Cyber Security Forum - View Single Post

www.emvstudio.org

ARQC (Authorization Request Cryptogram) is cryptogram that generated by the card based on data from the terminal and session keys. This is the last info that the bank asks from the card before approving or rejecting the transaction, the most important info.
I increased the buffer on arduino today we will see only full answers. I will remind:

First of all, we activate the 2PAY.SYS.DDF01 applet in the main directory of the map
Sent:
0x00, 0xA4, 0x04, 0x00, 0x0E, 0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31, 0x00
Got:
6F 2F 84 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 1D BF 0C 1A 61 18 4F 07 A0 00 00 00 04 10 10 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 90 00
Do you remember that we study the answers received here https://www.emvlab.org/tlvutils/?

Now we know the AID and select the application
Sent:
0x00, 0xA4, 0x04, 0x00, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x04, 0x10, 0x10, 0x00
Got:
6F 39 84 07 A0 00 00 00 04 10 10 A5 2E 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 5F 2D 04 72 75 65 6E BF 0C 15 9F 5D 03 01 00 00 9F 4D 02 0B 0A 9F 6E 07 06 43 00 00 30 30 00 90 00
Send the card an empty PDOL (Processing Options Data Object List)
Sent:
0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00, 0x00
Got:
77 0E 82 02 19 80 94 08 08 01 01 00 10 02 06 01 90 00
We got AFL (Application File Locator) and from it we calculated where the files are on the map, we know exactly how many data the maps store, and we read them all in turns ....
Here we stopped last time. After reading one of the entries, we found what we needed and calmed down, now we will read all the entries and see what is on the MasterCard:

We send:
0x00, 0xB2, 0x01, 0x0C, 0x00
we get:
70 75 9F 6C 02 00 01 9F 62 06 00 00 00 00 00 0E 9F 63 06 00 00 00 00 03 03 F0 56 34 42 35 33 32 31 33 30 30 32 38 31 30 36 32 35 35 39 5E 20 2F 5E 32 32 30 37 32 30 31 31 32 37 36 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 9F 64 01 03 9F 65 02 00 0E 9F 66 02 03 F0 9F 6B 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 70 00 00 00 00 0F 9F 67 01 03 90 00

We send:
0x00, 0xB2, 0x02, 0x14, 0x00
we get:
70 81 A6 57 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 76 80 00 00 44 1F 5A 08 53 21 30 02 81 06 25 59 5F 24 03 22 07 31 5F 25 03 17 04 01 5F 28 02 06 43 5F 34 01 00 8C 27 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34 03 9F 21 03 9F 7C 14 8D 0C 91 0A 8A 02 95 05 9F 37 04 9F 4C 08 8E 0E 00 00 00 00 00 00 00 00 00 42 03 1E 03 1F 03 9F 07 02 FF 00 9F 08 02 00 02 9F 0D 05 B4 50 84 00 00 9F 0E 05 00 00 00 00 00 9F 0F 05 B4 70 84 80 00 9F 42 02 06 43 9F 4A 01 82 90 00

We send:
0x00, 0xB2, 0x03, 0x14, 0x00
we get:
70 81 E0 8F 01 05 9F 32 01 03 92 24 FE 61 45 51 06 7E 97 14 18 49 1A C2 E2 E1 B0 28 94 7D 1F 35 1D 11 E8 94 F7 53 31 95 21 BD C2 F4 B4 84 F8 3B 90 81 B0 2F E5 6E 9F 9B F0 8D 25 82 41 57 C9 12 19 1F 5F B2 AC 6B 22 6B 3B B3 A0 0E 42 47 03 31 C8 38 64 76 1B 5B 47 D9 6C AB 14 CA B6 21 DB 08 A6 36 82 55 A7 4C 1E 34 CC 99 00 9E B3 40 A7 5A 5C 2D 7A 66 06 3F 01 45 46 09 32 39 69 8B 41 34 91 9E 2E 4B 50 76 BF 14 11 A9 CB 84 B2 9C B5 72 3E A4 A0 C1 32 1F 63 43 CE 84 73 8A 03 EC 9F 9D 2D 30 4D 28 17 FB F2 AF BA 2F C1 47 80 0E F3 F8 BB 68 E6 21 04 B9 74 15 D4 4F 02 D8 9A F1 92 AA 8F A5 04 0F B9 7C FD D0 D3 A3 17 A3 16 6D F3 D8 BA BC 7C 05 0C A4 2B 22 46 0F 2D 1F 86 03 AA 12 EC 7B 0E 90 00

