1

I am trying to a Dynamic Data Authentication (DDA). But when I sent the INTERNAL AUTHENTICATE I got 6985 responds. I am not sure What I am doing wrong.

This are my APDU commands and responds.

send:00A404000E325041592E5359532E444446303100 resp:6F5B840E325041592E5359532E4444463031A549BF0C4661224F07A0000000031010500A5649534120444542495487010142034741655F5502555361204F07A00000009808405008555320444542495487010242034741655F550255539000

send:00A4040007A000000003101000 resp:6F4F8407A0000000031010A544500A564953412044454249548701019F38189F66049F02069F03069F1A0295055F2A029A039C019F37045F2D02656EBF0C129F5A0511084008405F5502555342034741659000

send:80A800002383212700400000000000000300000000000008400000000000084022121000E153F3E800 resp:7781E7820220009408080606001001030057134242424242424242D22010110000000718001F5F200F43415244484F4C4445522F564953415F3401009F100706061203A000009F260855C7CDB65C5FEFE09F2701809F360201289F4B8180FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5C9810BE00EBEB933E55312CDA041DCA6BCAB1E537A854799E0E157ABB03C8FB1AC6F197EDA255D7205B195A226CB1FBD5A6E826329BA61D003C95625FD073660F3C55CEEEF26F670A49681834A138B0CB1C14BC534775190BC9D44FE9C4DA6D75BCC2D0BBCC24675CC4C857549238DCB59F6C0200009F6E04207000009000

send:0088000004E153F3E800 resp:6985

Card should respond with a certificate containing that random number encrypted under ICC private key

Nifim
  • 4,758
  • 2
  • 12
  • 31
mysaes_jgo
  • 11
  • 2

1 Answers1

3

You are very wrong about what the card is supposed to do.

What you already have in the response to GPO is signed data and instead of issuing internal authenticate you should be recovering the keys to verify the signature.

You are dealing with a card that supports fDDA, not DDA and therefore are looking at incorrect standard. Please refer to documentation of contactless kernel 3 (EMV CL Book C-3) for fDDA.

If you are indeed implementing DDA, you should be testing it over contact interface and referring to EMV Book 2 and Book 3 for details as you have not implemented the process of recovering keys (you skipped AFL processing).

Michal Gluchowski
  • 1,197
  • 8
  • 16
  • Hi. Michael. I already read the records using the AFL processing, Recovery the keys and verify signature with Visa/MasterCard PublicKey. Indeed, the device is only Contactless, I will read more about FDDA. Thank you. – mysaes_jgo Dec 12 '22 at 19:27
  • Hi Michal, do you have some good references wrt Integrated Data Storage – Adarsh Nanu Dec 22 '22 at 12:08
  • @AdarshNanu Unfortunately, it's a rarely used function. Nothing from live use - just stuff that is a part of certification scenarios – Michal Gluchowski Dec 22 '22 at 12:23
  • just saw that on Savvy( a certification tool from Fime ) and wanted to read more on it. Thanks for the quick reply. – Adarsh Nanu Dec 22 '22 at 12:35
  • @Giann please read kernel 3 specs as a whole to understand when ODA happens - it may be optional for many cases and in your case you have a declined transaction. I would suggest also to remove your card number from the comment. – Michal Gluchowski May 24 '23 at 18:19