0

I'm building an EMV relay to educate myself on the protocol, but have hit a roadblock with the GET PROCESSING OPTIONS (GPO) command. Both SELECT(PPSE) and SELECT(AID) pass through fine, but my connection to the card times-out when I transceive a GPO command.

This happens both with a PN532 chip on an Arduino and Terminal Emulation on Android using the inbuild NFC chip.

I thought that the card might have some anti-relay system that is detecting the latency added by my relay, however a Proxmark sniffing a real transaction also failed to record any command-response pairs after the GPO command was issued, however the payment went through so (presumably) more packets were sent.

What could happen to my Visa Debit card after the issuing of the GPO command that means the card both entirely fails to respond to ISO-14443 compliant chips, that also hides any further communication from a proxmark, while still enabling communication to a real payment terminal?

NotSean
  • 3
  • 1
  • by 'failed to record any command-response pairs after the GPO command was issued, however the payment went through', does it mean you received the GPO response. If you, did you parse the response? Did it carry AFL and ARQC? If it carried ARQC and no AFL then there is no other command expected to be sent to card. – Adarsh Nanu Mar 05 '22 at 14:59
  • @AdarshNanu Sorry if it's not clear. To clarify, I used the proxmark to listen to a real transaction between a card (Lloyds Visa Debit) and a payment terminal (Zettle). The payment 'went through' as in the payment terminal took money out of my account, but the proxmark did not sniff any packets sent between the card and the terminal after GPO. – NotSean Mar 06 '22 at 19:25
  • Thanks, awaiting response on the remaining two questions. – Adarsh Nanu Mar 08 '22 at 06:17
  • @AdarshNanu Apologies if this is still unclear, to clarify again we received the command GPO, but not the response to GPO. The last data sent between either the card or the terminal was the GPO command, after which the card sent no data back. Therefore I was unable to parse the GPO response, because I did not receive it on any of the three methods, and so the other two questions are unanswerable because we did not receive the GPO response. – NotSean Mar 08 '22 at 16:00

0 Answers0