We send:
0x00, 0xB2, 0x04, 0x14, 0x00
we get:
70 03 93 01 FF 90 00

We send:
0x00, 0xB2, 0x05, 0x14, 0x00
we get:
70 04 9F 47 01 03 90 00

We send:
0x00, 0xB2, 0x06, 0x14, 0x00
we get:
70 81 B4 9F 46 81 B0 9D 14 58 CD E6 A1 0F A8 FA CC 78 FD E0 6B 02 F9 4E 9F 50 43 3B 12 E4 06 68 9A A7 37 FC F9 22 81 82 06 DF 6C FF 88 8D F9 EB D0 1C 8C 42 75 C6 1A BC 86 A2 05 93 64 B5 A9 B8 B7 01 3E F7 0A 09 55 87 B6 8A 45 3E 07 86 B7 63 DC 83 7C CE 21 70 42 54 B4 52 D2 1D 69 BF 7A 9F 6A 51 B0 79 D8 62 27 AA 51 4F 85 41 F0 4F EE D7 17 FA C9 A2 EB 1E E3 78 05 36 0C F1 0C 69 C4 DA DC 70 84 9A A3 94 56 9F 4A 18 5F 23 B1 20 B7 78 41 6A 27 8D 76 70 13 FB C2 18 03 E2 94 03 DA 99 19 60 33 09 0A 86 8C FE 9E F1 66 FC 41 13 76 13 0E A4 4F 8A 34 8B 63 90 00
So here:
In the same file where the card number was stored and the exp is stored, and Card Risk Management Data Object List 1 (CDOL1).
List of data objects (tag and length) to be passed to the ICC in the first GENERATE AC command
If you speak Russian: CDOL is a list of data that is required for the card during the analysis of the card.
The terminal uses processing rules to format the requested data, and then sends them to the card in requests for creating a cryptogram of the application.
In our case, CDOL1 is: 9F02069F03069F1A0295055F2A029A039C019F37049F35019F 45029F4C089F34039F21039F7C14
Which, in a detailed analysis, indicates to us the need to have these data:
9F02 (amount authorized) 6 bytes
9F03 (amount other) 6 bytes
9F1A (terminal country code) 2 bytes
95 (TVR - Terminal Verification Results) 5 bytes
5F2A (terminal currency code) 2 bytes
9A (transaction date) 3 bytes
9C (transaction type) 1 bytes
9F37 (unpredictable number) 4 bytes
9F35 (terminal type) 1 bytes
9F45 (data authentication code) 2 bytes
9F4C (ICC dynamic number) 8 bytes
9F34 (CVM Results - Cardholder Verification Results) 3 bytes
9F21 (transaction time) 3 bytes
9F7C (?) 20 bytes
Well, where do you get all this data, you ask? Take where I want to answer
In fact, not all of these data are on the Internet, you will quickly understand this when you conduct experiments on YOUR map.
But you are very lucky because you have me, 2018-01-31 at 14:29:20 I made a purchase somewhere, something and something I looked at the dialogue of the card and from the terminal, well and exclusive to you my friend I share this information:

amount authorized = 00 00 00 01 79 79 80 (the purchase was 179 rubles 80 kopecks)
amount other = 00 00 00 00 00 00
terminal country code = 06 43
TVR - Terminal Verification Results = 00 00 00 80 00
terminal currency code = 06 43
transaction date = 18 01 31
transaction type = 00
unpredictable number = 5e 06 39 ae (very important, this is a random number from the terminal)
terminal type = 22
data authentication code = 00 00
ICC dynamic number = 00 00 00 00 00 00 00 00 00
CVM Results - Cardholder Verification Results = 1f 03 00 (we can still play with this topic, but not in this article)
transaction time = 00 00 00

