Login/Register
Generate "GET PROCESSING OPTIONS" (GPO) for EMV card (APDU) by PDOL
Asked Answered
apdugpoemv
G

1

12

GPO Command is defined like this as an APDU command:

CLA INS P1 P2 Lc Data Le
80  A8  00 00 Lc Data 00

So the missing parts is Lc & Data which we have to compute from the PDOL (if it is given). If it is not given, we can use:

80 A8 00 00 02 8300 00

That works for mastercards, but for VISA I am given a PDOL & trying to construct the missing APDU part (Lc & Data).

STEP 1 - I get this PDOL from my EMV card:

9F66049F02069F03069F1A0295055F2A029A039C019F3704

STEP 2 - Splitting it up by commands:

9F6604 9F0206 9F0306 9F1A02 9505 5F2A02 9A03 9C01 9F3704

STEP 3 - Splitting it again by byte length:

9F66 04 | 9F02 06 | 9F03 06 | 9F1A 02 | 95 05 | 5F2A 02 | 9A 03 | 9C 01 | 9F37 04

STEP 4 - Gives the following commands (remove length):

Describes "What to be inserted"

9F66 | 9F02 | 9F03 | 9F1A | 95 | 5F2A | 9A | 9C | 9F37

STEP 5 - And the following length for commands (remove commands):

Describes "Length for each command"

04 | 06 | 06 | 02 | 05 | 02 | 03 | 01 | 04

STEP 6 - Assuming that length is given as 2-bit's will make us double this:

8 | 12 | 12 | 4 | 10 | 4 | 6 | 2 | 8

STEP 7 - Expected output should now look like:

aaaaaaaa bbbbbbbbbbbb cccccccccccc dddd eeeeeeeeee ffff gggggg hh iiiiiiii

STEP 8 - Looking up commands to find values:

9F66 | 9F02 | 9F03 | 9F1A | 95 | 5F2A | 9A | 9C | 9F37

https://www.emvlab.org/emvtags/show/t9F66/ = Unknown (I Googled and found it is: 'Terminal Transaction Qualifiers' = TTQ)

https://www.emvlab.org/emvtags/show/t9F02/ = Authorized amount

https://www.emvlab.org/emvtags/show/t9F03/ = Secondary / cashback amount

https://www.emvlab.org/emvtags/show/t9F1A/ = ISO 3166 Terminal Country Code (TCC)

https://www.emvlab.org/emvtags/show/t95/ = Terminal verification results (TVR)

https://www.emvlab.org/emvtags/show/t5F2A/ = ISO 4217 Currency Code (CC)

https://www.emvlab.org/emvtags/show/t9A/ = Transaction date YYMMDD

https://www.emvlab.org/emvtags/show/t9C/ = ISO 8583:1987 first 2 digits (type of transaction - TT)

https://www.emvlab.org/emvtags/show/t9F37/ = Unpredictable Number (Random number for cryptogram - UN)

STEP 9 - Inserting obvios data:

9F66 aaaaaaaa     TTQ      
9F02 bbbbbbbbbbbb Amount   000000001000
9F03 cccccccccccc Cashback 000000000000
9F1A dddd         TCC
95   eeeeeeeeee   TVR
5F2A ffff         CC
9A   gggggg       YYMMDD   190325
9C   hh           TT
9F37 iiiiiiii     UN       12121212

STEP 10 - Terminal Transaction Qualifiers (TTQ):

(Supported terminal function settings)

9F66 a1 a2 a3 a4   

A. a1 - Hex to binary -> 00000000
B. a2 - Hex to binary -> 00000000
C. a3 - Hex to binary -> 00000000
D. a4 - Hex to binary -> 00000000 - RFU (Reserved Future Use)

Each zero can be switched on or off.

