Decrypt method for EMV Software

Tracing the data exchange with the card.

The “Personalization” button is designed to start the process by which you can check the correctness of the personalization of the payment application according to the card issue task (a file with data for personalization of the EMV application) formed by the personalization data preparation subsystem from the input data of the issuing bank’s back office.

The use of this function is limited primarily by the fact that to verify the correct personalization of the payment application, an XMLfile is required, prepared by the OpenWay personalization subsystem (Way4 Smart Card Perso) for an external person bureau. The testing complex does not work with the personalization subsystems of other providers of personal solutions.
In addition, the full verification of personalization is carried out only for the PayCORN payment application. For other types of payment applications, only partial verification can be performed.

Information

When you click the “Information” button, a window with generalized information about the last checked card is displayed on the screen. A fragment of such information is shown. The following data is provided:

general information about the card and the payment application
the result of executing the GET PROCESSING OPTIONS command
data read from the payment application files
data read using the GET DATA command
some additional data about the payment application.

The generalized information about the last checked card can be viewed and saved in the current program directory in a file named Card Info. x. y, where x is the date and y is the time when the file was created.

It is necessary to pay attention to the fact that the generalized information is just a sample of the data that is presented in the protocol, the results of checking the payment application.

If no payment application has been processed yet, then no information is displayed.

Study

The “Research” button initiates the verification process of the specified payment application located on the installed card. Before you start analyzing the payment application, you need to do the following.

Determine how the payment application will be searched on the card. It is possible to set the application type.

Install the verification environment of the payment application (set the parameters of the terminal, transaction and emulation of online processing).

Select the smart card reader in which the card with the application being checked will be installed.

Install the card with the application being checked in the selected device.

After clicking the “Research” button, the payment application is checked automatically and no actions are required from the user anymore.

Applications

that chapter contains information of a reference nature that can help in understanding the capabilities of the ECV testing complex and avoid certain errors when checking payment applications. References to this information are present in other chapters
of the document, but only in this chapter they are presented and explained in full.
This chapter describes some cryptographic algorithms that are used by the card, the terminal and the issuer. All these algorithms are described in detail in the EMV specifications. The algorithms are given here, as they were mentioned in the text of the document and are common for all payment applications. The description of the algorithms can only be used for reference and should not be used for other purposes. When describing cryptographic methods, the following conventions are used.

To determine the data encryption operation using the Triple DES algorithm, the designation is used: 3DESECB (Data, K) – data encryption on the key K in ECB mode.

The following notation is used to define data encryption and decryption operations using the RSA algorithm:

RSARPUB (Sign, Kp) – recovery of data from the Sign signature on the Kp public key (i.e. decryption of data on the public key)

RSASPRV (Data, Ks) – obtaining the signature of Data data on the secret key of Ks (i.e. encrypting data on the secret key)

Master Key Diversification

When entering the keys of the payment application, there are three methods for converting the entered keys into the keys of the payment application:

key diversification (transformation) is not performed key
diversification by option A
key diversification by option B
In the last two cases, it is considered that the issuer’s master keys are defined as keys, which should be diversified into the keys of the payment application.

This section describes the algorithm for diversifying the issuer’s master key (IMK) using PAN (Primary Account Number) and PAN Sequence Number. As a result of this diversification, the CMK key is calculated, which is unique for the payment application. In accordance with the document ” EMV. Integrated Circuit Card Specifications for Payment Systems. Book 2. Security and Key Management. Version 4.2. June 2008 ” the issuer can use two options to diversify the master key-option A and option B.

The diversification process includes the following steps.

If the PAN contains more than 16 decimal digits and the B key diversification option is used, then the transition to step 2 is performed. Otherwise, the PAN Sequence Number digits are located behind the PAN decimal digits (if the PAN Sequence Number is not specified, then a zero byte is used instead). If the result X contains less than 16 digits, then it is padded with zeros on the left to get an 8-byte number Y. When the result X contains at least 16 digits, the 8-byte number Y represents the 16 rightmost digits of the result X. The transition to step 3 is performed.
If the PAN contains an odd number of digits, then it is padded with a zero on the left. Then, after the decimal digits of PAN, the digits of PAN Sequence Number are placed (if PAN Sequence Number is not specified, then a zero byte is used instead). The hash function of the received value is calculated using the SHA-1 algorithm, as a result of which a 20-byte result X will be obtained. Then the first 16 decimal digits from the result X are selected to get the 8-byte number Y. If there are not enough decimal digits in the number Y, the hexadecimal digits of X are converted to decimal by subtracting 10. For example, if X = ‘1230ABCD567842D4B179F2CA345D6789A17B64BB’, then the value Y = ‘1230567842417923’ (the first 16 decimal digits of the result X).

If X = ‘1B3CABCDD6E8FAD4B1CDF2CAD4FDC78FA17B6EBB’, then
Y = ‘1368412478176’. To these decimal digits is then added the result of converting the hexadecimal digits ‘120’ (derived from ‘B’, ‘ C ‘ and ‘A’) and the number Y = ‘1368412478176120’.
The CMK key is calculated as the result of performing the following operations: Z1 = 3DESECB (Y, IMK)
Z2 = 3DESECB (Y ⊕ 0xffffffffffffff, IMK) CMK = Z1 || Z2
Thus, option A of the master key diversification is a subset of option B. The issuer can use any of the options, since they are absolutely equivalent. Of course, option A is easier to implement, and option B is more advanced.

Restoring the issuer’s public key

For a number of actions with the payment application (performing offline data authentication, presenting an encrypted PIN code), the terminal must have a public card key. To obtain the card’s public key from the payment application data, the terminal must first restore the issuer’s public key from the issuer’s public key certificate signed on the Certificate Authority (CA) secret key. The following is the algorithm of this process.
The terminal performs the following steps to verify the issuer’s public key certificate.

Checks the length of the issuer’s public key certificate (it must be equal to the length of the CA Nca public key module).

Decrypts the issuer’s public key certificate on the CA Public key (Pca) using the RSARPUB (Certificate, Pca) formula. The decrypted certificate must have the following format.

