Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Using a chip card reader mfrс522 for VISA paywave. where to find documentation on work with records?
->26 (REQA)
<-0400
->9320
<-B81900AA0B
->9370B81900AA0B (SELECT CARD)
<-28
<-E050 (RATS)
->137880820280318066B0840C016E0183009000
<-0200A4040007A0000000031010 (SELECT VISA)
->026F318407A0000000031010A526.....900000 (55 byte)
<-0300B2010C (read record 1)
->13704D57134402......43000 (63 bytes)
<-A2 (continue read???)
->0230303030.........900000 (22 byte)
If the command 0хA2 - continue reading to learn how to give it or not?
in another device I use chip pn531. 0xA2 command was intercepted when pn531 read record 1
pn531 chip joined 2 pieces (63byte and 22 byte) and gave them one piece.
RATS comand I do not ask to send pn531. he decided to send this command
Can I ask you what is the way you logged data ? Snoop with pm3 ? Those "green" bytes seems the header of the incapsulated apdus (CLA INS P1 P2 P3)...
I think there is a problem in the arrows you used:
-> sent to the card
<- received from the card
like:
->26 (REQA)
<-0400
What we have next:
<-E050 (RATS)
->137880820280318066B0840C016E0183009000
E050 is sent by the card to the reader ?
EDIT: no Iceman, the status byte are 2 bytes at the end of the string (ex. 90 00) called also SW1 and SW2.
Ex: ->137880820280318066B0840C016E0183009000
Last edited by asper (2015-03-06 18:09:24)
" 0x02, 0x03, 0x0A, 0x0B...this is the Protocol Control Byte (called PCB), comes from ISO14443-4, in the Prologue field, indicates if the block is I, R or S, and if chaining is being used" from forum http://e2e.ti.com/
The next question is where to get the Standard ISO14443-4 )))
to Asper: Can I ask you what is the way you logged data ? Snoop with pm3 ? Those "green" bytes seems the header of the incapsulated apdus (CLA INS P1 P2 P3)...
I use "Saleae Logic - 8-Channel USB Logic Analyzer"
with the direction of the arrow I really made a mistake...
answers from cards get from the buffer circuit MFRC522
Hasn't Peter Fillmore a branch filled with all EMV functions for Visa and Mastercard? https://github.com/peterfillmore/proxmark3
The figure illustrates how the string "0123456789ABCDEF" transferred from the card to the reader, if the reader is limited budffer 7 bytes. In fact, the first constraint = 16 bytes (See previous picture)