I want to copy the uhf rfid key to the parking gate from the card (double UFH + Mifare 1k) on the UHF sticker on the windshield. The main reason is coverage.
I x-rayed the card and it looks like the UHF system is 'Alien 9662 Higgs 3'. I bought the UHF Keller KL9005S programmer and programmable stickers. I read the EPC memory bank and programmed it on a new sticker.
The effect is that I can hear the reader at the gate trying to read the card (a pic is heard), but the gate does not open.
I am asking you for a hint, what may be wrong. It looks like the card is not locked by password. Maybe the TID memory bank must be the same?
Related
I have card numbers in format like 123456xxxxxx7890. How can i test if it's regular card or any other service like ApplePay/GooglePay/etc?
Just boolean answer yes/no is more than enough for my needs. Is there any logic? Or database?
I've tried to look up at binlist.net service but it doesn't detect it unfortunately (shows wrong banks for 10 card IINs that i have).
we will never know if the card is regular card or applepay /google pay card
applepay/gpay generates a unique card number for each original card and we cannot obtain the original card details from it
I'm trying to detect whether a contactless enabled smartcard or a mobile device equipped with ApplePay, Google Pay, or Samsung Pay was used for a contactless EMV transaction.
I have been researching via the EMV books, and there seems to be a tag 9F6E provides this sort of data:
EMV Book 3 - VISA
EMV Book 4 - MasterCard
Questions:
VISA provides a 4 byte value in the field 9F6E, but I can't find a list of possible values and their meanings anywhere. The EMV book says "out of scope". Is there anyway to reliably convert this to a known form factor?
MasterCard provides data 2 bytes for the form factor, but I'm seeing values that I don't undestand (32 31 ascii = 21). Is there a list of values and meanings somewhere for these?
Is there an easy way to understand if CDCVM has been used for a given contactless transaction, so that I could separate contactless transactions from contactless with CDCVM transactions?
Google Pay is using cloud-based payments while Apple is using an embedded secure element. You can find this tag on 9F6E form factor on Visa. However, it might be different for Master Card or Amex.
To fix this correctly, you might want to check the EMV tag 9F19 which returns to the token requestor ID. Check EMV payment tokenization for this spec. Token requestor ID looks like this:
MasterCard
50110030273 – APPLE_PAY
50120834693 – ANDROID_PAY
50139059239 – SAMSUNG_PAY
Visa
40010030273 – APPLE_PAY
40010075001 – ANDROID_PAY
40010043095 – SAMSUNG_PAY
40010075196 – MICROSOFT_PAY
40010075338 – VISA_CHECKOUT
40010075449 – FACEBOOK
40010075839 – NETFLIX
40010077056 – FITBIT_PAY
40010069887 – GARMIN_PAY
Refer the below documents. You will require Visa Online and MasterCard connect access to get these.
VCPS_2.2 Spec
M/ChipRequirements For Contact and Contactless Spec
check in CVM and CVR inside 9F10
I believe it is also possible to detect if the transaction was performed by a mobile device by using tag 0x82 (Application Interchange Profile). I believe this is a better approach because it will be the same regardless of card brand (as long as the card brand in question followed EMVCo's spec correctly.
Here is a link to EMV Co Contactless Book.
https://www.emvco.com/wp-content/uploads/2017/05/C-4_Kernel_4_v2.6_20160512101635327.pdf
Screenshot Of Desired Table
Check Bit 7 (second most significant bit) of Byte 2 (Rightmost Byte). If it is 1 it came from a mobile device. The Application Interchange profile will always be 2 Bytes.
