Professional Documents
Culture Documents
Read Smart Card Chip Data With APDU Commands ISO 7816 PDF
Read Smart Card Chip Data With APDU Commands ISO 7816 PDF
Read smart card chip data with APDU commands ISO 7816
Run the neaPay ISO8583
Posted on 28th Nov 2019
simulator
This explanation builds on top of existing information at wiki about
Deploy the neaPay
https://en.wikipedia.org/wiki/Smart_card_application_protocol_data_unit ISO8583 simulator
A selected list of used commands is available at the end of this page. ISO8583 payments
message format,
Any smart card reader will come with a set of drivers an libraries to interface with it. We will assume that you do not need to build
programmers guide
communication with the reader, just to use it.
The reader comes with an interface to send apdu commands. Create a new test case in
the neaPay ISO8583
Depending on your Card Brand, different commands need to be used. simulator
80A800000483025541
Performance testing at
500, 1000 and 1500 TPS
And then just get all the information from your chip card
ISO8583 Message
Converter JSON and XML
interface specification
mapping
Regression Testing in 1
click with instant Analytics
and CSV report
Sample Recommended
design for an Acquirer test
cases suite, Scenarios
and Regression
/
00 A4 04 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 response hex : 6f 20 84 0e 31 50 41 59 2e 53 59 53 2e 44 44 46 30
31 a5 0e 88 01 02 5f 2d 04 6e 6f 65 6e 9f 11 01 01 response SW1SW2 : 90 00 response ascii : o
..1PAY.SYS.DDF01....._-.noen.... response parsed :
70 23 -- Record Template (EMV Proprietary) 61 21 -- Application Template 4f 07 -- Application Identifier (AID) - card a1 23 45 67
89 10 10 (BINARY) 50 04 -- Application Label 56 49 53 41 (=VISA) 9f 12 0c -- Application Preferred Name 56 49 53 41 20 43 6c
61 73 73 69 63 (=VISA Classic) 87 01 -- Application Priority Indicator 02 (BINARY)
70 25 -- Record Template (EMV Proprietary) 61 23 -- Application Template 4f 07 -- Application Identifier (AID) - card d5 78 00 00
02 10 10 (BINARY) 50 09 -- Application Label 62 61 6e 6b 61 78 65 70 74 (=bankaxept) 9f 12 09 -- Application Preferred Name
62 61 6e 6b 61 78 65 70 74 (=bankaxept) 87 01 -- Application Priority Indicator 01 (BINARY)
6f 37 -- File Control Information (FCI) Template 84 07 -- Dedicated File (DF) Name a1 23 45 67 89 10 10 (BINARY) a5 2c -- File
Control Information (FCI) Proprietary Template 50 04 -- Application Label 56 49 53 41 (=VISA) 87 01 -- Application Priority
Indicator 02 (BINARY) 9f 38 06 -- Processing Options Data Object List (PDOL) 9f 1a 02 -- Terminal Country Code 5f 2a 02 --
Transaction Currency Code 5f 2d 04 -- Language Preference 6e 6f 65 6e (=noen) 9f 11 01 -- Issuer Code Table Index 01
(NUMERIC) 9f 12 0c -- Application Preferred Name 56 49 53 41 20 43 6c 61 73 73 69 63 (=VISA Classic)
70 81 c0 -- Record Template (EMV Proprietary) 8f 01 -- Certification Authority Public Key Index - card 07 (BINARY) 90 81 90 --
Issuer Public Key Certificate 04 71 93 ac fb 32 3a bb 95 ac e6 c5 b4 69 27 6d b5 93 16 73 cb a2 e0 ee 23 37 9d 02 79 50 b6 c1
c8 4d 59 e9 aa 7a 54 1b 51 06 0b 0b df 51 4f 44 40 10 2b ee e8 4c 38 3a ce 13 b0 72 84 4e 97 a6 5e 0e 69 b1 c8 c5 dc f3 08
b4 26 b8 b3 3d 72 07 ff 29 a7 7d d5 64 46 ae 8d ba b8 d1 b9 ea 6a 32 ab 11 64 e7 35 2c 14 6d 0a 61 e6 de b1 ec 2f 91 25 27
b9 ce df 72 a9 b0 86 3a 9c 45 b4 9a 81 8a f4 69 8c 71 c9 72 d2 eb 25 41 84 5e 4d f8 a3 49 (BINARY) 9f 32 01 -- Issuer Public
Key Exponent 03 (BINARY) 92 24 -- Issuer Public Key Remainder 5b c8 f7 38 4c 06 dc dc 35 97 51 d1 d4 31 52 0d f5 ff 2d 43
