reading apple pay token using a ACR122 NFC reader

Question

I have a ACR122 NFC reader and trying to see if I can read the token generated by Apple Pay. Below is some code in Java I am trying but only returns a 4 alpha numeric character every time. The Apple Pay iphone senses the nfc reader - are there specific apdu commands I need to send to retrieve the token?

import java.io.*;
import java.util.*;
import javax.smartcardio.*;

public class CardTest {

  final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();

  public static String bytesToHex(byte[] bytes) {
    char[] hexChars = new char[bytes.length * 2];
    int v;
    for ( int j = 0; j < bytes.length; j++ ) {
      v = bytes[j] & 0xFF;
      hexChars[j * 2] = hexArray[v >>> 4];
      hexChars[j * 2 + 1] = hexArray[v & 0x0F];
    }
    return new String(hexChars);
  }

  public static void main(String[] args) throws Exception {
    TerminalFactory factory = TerminalFactory.getInstance("PC/SC", null);
    System.out.println(factory);

    List<CardTerminal> terminals = factory.terminals().list();
    System.out.println("Terminals: " + terminals);
    if (terminals.isEmpty()) {
      throw new Exception("No card terminals available");
    }

    CardTerminal terminal = terminals.get(0);

    // Keep looping looking for cards until the application is closed
    while( true )
    {
      terminal.waitForCardPresent( 0 );
      try {
        Card card = terminal.connect("*");
        CardChannel channel = card.getBasicChannel();

        CommandAPDU command = new CommandAPDU(new byte[]{(byte)0xFF,(byte)0xCA,(byte)0x00,(byte)0x00,(byte)0x04});
        ResponseAPDU response = channel.transmit(command);

        byte[] byteArray = response.getBytes();
        System.out.println( bytesToHex( byteArray ) );
        Thread.sleep(1000);
      } catch (CardException e) {
        e.printStackTrace();
      }
    }
  }
}

Answer 1

The command that you issue

FF CA 00 00 04

will get you the anti-collision identifier (or actually the first 4 bytes of it if it had more than 4 bytes) of the smartcard (secure element) of the iPhone.

Apple Pay (over the contactless interface) implements the EMV standard for contactless payment cards. Thus in order to communicate with that contactless EMV payment card, you would need to implement that protocol.

Btw. don't think of the payment token as a string of bytes. Its far more than that. An EMV payment token can be

• a temporary payment "card" (limited to single/limited time/limited number of transactions use) that consists of a temporary "credit card number" (etc.) and a key that is used to generate a transaction authorization (-> this is typically used in HCE applications, eg Google Wallet)

• a permanent payment card (separate, but fixed credit card number, validity period, secret key, etc.) that is used to authorize payments that are later deducted from a linked credit card (-> this seems to be used with Apple Pay -- and was also used with secure element based Google Wallet).