Guide


The purpose of this guide is to study contactless payment technology using the MasterCard PayPass example. In order to start your experiments you need equipment. We will use arduino nano and the module for this board is pn532.

This module on the pn532 chip can be found at different prices, so I saw on AliExpress I ordered from $ 3 and they did not work. I ordered them and for $ 5 on the same Ali and they did not work. They worked on ordinary cards but did not see bank cards. The Chinese do them poorly and sometimes they put the wrong chips at all, and they overwritten the marking on purpose. This Link On original elechouse boards, they are now just selling for $ 14.

This image has an empty alt attribute; its file name is 251b2835a7b0.jpg


When everything is on hand, we begin the assembly: (if something does not work, check the assembly)

[Arduino]==[PN532]
gnd=====>gnd
vcc=====>vcc
d13=====>sck
d12=====> miso
d11=====>mosi
d10=====>ss


After connecting, we switch the module itself into the desired mode, using the switch:

We check this: download from the off site Arduino IDE and use the CTRL + SHIFT + I key combination and go to the library manager. Then in the search we drive in PN532 and the first library link from Adafruit is ours. Download it:
(well, or download the version from the github, and select the menu item install library from zip)

In the IDE, create a new project and open a test example: file -> examples -> Adafruit PN532 -> iso14443a_uid

Further from above and before the start of the void setup (void) function, we erase everything and paste this:

#include <Wire.h>
#include <SPI.h>
#include <Adafruit_PN532.h>
#define PN532_SCK (13)
#define PN532_MOSI (11)
#define PN532_SS (10)
#define PN532_MISO (12)
Adafruit_PN532 nfc(PN532_SCK, PN532_MISO, PN532_MOSI, PN532_SS);



It turns out the final test sketch: https://pastebin.com/rBaHEHSr

With this sketch, we flash the arduin! We open the port monitor, set the speed there to 115200 baud and apply any bank card with support for contactless payment. If you see four bytes that the card returned to you in response – congratulations, we are working on

We read the number and exp in the card – let’s go:
The card and terminal communicate with teams. APDU commands are just a set of bytes where each byte means something, a complicated topic is more clear: https://habr.com/ru/post/367241/

First of all, we (and we position ourselves as a terminal in the store) give the ATR command to the card, but this is too low level, and the library is done for us))
Therefore, the first thing we try to read is the file that is present on all cards called 2PAY.SYS.DDF01, we send the command to read the file to the card
What are these bytes and what do they mean? I don’t really want to explain. We go to the site [url] https://javacardos.com/tools/apdu-parser [/url] drive these bytes, press PARSE and get in details for each byte of information.


We sent commands, and the card answered us:

70 81 A6 57 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 76 80 00 00 44 1F 5A 08 53 21 30 02 81 06 25 59 5F 24 03 22 07 31 5F 25 03 17 04 01 5F 28 02 06 43 5F 34 01 00 8C 27 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34 03 9F 21 03 9F 7C 14 8D 0C 91 0A 8A 02 95 05 9F 37 04 9F 4C 08 8E 0E 00 00 00 00 00 00


Enter the site https://www.emvlab.org/tlvutils/ reply answer on card and press send
From all that we see, the application identifier interests us ( Application Identifier (AID) – card == A0000000041010) which, we will launch the next step.


Send command to the card:

00 A4 04 00 07 A0 00 00 00 04 10 10 00

Get answer:

6F 39 84 07 A0 00 00 00 04 10 10 A5 2E 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 5F 2D 04 72 75 65 6E BF 0C 15 9F 5D 03 01 00 00 9F 4D 02 0B 0A 9F 6E 07 06 43 00 00 00 00 00 00 00


What gives an answer there? Firstly, we made sure that the card is really MC, and secondly, we immediately see the currency in which the card is transacted. Tag 9F6E stores this number: 06430000000000 is the international ruble code.

ATTENTION: never work on Russia, in this example the ru card is taken as it was ordered for drop, the rest of the cards are all mine and I won’t shoot their numbers!

If you read all the parts of the EMV Book, you should know that we are very lucky, because you can send an empty PDOL to the master card when GET PROCESSING OPTIONS is requested, which we do:

Send:

00 A4 04 00 07 A0 00 00 00 04 10 10 00


We get the answer:

6F 39 84 07 A0 00 00 00 04 10 10 A5 2E 50 0A 4D 61 73 74 65 72 43 61 72 64 87 01 01 5F 2D 04 72 75 65 6E BF 0C 15 9F 5D 03 01 00 00 9F 4D 02 0B 0A 9F 6E 07 06 43 00 00 00 00 00 00 00



This is still not a card number, but we are already very close)
In this answer we got Application File Locator (AFL). This is the information about the SFI range of records:

[SFI] [Start] [End] [Number of records]
[08] [01] [01] [00]
[10] [02] [06] [01]



In our example, the first group has 1 entry and the second 6.
The five most significant bits of our actual group [0] (non-left element, that is, the first) contain SFI.
Therefore, we make a logical shift to the right to get SFI, that is, we had it here: 08 01 01 00, we took the first byte, and logically shifted it by three positions: uint8_t SFI = array [0] >> 3; , and then uint8_t P2 = SFI << 3 | 0b00000100; I’m not guilty that this is so strange, but the guys from the mastercard came up with this. I will leave the working code at the bottom of the article for your home study. In the meantime, we form the request commands for reading and send them one by one to the card:

00 B2 01 0C 00
00 B2 02 14 00
00 B2 03 14 00
00 B2 04 14 00
00 B2 05 14 00
00 B2 06 14 00



I will say that the entries there are very large, so it is necessary to increase the size of the buffer on the arduino: we will find the library file Adafruit_PN532.cpp, there we will find the line #define PN532_PACKBUFFSIZ 64, and change 64 to 128. I won’t lie, I didn’t do it, but I’m adding it after writing the article, therefore, in the article the answer of the card is not complete, and not because I was mistaken or hiding something well, even this answer is enough for us to see the treasured figures.

One of our queries gave the result:
Send:

00 B2 02 14 00



Get:

70 81 A6 57 13 53 21 30 02 81 06 25 59 D2 20 72 01 12 76 80 00 00 44 1F 5A 08 53 21 30 02 81 06 25 59 5F 24 03 22 07 31 5F 25 03 17 04 01 5F 28 02 06 43 5F 34 01 00 8C 27 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34 03 9F 21 03 9F 7C 14 8D 0C 91 0A 8A 02 95 05 9F 37 04 9F 4C 08 8E 0E 00 00 00 00 00 00





According to tradition, we insert the response of the card in https://www.emvlab.org/tlvutils/ and see:


As promised here is the full code that will help you understand the architecture in more detail: https://pastebin.com/MQb4Hvrz the code contains instructions for the MIR card to show that EMV is the same for everyone and the MIR is no exception … there are no exceptions, everyone works on the same protocol that is described in detail. This code also uses the library to work with the #include “ASOLED.h” display, if you do not use it, simply delete or comment out each line where the library is used.

https://www.youtube.com/watch?v=z8j78F9OFa8

Perhaps the light will be seen in the second part of the article where we will get acquainted with effective techniques and learn how to pay for a limit with a PIN card without a PIN code!