47 4a 88 60 3c 9e fc a0 66 6a 1a 42 bd f0 a4 f5 (BINARY)
[Step 13] Send GET DATA command to find the Application Transaction Counter
(ATC)
80 CA 9F 36 00 response hex : 9f 36 02 00 79 response SW1SW2 : 90 00 response ascii : .6..y response parsed :
[Step 14] Send GET DATA command to find the Last Online ATC Register
80 CA 9F 13 00 response hex : 9f 13 02 00 67 response SW1SW2 : 90 00 response ascii : ....g response parsed :
[Step 15] Send GET DATA command to find the PIN Try Counter
80 CA 9F 17 00 response hex : 9f 17 01 03 response SW1SW2 : 90 00 response ascii : .... response parsed :
/
[Step 16] Send GET DATA command to find the Log Format
80 CA 9F 4F 00 response hex :
6f 2e -- File Control Information (FCI) Template 84 07 -- Dedicated File (DF) Name d5 78 00 00 02 10 10 (BINARY) a5 23 -- File
Control Information (FCI) Proprietary Template 50 09 -- Application Label 62 61 6e 6b 61 78 65 70 74 (=bankaxept) 87 01 --
Application Priority Indicator 01 (BINARY) 5f 2d 02 -- Language Preference 6e 6f (=no) 9f 11 01 -- Issuer Code Table Index 01
(NUMERIC) 9f 12 09 -- Application Preferred Name 62 61 6e 6b 61 78 65 70 74 (=bankaxept)
[Step 21] Send GET DATA command to find the Application Transaction Counter
(ATC)
80 CA 9F 36 00 response hex : 9f 36 02 01 73 response SW1SW2 : 90 00 response ascii : .6..s response parsed :
[Step 22] Send GET DATA command to find the Last Online ATC Register
80 CA 9F 13 00 response hex : 9f 13 02 01 72 response SW1SW2 : 90 00 response ascii : ....r response parsed :
[Step 23] Send GET DATA command to find the PIN Try Counter
80 CA 9F 17 00 response hex : 9f 17 01 03 response SW1SW2 : 90 00 response ascii : .... response parsed :
[Step 24] Send GET DATA command to find the Log Format
80 CA 9F 4F 00 response hex :
/
======================================
[EMVCard]
Answer To Reset (ATR) 3b 67 00 00 a6 40 40 00 09 90 00 Description From Public Database - [Visa card issued by Norway
bank DNBNor, VISA Classic - Landkreditt Bank (Norway), VISA Classic - Nordea Bank (Norway)] ISO Compliant Answer To
Reset (ATR) Convention - DIRECT Protocol - T=0 Historical bytes - a6 40 40 00 09 90 00
Directory Definition File Name: 315041592e5359532e4444463031 (=1PAY.SYS.DDF01) Issuer Code Table Index: 1 (ISO-8859-
1) Short File Identifier: 2 (Governed by the EMV specification) Language Preference (in order of preference): Language: no
(Norwegian) Language: en (English)
/
Applications (2 found):
Application
AID: a1 23 45 67 89 10 10
Label: VISA
Preferred Name: VISA Classic
Application Effective Date: Thu Feb 05 00:00:00 CET 2009
Application Expiration Date: Sat Mar 31 00:00:00 CEST 2012
Application Version Number: 140
Application Currency Code (ISO 4217): 578 (NOK Norwegian Krone)
Application Currency Exponent: 2 (Position of the decimal point from the right)
Issuer Country Code (ISO 3166-1): 578 (Norway)
Application Transaction Counter (ATC): 121
Last Online ATC Register: 103
PIN Try Counter: 3 (Number of PIN tries remaining)
Cardholder Name: SMITH/JOHN
Primary Account Number (PAN) - 5411118888888882
Major Industry Identifier = 5 (Banking and financial)
Issuer Identifier Number: 541111
Account Number: 888888888
Check Digit: 2 (Valid)
PAN Sequence Number: 1
Application Priority Indicator
May be selected without cardholder confirmation
Selection Priority: 2
Application Interchange Profile
Static Data Authentication (SDA) supported
Dynamic Data Authentication (DDA) not supported
Cardholder verification is supported
Terminal risk management is to be performed
Issuer authentication is supported
