万事达卡EMV中的GETCHALLENGE问题(6D00) [英] GETCHALLENGE issue(6D00) in EMV for MasterCard
问题描述
对于EMV中的GETCHALLENGE请求(0084000000),我们得到VISA \ DEBIT卡的肯定响应,但是对于MASTERCARD,我们得到的响应为6D00(指令代码不受支持或无效).
在万事达卡的情况下,这里是在调用Get Challenge之前执行的命令序列.如您所见,CDOL带有ICC动态号标签,当通过执行get Challenge命令获取动态号的调用时,我得到指令代码不受支持的错误消息.
需要重置
回复:3b6d00000031c071d66419160100849000选择付款系统目录
请求:00A404000E315041592E5359532E444446303100
响应:6f1a840e315041592e5359532e4444463031a5088801015f2d02656e9000
读取数据
请求:00B2010c00
响应:701a61184f07a0000000041010500a4d6173746572436172648701019000
选择应用程序
请求:00A4040007a000000004101000
响应:6f278407a0000000041010a51c500a4d6173746572436172648701015f2d02656ebf0c059f4d020b0a9000
获取处理选项
请求:80A8000002830000
响应:770a820238009009404100105019000
内部身份验证
请求:0088000004E153F3E800
响应:77539f4b508464f182032bd432f415ec7ddaa3e601526a2b860fcc9785475f8f45f095186e3658bc0a55bceb2d4c22fbded8af82bd81338e38961c5d000dd5a8f99d3ec0c77455534b
读取数据 要求:00B2011400
响应:7081835f25031402015f24031703315a08XXXXXXXXXXXXXXXX5f3401019f0702ff008e10000000000000000042015e0342031f039f0d05b8500408009f0e0500008800009f0f05b8700498008c219f02dfcf230f1f3f1f3f3f1f3f1f3f1f1f1f1f1f1f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0c
读取数据
请求:00B2021400
响应:70689f080200025711XXXXXXXXXXXXXXXXd1703201021010792f5f2018XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5f300202019f1f1a30303030303030323130313030303030303739323023003003030309f420208409f4401029f49039f37049f4701039000
读取数据
请求:00B2031400
响应:7081b79f4681b0c507d5fc6f008bf22f04484d0522f9a652df181559a938096558461a6a44a3acc8e1e64fb901a3bd5fa656ea1ec2eb2021d8ddab983aa5362ae0972bb717dc8f852da5a3ad03884c2ef06c4f2a7c56ff9891dd800707665569fb32bb05425c6d5a7461f2a604eb681d659bf052cad311af2b29e8a571a8e93a015814090eb13589e40756b5706e4e5bb75a1734f871aa6e6894f959f020854dfa9bca011340b470e5c45309f91486e7aa882a9109df708f01059000
读取数据
请求:00B2041400
响应:7081b39081b057591da6a8901a96bb23f5ebbf6d86ae95b07395146a9a940833b1ba052e65676c9c4f7d0d86ec55f58a75647736b31895a7d1f439f777abc8866abd9054ebebed31f882fa05d6188da55f9a9ebf346e3a93e9cd0663fddaaa56f55d56ba37f5405804e873edd79fefd9957114e1c6826240b5ff049a0ea221310b1f25d6586863550673f979956de1df27f0bd91bfac6d4aa2b239d290b90a10b6b9f54ac006e3b917e3bb3e87e430ecb1927579fa979000
读取数据
请求:00B2051400
响应:702a9f3201039224be09660a5a008739dcaa90106e2d4e0b99d3996fb7284012c1255c17e2709a52cdb9d7cb9000
获取数据-应用交易计数器
请求:80CA9F3600
响应:6a88
获取数据-上一次在线ATC注册
请求:80CA9F1300
响应:6a88
获取数据-固定尝试计数器
请求:80CA9F1700
响应:9f1701039000
获取数据-日志格式
请求:80CA9F4F00
响应:9f4f119f27019f02065f2a029a039f36029f52069000
GetChallenge
请求:0084000000
响应:6d00
请咨询
对于CDOL的ICC动态编号,在GPO之后,需要向卡颁发内部身份验证.这将为您提供签名的动态应用程序数据(这是在ICC私钥下签名的证书).