Offset Length Content
0 1 Certificate header (0x6A).

1 1 Format ID (0x02)
2 4 Issuer ID (from 3 to 8 of the leftmost digits of PAN, supplemented, if necessary, with hexadecimal digits F on the right)
6 2 Certificate expiration date (n4 in the form of MMYY)
8 3 Serial number of the certificate
11 1 Hash algorithm ID (0x01-SHA1)
12 1 ID of the certificate generation algorithm
(0x01 – RSA)
13 1 Length of the issuer’s public key module (Ni)
14 1 Length of the issuer’s public key exponent (1 3)
15 Nca – 36 The highest (leftmost) bytes of the issuer’s public key module1
Nca 21 20 Hash function value for the issuer’s public key and related information
Nca 1 1 Certificate Termination ID (0xBC)

1 If Ni <= Nca 36, then the certificate contains the entire module of the issuer’s public key, supplemented on the right with 0xBB bytes (the number of bytes of the supplement is equal to Nca Ni 36). Otherwise, the certificate contains the Nca of the 36 highest bytes of the issuer’s public key module (the remainder of the issuer’s public key is entered in the Issuer Public Key Remainder object).

Checks the certificate end ID (must be equal to 0xBC), the certificate header (must be equal to 0x6A) and the format ID (must be equal to 0x02).

Gets the value of the hash function using the SHA1 algorithm for concatenating the following data elements:

format ID (0x02)
issuer ID
certificate expiration date certificate
serial number
hash algorithm ID (0x01)
certificate generation algorithm ID (0x01)
issuer public key module length (Ni)
issuer public key exponent length (1-3)
the issuer’s public key module (the highest bytes of the issuer’s public key module from the certificate, followed by the lowest bytes of the module from the Issuer Public Key Remainder data object received from the card, or the issuer’s public key module from the certificate, supplemented on the right with 0xBB bytes, if the entire module fits in the certificate)
of the issuer’s public key exponent
Compares the received hash function value with the value defined in the certificate.

Checks that the issuer’s identifier corresponds to the first digits of the PAN (it is taken into account that the issuer’s identifier can contain from 3 to 8 leftmost digits of the PAN, supplemented, if necessary, with hexadecimal digits F on the right).

Checks that the certificate has not expired.

Checks the ID of the certificate generation algorithm (must be equal to 0x01)

If any of the listed checks are not performed, it is considered that the card authentication failed. Otherwise, the public key certificate is valid and the issuer’s public key module is extracted from the certificate or obtained by concatenating the highest bytes of the issuer’s public key module from the certificate and the lowest bytes of the module from the Issuer’s Public Key Remainder data object.

Restoring the card’s public key

To perform offline data authentication and present an encrypted PIN code, the terminal must restore the card’s public key from the card’s public key certificate signed on the issuer’s secret key. This requires the issuer’s public key. The procedure for restoring the issuer’s public key is described in detail in the previous section. After restoring the issuer’s public key, the terminal restores the card’s public key using its certificate. The terminal performs the following steps to verify the card’s public key certificate.
Checks the length of the card’s public key certificate (it must be equal to the length of the issuer’s public key module – Ni).

Decrypts the card’s public key certificate on the issuer’s public key (Pi) using the RSARPUB (Certificate, Pi) formula. The decrypted certificate must have the following format.

Offset Length Content
0 1 Certificate header (0x6A).

1 1 Format ID (0x04)
2 10 Application PAN (supplemented on the right with hexadecimal digits F)
12 2 Certificate expiration date (n4 in the form of MMYY)
14 3 Serial number of the certificate
17 1 Hash algorithm ID (0x01-SHA1)
18 1 ID of the certificate generation algorithm
(0x01 – RSA)
19 1 Length of the card’s Public Key Module (Nic)
20 1 The length of the exponent of the public key of the card (1-3)
21 Ni 42 The highest (leftmost) bytes of the card’s public key module1
Ni 21 20 Hash function value for the public key of the card and related information
Ni 1 1 Certificate End ID (0xBC)

1 If Nic <= Ni 42, then the certificate contains the entire public key module of the card, supplemented on the right with 0xBB bytes (the number of bytes of the complement is Ni Nic 42). Otherwise, the certificate contains the Ni 42 highest bytes of the card’s public key module (the remainder of the card’s public key is entered in the ICC Public Key Remainder object)

Checks the certificate end ID (must be equal to 0xBC), the certificate header (must be equal to 0x6A) and the format ID (must be equal to 0x04).

Gets the value of the hash function using the SHA1 algorithm for concatenating the following data elements:

format ID (0x02)
Application PAN
certificate expiration date certificate
serial number
hash algorithm ID (0x01)
certificate generation algorithm ID (0x01)
card public key module length (Nic)
card public key exponent length (1-3)
module public key card (high bytes of the module public key from a certificate card, followed by low-order bytes of module data object ICC Public Key Remainder received from the card or module public key from a certificate card, right-padded with bytes 0xBB, if the module is placed in the certificate)
the exponent of the public key card
static data that needs to be authenticated (can be omitted)

The static data that must be authenticated is determined by the elements of the AFL list (Application File Locator) in the order in which they appear in the AFL list and are read by the terminal. The data included in the authentication process depends on the Short File Identifier (SFI) of the file from which the records are read.
for files with SFI in the range from 1 to 10, the record tag (70) and the record length are excluded from the authentication process. All other data elements from the record are included.

for files with SFI in the range from 11 to 30, the record tag (70) and the record length, as well as other data elements, are included in the authentication process.

After all the elements defined by the AFL are included in the static information that must be authenticated, the Static Data Authentication Tag List is processed, if it is defined in the data read by the terminal by the READ RECORD command. The Static Data Authentication Tag List, if specified, can only contain a tag for the Application Interchange Profile (AIP). Thus, if the Static Data Authentication Tag List data element is defined, the AIP value is entered at the end of the static data that must be authenticated (the tag and the length of the AIP are not included).
Compares the received hash function value with the value defined in the certificate.

Verifies that the Application PAN defined in the certificate matches the Application PAN received from the payment application.

Checks that the certificate has not expired.