CDA not supported
Application File Locator
Application Elementary File
Short File Identifier:
1 (Governed by the EMV specification)
Start Record: 1
End Record: 1
Number of Records Involved In Offline Data Authentication: 0
Record: 1
Length: 79
Involved In Offline Data Authentication: false
Application Elementary File
Short File Identifier:
1 (Governed by the EMV specification)
Start Record: 2
End Record: 5
Number of Records Involved In Offline Data Authentication: 1
Record: 2
Length: 82
Involved In Offline Data Authentication: true
Record: 3
Length: 73
Involved In Offline Data Authentication: false
Record: 4
Length: 195
Involved In Offline Data Authentication: false
Record: 5
Length: 150
Involved In Offline Data Authentication: false
Application Usage Control
Valid for domestic cash transactions
Valid for international cash transactions
Valid for domestic goods
Valid for international goods
Valid for domestic services
Valid for international services
Valid at ATMs
Valid at terminals other than ATMs
Domestic cashback not allowed
International cashback not allowed
Processing Options Data Object List
Terminal Country Code (2 bytes)
Transaction Currency Code (2 bytes)
Issuer Public Key Certificate
Issuer Identifier: 492564
CA Public Key Index: 7
Certificate Format: 2
Certificate Expiration Date (MMYY): 1214
Certificate Serial Number: 00e16d (57709)
Hash Algorithm Indicator: 1 (=SHA-1)
Issuer Public Key Algorithm Indicator: 1 (=RSA)
Hash: b6819d8d5af4034214973edbad1bd2866a550dbb
Issuer Public Key
Length: 1152bit
/
Exponent:
03
Modulus:
ba 53 3e b8 ec c9 f9 b8 b2 a3 5e ed 3b e0 3f 7d
3a cf e2 46 a3 4c 8e 75 f5 c7 4a 64 e6 5c 97 cb
4f 2f ab 97 09 cf 7e 12 89 0e af f1 8a 4f cf b4
fa 98 18 db c3 be 5f dc 65 91 54 46 cb 86 24 ac
2d 1e 07 72 f2 52 49 02 f9 8b a5 5b 4b 4b 11 00
1e 4e cf b7 0f 12 19 a3 97 12 98 e7 ed c5 b9 2b
8d 44 c9 80 e2 f6 8f 90 8f 9d ad 78 5b c8 f7 38
4c 06 dc dc 35 97 51 d1 d4 31 52 0d f5 ff 2d 43
47 4a 88 60 3c 9e fc a0 66 6a 1a 42 bd f0 a4 f5
Card Risk Management Data Object List 1
Amount, Authorised (Numeric) (6 bytes)
Amount, Other (Numeric) (6 bytes)
Terminal Country Code (2 bytes)
Terminal Verification Results (TVR) (5 bytes)
Transaction Currency Code (2 bytes)
Transaction Date (3 bytes)
Transaction Type (1 byte)
Unpredictable Number (4 bytes)
Card Risk Management Data Object List 2
Authorisation Response Code (2 bytes)
Amount, Authorised (Numeric) (6 bytes)
Amount, Other (Numeric) (6 bytes)
Terminal Country Code (2 bytes)
Terminal Verification Results (TVR) (5 bytes)
Transaction Currency Code (2 bytes)
Transaction Date (3 bytes)
Transaction Type (1 byte)
Unpredictable Number (4 bytes)
Signed Static Application Data
Hash Algorithm Indicator: 1 (=SHA-1)
Data Authentication Code: 0123
Hash: 74159900848ab829b9f0318950cdad9351e0bfdf
Cardholder Verification Method (CVM) List:
Cardholder Verification Rule
Rule: Enciphered PIN verified online
Condition Code: If unattended cash
Apply succeeding CV Rule if this CVM is unsuccessful
Cardholder Verification Rule
Rule: Plaintext PIN verification performed by ICC
Condition Code: If terminal supports the CVM
Apply succeeding CV Rule if this CVM is unsuccessful
Cardholder Verification Rule
Rule: If transaction is in the application currency and is under 0.00 value
Condition Code: If terminal supports the CVM
Apply succeeding CV Rule if this CVM is unsuccessful
Cardholder Verification Rule
Rule: Enciphered PIN verified online
Condition Code: If terminal supports the CVM
Apply succeeding CV Rule if this CVM is unsuccessful
Cardholder Verification Rule