A. a1 (hex to binary gives 8 numbers)

  8. 0 - Contactless MSD          - Example: 0 - false
  7. 0 - Contactless VSDC         - Example: 1 - true
  6. 0 - Contactless qVSDC        - Example: 0 - false
  5. 0 - EMV contact chip         - Example: 1 - true
  4. 0 - Offline-only reader      - Example: 0 - false
  3. 0 - Online PIN               - Example: 0 - false
  2. 0 - Signature                - Example: 0 - false
  1. 0 - Offline data auth (ODA)  - Example: 1 - true

Example gives: 01010001. Binary to HEX -> 51

B. a2 (hex to binary gives 8 numbers)

  8. 0 - Require Online Crypt     - Example: 0 - false
  7. 0 - CVM required .           - Example: 0 - false
  6. 0 - Offline PIN support      - Example: 0 - false
  5. 0 - RFU(Reserved Future Use) - Example: 0 - false
  4. 0 - RFU(Reserved Future Use) - Example: 0 - false
  3. 0 - RFU(Reserved Future Use) - Example: 0 - false
  2. 0 - RFU(Reserved Future Use) - Example: 0 - false
  1. 0 - RFU(Reserved Future Use) - Example: 0 - false

Example gives: 00000000. Binary to HEX -> 00

C. a3 (hex to binary gives 8 numbers)

  8. 0 - Issuer update process    - Example: 0 - false
  7. 0 - Mobile functionality     - Example: 1 - true
  6. 0 - RFU(Reserved Future Use) - Example: 0 - false
  5. 0 - RFU(Reserved Future Use) - Example: 0 - false
  4. 0 - RFU(Reserved Future Use) - Example: 0 - false
  3. 0 - RFU(Reserved Future Use) - Example: 0 - false
  2. 0 - RFU(Reserved Future Use) - Example: 0 - false
  1. 0 - RFU(Reserved Future Use) - Example: 0 - false

Example gives: 01000000. Binary to HEX -> 40

D. a4 = RFU(Reserved Future Use) = 00000000 = 00

Gives: 00000000. Binary to HEX -> 00

Putting HEX values together returns: TTQ = 51004000

STEP 11 - Update ISO values (Google it) and insert TTQ:

Ref: https://en.wikipedia.org/wiki/ISO_8583

TT
Authorization:   00
Balance inquiry: 31
Sale:            00
Cash:            01
Void:            02
Mobile topup:    57

9F66 aaaaaaaa     TTQ      51004000     TTQ
9F02 bbbbbbbbbbbb Amount   000000001000
9F03 cccccccccccc Cashback 000000000000
9F1A dddd         TCC      0578         ISO 3166 Norway (not same as phone)
95   eeeeeeeeee   TVR
5F2A ffff         CC       0978         ISO 4217 Euro
9A   gggggg       YYMMDD   190325
9C   hh           TT       00           ISO 8583:1987 first 2 digits
9F37 iiiiiiii     UN       12121212

STEP 12 - Terminal verification results (TVR):

https://en.wikipedia.org/wiki/Terminal_verification_results

95 e1 e2 e3 e4 e5 

A. e1 - Hex to binary -> 00000000
B. e2 - Hex to binary -> 00000000
C. e3 - Hex to binary -> 00000000
D. e4 - Hex to binary -> 00000000
E. e5 - Hex to binary -> 00000000

Each zero can be switched on or off.

A. e1 (hex to binary gives 8 numbers)

  8. 0 - Offline process not performed - Example: 0 - false
  7. 0 - SDA failed                    - Example: 0 - false
  6. 0 - ICC data missing              - Example: 0 - false
  5. 0 - Card number on hotlist        - Example: 0 - false
  4. 0 - DDA failed                    - Example: 0 - false
  3. 0 - CDA failed                    - Example: 0 - false
  2. 0 - RFU (SDA was selected)        - Example: 0 - false
  1. 0 - RFU                           - Example: 0 - false