Checks the ID of the certificate generation algorithm (must be equal to 0x01)

If any of the listed checks are not performed, it is considered that offline data authentication has failed. Otherwise, the public key certificate is valid and the card’s public key module is extracted from the certificate or obtained by concatenating the higher bytes of the card’s public key module from the certificate and the lower bytes of the module from the ICC Public Key Remainder data object.

The CDA method

The method of offline data authentication, which is called CDA (Combined Data Authentication), is now the most common for card products. This is the most complex of the offline authentication methods, and therefore the analysis of a payment application using the CDA method can cause difficulties. In this regard, a description of the operations that the card and the terminal must perform in order to provide offline data authentication using the CDA method is provided.
The CDA signature (the certificate provided in the Signed Dynamic Application Data object) is generated by the card according to a certain algorithm. During the certificate generation process, the following actions are performed.

First, the Signed Dynamic Application Data certificate data is generated. The data is represented as a fixed-length field, the size of which is equal to the length of the card key (Nic). The field has the following format.

Offset Length Content
0 1 Certificate header (0x6A).

1 1 Format ID (0x05)
2 1 Hash algorithm ID (0x01-SHA1)
3 1 The length of dynamic data in bytes (38). In the table, dynamic data is highlighted in color.
4 1 Length of ICC Dynamic Number (8)
5 8 ICC Dynamic Number
13 1 Cryptogram Information Data (CID)
14 8 Cryptogram (TC or ARQC)
22 20 Transaction Data Hash Code
42 Nic 63 Bytes with the value 0xBB
Nic 21 20 Dynamic Application Data Hash
Nic 1 1 Certificate End ID (0xBC)

It is necessary to give some explanations to the data elements used by the payment application to generate the certificate.

ICC Dynamic Number is a cryptographic function of the value
ATC, which is determined by the developer of the payment application.

Transaction Data Hash Code – the value of the hash function according to the SHA1 algorithm for concatenating the following data elements:

the values of the elements specified in PDOL1
values of the elements specified in CDOL1
values of the elements specified in CDOL2 (only for the second GENERATE AC command – this field is omitted for the first GENERATE AC command)

Cryptogram Information Data object with tag 9F27 and length 1, ATC object with tag 9F36 and length 2, Issuer Application Data object with tag 9F10 and length 322

Dynamic Application Data Hash-the value of the hash function according to the SHA1 algorithm for concatenating the following data elements:

format ID (0x05)
hash algorithm ID (0x01)
dynamic data length in bytes (38)
dynamic data
bytes with the value 0xBB (Nic length 63)
4-byte random number of the terminal transmitted to the card in the CDOL1 or CDOL2 list

The prepared data is signed (encrypted) on the card’s secret key (the ICC-Sicc Private Key) according to the RSASPRV (Data, Sicc) formula, as a result of which a Signed Dynamic Application Data certificate is formed.

The terminal, having received the Signed Dynamic Application Data from the card certificate, performs the following steps to verify the provided certificate (card authentication).

Checks the length of the provided certificate (it must be equal to the length of the ICC-Nic Public Key module).

Decrypts the certificate on the card’s public key (the ICC Public Key Picc) according to the formula RSARPUB (Certificate, Picc).

1 If the PDOL list is not used, the field should be omitted.
2 These are the objects that are returned in response to the GENERATE AC command in the order in which they are presented in the response (with the exception of the Signed Dynamic Application Data object).

Checks the certificate end ID (must be equal to 0xBC), the certificate header (must be equal to 0x6A) and the format ID (must be equal to 0x05).

Compares the Cryptogram Information Data from the certificate with the value
The cryptogram information data returned by the command GENERATE an alternating current.

Calculates the Dynamic Hash of the application data using the same algorithm as the card, and compares the resulting value with the value defined in the certificate.

Calculates the hash code of the transaction data using the same algorithm as the card, and compares the resulting value with the value defined in the certificate.

If any of the listed checks are not performed, it is considered that the card authentication failed.

Example of the protocol

This section provides an example of a protocol for investigating a payment application that meets the MasterCard specifications. It is recommended to pay attention to the following features of the study:

the transaction was completed in contact mode
offline authentication of card data using the CDA method was successfully completed

the verification method of the cardholder “Presentation of PINkoga for transfer to the issuer” was performed, since the presentation of the PIN code to the card failed due to an incorrect PIN code value

the commands have been issued to you data for obtaining information about the objects of the payment application

the first GENERATE AC command returned the ARQC cryptogram and an online processing emulation was performed

a second command was issued to GENERATE an ALTERNATING CURRENT to complete the transaction.

A study of the installed card with a payment application was initiated. During the analysis of the card, the following parameters will be used:
terminal type: 22
Was present, offline with the ability to connect to the Internet
Operational control provided by the Seller
terminal features:
The ability to enter data from the card: Magnetic stripe, chip with contacts
CVM Capability: Plaintext PIN for ICC verification, Encrypted PIN for online verification, Signature (paper), Encrypted PIN for offline verification, CVM is not allowed
Security features: SDA, DDA, CDA
Advanced terminal features:
Transaction type capability: Products, Services, Request, Administrative
The ability to enter transaction data: Numeric keys, Function keys
Ability to output transaction data: Print (maintainer), Display (maintainer)
Code table: 5 (Latin/Cyrillic)
the country, which is located in terminal: United States
the parameters of the risk management procedures of the terminal (Control Terminal Risk):
the maximum value of the payment amount in offline mode (Lower limit of the terminal): 1000.00
the target percentage to be used in the procedure at random for online processing: 20
the threshold value of the payment amount for a biased choice, used in the procedure at random for online processing: 500.00
the maximum target percentage of biased selection used in the random transaction selection procedure for online processing: 60
transaction type: 00 (purchase of goods or services)
payment transaction amount: 20.00
other amount (cashback amount): 0.00
payment transaction currency: USD
transaction date: 12.02.2019
transaction time: 20: 07: 37

