM cards will sign some transaction data.

I would like to do this with my card, using my phone, and verify that the signature on the result is correct.

To start, I issued this command ("request APDU"):

00:A4:04:00:0E:32:50:41:59:2E:53:59:53:2E:44:44:46:30:31:00

One of the "Application IDs" was this:

A00000038410

So then I issued this command ("Select Payment application"):

00:A4:04:00:07:A0:00:00:00:03:10:10:00

and it returned this "Processing Options Data Object List (PDOL)":

9F66049F02069F37045F2A02

I read here how to decode this, because I couldn't find the official spec anywhere:

  • 9F6604 - the tag 9f 66 represents the terminal transaction qualifiers
  • 9F0206 - tag 9f 02 stands for authorized amount. The PDOL list must have the amount, authorized, coded into 6h bytes added to it.
  • 9F3704 - tag 9f 37 stands for unpredictable number, thus encode such a number in 4 bytes and add it to the list

and here how to decode this:

  • 5F2A02 - TX currency code

I understand the next step is to run "Get Processing Options" but this is where I got stuck. I tried:

  • 80:A8:00:00:02:83:00:00
  • 80:A8:00:00:12:83:10:01:02:03:04:05:06:07:08:01:02:03:04:05:06:07:08:00
  • 80:A8:00:00:12:83:10:F3:20:40:00:00:00:00:01:00:00:04:04:06:03:05:08:00
  • 80:A8:00:00:02:83:10:F3:20:40:00:00:00:00:01:00:00:04:04:06:03:05:08:00

All gave back a result of 6D:00 (Instruction code not programmed or invalid).

I tried looking in "emv book 3" and "emv book 4" but neither seem to contain the relevant information.

What do I need to do next in order to make a transaction, sign, and check the result?

Jeanne Pindar
  • 617
  • 7
  • 15
Jack
  • 11
  • 1
  • Found some more relevant information here: https://stackoverflow.com/questions/23590256/getting-parser-error-on-request-for-gpo-command-for-emv-card/23591064#23591064 – Jack Dec 14 '18 at 04:10
  • I also tried 80:A8:00:00:02:83:10:F3:20:40:00:00:00:00:01:00:00:04:04:06:03:05:08:00:40:00, was missing the country code at the end. that didn't work either – Jack Dec 14 '18 at 06:57
  • write command as - case 4 command like - CLA INS P1 P2 Lc DATA Le, above calculation of Lc should be 14 not 02, if doing test , test with good data to make it work. – Arjun Dec 14 '18 at 11:52
  • On your third attempt [80:A8:00:00:12:83:10:F3:20:40:00:00:00:00:01:00:00:04:04:06:03:05:08:00] can you change TTQ Byte from F3 to B3 and give a try. Keep the remaining data same. – Adarsh Nanu Dec 14 '18 at 11:58
  • Were you able to get your data signed with an EMV card? – Fernando N. Mar 22 '20 at 18:17

2 Answers2

0

Your GPO commands needs to provide the PDOL values requested by the card. The requested tags are:

9F66 - 4 bytes
9F02 - 6 bytes
9F37 - 4 bytes
5F2A - 2 bytes

So the commands needs to provide these in the same order, with expected lengths.

Assuming you want to send the following sample values:

9F66: 11223344
9F02: 112233445566
9F37: 11223344
5F2A: 1122

Your GPO command will look like this:

80A800001283101122334411223344556611223344112200

Where the PDOL data is 11223344112233445566112233441122.

Hope this helps

armandino
  • 17,625
  • 17
  • 69
  • 81
  • result 6D:00 Instruction code not supported or invalid – Jack Dec 14 '18 at 07:03
  • But yeah, I agree, according to all the information I can find on the internet, this is exactly what I should be doing, but the card rejects it and I can't work out why – Jack Dec 14 '18 at 07:05
0

If PDOL found in response of select application, here you need to pass the value of PDOL tags in GPO command,

can find a very good article Here. hope it helps.

enter image description here

Arjun
  • 3,491
  • 4
  • 25
  • 47