以下是您使用ICC公钥打开的您提供的证书的内容.您可以看到ICC动态数据,其长度为08,而 C7C298C8C60E2984 是您的动态编号.干杯,享受!!
关于此操作的完成方式,您需要阅读EMV 4.3规格书2 安全和密钥管理,第6节,脱机动态数据身份验证.学习愉快. 完成后让我知道,并接受此答案
DDA: Signed Dynamic Application Data Verification **************************************** ICC PK Modulus: BC41FF9CEF143DBC67F3FBF9F17565F5C948B0106CFF664BCB54EE935AC5E2119B1879AB1DEF5F456FFB7C21FB30329FADE04E62E749719C7C2920B91E3C459712D296F2A0CB3566AA46C55DBBEA6BEB Signed Dynamic Application Data: 8464F182032BD432F415EC7DDAA3E601526A2B860FCC9785475F8F45F095186E3658BC0A55BCEB2D4C22FBDED8AF82BD81338E38961C5D000DD5A8F99D3EC0C774648534A2B362B55D4B9EE13F204373 ---------------------------------------- Recovered Data: 6A05010908C7C298C8C60E2984BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBF97A677485DC0A64971C54099583FBD0F39870D0BC Data Header: 6A Signed Data Format: 05 Hash Algorithm Indicator: 01 Dynamic Data length: 09 ICC Dynamic Data: 08C7C298C8C60E2984 Pad Pattern: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB Hash Result: F97A677485DC0A64971C54099583FBD0F39870D0 Data Trailer: BC ---------------------------------------- Recovered Data validation: ---------------------------------------- Step 1: Issuer PK Modulus and Signed Static Application Data having the same length: Passed Step 2: Recovered Data Trailer check: Passed Step 3: Recovered Data Header check (0x6A): Passed Step 4: Certificate Format check (0x03): Passed Step 5: Hash Input Data: 05010908C7C298C8C60E2984BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBE153F3E8 Step 6: Hashing Result: F97A677485DC0A64971C54099583FBD0F39870D0 Step 7: Hash Result Comparison: Passed ---------------------------------------- DDA Validation Succeed.
In the case of GETCHALLENGE Request (0084000000) in EMV, we are getting the positive response for VISA\DEBIT card, but for MASTERCARD we are getting the response as 6D00 (Instruction code not supported or invalid).
Here are the sequence of commands that are being executed prior to callling the Get Challenge in the case of MasterCard. The CDOL as you can see has the tag for ICC Dynamic number and when the call for getting the dynamic number by executing the get Challenge command, I get Instruction code not supported error message.
Answer To Reset
Response: 3b6d00000031c071d66419160100849000 Select Payment System Directory
Request : 00A404000E315041592E5359532E444446303100
Response : 6f1a840e315041592e5359532e4444463031a5088801015f2d02656e9000
Read Data
Request : 00B2010c00
Response : 701a61184f07a0000000041010500a4d6173746572436172648701019000
Select application
Request : 00A4040007a000000004101000
Response : 6f278407a0000000041010a51c500a4d6173746572436172648701015f2d02656ebf0c059f4d020b0a9000
Get Processing Options
Request : 80A8000002830000
Response : 770a820238009404100105019000
Internal Authenticate
Request : 0088000004E153F3E800
Response : 77539f4b508464f182032bd432f415ec7ddaa3e601526a2b860fcc9785475f8f45f095186e3658bc0a55bceb2d4c22fbded8af82bd81338e38961c5d000dd5a8f99d3ec0c774648534a2b362b55d4b9ee13f2043739000
Read data Request : 00B2011400
Response : 7081835f25031402015f24031703315a08XXXXXXXXXXXXXXXX5f3401019f0702ff008e10000000000000000042015e0342031f039f0d05b8500408009f0e0500008800009f0f05b8700498008c219f02069f03069f1a0295055f2a029a039c019f37049f35019f45029f4c089f34038d0c910a8a0295059f37049f4c085f280208409f4a01829000
Read data
Request : 00B2021400
Response : 70689f080200025711XXXXXXXXXXXXXXXXd1703201021010792f5f2018XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5f300202019f1f1a30303030303030323130313030303030303739323030303030309f420208409f4401029f49039f37049f4701039000