When checking the payment card, the following mandatory steps and optional actions planned by the user are performed.
Initial analysis of the installed card.
ATR cards: 3B 6E 00 00 80 31 80 66 B0 84 0C 01 6E 01 83 00 90 00
The contact mode
protocol is assumed: T0
Installing the verified payment application as the current application on the card (the operation with which any payment transaction begins).
a cold reset of the card is performed to eliminate the side effects of previous actions
installing the current application using the select command
the following data is received in response to the command: 6F 33 84 07 A0 00 00 00 04 10 10 A5 28 50 0A 4D 61 73 74 65 72 43 61 72 64 5F 2D 04 72 75 65 6E
87 01 01 BF 0C 0F 9F 4D 02 0B 0A 9F 6E 07 06 43
00 00 30 30 00
interpretation of the obtained TLV structure:
6F. 51 FCI template
84.7 Name of the Selected File
A5. 40 Proprietary template FCI
50.10

Application label 5F2D.4 Language preferences
87.1 Application priority indicator
BF0C.15 Discretionary data of the Issuer FCI
9F4D.2 Log entry
9F6E.7 Third
-Party data the data received in response to the SELECT command (FCI analysis of the payment application)
is analyzed the following objects were found in the FCI of the payment application that can be used when processing a transaction:
Highlighted File Name: A0000000041010
Application label: 4D617374657243617264 “MasterCard”
Application Priority Indicator: 01
Language preferences: 7275656E “ruen”
Log entry: 0B0A

Data of third parties: 06430000303000
Country code: 0643
The unique identifier assigned to MasterCard: 0000
Device type: “00” (card)
Own data: 30
The payment application will be processed in accordance with the specifications and MasterCard
Getting the values of payment application objects defined in the general EMV specifications and detailed payment application specifications (using the GET DATA command).
issuing the GET DATA command to get the value of the Application Transaction Counter (ATC)object
the value object payment applications not obtained (the object is missing in the payment application)
issue commands to the DATA to obtain the value of the object is the Last Online ATC register
the value object payment applications not obtained (the object is missing in the payment application)
issue commands to the DATA to obtain the value of the object of the attempt Counter input PIN
the execution time: 16 msec
the value of the object is retained for further processing
the results of the team RECEIVING DATA to obtain the value of the object log Format
the execution time: 46 msec
the value of the object is retained for further processing
issue commands to the DATA to obtain the value of the object Code for the Card Issuer to Reject
the execution time: 31 msec
the value of the object is retained for further processing
issue commands to the DATA to obtain the value of the object Code for the Card Issuer – default
the execution time: 31 msec
the value of the object is retained for further processing
issue commands to the DATA to obtain the value of the object Code for the Card Issuer – Online
the execution time: 31 msec
the value of the object is saved for further processing
issuing the command GETTING DATA to get the value of the object Counters
command execution time: 31 ms
the value of the object is saved for further processing
issuing the command GETTING DATA to get the value of the object Length of data associated with
CDOL1 command execution time: 32 ms
the value of the object is saved for further processing

issuing a command GETTING DATA to get the object value Risk management Cards Country code
command execution time: 32 msec
the object value is saved for further processing
the results of the team RECEIVING DATA to obtain the value of the object risk Management Card currency Code
the execution time: 31 msec
the value of the object is retained for further processing
issue commands to the DATA to obtain the value of the object to Reduce the Total Amount of Autonomous Transactions
the execution time: 31 msec
the value of the object is retained for further processing
the results of the team RECEIVING DATA to obtain the value of the object to Top the Total Amount of Autonomous Transactions
the execution time: 31 msec
the value of the object is retained for further processing
issuing the command GETTING DATA to get the object value Card Issuer action code (Contactless) – By default
, the command execution time: 31 msec
the object value is saved for further processing
issuing the command GET DATA to get the object value Card Issuer action code (Contactless) – Online
command execution time: 31 msec
the object value is saved for further processing
issuing the command TO GET DATA to get the object value Card Issuer action code (Contactless) – Reject
command execution time: 31 msec
the value of the object is retained for further processing
issue commands to the DATA to obtain the value of the object table currency translation
the execution time: 62 msec
the value of the object is retained for further processing
issue commands to the DATA to obtain the value of an object Additional Checklist
the execution time: 47 msec
the value of the object is retained for further processing
the results of the team RECEIVING DATA to obtain the value of the object Management applications
the execution time: 31 msec
the value of the object is retained for further processing
issuing the command GETTING DATA to get the object value ARPC response code by default
command execution time: 32 msec
the object value is saved for further processing

issuing a command GETTING DATA to get the object value Application management (Contactless)
command execution time: 31 msec
the object value is saved for further processing
issuing a command GETTING DATA to get the object value Lower Sequential Offline limit
command execution time: 31 msec
the object value is saved for further processing
the results of the team RECEIVING DATA to obtain the value of the object’s Upper Consecutive Offline limit
the execution time: 31 msec
the value of the object is retained for further processing
the results of the team RECEIVING DATA to obtain the value of the object Autonomous balance
the value object payment applications not obtained (the object is not available in this context)
the results of the team RECEIVING DATA to obtain the value of the object DOLLARS for data recovery
the value object payment applications not obtained (the object is missing in the payment application)
issuing a command GETTING DATA to get the object value Application lifecycle data
command execution time: 79 ms
the object value is saved for further processing
issuing a command GETTING DATA to get the object value Security restrictions status
command execution time: 31 ms
the object value is saved for further processing
Checking and interpreting the values of the payment application objects read using the GET DATA command.
analysis of data received from the payment application
Input attempt counter: 3 (03)
Log format: 9F27019F02065F2A029A039F36029F5206
9F27. 1 Cryptogram Information Data (CID)
9F02.6 The Amount Approved (numeric)
5F2A.2 Transaction Currency Code
9A. 3

Transaction date 9F36.2 Application Transaction Counter (ATC)
9F52. 6 Card Verification Results (CVR)
Card issuer’s action code-Deviation: 000000
The Card Issuer’s action code is by default: 195000
Offline PIN verification failed
The limit of attempts to enter the Pin code has been exceeded