Rule: If transaction is in the application currency and is over 0.00 value
Condition Code: Always
Fail cardholder verification if this CVM is unsuccessful
Static Data Authentication Tag List
Application Interchange Profile
Track 1 Discretionary Data:
323439353030303030303030303030313031303030303030 (ASCII: 249500000000000101000000)
Track 2 Equivalent Data:
Primary Account Number (PAN) - 5411118888888882
Major Industry Identifier = 5 (Banking and financial)
Issuer Identifier Number: 541111
Account Number: 888888888
Check Digit: 2 (Valid)
Expiration Date: Wed Feb 29 00:00:00 CET 2012
Service Code: 201
Discretionary Data: 1234567890000
Service Code: 201
Language Preference (in order of preference):
Language: no (Norwegian)
Language: en (English)
Issuer Code Table Index: 1 (ISO-8859-1)
Issuer Action Code - Default:
11110000
00100000
00100100
00101000
00000000
Issuer Action Code - Denial:
00000000
01010000
10000000
00000000
00000000 /
Issuer Action Code - Online:
11110000
00101000
00111100
11111000
00000000
Application
AID: d5 78 00 00 02 10 10
Label: bankaxept
Preferred Name: bankaxept
Application Expiration Date: Thu Mar 29 00:00:00 CEST 2012
Application Transaction Counter (ATC): 115
Last Online ATC Register: 114
PIN Try Counter: 3 (Number of PIN tries remaining)
Primary Account Number (PAN) - 957852641234567890
Major Industry Identifier = 9 (For assignment by national standards bodies)
Country Code (ISO 3166-1): 578 (=Norway)
Issuer Identifier Number: 957852
Account Number: 64123456789
Check Digit: 0 (Valid)
PAN Sequence Number: 2
Application Priority Indicator
May be selected without cardholder confirmation
Selection Priority: 1
Application Interchange Profile
Static Data Authentication (SDA) not supported
Dynamic Data Authentication (DDA) not supported
Cardholder verification is supported
Terminal risk management is to be performed
Issuer authentication is not supported
CDA not supported
Application File Locator
Application Elementary File
Short File Identifier:
1 (Governed by the EMV specification)
Start Record: 1
End Record: 1
Number of Records Involved In Offline Data Authentication: 0
Record: 1
Length: 112
Involved In Offline Data Authentication: false
Card Risk Management Data Object List 1
Amount, Authorised (Numeric) (6 bytes)
Amount, Other (Numeric) (6 bytes)
Terminal Country Code (2 bytes)
Terminal Verification Results (TVR) (5 bytes)
Transaction Currency Code (2 bytes)
Transaction Date (3 bytes)
Transaction Type (1 byte)
Unpredictable Number (4 bytes)
Card Risk Management Data Object List 2
Authorisation Response Code (2 bytes)
Amount, Authorised (Numeric) (6 bytes)
Amount, Other (Numeric) (6 bytes)
Terminal Country Code (2 bytes)
Terminal Verification Results (TVR) (5 bytes)
Transaction Currency Code (2 bytes)
Transaction Date (3 bytes)
Transaction Type (1 byte)
Unpredictable Number (4 bytes)
Cardholder Verification Method (CVM) List:
Cardholder Verification Rule
Rule: Enciphered PIN verified online
Condition Code: Always
Fail cardholder verification if this CVM is unsuccessful
Track 2 Equivalent Data:
Primary Account Number (PAN) - 957852641234567890
Major Industry Identifier = 9 (For assignment by national standards bodies)
Country Code (ISO 3166-1): 578 (=Norway)
Issuer Identifier Number: 957852
Account Number: 64123456789
Check Digit: 0 (Valid)
Expiration Date: Wed Feb 29 00:00:00 CET 2012
Service Code: 601
Discretionary Data: 12345678900
Language Preference (in order of preference):
Language: no (Norwegian)
Issuer Code Table Index: 1 (ISO-8859-1)
Issuer Action Code - Default:
