EMV 皮迪恩 BIP 1300
我目前正在使用 PIDION BIP-1300,有人有如何检索智能卡芯片值的示例吗?
我正在使用 C# 和 BB_EMV.dll...我找不到任何文档...
这就是我正在使用的内容:
EMV emv = new EMV();
byte[] DE_5A;
DE_5A = emv.GetData("DE_5A");
我收到的只是一个充满零的字节数组。
提前致谢!
I'm currently working with PIDION BIP-1300, does anyone have examples of how to retrieve values of a smart card chip?
I'm using C# and BB_EMV.dll... I can't find any documentation...
This is sort of what I'm using:
EMV emv = new EMV();
byte[] DE_5A;
DE_5A = emv.GetData("DE_5A");
All I receive is a byte array full of zeroes.
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我不知道 BB_EMV 是什么,也从未听说过,但是从智能卡读取 EMV 数据并不容易,我现在告诉你。
首先,您需要一个良好的托管库,它可以让您对相关卡进行 APDU 级别访问,我使用这个: http://www.smartcard-api.com/index.shtml
一旦你有了它,就像添加任何其他托管库一样添加对它的引用,该套件中有示例,所以我我不会详细介绍它的使用方法,让您自己的代码运行并不困难。
我有代码,但它的版权归我为其编写的客户所有,所以我不能给你。
一旦您能够开始向卡发送命令,并且如果它是支持标准 EMV 结构的卡,您要做的第一件事就是选择 PSE,通常有 2 种方法可以执行此操作。
1) 使用 AID 选择
从您准备接受的 AID(应用程序 ID)列表中,向卡发送以下命令:
0x00、0xA4、0x04、0x00
后面是您要选择的 AID,对于 VISA 借记卡,这是通常为
0xA0、0x00、0x00、0x00、0x03、0x10、0x10
这上面的 APDU 数据作为数据块,后跟 0x07(数据长度),
您应该返回的是
0x9000 或 0x6100(如果您得到 61 代码,则意味着您必须使用修改后的参数重做请求,超出了范围我在这里写的)
如果你在 SW1 & 中得到 0x9000 SW2(卡寄存器)则您已成功选择该 AID 并准备好对其进行 EMV 调用。
2) 使用DDF名称选择所需的支付应用程序,本质上您使用标准卡选择命令来选择“1PAY.SYS.DDF01”(如果它是接触式芯片和卡)。引脚或“2PAY.SYS.DDF02”(如果是非接触式)这称为使用 PPSE 选择。
选择支付应用程序后,您需要从卡中读取处理选项,这将告诉您一些有关可用内容和在何处查找的信息。
这是通过发出如下所示的读取 GPO 命令来完成的:
0x80、0xA8、0x00、0x00、0x83、0x00
这将返回一个 TLV 结构,您必须解析该结构以获取详细信息。
TLV 是一个非常简单的概念,您的数据流分为 3 组,
即TAG
LENGTH
和
VALUE,
因此 TLV、
TLV 标签的长度可以在 1 到 3 个字节之间变化,但通常情况下您不会看到超过 2 个字节。如果您的第一个字节与 0x1F 大于 31(即设置了位 6 或 7),则您有一个 16 位标记,在这种情况下,您需要将刚刚收到的字节左移 8 位,然后添加序列中的下一个字节。
与下一个字节类似,如果将其乘以 128 得到 128,那么您就有 1 到 15 位之间的 2 个字节长度,一旦您有了 TAG 和长度,下一个长度的剩余字节就是有效负载。
该有效负载可以嵌套,事实上您很可能会在 TLV 结构中找到 TLV 结构,因此需要编写一个好的递归解析器。
解析 GPO 对象中的数据后,您可以使用它来查找实际的卡数据,这是您开始读取 PAN 和 track2 等效数据之类的内容的地方,但请注意,虽然有适当的标准,但不它们都是 100% 相同的。大多数卡都有自定义数据区域,另请注意 PIN 码和密码。 CVV 号码不能直接从卡中获得,相反,您会发现在大多数情况下会有一个加密的 PIN 或 CVV 块,其设计目的是与卡中的相应证书一起发送回发卡机构,然后,发行人将报告输入的密码是否正确。
有些卡可以进行离线 PIN 验证,但是,wolfgang rankels 网站充满了一些可用的各种标准功能和数据调用的重要信息,主要是在 GSM Sim 卡上,但他也涵盖了 EMV,您可以在这里找到他的网站:
< a href="http://www.wrankl.de/" rel="nofollow">http://www.wrankl.de/
这个主题的内容比我在这里描述的要多得多,这只是冰山一角冰山,但是自从您在 6 个多月前发布此内容以来,我猜您现在可能已经自己取得了一些进展,如果没有,那么我希望这会有所帮助。
ok I don't know what BB_EMV is and have never heard of it, but reading EMV data from a smart card is not easy, I'll tell you that now.