The terminal mistakenly believes that the offline PIN is ok
The upper sequential autonomous limit has been exceeded
The upper cumulative autonomous limit has been exceeded
Card Issuer Action Code-Online: 39FB00
Offline PIN verification is not performed
Offline PIN verification failed
The limit of attempts to enter the Pin code has been exceeded
The terminal mistakenly believes that the offline PIN is ok
The lower sequential offline limit has been exceeded
The upper sequential autonomous limit has been exceeded
The lower cumulative autonomous limit has been exceeded
The upper cumulative autonomous limit has been exceeded
The Internet connection was established at the next transaction
The script was received
Script failure
Counters: 00380000000000000000
Arrival time: 0038
Global MAC in the Scenario Counter: 0
Bad Cryptogram Counter: 0
Length of data associated with CDOL1: 43 (2B)
Risk management by cards Country Code: 0643
Risk management on Cards Currency code: 0643
Smaller Aggregate Amount Of An Offline Transaction: 1500.00
Top Cumulative Offline Transaction Amount: 1600.00
The card issuer’s action code (Contactless) – By default: 005800
The upper sequential autonomous limit has been exceeded
The upper cumulative autonomous limit has been exceeded
The Internet connection was established at the next transaction
Card Issuer’s Action Code (Contactless) – Online: 00F800
The lower sequential offline limit has been exceeded
The upper sequential autonomous limit has been exceeded
The lower cumulative autonomous limit has been exceeded
The upper cumulative autonomous limit has been exceeded

The Internet connection was established at the next transaction
Card issuer’s action code (Contactless) – Deviation: 080000
The limit of attempts to enter the Pin code has been exceeded
Currency conversion table: 06430000000643000000064300000006430000000643000000
Currency code: 0643
Conversion factor: not defined
Currency code: 0643
Conversion factor: not defined
Currency code: 0643
Conversion factor: not defined
Currency code: 0643
Conversion factor: not defined
Currency code: 0643
Conversion factor: not defined
Additional control table: 000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
There is a format error in the Additional Control Table:
Application control: 8C00
The issuer of the magnetic stripe class is activated (allows the card to accept transactions when the issuer’s authentication data is missing)
Offline verification of the encrypted PIN code is supported
by the ICC key for offline verification of the encrypted PIN code
Offline verification of the PIN code in clear text is supported
Output of your own MasterCard session key
Default ARPC response code: 0010
Input attempt counter: 0
Approve an online transaction
Do not update the PIN code attempt counter
Reset go online on the next transaction
Update counters: Do not update offline counters
Application control (contactless): 000080
The issuer of the magnetic stripe class is not activated
Output of your own MasterCard session key
Use static CVC3 (PayPass)

The Lower Sequential Limit Of The Offline Mode: 05
The Upper Sequential Limit Of The Offline Mode: 06
Application Lifecycle Data:
03 10 19 12 00 09 00 00 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4
Version: M/Chip Select 4
ID of the type approval: 10191200090000
Application issuer ID: A1A2A3A4…B1B2B3B4
Application code ID: C1C2C3C4…D1D2D3D4
Security restrictions status: 00
Executing the GET PROCESSING PARAMETERS command to initiate a transaction and get the information necessary to complete the transaction.
no data is needed to initiate a transaction, since no PDOL is defined, and the Command Template object (tag 83) with zero length is provided as the input data of the command, the
RECEIVE PROCESSING OPTIONS command is passed to the payment application
SFI 4, entry 1
SFI 5, records 1 2
Reading data from the records of the payment application files.
a read write command is issued to read write 2 from a file with the id 2
command execution time: 172 msec
the following data was received in response to the command:
70 81 8C 5A 08 52 25 98 00 34 34 76 18 5F 24 03
21 11 30 5F 25 03 18 10 01 5F 28 02 06 43 5F 34
01 00 8C 21 9F 02 06 9F 03 06 9F 1A 02 95 05 5F
2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F
4C 08 9F 34 03 8D 0C 91 0A 8A 02 95 05 9F 37 04
9F 4C 08 8E 14 00 00 00 00 00 00 00 00 42 01 44
03 41 03 42 03 1E 03 1F 03 9F 07 02 FF 00 9F 0D
05 BC 50 BC 88 00 9F 0E 05 00 00 00 00 00 9F 0F
05 BC 70 BC 98 00 9F 42 02 06 43 9F 4A 01 82
interpretation of the obtained TLV structure:
70.140 a RECORD Template FOR READING
5A.8 Tray application
5F24.3 expiration date
the Proposal 5F25.3 effective date
because of the Application 5F28.2 Code of the Country of the Issuer (digital)
5F34.1 Serial number of the TRAY to apply
8C.33 risk Management cards DOL 1 (CDOL1)
8D.12 risk Management cards DOL 2 (CDOL2)
8E.20 a List of
CVM 9F07. 2 Monitoring the use of 9F0D applications
.5 IAC-Default
is 9F0E.5 IAC-Failure
9F0F.5 IAC-Online
9F42.2 The application currency code
is 9F4A.1 List of static data Authentication tags
objects from the read record are saved for further processing (all elementary data objects from the record will be used for offline data authentication)

a read write command is issued to write read 1 from a file with the id 3
command execution time: 266 msec
the following data was received in response to the command: 70 81 E0 8F 01 05 90 81 B0 94 ED 79 BD 06 7B 12 46 39 D0 89 1E B3 CF EA AC 5A A1 44 9F 45 09 ED 3E C5 E1 BD 99 AC EF 5B 01 4D C8 02 60 55 C4 55 6A 97 01 62 D8 AC 61 29 A5 F8 1F 0E 11 86 2E 02 05 E1 AD 18 BB 98 12 39 88 2D 22 35 58 8D 68 4A 59 25 18 01 BA 74 DB C0 C9 59 4A ED 35 D2 E6 41 9F E1 C2 80 BE 69 63 61 16 B8 6F BC B8 64 4A E4 5B 83 69 37 49 9B 6C 74 52 9E FE FC DC D8 D9 8A 76 55 CE 63 C3 E3 91 E5 50 F9 B5 F1 31 F1 C5 7A
48 E7 B4 ED D4 C5 30 4B 99 1F 16 6C CA E5 7C 6F EA 91 CA 65 6E 20 20 EA C7 14 6D F4 EB DA 48 1B
42 46 30 F3 92 3F 61 70 47 92 24 C9 BC 26 10 83
1D F1 A6 A7 DB A2 E9 E6 33 40 1A 54 0F 40 57 BD
56 49 F8 E3 15 8E 2C 03 0A 22 3C 45 B6 F7 ED 9F
32 01 03
interpretation of the resulting TLV structure:
70.224 READ WRITE pattern
8F. 1 Index of the CA public key
90.176 Issuer’s Public Key Certificate
92.36 The remainder of the Issuer
‘s Public Key 9F32. 1 The Issuer’s public key indicator
objects from the read record are saved for further processing
a read write command is issued to write read 1 from a file with the identifier 4
command execution time: 31 msec
the following data was received in response to the command: 70049F470103
interpretation of the obtained TLV structure:
70.4 READ RECORD template
9F47. 1 ICC public key indicator
objects from the read record are saved for further processing