10110000
01000000
00000100
10001000
00000000
/
FINISHED
Terminal - Banking Chip Card. How they are talk to each other?
Today was a hard day for me, even if it was Sunday...but anyway I want to start a new very interesting topic about one standard,
which is actually playing very important role in a world of Payment application, its name is EMV.
Everyone today has his own banking card, and this is easy way to get the access to your bank account and as a consequence to
your money. Whatever you do, going to buy something, to get some cash or to pay for your mobile phone, each time you take
your card from your wallet and starting from this moment you oblige to follow some rules in order make a correct payment. To be
precisely, it is not you personally, this is your banking card which should be complained to EMVco standard. Let's imagine you
insert your card to the reader of ATM or POS terminal and from this moment magic is takes a control on your bank account.
Interesting, is not it? Let's see what is going on between your card and ATM or terminal.
First of all, I will give you some useful links about related topics, which I hope will help you to understand the process of data
exchange between smart card and terminal and also helps to read this topic.
Global Platform general description and full set of documents which can be downloaded from official web site.
EMV on wiki and EMVco website where you can find all specifications.
Let’s start to see what is going on between card and terminal. I need to say here, first we will speak about contact
interface.About contactless interface I will describe later on.
When the card inserted in to terminal, it is going to be powered and reset. Card must provide Acknowledge-To-Reset (ATR) and
then will wait for incoming commands.
This is a common part which is not directly related to EMV transaction. More information about ATR you will find in ISO7816 part
3. So, now let’s have a look from EMV standard point of view.
The next step is to choose and select target application. Depending on what type of card you have (Visa, MasterCard, etc...),
different payment schemes will apply during EMV transaction.
There are two approaches can be used to determine which application is going to be used:
1. Terminal use PSE (Payment System Environment), if the one is exists on card.
2. Terminal build a list of candidates based on list of application stored in terminal.
/
PSE is Payment System Environment which contains, roughly speaking language preference, list of applications and their
priority in which they must be executed. It is not mandatory for all cards to support PSE.
Terminal select PSE using SELECT command with filename 1PAY.SYS.DDF01. If there is no PSE, card should return “6A82”,
which means “file not found”. If card returns “9000”, terminal proceeds to the next step by processing response from card. The
response on the SELECT command for PSE contains FCI data object, which should looks according EMV Book 1 like:
6F FCI Template M
84 DF Name M
So now terminal knows the SFI of payment system directory to read. By sendin
Like 0 Share
Tweet Follow @neaPaycom
LinkedIn
Payments Solutions. Made ISO8583 Simulator ISO8583 Message Parser Payments Message Conversion
Simple
Message Converter Card Data Generator Consulting Services
Simulator
License Cookies Policies
Help
Copyright © 2012 neaPay. neaPay Brand, web site data and content, products, training and material are all reserved, under ownership. All Rights Reserved. Content cannot be reproduced without written accord from neaPay.