I'm am currently working on a POS web app, where we use the credit card swipe functionality. I'm planning to use the card reader:
MagTek 21073062 Dynamag Magnesafe Triple Track Magnetic Stripe Swipe Reader with 6' USB Interface Cable, 5V, Black
I tried out swiping the credit card and get my final card data as follows:
"%B4111111111111111^FIRST/LAST^1010000000000000000000000000000?;4111111111111111=11111111111111119080000000000000000?|0600|F8861EC73F7BD2790D4EE2DBB7935B039DE9653DE90D240C1257E225FBB987837B779D29246D9D516A94FE9F770396FE6AD2A5F3312108DF35BB512F4BA22A84FF3BB6CDFC008024|669078686F127D2A0660BBBE6C7BD3F708ED1B42216F41E37F3DCF59DB02C77452337456C9F5141D||61403000|190894CFA8A9E46A350C2E758DC1D83A798980BF5319298583E13DC98C62272C8C732D07B2713B1FACE8DBF6CE16B57C94360610CD6FFE46|B2E15B9061015AA|789A6E205C421D40|9011080B2E15B9004018|1CA3||1000"
Data interpreted to according to Financial Cards
The card number according the response above, the card number is "4111111111111111"(for representation purpose). The problem is the number in the response is not correct. The first 6 digits and the last 4 digits seems to be fine, but the digits(6 in this case) in the middle seems to be incorrect(does not match with the swiped card). This happens to all the cards I swipe. Tried the same card multiple times(to check if hardware problem) , still the same result.
Any help on this issue will be appreciated.Thanks in advance.
So I'm trying to write a small applet which reads a serial number from a smart card using the javax.smartcardio library. Smartcard is connected with bit4id reader, and right now I successfully connect to the smartcard and read basic infos such as ATR and protocol (T=1).
I did some research about it (for example: http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx#table9)
But I'm not getting which specific list of command APDUs should I send to the card to get that serial.
Is there an "easy way" to do that, without reading tons of papers and manuals?
I guess I would need some datasheets to know how data is stored inside the card, right? or can i send some kind of command APDUs to retrieve this info from the card too?
Right now I only receive SW=6986 responses (not valid command)
Any advises, even only on the workflow, would be strongly appreciated!
There is no one way to read a smart cards serial number. "smartcard" is an ISO/IEC standard defined in the 7816 specification. Many industries use this standard like Mobile SIM, Bank Cards and Digital Signature Cards.
The implementation of the standard is different across industry with some industries advancing this basic standard with there own additional APDUs etc. like 3GPP/GSMA standard in the Mobile SIM case or the EMV standard in banking.
Anyhow, assuming that this card is smart-card ISO/IEC 7816 compliant you could possibly assume that it uses file base storage for card data. You could use the "SELECT" command (defined in 7816-4) to try to access all available files and print there information. i.e. files are identified by two bytes like 3F00 you could select from 0000,0001,0002....FFFF then if you get a successful select (status word 90) then read the contents and print it. Doing this you may be able to identify which file has the "serial" then you would only need to read this file going forward.
The above is not "easy" but may be a nice challenge and learning experience.
This is a question purely to satisfy my own curiosity.
Here in Norway it's common for netbanks to use a calculator-like (physical) dongle that all account holders have. You type your personal pin in the dongle and it generates an eight-digit code you can use to login online. The device itself is not connected to the net.
Anyone knows how this system works?
My best guess is that each dongle has a pregenerated sequence of numbers stored. So the login process will fail if you type an already used number or a number that is too far into the future. It probably also relies on an internal clock to generate the numbers. So far none of my programmer peers have been able to answer this question.
[Edit]
In particular I'm curious about how it's done here in Norway.
Take a look here: http://en.wikipedia.org/wiki/Security_token. If you are interested in the algorithms, these might be interesting: http://en.wikipedia.org/wiki/Hash_chain and http://en.wikipedia.org/wiki/HMAC.
TOKENs have very accurate real-time clock, and it is synced with same clock on the auth server. Real time is used as a seed along with your private key and your unique number is generated and verified on the server, that has all the required data.
One major one-time password system is Chip and PIN, in which bank cards are inserted into special, standalone card readers that accept a PIN and output another number as you describe. It is widely deployed in the UK.
Each bank card is a smart card. The card's circuitry is what checks the PIN and generates the one-time password. Cryptographic algorithms that such cards can use include DES, 3DES (Triple DES), RSA, and SHA1.
I recently went overseas and used the dongle there with no problems.
It is a sealed battery powered dongle. One pushes the button and a code number appears.
The only way it could work is that it is time synchronised to the bank.The number that is recruited only lasts for a minute if that.
A random number generator is used to create the stream of numbers recorded in the memory of the device.
It therefore becomes unique for the user and only the bank 'knows' what that random number generator produced for that particular user and dongle.
So there can only be one next number .
If the user makes a mistake, the bank 'knows' they are genuine because the next try is the next sequential number that is in the memory.
If the dongle is stolen the thief also has to have the other login details to reach the account.