Cram all this sausage into our team and wait for the finale of our first act!
We send:
0x80, 0xAE, 0x90, 0x00, 0x42, 0x00, 0x00, 0x00, 0x01, 0x79, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x43, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x43, 0x18, 0x01, 0x31, 0x00, 0x5E, 0x06, 0x39, 0xAE, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x03, 0x00
We get:
77 81 A2 9F 27 01 80 9F 36 02 06 80 9F 4B 81 80 75 18 B8 8A 62 FC DE B4 7B AB 70 3A B4 B5 A6 58 B2 E7 76 32 49 21 55 1D 3C D2 BF FD 54 92 74 A3 E0 5A C7 EC 96 E9 1C 9D 2E 1A 10 62 FC 02 8E D3 E1 3B 6C CE 13 9C 2E 04 33 39 F8 2C 21 42 BD D5 A4 EF B2 C4 A3 EF EB 9C 93 16 DD 49 5D 09 2E FC C6 65 25 80 E7 64 9E 02 AA 34 51 F2 F7 E7 2A 8B 62 DC 9A 22 F9 99 C1 97 3D 54 90 A2 11 07 6A 94 23 7E ED A6 1C 2C 51 BB 79 2A 2C 00 C2 FF FC 18 9F 10 12 01 10 A0 40 03 22 00 00 00 00 00 00 00 00 00 00 00 00 FF 90 00

And what did we get this? and nothing more than the treasured Signed Dynamic Application Data Riptogram, which the card sends to the bank !! The very ARQC, whose generator was sold somewhere on the forum

Give my friend, putting a card to the terminal when buying ice cream, they communicate with these teams at a frantic speed sending them to each other. For example, according to my sniffer, a cryptogram request is sent in just 32 milliseconds:
000059 - LOG_INFO_CODEC_RX_DATA [75 bytes] (+32 ms) [03 80 ae 90 00 42 00 00 00 01 79 80 00 00 00 00 00 00 06 43 00 00 00 80 00 06 43 18 01 31 00 5e 06 39 ae 22 00 00 00 00 00 00 00 00 00 00 00 1f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 9c] {APDU: NONE RECOGNIZED}

Afterword:
Let’s summarize what we understood after reading all this?
The terminal does not write any data to the card. The terminal only reads the data and sends commands to the card! The card has a microcontroller, which itself modifies the internal files of the card. Access to the protected area of the memory card is IMPOSSIBLE, that is, reading the coveted private key is IMPOSSIBLE !! The card gives only the public key to the terminal!
The 9F36 Application Transaction Counter (ATC) transaction counter is incremented by one each time we send a PDOL card. It increases by the card itself from outside; we are not able to influence it.
Since this counter is never the same, it is used to generate a cryptogram. It is impossible to generate two cryptograms with one counter value, i.e. the data will always be different !!!
In order for the cryptograms to be realistically different from each other, another unpredictable number was introduced, which takes up 4 bytes (in our example, 5e 06 39 ae). This is a random number that the terminal sends to the map to generate a dynamic signature
As we know, each byte (unsigned of course, that is, also with a sign) can store values from 0 to 255. Multiplying 255 four times we get the number 4228250625 but what is it? And this is the number of combinations of random numbers that the terminal can send to the card.
I read somewhere that at the dawn of EMV terminals used a function of time to generate this number, but now everything is wrong, and it is IMPOSSIBLE to predict which 4 bytes the terminal will generate for the card!

Perhaps the light will be seen in the second part of the article where we will get acquainted with effective tricks, and learn how to pay with a smart card for goods at a limit without a PIN code, or maybe even with a PIN code (dick knows us).

I APPLY THE CODE FROM THE ARTICLE Suddenly, AT THOSE WHO WILL BUY IRON AND DECIDE TO PLAY, THE FULLY WORKING CODE ONLY INSERT AND FILL IN: https://pastebin.com/Ebym2EhG