Example gives: 00000000. Binary to HEX -> 00

B. e2 (hex to binary gives 8 numbers)

  8. 0 - Card/terminal version differ. - Example: 0 - false
  7. 0 - Expired app                   - Example: 0 - false
  6. 0 - App not yet effective         - Example: 0 - false
  5. 0 - Service not allowed for card  - Example: 0 - false
  4. 0 - New card                      - Example: 0 - false
  3. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  2. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  1. 0 - RFU(Reserved Future Use)      - Example: 0 - false

Example gives: 00000000. Binary to HEX -> 00

C. e3 (hex to binary gives 8 numbers)

  8. 0 - Cardholder verification fail  - Example: 0 - false
  7. 0 - Unrecognised CVM              - Example: 0 - false
  6. 0 - PIN try limit exceeded        - Example: 0 - false
  5. 0 - PIN required, but no pinpad   - Example: 0 - false
  4. 0 - PIN req. & present & missing  - Example: 0 - false
  3. 0 - On-line PIN entered           - Example: 0 - false
  2. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  1. 0 - RFU(Reserved Future Use)      - Example: 0 - false

Example gives: 00000000. Binary to HEX -> 00

D. e4 (hex to binary gives 8 numbers)

  8. 0 - Transact. exceeds floor limit - Example: 0 - false
  7. 0 - Lower offline limit exceeded  - Example: 0 - false
  6. 0 - Upper offline limit exceeded  - Example: 0 - false
  5. 0 - Transa. randomly sele. online - Example: 0 - false
  4. 0 - Merch. forced online transac. - Example: 0 - false
  3. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  2. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  1. 0 - RFU(Reserved Future Use)      - Example: 0 - false

Example gives: 00000000. Binary to HEX -> 00

E. e5 (hex to binary gives 8 numbers)

  8. 0 - Default TDOL Used             - Example: 0 - false
  7. 0 - Issuer authentication failed  - Example: 0 - false
  6. 0 - Script fail before final GAC  - Example: 0 - false
  5. 0 - Script fail after final GAC   - Example: 0 - false
  4. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  3. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  2. 0 - RFU(Reserved Future Use)      - Example: 0 - false
  1. 0 - RFU(Reserved Future Use)      - Example: 0 - false

Example gives: 00000000. Binary to HEX -> 00

Putting all HEX values together gives: TVR = 0000000000

STEP 13 - Final Command:

9F66 aaaaaaaa     TTQ      51004000
9F02 bbbbbbbbbbbb Amount   000000001000
9F03 cccccccccccc Cashback 000000000000
9F1A dddd         TCC      0578
95   eeeeeeeeee   TVR      0000000000
5F2A ffff         CC       0978
9A   gggggg       YYMMDD   190325
9C   hh           TT       00
9F37 iiiiiiii     UN       12121212

Results in:

51004000 000000001000 000000000000 0578 0000000000 0978 190325 00 12121212

STEP 14 - Get tag length value:

Get length of results: 510040000000000010000000000000000578000000000009781903250012121212 = 66 numbers It is 2-bits, so: 66 / 2 = 33 characters

Convert 33 to HEX = 21

tlv = 21

tlv should be applied before the results from step 13:

21 510040000000000010000000000000000578000000000009781903250012121212

STEP 15 - Add the GPO Tag which is "83":

83 21 510040000000000010000000000000000578000000000009781903250012121212

So, Data = 8321510040000000000010000000000010000578000000000009781903250012121212

STEP 16 - Get tag length value for whole command (Lc):

Get length of results:

8321510040000000000010000000000000000578000000000009781903250012121212
= 70 numbers
It is 2-bits, so:
70 / 2 = 35 characters

Convert 35 to HEX = 23

Lc = 23

STEP 17 - Putting it all together:

Remember that the missing part is Lc & Data

CLA INS P1 P2 Lc Data Le
80  A8  00 00 Lc Data 00
80  A8  00 00 23 Data 00

Adding Data:

APDU =
80A8000023832151004000000000001000000000000000057800000000000978190325001212121200

QUESTION

The final apdu command I generated returns no value. Does anyone know at which step I fall out or can see what I am doing wrong?

