How to find MDK MAC (EMV)? - apdu

I work on EMV since a while, I develop an application to pass specific emv apdu commands. It's already OK for some commands like select application, generate application cryptogram... The problem concern apdu who need Message Authentication Code, more precisely the master derivation key. My question is in three parts but, feel free to answer one that inspires you :
Can I calculate, derivate or find the MDK by any way ? Which one ?
Is that MDK MAC the same as MDK AC ? If yes, can I find MDK AC from an ARQC or TC ?
Any other advice for MACing ?
PS : I'm not a native English speaker, please be indulgent.

All information about key and key managment you could find in Book 2 - Security and Key Management.
MDK - from Visa terminology Master Derivation Key. MasterCard calls them differently. Master Derivation Key - key which is stored in issuer bank hsm. From this MDK key and card PAN number hsm derives card master keys unique for each card. Unique card master keys consists of 3 main (or some times 4) keys: AC, MAC, DEC. This keys are stored on card. From each key card derives session key for each operation, so all session keys will be unique to.
Can I calculate, derivate or find the MDK by any way ? Which one ?
No chance. Only for test cards, if you will independently personolise you own card with your own MDK key, for personal uses/experiments.
Is that MDK MAC the same as MDK AC ?
Different
If yes, can I find MDK AC from an ARQC or TC ?
No chance

Related

Contactless Payments: Detect Mobile Device or Card

I'm trying to detect whether a contactless enabled smartcard or a mobile device equipped with ApplePay, Google Pay, or Samsung Pay was used for a contactless EMV transaction.
I have been researching via the EMV books, and there seems to be a tag 9F6E provides this sort of data:
EMV Book 3 - VISA
EMV Book 4 - MasterCard
Questions:
VISA provides a 4 byte value in the field 9F6E, but I can't find a list of possible values and their meanings anywhere. The EMV book says "out of scope". Is there anyway to reliably convert this to a known form factor?
MasterCard provides data 2 bytes for the form factor, but I'm seeing values that I don't undestand (32 31 ascii = 21). Is there a list of values and meanings somewhere for these?
Is there an easy way to understand if CDCVM has been used for a given contactless transaction, so that I could separate contactless transactions from contactless with CDCVM transactions?
Google Pay is using cloud-based payments while Apple is using an embedded secure element. You can find this tag on 9F6E form factor on Visa. However, it might be different for Master Card or Amex.
To fix this correctly, you might want to check the EMV tag 9F19 which returns to the token requestor ID. Check EMV payment tokenization for this spec. Token requestor ID looks like this:
MasterCard
50110030273 – APPLE_PAY
50120834693 – ANDROID_PAY
50139059239 – SAMSUNG_PAY
Visa
40010030273 – APPLE_PAY
40010075001 – ANDROID_PAY
40010043095 – SAMSUNG_PAY
40010075196 – MICROSOFT_PAY
40010075338 – VISA_CHECKOUT
40010075449 – FACEBOOK
40010075839 – NETFLIX
40010077056 – FITBIT_PAY
40010069887 – GARMIN_PAY
Refer the below documents. You will require Visa Online and MasterCard connect access to get these.
VCPS_2.2 Spec
M/ChipRequirements For Contact and Contactless Spec
check in CVM and CVR inside 9F10
I believe it is also possible to detect if the transaction was performed by a mobile device by using tag 0x82 (Application Interchange Profile). I believe this is a better approach because it will be the same regardless of card brand (as long as the card brand in question followed EMVCo's spec correctly.
Here is a link to EMV Co Contactless Book.
https://www.emvco.com/wp-content/uploads/2017/05/C-4_Kernel_4_v2.6_20160512101635327.pdf
Screenshot Of Desired Table
Check Bit 7 (second most significant bit) of Byte 2 (Rightmost Byte). If it is 1 it came from a mobile device. The Application Interchange profile will always be 2 Bytes.

Device generates special code for web authentication

My teachers use a small device, with a press on the only button the device shows a code of numbers.
When they want to change my grades they login to the school system using this code.
NO I DO NOT WANT TO HACK IT ;)
I'd like to know how this sort of code is generated and afterwards how it is authenticated?
Sounds like the device is used for two factor authentication.
RSA makes one type of these devices. Here is a link to more information on it: RSA SecurID
#Mart Haarman, The SecurID is not based on time. It used 128 bit RSA algorithm, has a seed value which is a random generated number embedded in the device and mapped to the device serial number.

How does Bluetooth pairing work?

