From a99a52f5a64c2676e3d0fa70caa2e76e51742c9d Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 8 Apr 2021 17:58:25 +0300 Subject: [PATCH 1/2] check CDA SDAD present --- client/src/emv/cmdemv.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/client/src/emv/cmdemv.c b/client/src/emv/cmdemv.c index 08f9435fd..83f268f57 100644 --- a/client/src/emv/cmdemv.c +++ b/client/src/emv/cmdemv.c @@ -1143,9 +1143,13 @@ static int CmdEMVExec(const char *Cmd) { // CDA PrintAndLogEx(NORMAL, "\n* CDA:"); struct tlvdb *ac_tlv = tlvdb_parse_multi(buf, len); - res = trCDA(tlvRoot, ac_tlv, pdol_data_tlv, cdol_data_tlv); - if (res) { - PrintAndLogEx(NORMAL, "CDA error (%d)", res); + if (tlvdb_get(ac_tlv, 0x9f4b, NULL)) { + res = trCDA(tlvRoot, ac_tlv, pdol_data_tlv, cdol_data_tlv); + if (res) { + PrintAndLogEx(NORMAL, "CDA error (%d)", res); + } + } else { + PrintAndLogEx(NORMAL, "\n* Signed Dynamic Application Data (0x9f4b) not present"); } free(ac_tlv); From 2f634923bb584765e0cd2d39318943f03caab50a Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 8 Apr 2021 17:59:47 +0300 Subject: [PATCH 2/2] if SSAD present before check it (A@Pay) --- client/src/emv/emv_pki.c | 2 +- client/src/emv/emvcore.c | 26 +++++++++++++++----------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/client/src/emv/emv_pki.c b/client/src/emv/emv_pki.c index f06a5ea69..456e2960a 100644 --- a/client/src/emv/emv_pki.c +++ b/client/src/emv/emv_pki.c @@ -349,7 +349,7 @@ unsigned char *emv_pki_sdatl_fill(const struct tlvdb *db, size_t *sdatl_len) { } struct tlvdb *emv_pki_recover_dac_ex(const struct emv_pk *enc_pk, const struct tlvdb *db, const struct tlv *sda_tlv, bool showData) { - size_t data_len; + size_t data_len = 0; // Static Data Authentication Tag List size_t sdatl_len; diff --git a/client/src/emv/emvcore.c b/client/src/emv/emvcore.c index 5a8236595..6e3767546 100644 --- a/client/src/emv/emvcore.c +++ b/client/src/emv/emvcore.c @@ -970,17 +970,21 @@ int trCDA(struct tlvdb *tlv, struct tlvdb *ac_tlv, struct tlv *pdol_data_tlv, st sprint_hex(icc_pk->serial, 3) ); - struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv); - if (dac_db) { - const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL); - PrintAndLogEx(SUCCESS, "SSAD verified (%s) (%02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]); - tlvdb_add(tlv, dac_db); - } else { - PrintAndLogEx(ERR, "Error: SSAD verify error"); - emv_pk_free(pk); - emv_pk_free(issuer_pk); - emv_pk_free(icc_pk); - return 4; + // Signed Static Application Data (SSAD) check + const struct tlv *ssad_tlv = tlvdb_get(tlv, 0x93, NULL); + if (ssad_tlv && ssad_tlv->len > 1) { + struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv); + if (dac_db) { + const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL); + PrintAndLogEx(SUCCESS, "Signed Static Application Data (SSAD) verified (%s) (%02hhx:%02hhx)", _GREEN_("ok"), dac_tlv->value[0], dac_tlv->value[1]); + tlvdb_add(tlv, dac_db); + } else { + PrintAndLogEx(ERR, "Error: Signed Static Application Data (SSAD) verify error"); + emv_pk_free(pk); + emv_pk_free(issuer_pk); + emv_pk_free(icc_pk); + return 4; + } } PrintAndLogEx(INFO, "* * Check Signed Dynamic Application Data (SDAD)");