a read write command is issued to write read 1 from a file with the id 5
command execution time: 93 msec
the following data is received in response to the command:
70 47 9F 1F 0D 31 30 31 38 36 30 30 30 30 30 32
30 38 57 13 52 25 98 00 34 34 76 18 D2 11 12 01
10 18 60 00 00 20 8F 5F 20 1A 53 49 44 4F 52 4F
56 2F 56 4C 41 44 49 4D 49 52 20 20 20 20 20 20
20 20 20 20 9F 08 02 00 02
interpretation of the resulting TLV structure:
70.71 READ THE Template
RECORDS 9F1F. 13 Track 1 Discretionary data
57.19 Track 2 Equivalent data
5F20. 26 Owner’s Name
Card 9F08.2 The Version Number Of The Application
objects from a few recordings are saved for further processing
command is issued, the read / write read / write 2 file ID 5
the duration of the command: 219 MS
in response to the command is as follows: 70 81 9F BA 46 91 81 B0 7D 25 34 48 68 98 E3 4D 43 52 74 09 5F 8C 2C B1 91 E2 80 18 53 74 83 20
87 6F B6 75 DD 2D C2 71 93 5A 71 08 E5 A3 AD 1D
63 D7 D1 69 BF FF 83 20 25 39 D7 9D F8 99 E2 B7
69 05 F4 68 39 16 C6 1D 6E 3A AB F6 56 D4 CF 65
5D 7A C6 B2 D9 4A 55 30 59 44 66 BD B8 EA 53 80
06 80 6F A9 F3 81 91 B1 06 9B 73 10 E8 E5 95 62
19 8C 39 60 59 50 73 72 A4 E0 06 52 07 BF B1 66
5B FC 64 60 EE CB D5 AE 3D B8 99 B0 70 7A F6 AA
70 D8 E6 9E A9 07 CD 1C D8 FB 3E B0 8F E2 64 31
0A 1D 58 91 97 DC 60 24 C0 3E 1A 59 D4 10 E8 3D
7F 69 08 DC 01 6B 03 9F 49 03 9F 37 04
interpretation of the obtained TLV structure:
70.186 Read
-write template 9F46. 176 ICC Public Key Certificate

9F49.3 DOL for dynamic data authentication (DDOL)
objects from the read record are saved for further processing
Analysis and interpretation of data read from the payment application files in accordance with the general EMV specifications.
known objects stored in the terminal database
Scope of application: 5225980034347618
Serial number of the application TRAY: 00
Effective date of the application: 01.10.2018
Application validity period: 30.11.2021
Application version number: 0002
Application currency code: 0643
Cardholder’s name: 5349444F524F562F564C4144494D4952202020202020202020202020 ‘ SIDOROV/VLADIMIR ‘
Issuer’s country code (digital): 0643
Application usage control: FF00
valid for domestic cash transactions
valid for international cash transactions
valid for domestic goods
valid for international goods
valid for domestic services
valid for international services
valid at ATMs
valid at terminals other than ATMs
CVM List: 000000000000000042014403410342031E031F03
Sum X = 0
Sum of Y = 0
4201 (encrypted PIN, confirmed online if cash unattended, apply the following rule)
4403 (validation of encrypted PIN code running ICC, if terminal supports the CVM, apply the following rule)
4103 (check PIN-code in plain text, performed by ICC, if terminal supports the CVM, apply the following rule)
4203 (encrypted PIN verified online-if terminal supports the CVM, apply the following rule)
1E03 (signed, if the terminal supports the CVM has not checked the card holder)
1F03 (CVM is not required, if the terminal supports CVM, it will not pass the cardholder verification)

Card Risk Management DOL 1 (CDOL1):
9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03
9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34
03
9F02.6 The Amount Approved (numeric)
9F03.6 Amount, Other (numeric)
9F1A.2 Terminal country Code
95.5 Terminal
5F2A test results.2 Transaction Currency Code
9A. 3 Transaction date
9C. 1 Transaction type
9F37. 4 Unpredictable number
9F35. 1
Terminal type 9F45.2 Data Authentication Code (DAC)
9F4C.8 Dynamic ICC Number
9F34. 3 CVM results
Risk management of the DOL 2 card (CDOL2): 910A8A0295059F37049F4C08
91.10 Issuer authentication data
8A. 2 Authorization Response Code
95.5 Terminal verification results
9F37. 4 Unpredictable number
9F4C.8 Dynamic ICC number
IAC-Default:
BC50BC8800 offline data authentication was not performed
The card with the missing ICC data
is displayed in the terminal exception file
DDA failed
CDA
the expired application failed
the requested service is not allowed for the card product
the cardholder verification was not successful
The limit of attempts to enter the PIN code has been exceeded
A PIN code is required, and the PIN panel is missing or does not work