Resources:

https://www.emvlab.org/emvtags/

https://en.wikipedia.org/wiki/Terminal_verification_results

https://www.rapidtables.com/convert/number/decimal-to-hex.html

https://tvr-decoder.appspot.com/t/home

Parsing PDOL for GET PROCESSING OPTIONS command in EMV transaction

Getting Parser error on request for GPO command for EMV card

https://www.iban.com/currency-codes

https://www.iban.com/country-codes

http://www.emvlab.org/tlvutils/

Gwenngwenneth answered 25/3, 2019 at 12:21 Comment(0)
G
9

I found the error. The problem was to set the correct transaction functionality in STEP 10.

As my processor is an NFC reader only, I had to modify STEP 10 to the following:

STEP 10 - Terminal Transaction Qualifiers (TTQ):

(Supported terminal function settings)

9F66 a1 a2 a3 a4   

A. a1 - Hex to binary -> 00000000
B. a2 - Hex to binary -> 00000000
C. a3 - Hex to binary -> 00000000
D. a4 - Hex to binary -> 00000000 - RFU (Reserved Future Use)

Each zero can be switched on or off.

A. a1 (hex to binary gives 8 numbers)

  8. 0 - Contactless MSD          - Example: 1 - true
  7. 0 - Contactless VSDC         - Example: 1 - true
  6. 0 - Contactless qVSDC        - Example: 1 - true
  5. 0 - EMV contact chip         - Example: 1 - true
  4. 0 - Offline-only reader      - Example: 0 - false
  3. 0 - Online PIN               - Example: 0 - false
  2. 0 - Signature                - Example: 0 - false
  1. 0 - Offline data auth (ODA)  - Example: 0 - false

Example gives: 11110000. Binary to HEX -> F0

B. a2 (hex to binary gives 8 numbers)

  8. 0 - Require Online Crypt     - Example: 0 - false
  7. 0 - CVM required .           - Example: 0 - false
  6. 0 - Offline PIN support      - Example: 1 - true
  5. 0 - RFU(Reserved Future Use) - Example: 0 - false
  4. 0 - RFU(Reserved Future Use) - Example: 0 - false
  3. 0 - RFU(Reserved Future Use) - Example: 0 - false
  2. 0 - RFU(Reserved Future Use) - Example: 0 - false
  1. 0 - RFU(Reserved Future Use) - Example: 0 - false

Example gives: 00100000. Binary to HEX -> 20

C. a3 (hex to binary gives 8 numbers)

  8. 0 - Issuer update process    - Example: 0 - false
  7. 0 - Mobile functionality     - Example: 1 - true
  6. 0 - RFU(Reserved Future Use) - Example: 0 - false
  5. 0 - RFU(Reserved Future Use) - Example: 0 - false
  4. 0 - RFU(Reserved Future Use) - Example: 0 - false
  3. 0 - RFU(Reserved Future Use) - Example: 0 - false
  2. 0 - RFU(Reserved Future Use) - Example: 0 - false
  1. 0 - RFU(Reserved Future Use) - Example: 0 - false

Example gives: 01000000. Binary to HEX -> 40

D. a4 = RFU(Reserved Future Use) = 00000000 = 00

Gives: 00000000. Binary to HEX -> 00

Putting HEX values together returns: TTQ = F0204000

So changing the TTQ value to F0204000 made card respond to the GPO command. :)

Gwenngwenneth answered 25/3, 2019 at 13:6 Comment(2)
+1 for the effort taken in explaining the issue. I guess the issue was related only to B1b6 ( unless you were using contactless MSD path card).Vision
PDOL and Tag 0x9F66 in it point to VISA PayWave or EMV Contactless Kernel 3. Lookup "Visa Contactless Payment Specification" (VCPS) it can help to understand flow and mandatory things.Palfrey

© 2022 - 2024 — McMap. All rights reserved.