EMV Reading PAN Code

3
votes

I need to read the PAN Code of every possible card through chip. In my job I have to use only C and I haven't routines that can help me in this boring task. So that's the steps APDU that I use:

1) SELECT 1PAY.SYS.DDF01

00 A4 0400 0E 315041592E5359532E4444463031

and then 00 C0 0000 22 315041592E5359532E4444463031 from the response to read all datas. Complete Response:

6f 20 e 84 31 50 41 59 2e 53 59 53 2e 44 44 46 30 31 a5 e 88 1 1 5f 2d 69 8 74 65 6e 66 72 65 73 90

2) READ RECORD to get the specific AID

00 B2 010C 00

Complete Response:

70 17 61 15 4f 7 a0 0 0 0 4 30 60 50 7 4d 41 53 54 52 45 4f 87 1 1 90

3) SELECT AID (in my case the AID is A0000000043060 from the previous response)

00 A4 0400 07 A0000000043060

Also in this case, I have response: 61 36, so I re-call the command with:

00 C0 0000 36 A0000000043060

Complete Response:

6f 0 41 45 53 52 4f 54 87 1 1 34 84 a0 7 0 0 4 30 60 a5 29 50 7 4d 5f 2d 8 69 74 65 6e 72 66 65 73 bf c f 9f 4d 2 b a 9f 6e 3 7 80 0 0 30 30 0 90

Now every command that I use, will get wrong message. I don't understand if I have to use READ DATA, READ RECORD, GET PROCESSING OPTIONS or something else. Can you give me a tip on what I have to do now?

I need to get the 16 char code of the card, the one that is normally printed clearly on the card.

Thanks to everyone

1
apduemv
can you tell why you need the pan/track data alone ?Adarsh Nanu
@Valerio colonnese Are you talking about the 16 digit numeric code printed on each card..?? If yes then it is possible to retrieve but what is the use case for you?. I am asking because this is one of the sensitive information stored in card.Gaurav Shukla
@Gaurav_Orai I have to tokenize it for a program of loyalty card.Valerio Colonnese
I want to detail my answer: I need only the PAN code because I have to map it with a custom card for a loyalty service. I have to call my API with that code, I'm not interested to do payment with that, so I don't need expyration date, PIN, or anything of banking services.Valerio Colonnese

1 Answers

5
votes

The 8 Byte (16 Digit) code printed on Smart Card (Payment Chip Card) is retrievable. This information is the part of "Track 2 Equivalent Data" personalized in the records in Tag 57.

You can slice the initial 8 Bytes of this "Track 2 Equivalent Data" to get your code.

Now How to Get "Track 2 Equivalent Data":

  1. SELECT Payment Application (excluding the PSE/PPSE process here, since you are able to do it)

  2. Send GPO command. Normally 80 A8 00 00 02 83 00 is the APDU for GPO if no PDOL data is required in GPO command APDU. (If 9F38 tag is not present in the response of SELCT command then Simply send this APDU, otherwise PDOL must be created). See EMV 4.3 Book 3 Section 6.5.8 for more details about GPO response.

  3. You will get AFL in the response of GPO and Read all the available records from application as per AFL. Normally track 2 data could be found within 2 or 3 initial records.

    To understand the coding of AFL you can refer Section 10.2 EMV 4.3 Book 3.

    To understand the READ RECORD APDU construction refer EMV 4.3 Book 1 Section 11.2.

  4. One of record must contain Tag 57 and you can fetch the value.