A PIN code is required, a PIN code is present, but the PIN code was not entered
online,
the transaction entered exceeds the minimum limit
, the seller’s forced transaction is online
IAC-Failure: 0000000000
IAC-Online:
BC70BC9800 offline data authentication was not performed
The card with the missing ICC data
is displayed in the terminal exception file
DDA failed
CDA failed
to submit an
expired application the application has not yet entered into force
the requested service is not allowed for the card product
cardholder verification failed
The limit of attempts to enter the PIN code has been exceeded
A PIN code is required, and the PIN panel is missing or does not work
A PIN code is required, a PIN code is present, but the PIN code was not entered
online,
the transaction entered exceeds the minimum limit
, the transaction is randomly selected for online processing
, the seller’s forced transaction is online
CA Public Key Index: 5 (05)
Issuer’s Public Key Certificate:
94 ED 79 BD 06 7B 12 46 39 D0 89 1E B3 CF EA AC
5A A1 44 9F 45 09 ED 3E C5 E1 BD 99 AC EF 5B 01
4D C8 02 60 55 C4 55 6A 97 01 62 D8 AC 61 29 A5
F8 1F 0E 11 86 2E 02 05 E1 AD 18 BB 98 12 39 88
2D 22 35 58 8D 68 4A 59 25 18 01 BA 74 DB C0 C9
59 4A ED 35 D2 E6 41 9F E1 C2 80 BE 69 63 61 16
B8 6F BC B8 64 4A E4 5B 83 69 37 49 9B 6C 74 52
9E FE FC DC D8 D9 8A 76 55 CE 63 C3 E3 91 E5 50 F9 B5 F1 31 F1 C5 7A 48 E7 B4 ED D4 C5 30 4B 99

1F 16 6C CA E5 7C 6F EA 91 CA 65 6E 20 20 EA C7
14 6D F4 EB DA 48 1B 42 46 30 F3 92 3F 61 70 47
Issuer’s Public Key Balance:
C9 BC 26 10 83 1D F1 A6 A7 DB A2 E9 E6 33 40 1A
54 0F 40 57 BD 56 49 F8 E3 15 8E 2C 03 0A 22 3C
45 B6 F7 ED.
Issuer’s public key indicator: 03
ICC Public Key Certificate:
91 7D 25 34 98 48 68 E3 4D 43 52 09 74 8C 5F 91
2C B1 80 18 E2 74 83 53 20 87 6F B6 75 DD 2D C2
71 93 5A 71 08 E5 A3 AD 1D 63 D7 D1 69 BF FF 83
20 25 39 D7 9D F8 99 E2 B7 69 05 F4 68 39 16 C6
1D 6E 3A AB F6 56 D4 CF 65 5D 7A C6 B2 D9 4A 55
30 59 44 66 BD B8 EA 53 80 06 80 6F A9 F3 81 91
B1 06 9B 73 10 E8 E5 95 62 19 8C 39 60 59 50 73
72 A4 E0 06 52 07 BF B1 66 5B FC 64 60 EE CB D5 AE 3D B8 99 B0 70 7A F6 AA 70 D8 E6 9E A9 07 CD 1C D8 FB 3E B0 8F E2 64 31 0A 1D 58 91 97 DC 60
24 C0 3E 1A 59 D4 10 E8 3D 7F 69 08 DC 01 6B 03
ICC Public Key index: 03
DOL for Dynamic Data Authentication (DDOL): 9F3704
9F37. 4 Unpredictable number
List of Static Data Authentication Tags: 82
82 Application Sharing Profile
Track 2 Equivalent data: 5225980034347618D21112011018600000208F
Main account number: 5225980034347618
Field separator: D
Expiration date: 11.2021
Service code: 201 (International, use the chip where possible; Normal transaction authorization; No restrictions)
Discretionary data: 1018600000208

SFI 4, entry 1
SFI 5, records 1 2
Reading data from the records of the payment application files.
a read write command is issued to read write 2 from a file with the id 2
command execution time: 172 msec
the following data was received in response to the command:
70 81 8C 5A 08 52 25 98 00 34 34 76 18 5F 24 03
21 11 30 5F 25 03 18 10 01 5F 28 02 06 43 5F 34
01 00 8C 21 9F 02 06 9F 03 06 9F 1A 02 95 05 5F
2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F
4C 08 9F 34 03 8D 0C 91 0A 8A 02 95 05 9F 37 04
9F 4C 08 8E 14 00 00 00 00 00 00 00 00 42 01 44
03 41 03 42 03 1E 03 1F 03 9F 07 02 FF 00 9F 0D
05 BC 50 BC 88 00 9F 0E 05 00 00 00 00 00 9F 0F
05 BC 70 BC 98 00 9F 42 02 06 43 9F 4A 01 82
interpretation of the obtained TLV structure:
70.140 a RECORD Template FOR READING
5A.8 Tray application
5F24.3 expiration date
the Proposal 5F25.3 effective date
because of the Application 5F28.2 Code of the Country of the Issuer (digital)
5F34.1 Serial number of the TRAY to apply
8C.33 risk Management cards DOL 1 (CDOL1)
8D.12 risk Management cards DOL 2 (CDOL2)
8E.20 a List of
CVM 9F07. 2 Monitoring the use of 9F0D applications
.5 IAC-Default
is 9F0E.5 IAC-Failure
9F0F.5 IAC-Online
9F42.2 The application currency code
is 9F4A.1 List of static data Authentication tags
objects from the read record are saved for further processing (all elementary data objects from the record will be used for offline data authentication)

