EMV Pidion BIP 1300

Question

I'm currently working with PIDION BIP-1300, does anyone have examples of how to retrieve values of a smart card chip?

I'm using C# and BB_EMV.dll... I can't find any documentation...

This is sort of what I'm using:

EMV emv = new EMV();
byte[] DE_5A;
DE_5A = emv.GetData("DE_5A");

All I receive is a byte array full of zeroes.

Thanks in advance!

Answer 1

ok I don't know what BB_EMV is and have never heard of it, but reading EMV data from a smart card is not easy, I'll tell you that now.

First things, you need a good managed library that will let you do APDU level access on the card in question, I use this one : http://www.smartcard-api.com/index.shtml

Once you have that, add a reference to it just as you would any other managed library, there's samples with the kit so I'm not going to go into details using it, it's not to difficult to get your own code running.

I have code, but it's copyright to the client I've written it for so I can't give you it.

Once your in a position to start sending commands to the card, and if it's a card that supports a standard EMV structure, the first thing you'll want to do is select the PSE, there are typically 2 ways of doing this.

1) Use AID selection

From a list of AID (Application ID's) that you are prepared to accept send the following command to the card:

0x00, 0xA4, 0x04, 0x00

Follow this by the AID you wish to select, for VISA Debit this is typically

0xA0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10

This follows the APDU data above as a data block followed by 0x07 (The data Length)

What you should get back is either

0x9000 or 0x6100 (If you get a 61 code it means you have to redo the request with modified parameters, beyond the scope of what I'm writing here)

if you get a 0x9000 in SW1 & SW2 (Card registers) then you have successfully selected that AID and are ready to make EMV calls to it.

2) Use the DDF Name to select the required payment application, essentially you use the standard card select commands to select "1PAY.SYS.DDF01" if it's a contact chip & pin or "2PAY.SYS.DDF02" if it contactless this is known as selecting using the PPSE.

Once you have a payment app selected, you then need to read the processing opts from the card, this will tell you some info about what's available and where to look.

This is done by issuing a read GPO command that looks like the following:

0x80, 0xA8, 0x00, 0x00, 0x83, 0x00

This will return a TLV structure which you'll have to parse for the details.

TLV is a very simple concept, your data stream is divided into 3 groups a

TAG

LENGTH

and

VALUE

hence TLV,

TLV Tags can be variable length between 1 and 3 bytes long, typically though you never see greater than 2 bytes. If your first byte anded with 0x1F is greater than 31, (that is bits 6 or 7 are set) then you have a 16 bit tag, in which case you need to take the byte you just received shift it left by 8 bits, then add the next byte in the sequence.

Like wise with the next byte if anding it by 128 gives you 128 then you have a 2 byte length between 1 and 15 bits, once you have the TAG and Length the next length remaining bytes are the payload.

That payload can be nested, in fact you will most likely find TLV structures within TLV structures so a good recursive parser will need to be written.

After you've parsed the data from the GPO object, you can then use this to find the actual card data, this is where you start to read things like the PAN and track2 equivalent data please note however that while there are standards in place not all of them are 100% identical. Most cards have a custom data area, also note that PIN & CVV numbers are NOT available directly from the card, instead what you will find is that in most cases there will be an encrypted PIN or CVV block, this is designed to be sent to the issuing back along with the appropriate certificate from the card , the issuer will then report if the pin entered was correct.

Some cards can do offline PIN verification however, wolfgang rankels site is full of great information of some of the various standard functions and data calls that are available, mostly on GSM Sim cards but he does cover EMV too you can find his site here :

http://www.wrankl.de/

There's a HUGE amount more to this subject than I've described here, this is just the tip of the iceberg, however since you posted this over 6 months ago I'm guessing you've possibly made some headway on your own by now, if not then I hope this helps.