How exactly does Bluetooth paring work? What is communicated between each device during the pairing process?
I was told if you had device-A wanting to pair with device-B:
A sends a 'unique key' to device B on some wavelength/frequency
B returns an 'echo' back to A, and hence the devices pair.
+-----+ key +-----+
| | ----> | |
| A | | B |
| | <---- | |
+-----+ echoed +-----+
This seems to be inaccurate, so would anyone be able to either expand further or actually explain how/what is communicated to result in a successful pairing of the devices?
I was thinking of incorporating some of this research into a final year project (University), but would at least need to know the something of the Bluetooth programming pairing first.
Any help would be much appreciated in describing how these initial communications work.
I've heard of terms such as 'parked mode', and 'passive mode' within my research, but am yet to find any 'useful' information in the programming behind the design, (and hence I have asked this question). The likes of googling this type of topic is also quite difficult as it seems to bring up stuff like 'how to turn your bluetooth on' pages, and not the design of the programming behind it.
Bluetooth Secure Simple Pairing uses Elliptic Curve Diffie Hellman (ECDH) public key cryptography with approximately 95 bits of entropy using the FIPS approved P192 elliptic curve.
E:y2=x3 +ax+b(modp)
The following parameters are given:
The prime modulus p, order r, base point x-coordinate Gx, base point y- coordinate Gy.
The integers p and r are given in decimal form; bit strings and field elements are given in hex.
p = 6277101735386680763835789423207666416083908700390324961279
r = 6277101735386680763835789423176059013767194773182842284081
b = 64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1
Gx = 188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012
Gy = 07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811
There are five phases of Secure Simple Pairing:
1. Public key exchange
Each device generates its own Elliptic Curve Diffie-Hellman (ECDH) public-private key pair.
2. Authentication Stage 1
1 of 3 protocol options is chosen by the connecting devices based on the IO capabilities of the two devices. These are:
Numeric Comparison,
Out-of-Band,
Passkey Entry
3. Authentication Stage 2
Each device confirms that both devices have successfully completed the exchange as stipulated by which of protocol was chosen and used in the previous step.
4. Link key calculation
A link key is computed from the derived shared key and the publicly exchanged data. This is the numeric code shown to the user.
5. LMP Authentication and Encryption
The encryption keys are generated. The devices are successfully connected.
Further Reading:
Bluetooth user Interface Flow Diagrams for Bluetooth Secure Simple Pairing Devices (PDF)
Bluetooth Core Complete Specification v4.0 vol0 (ZIP/PDF)
the core specification is 138 pages and to fully answer your question would take at least 20 so to fully answer your question you'll need to read the references
A trusted relationship is established between the devices using a numerical password, commonly referred to as a passkey. Depending on how often one Bluetooth device connects to another, the user might opt to have the passkey saved for future connection attempts or prompt to enter the passkey each time the devices request communication with each other.
Read more : http://www.ehow.com/how-does_4964578_bluetooth-pairing-work.html
For two devices to have the ability to pair, they must share the same bluetooth profile. The following is from the official Bluetooth website:
Pairing devices
Not all Bluetooth enabled devices are designed to be paired. Logically, there's no reason to connect a wireless mouse to a wireless headset. You should be able to pair a Bluetooth enabled headset to a Bluetooth enabled phone, or a Bluetooth enabled mouse to a Bluetooth enabled computer.
If you're not sure whether the two devices you want to connect are designed to be paired with each other, make sure their Bluetooth profiles match.

Getting SIM ID or any Unique Number Using J2ME

I am writing an application that run only that user's phone. If the phone is stolen, application will never work anytime. For this scenario, I must used IMEI and SIM number but I develop application on SDK 60 2nd edition. So getting these numbers is not easy.
I used Bluetooth ID instead of IMEI, but I could not found any specific ID instead of SIM number. If any suggestion have been, I' d be glad. Thanks...
There are some examples on how to accomplish this with the IMEI in different phone manufacturers:
http://mobilepit.com/10/how-to-get-imei-number-in-j2me-javame.html
Seems like there's no "universal" method for any of those. In S60 (I guess this is what you mean by 'SDK 60') the appropiate code is:
System.getProperty("phone.imei");
For IMSI I think you have to get the operators signing, but you could use:
System.getProperty("com.nokia.mid.imsi");

How do netbank login dongles work?

This is a question purely to satisfy my own curiosity.
Here in Norway it's common for netbanks to use a calculator-like (physical) dongle that all account holders have. You type your personal pin in the dongle and it generates an eight-digit code you can use to login online. The device itself is not connected to the net.
Anyone knows how this system works?
My best guess is that each dongle has a pregenerated sequence of numbers stored. So the login process will fail if you type an already used number or a number that is too far into the future. It probably also relies on an internal clock to generate the numbers. So far none of my programmer peers have been able to answer this question.
[Edit]
In particular I'm curious about how it's done here in Norway.
Take a look here: http://en.wikipedia.org/wiki/Security_token. If you are interested in the algorithms, these might be interesting: http://en.wikipedia.org/wiki/Hash_chain and http://en.wikipedia.org/wiki/HMAC.
TOKENs have very accurate real-time clock, and it is synced with same clock on the auth server. Real time is used as a seed along with your private key and your unique number is generated and verified on the server, that has all the required data.
One major one-time password system is Chip and PIN, in which bank cards are inserted into special, standalone card readers that accept a PIN and output another number as you describe. It is widely deployed in the UK.
Each bank card is a smart card. The card's circuitry is what checks the PIN and generates the one-time password. Cryptographic algorithms that such cards can use include DES, 3DES (Triple DES), RSA, and SHA1.
I recently went overseas and used the dongle there with no problems.
It is a sealed battery powered dongle. One pushes the button and a code number appears.
The only way it could work is that it is time synchronised to the bank.The number that is recruited only lasts for a minute if that.
A random number generator is used to create the stream of numbers recorded in the memory of the device.
It therefore becomes unique for the user and only the bank 'knows' what that random number generator produced for that particular user and dongle.
So there can only be one next number .
If the user makes a mistake, the bank 'knows' they are genuine because the next try is the next sequential number that is in the memory.
If the dongle is stolen the thief also has to have the other login details to reach the account.

Resources