Unable to identify AFL on a smart card

0
votes

I'm working to get useful data from a VISA (such as PAN, expiry date...) credit card using a list of AIDs I got stuck.

I have been able to access to all the data manually. Using the next tutorial: http://www.openscdp.org/scripts/tutorial/emv/reademv.html

>>00 A4 04 00 07 A0 00 00 00 03 10 10 00

In ASCII:

<<o<EM>„<BEL> <0><0><0><ETX><DLE><DLE>¥<SO>P<EOT>VISA¿<FF><ENQ>ŸM<STX><VT><LF><0>

In Hexadecimal:

<<6F 19 84 07 A0 00 00 00 03 10 10 A5 0E 50 04 56 49 53 41 BF 0C 05 9F 4D 02 0B 0A 90 00

After that I used:

>>33 00 B2 01 0C 00 //sfi1, rec1
...
...
>>33 00 B2 10 FC 00 //sfi31, rec16

I continued with the tutorial and learned that the proper way to obtain the data was using GPO (Get Processing Options) command. And tried that next:

>>80 A8 00 00 0D 83 0B 00 00 00 00 00 00 00 00 00 00 00 00 // pdo = 83 0B 00 00 00 00 00 00 00 00 00 00 00 which suposse to be the correct one for VISA.
<< 69 85

So the condition of use is not satisfied.

>> 80 A8 00 00 02 83 00 00 //pdo= 83 00 that should work with every non visa card
<< 80 0E 3C 00 08 01 01 00 10 01 04 00 18 01 03 01 90 00

If this response is correct and it looks quite well for me as it starts by 80 and ends by 90 00, I am not able to identify AFL which I think that would make me possible to determine the PAN, expiry date... Can somebody help me?

1
paymentsmartcardapduemv

1 Answers

4
votes

The FCI that you received in response to the select command (00 A4 0400 07 A0000000031010 00) decodes to

6F 19  (File Control Information (FCI) Template)
    84 07  (Dedicated File (DF) Name)
        A0000000031010
    A5 0E  (File Control Information (FCI) Proprietary Template)
        50 04  (Application Label)
            56495341  ("VISA")
        BF0C 05  (File Control Information (FCI) Issuer Discretionary Data)
            9F4D 02  (Log Entry)
                0B0A  (SFI = 11; # of records = 10)

This FCI does not include any PDOL (processing options data list). Consequently, you need to assume a default value for the PDOL (which is an empty list for your card type). Consequently, the PDOL-related data field in the GET PROCESSING OPTIONS command must be empty:

83 00

Where 0x83 is the tag for PDOL-related data and 0x00 is a length of zero bytes.

Thus, the correct GPO command is (as you already found out):

80 A8 0000 02 8300 00

You got the response

800E3C00080101001001040018010301 9000

This decodes to

80 0E  (Response Message Template Format 1)
    3C00  (Application Interchange Profile)
    08010100 10010400 18010301  (Application File Locator)

Consequently, the Application File Locator contains the following three entries:

  • 08010100: SFI = 1, first record = 1, last record = 1, records involved in offline data authentication = 0
  • 10010400: SFI = 2, first record = 1, last record = 4, records involved in offline data authentication = 0
  • 18010301: SFI = 3, first record = 1, last record = 3, records involved in offline data authentication = 1

Consequently, you can read those record with the READ RECORD commands:

00 B2 010C 00
00 B2 0114 00
00 B2 0214 00
00 B2 0314 00
00 B2 0414 00
00 B2 011C 00
00 B2 021C 00
00 B2 031C 00