Read data
Request : 00B2031400
Response : 7081b79f4681b0c507d5fc6f008bf22f04484d0522f9a652df181559a938096558461a6a44a3acc8e1e64fb901a3bd5fa656ea1ec2eb2021d8ddab983aa5362ae0972bb717dc8f852da5a3ad03884c2ef06c4f2a7c56ff9891dd800707665569fb32bb05425c6d5a7461f2a604eb681d659bf052cad311af2b29e8a571a8e93a015814090eb13589e40756b5706e4e5bb75a1734f871aa6e6894f959f020854dfa9bca011340b470e5c45309f91486e7aa882a9109df708f01059000
Read data
Request : 00B2041400
Response : 7081b39081b057591da6a8901a96bb23f5ebbf6d86ae95b07395146a9a940833b1ba052e65676c9c4f7d0d86ec55f58a75647736b31895a7d1f439f777abc8866abd9054ebebed31f882fa05d6188da55f9a9ebf346e3a93e9cd0663fddaaa56f55d56ba37f5405804e873edd79fefd9957114e1c6826240b5ff049a0ea221310b1f25d6586863550673f979956de1df27f0bd91bfac6d4aa2b239d290b90a10b6b9f54ac006e3b917e3bb3e87e430ecb1927579fa979000
Read data
Request : 00B2051400
Response : 702a9f3201039224be09660a5a008739dcaa90106e2d4e0b99d3996fb7284012c1255c17e2709a52cdb9d7cb9000
Get Data - Application Transaction Counter
Request : 80CA9F3600
Response : 6a88
get Data - Last Online ATC Register
Request : 80CA9F1300
Response : 6a88
get data - Pin Try Counter
Request : 80CA9F1700
Response : 9f1701039000
get Data - Log format
Request : 80CA9F4F00
Response : 9f4f119f27019f02065f2a029a039f36029f52069000
GetChallenge
Request : 0084000000
Response : 6d00
Please advice
For ICC Dynamic number for CDOL, After GPO, Internal authenticate need to be issued to the card. This will give you Signed Dynamic Application Data( which is a certificate signed under ICC Private Key ).
Below are the contents of the certificate you provided which I opened using your ICC Public Key. You can see ICC dynamic data of which 08 is the length and C7C298C8C60E2984 is your dynamic number. Cheers, enjoy !!
As to how this is done, you need to read EMV 4.3 Book 2 Security and Key Management Section 6, Offline Dynamic Data Authentication. Happy learning. Let me know once you complete, and accept this answer
DDA: Signed Dynamic Application Data Verification **************************************** ICC PK Modulus: BC41FF9CEF143DBC67F3FBF9F17565F5C948B0106CFF664BCB54EE935AC5E2119B1879AB1DEF5F456FFB7C21FB30329FADE04E62E749719C7C2920B91E3C459712D296F2A0CB3566AA46C55DBBEA6BEB Signed Dynamic Application Data: 8464F182032BD432F415EC7DDAA3E601526A2B860FCC9785475F8F45F095186E3658BC0A55BCEB2D4C22FBDED8AF82BD81338E38961C5D000DD5A8F99D3EC0C774648534A2B362B55D4B9EE13F204373 ---------------------------------------- Recovered Data: 6A05010908C7C298C8C60E2984BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBF97A677485DC0A64971C54099583FBD0F39870D0BC Data Header: 6A Signed Data Format: 05 Hash Algorithm Indicator: 01 Dynamic Data length: 09 ICC Dynamic Data: 08C7C298C8C60E2984 Pad Pattern: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB Hash Result: F97A677485DC0A64971C54099583FBD0F39870D0 Data Trailer: BC ---------------------------------------- Recovered Data validation: ---------------------------------------- Step 1: Issuer PK Modulus and Signed Static Application Data having the same length: Passed Step 2: Recovered Data Trailer check: Passed Step 3: Recovered Data Header check (0x6A): Passed Step 4: Certificate Format check (0x03): Passed Step 5: Hash Input Data: 05010908C7C298C8C60E2984BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBE153F3E8 Step 6: Hashing Result: F97A677485DC0A64971C54099583FBD0F39870D0 Step 7: Hash Result Comparison: Passed ---------------------------------------- DDA Validation Succeed.
这篇关于万事达卡EMV中的GETCHALLENGE问题(6D00)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!