First things, you need a good managed library that will let you do APDU level access on the card in question, I use this one : http://www.smartcard-api.com/index.shtml
Once you have that, add a reference to it just as you would any other managed library, there's samples with the kit so I'm not going to go into details using it, it's not to difficult to get your own code running.
I have code, but it's copyright to the client I've written it for so I can't give you it.
Once your in a position to start sending commands to the card, and if it's a card that supports a standard EMV structure, the first thing you'll want to do is select the PSE, there are typically 2 ways of doing this.
1) Use AID selection
From a list of AID (Application ID's) that you are prepared to accept send the following command to the card:
0x00, 0xA4, 0x04, 0x00
Follow this by the AID you wish to select, for VISA Debit this is typically
0xA0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10
This follows the APDU data above as a data block followed by 0x07 (The data Length)
What you should get back is either
0x9000 or 0x6100 (If you get a 61 code it means you have to redo the request with modified parameters, beyond the scope of what I'm writing here)
if you get a 0x9000 in SW1 & SW2 (Card registers) then you have successfully selected that AID and are ready to make EMV calls to it.
2) Use the DDF Name to select the required payment application, essentially you use the standard card select commands to select "1PAY.SYS.DDF01" if it's a contact chip & pin or "2PAY.SYS.DDF02" if it contactless this is known as selecting using the PPSE.
Once you have a payment app selected, you then need to read the processing opts from the card, this will tell you some info about what's available and where to look.
This is done by issuing a read GPO command that looks like the following:
0x80, 0xA8, 0x00, 0x00, 0x83, 0x00
This will return a TLV structure which you'll have to parse for the details.
TLV is a very simple concept, your data stream is divided into 3 groups a
TAG
LENGTH
and
VALUE
hence TLV,
TLV Tags can be variable length between 1 and 3 bytes long, typically though you never see greater than 2 bytes. If your first byte anded with 0x1F is greater than 31, (that is bits 6 or 7 are set) then you have a 16 bit tag, in which case you need to take the byte you just received shift it left by 8 bits, then add the next byte in the sequence.
Like wise with the next byte if anding it by 128 gives you 128 then you have a 2 byte length between 1 and 15 bits, once you have the TAG and Length the next length remaining bytes are the payload.
That payload can be nested, in fact you will most likely find TLV structures within TLV structures so a good recursive parser will need to be written.
After you've parsed the data from the GPO object, you can then use this to find the actual card data, this is where you start to read things like the PAN and track2 equivalent data please note however that while there are standards in place not all of them are 100% identical. Most cards have a custom data area, also note that PIN & CVV numbers are NOT available directly from the card, instead what you will find is that in most cases there will be an encrypted PIN or CVV block, this is designed to be sent to the issuing back along with the appropriate certificate from the card , the issuer will then report if the pin entered was correct.
Some cards can do offline PIN verification however, wolfgang rankels site is full of great information of some of the various standard functions and data calls that are available, mostly on GSM Sim cards but he does cover EMV too you can find his site here :
http://www.wrankl.de/
There's a HUGE amount more to this subject than I've described here, this is just the tip of the iceberg, however since you posted this over 6 months ago I'm guessing you've possibly made some headway on your own by now, if not then I hope this helps.