Read EMV card using PPSE, not PSE

Question

Read EMV card using PPSE, not PSE

I am trying to read data from a Visa Paywave contactless card.

For Paywave, I have to send SELECT using PPSE (2PAY.SYS.DDF01) instead of PSE (1PAY.SYS.DDF01).

Table EMV 1, section 11.3.4, table 43 describes how to interpret the response for a successful SELECT statement using the PSE. Does anyone know or can link to a source that shows how to process the data returned from a successful SELECT command using PPSE?

Here is my APDU request:

00A404000e325041592e5359532e444446303100

Here's the answer:

 6F2F840E325041592E5359532E4444463031A51DBF0C1A61184F07A0000000031010500A564953412044454249548701019000

I understand tag 84 , tag 85 , tag BF0C from the answer. According to the PSE reading examples, I should just send the GET PROCESSION OPTIONS (to get AIP and AFL) with PDOL = null after this successful response as follows: 80A80000830000 .

But request 80A80000830000 returns an error code 6985 - the command is not allowed; Terms of use are not met.

I also tried reading all the files after successfully selecting PPSE, going through each SFI (0-30) and each individual record (0-16) of each SFI. Yes, I also did a 3-bit shift and bitwise OR OR SFI with 0x4 . But I have no data.

I’m stuck, any help that could tell me to receive any information from my Paywave card will be appreciated!

+7

credit-card nfc emv

9999bao Feb 25 '13 at 3:22

source share

6 answers

nish1013 · Answer 1 · 2013-10-25T15:26:20+0000

Have you tried this tool from EMVLAB http://www.emvlab.org/emvtags/

Using this tool

http://www.emvlab.org/tlvutils/?data=6F2F840E325041592E5359532E4444463031A51DBF0C1A61184F07A0000000031010500A564953412044454249548701019000

Peanut · Answer 2 · 2013-08-05T18:21:56+0000

It seems the stream is a bit mixed up, you want:

Send 1PAY or 2PAY, it does not matter for all the cards that I tested. This will return a list of AIDs available on the map. Alternatively, you can simply select the AID right away if you know it, but it’s better to check the first one.
Get the AID list returned in response to 1PAY / 2PAY, in the case of PayWave it will probably be A0000000031010 if you sent 2PAY, but you can get more if you send 1PAY.
Select one of the AIDs sent back (or the one you already know is there).
Then go through SFI and record the sending of the Read Records command to get the data.

You do not need to send the Get Processing Parameters function before sending the Read Records command, even if the current transaction flow is in progress.

martijno · Answer 3 · 2013-02-25T13:11:51+0000

I think the information you are looking for is available from this VISA website . But only if you are a registered and / or licensed VISA partner.

EDIT: View the resulting TLV structure in BF0C :

 tag=0xBF0C, length=0x1A tag=0x61, length=0x18 tag=0x4F, length=0x07, value=0xA0000000031010 // looks like an AID to me tag=0x50, length=0x0A, value="VISA DEBIT" tag=0x87, length=0x01, value=0x01

I would suggest that you need to select A0000000031010 first before getting processing parameters.

9999bao · Answer 4 · 2013-02-26T02:33:53+0000

I chose the application 2PAY.SYS.DDF01. when I should have chosen AID = 0xA0000000031010. It looks like there are no entries in the application 2PAY.SYS.DDF01.

But in the application 0xA0000000031010 there was 1 record. After I received this application, I performed READ RECORD, and the first record gave me PAN and all the credit card information I wanted.

Thanks everyone for stopping by.

Ameen · Answer 5 · 2013-08-02T23:31:04+0000

If you are interested in this and for MasterCard, you can use the triangle.io API for this. It is free and reads for you contactless MasterCard and Visa cards that you seem to need.

Please note that reading all the files directly from the card, while it will give you the data you need, does not actually correspond to the EMV data stream. After selecting the application, you must perform "get processing parameters" and then build PDOL and the rest of the magic.

http://www.triangle.io

Disclaimer: I work for triangle.io

Derick beng · Answer 6 · 2018-02-07T22:22:33+0000

2PAY.SYS.DDF01 is for contactless (for example, NFC) cards, and 1PAY.SYS.DDF01 is for contact cards.

After successfully reading the PSE (SW1 SW2 = 90 00), you should only look for the SFI (tag 88), which is a required field in the returned FCI template.
With SFI as the starting index, you will need to read the entries starting at the beginning index until you get 6A83 (RECORD_NOT_FOUND). For example. if your SFI is 1, you will make readRecord with record_number = 1. This will probably succeed. Then you increment record_number to 2 and read the record again. Increase to 3 .... Repeat this until you get 6A83 as your status.
Recorded records will be ADD (at least 1). Then you will have to compare the read ADF names with what your terminal supports, and also based on ASI (Application Selection Indicator). At the end you will have a list of possible ADFs (candidate list)

All of the above steps (1-3) are described in chapter 12.3.2 of Book1 v4.3 of the EMV specification.

You will need to make the final choice (Chapter 12.4 Book1)

Read specification 12 of chapter 12.3 through 12.4 for all the detailed steps.

Read EMV card using PPSE, not PSE

More articles: