- Card: Raiffeisen Debit Card from 2017
- Tangenerator: Gemalto CardTan
- PIN: 00000
- Generated TAN: 2879410
- Standard: CAP-HHD
?->? 80
Unknown meaning, seemingly random.
C->T 3bbf11008131fe45455041000000008381231900000000c9
ATR: 3B BF 11 00 81 31 FE 45 45 50 41 00 00 00 00 83 81 23 19 00 00 00 00 C9
+ TS = 3B --> Direct Convention
+ T0 = BF, Y(1): 1011, K: 15 (historical bytes)
TA(1) = 11 --> Fi=372, Di=1, 372 cycles/ETU
10752 bits/s at 4 MHz, fMax for Fi = 5 MHz => 13440 bits/s
TB(1) = 00 --> VPP is not electrically connected
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
TA(3) = FE --> IFSC: 254
TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: 45 50 41 00 00 00 00 83 81 23 19 00 00 00 00
Category indicator byte: 45 (proprietary format)
+ TCK = C9 (correct checksum)
Change IFSD buffer size to 0xFE.
T->C 00c101 fe 3e
Acknowledge by card.
C->T 00e101 fe 1e
SELECT FILE by AID a0000000048002.
T->C 00000d 00a4040007a000000004800200 8c
SELECT FILE Response
C->T 000017 6f138407a0000000048002a50850064d43204341509000 d9
6f 13 File Control Information (FCI) Template
84 07 Dedicated File (DF) Name
a0000000048002
a5 08 File Control Information (FCI) Proprietary Template
50 06 Application Label
4d4320434150 "MC CAP"
90 00 Issuer Public Key Certificate
After the EB-Pin is entered, the card is reset and everything is done again.
?->? 00
C->T 3bbf11008131fe45455041000000008381231900000000c9
T->C 00c101 fe 3e
C->T 00e101 fe 1e
T->C 00000d 00a4040007a000000004800200 8c
C->T 000017 6f138407a0000000048002a50850064d43204341509000 d9
GET PROCESSING OPTIONS
T->C 004008 80a8000002830000 e1
80a8 GET PROCESSING OPTIONS
00 P1
00 P2
02 Length
8300 Data
00 Lc
GET PROCESSING OPTIONS Response
C->T 00400e 770a820200009404180101009000 ab
77 0a Reponse Message Template Format 2
82 02 Application Interchange Profile
0000
94 04 Application File Locator (AFL)
18010100
90 00 Issuer Public Key Certificate
READ RECORD
T->C 000005 00b2011c00 aa
READ RECORD Response
C->T 00005a 70565a0a4682144119109281446f5f3401018e0a000000000000000000008c1b9f02069f03069f1a0295055f2a029a039c019f37049f35019f34038d0991088a0295059f37049f5501009f560b00007fffff0000000000009000 29
70 56 EMV Proprietary Template
5a 0a Application Primary Account Number (PAN)
4682144119109281446f (Card number in BCD, replaced by an example)
5f34 01 Application Primary Account Number (PAN) Sequence Number
01
8e 0a Cardholder Verification Method (CVM) List
00000000000000000000
8c 1b Card Risk Management Data Object List 1 (CDOL1)
9f02069f03069f1a0295055f2a029a039c019f37049f35019f3403
8d 09 Card Risk Management Data Object List 2 (CDOL2)
91088a0295059f3704
9f55 01 Unknown Tag
00
9f56 0b Tan Bitmask
00007fffff000000000000
90 00 Issuer Public Key Certificate
CDOL1 Contents
9f02 06 Amount, Authorised (Numeric)
9f03 06 Amount, Other (Numeric)
9f1a 02 Terminal Country Code
95 05 Terminal Verification Results
5f2a 02 Transaction Currency Code
9a 03 Transaction Date
9c 01 Transaction Type
9f37 04 Unpredictable Number
9f35 01 Terminal Type
9f34 03 Cardholder Verification Method (CVM) Results
CDOL2 Contents
91 08 Issuer Authentication Data
8a 02 Authorisation Response Code
95 05 Terminal Verification Results
9f37 04 Unpredictable Number
GENERATE AC for 99a4c7ec41e7235549133d6f5cf868676348f27eae4e022a645f8e5b263e8bda00
How this hash is computed is still unknown.
T->C 004027 80ae00002199a4c7ec41e7235549133d6f5cf868676348f27eae4e022a645f8e5b263e8bda0000 c5
AC Response
C->T 00403b 77379f2701009f3602002b9f2608efb20b35cad3c9649f10200fa502000000000000000000000000000f7e00000000000000000000000000009000 82
77 37 Response Message Template Format 2
9f27 01 Cryptogram Information Data
00
9f36 02 Application Transaction Counter (ATC)
002b
9f26 08 Application Cryptogram
efb20b35cad3c964
9f10 20 Issuer Application Data
0fa502000000000000000000000000000f7e0000000000000000000000000000
90 00 Issuer Public Key Certificate
Pick bits from the Cryptogram data according to bitmask and convert them to decimal
00002befb20b35cad3c964
00007fffff000000000000
Tan: 2befb2 -> 2879410
- It's 256bit + 00, I could not confirm my guess of SHA256
- The value is always the same for the same input, no counter or random value gets introduced, only constants.
- The value does not even change between different cards.