1

we want to read public data (like BIC, IBAN, PAN) from German EC cards. We use the contactless interface. For some cards, the response of the "select 1PAY.SYS.DDF01" APDU, contains the information we want to read. But for some other cards this information is not present.

In Detail, in a first step we select the 1PAY.SYS.DDF01 application:

00 A4 04 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00

In the case that the response APDU contains the needed information, the response look like this:

0A 00 6F 46 84 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 34 88 01 05 5F 2D 04 64 65 65 6E BF 0C 27 5F 54 0B 57 45 4C 41 44 45 44 31 4D 4F 4C 5F 53 16 44 45 39 33 31 37 30 35 34 30 34 30 30 30 30 30 30 30 30 30 30 30 90 00

From this response we can extract the BIC and parts of the IBAN (the so called Bankleitzahl).

But for some cards, the response APDU looks like this:

0A 00 6F 1C 84 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 0A 88 01 05 5F 2D 04 64 65 65 6E 90 00

The question is, what further steps have to be taken in the second case?

ThomasK
  • 11
  • 4

1 Answers1

1

You question probably isn't best suited for SO, but I'll still try to help you somehow. Sorry, but I'm not familiar with German standards, but I assume it's EMV based.

First, you should rather select AID of PPSE instead of PSE when doing it over contactless interface. In PPSE response there should be templates containing directory entries with AIDs of apps available in the card. The PSE serves similar purpose but you have a reference to SFI containing directory of applications. You retrieve entries using Read Record.

For contact and PSE method it is described in EMV Book 1. For contactless PPSE method, refer to Book B.

That will handle the part where you at least know the right AID that you should select. What happens next is usually more scheme specific and you should base it on some documentation.

Michal Gluchowski
  • 1,197
  • 8
  • 16