a read write command is issued to write read 1 from a file with the id 3
command execution time: 266 msec
the following data was received in response to the command: 70 81 E0 8F 01 05 90 81 B0 94 ED 79 BD 06 7B 12 46 39 D0 89 1E B3 CF EA AC 5A A1 44 9F 45 09 ED 3E C5 E1 BD 99 AC EF 5B 01 4D C8 02 60 55 C4 55 6A 97 01 62 D8 AC 61 29 A5 F8 1F 0E 11 86 2E 02 05 E1 AD 18 BB 98 12 39 88 2D 22 35 58 8D 68 4A 59 25 18 01 BA 74 DB C0 C9 59 4A ED 35 D2 E6 41 9F E1 C2 80 BE 69 63 61 16 B8 6F BC B8 64 4A E4 5B 83 69 37 49 9B 6C 74 52 9E FE FC DC D8 D9 8A 76 55 CE 63 C3 E3 91 E5 50 F9 B5 F1 31 F1 C5 7A
48 E7 B4 ED D4 C5 30 4B 99 1F 16 6C CA E5 7C 6F EA 91 CA 65 6E 20 20 EA C7 14 6D F4 EB DA 48 1B
42 46 30 F3 92 3F 61 70 47 92 24 C9 BC 26 10 83
1D F1 A6 A7 DB A2 E9 E6 33 40 1A 54 0F 40 57 BD
56 49 F8 E3 15 8E 2C 03 0A 22 3C 45 B6 F7 ED 9F
32 01 03
interpretation of the resulting TLV structure:
70.224 READ WRITE pattern
8F. 1 Index of the CA public key
90.176 Issuer’s Public Key Certificate
92.36 The remainder of the Issuer
‘s Public Key 9F32. 1 The Issuer’s public key indicator
objects from the read record are saved for further processing
a read write command is issued to write read 1 from a file with the identifier 4
command execution time: 31 msec
the following data was received in response to the command: 70049F470103
interpretation of the obtained TLV structure:
70.4 READ RECORD template
9F47. 1 ICC public key indicator
objects from the read record are saved for further processing

a read write command is issued to write read 1 from a file with the id 5
command execution time: 93 msec
the following data is received in response to the command:
70 47 9F 1F 0D 31 30 31 38 36 30 30 30 30 30 32
30 38 57 13 52 25 98 00 34 34 76 18 D2 11 12 01
10 18 60 00 00 20 8F 5F 20 1A 53 49 44 4F 52 4F
56 2F 56 4C 41 44 49 4D 49 52 20 20 20 20 20 20
20 20 20 20 9F 08 02 00 02
interpretation of the resulting TLV structure:
70.71 READ THE Template
RECORDS 9F1F. 13 Track 1 Discretionary data
57.19 Track 2 Equivalent data
5F20. 26 Owner’s Name
Card 9F08.2 The Version Number Of The Application
objects from a few recordings are saved for further processing
command is issued, the read / write read / write 2 file ID 5
the duration of the command: 219 MS
in response to the command is as follows: 70 81 9F BA 46 91 81 B0 7D 25 34 48 68 98 E3 4D 43 52 74 09 5F 8C 2C B1 91 E2 80 18 53 74 83 20
87 6F B6 75 DD 2D C2 71 93 5A 71 08 E5 A3 AD 1D
63 D7 D1 69 BF FF 83 20 25 39 D7 9D F8 99 E2 B7
69 05 F4 68 39 16 C6 1D 6E 3A AB F6 56 D4 CF 65
5D 7A C6 B2 D9 4A 55 30 59 44 66 BD B8 EA 53 80
06 80 6F A9 F3 81 91 B1 06 9B 73 10 E8 E5 95 62
19 8C 39 60 59 50 73 72 A4 E0 06 52 07 BF B1 66
5B FC 64 60 EE CB D5 AE 3D B8 99 B0 70 7A F6 AA
70 D8 E6 9E A9 07 CD 1C D8 FB 3E B0 8F E2 64 31
0A 1D 58 91 97 DC 60 24 C0 3E 1A 59 D4 10 E8 3D
7F 69 08 DC 01 6B 03 9F 49 03 9F 37 04
interpretation of the obtained TLV structure:
70.186 Read
-write template 9F46. 176 ICC Public Key Certificate

9F49.3 DOL for dynamic data authentication (DDOL)
objects from the read record are saved for further processing
Analysis and interpretation of data read from the payment application files in accordance with the general EMV specifications.
known objects stored in the terminal database
Scope of application: 5225980034347618
Serial number of the application TRAY: 00
Effective date of the application: 01.10.2018
Application validity period: 30.11.2021
Application version number: 0002
Application currency code: 0643
Cardholder’s name: 5349444F524F562F564C4144494D4952202020202020202020202020 ‘ SIDOROV/VLADIMIR ‘
Issuer’s country code (digital): 0643
Application usage control: FF00
valid for domestic cash transactions
valid for international cash transactions
valid for domestic goods
valid for international goods
valid for domestic services
valid for international services
valid at ATMs
valid at terminals other than ATMs
CVM List: 000000000000000042014403410342031E031F03
Sum X = 0
Sum of Y = 0
4201 (encrypted PIN, confirmed online if cash unattended, apply the following rule)
4403 (validation of encrypted PIN code running ICC, if terminal supports the CVM, apply the following rule)
4103 (check PIN-code in plain text, performed by ICC, if terminal supports the CVM, apply the following rule)
4203 (encrypted PIN verified online-if terminal supports the CVM, apply the following rule)
1E03 (signed, if the terminal supports the CVM has not checked the card holder)
1F03 (CVM is not required, if the terminal supports CVM, it will not pass the cardholder verification)

Card Risk Management DOL 1 (CDOL1):
9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03
9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34
03
9F02.6 The Amount Approved (numeric)
9F03.6 Amount, Other (numeric)
9F1A.2 Terminal country Code
95.5 Terminal
5F2A test results.2 Transaction Currency Code
9A. 3 Transaction date
9C. 1 Transaction type
9F37. 4 Unpredictable number
9F35. 1
Terminal type 9F45.2 Data Authentication Code (DAC)
9F4C.8 Dynamic ICC Number
9F34. 3 CVM results
Risk management of the DOL 2 card (CDOL2): 910A8A0295059F37049F4C08
91.10 Issuer authentication data
8A. 2 Authorization Response Code
95.5 Terminal verification results
9F37. 4 Unpredictable number
9F4C.8 Dynamic ICC number
IAC-Default:
BC50BC8800 offline data authentication was not performed
The card with the missing ICC data
is displayed in the terminal exception file
DDA failed
CDA
the expired application failed
the requested service is not allowed for the card product
the cardholder verification was not successful
The limit of attempts to enter the PIN code has been exceeded
A PIN code is required, and the PIN panel is missing or does not work

A PIN code is required, a PIN code is present, but the PIN code was not entered
online,
the transaction entered exceeds the minimum limit
, the seller’s forced transaction is online
IAC-Failure: 0000000000
IAC-Online:
BC70BC9800 offline data authentication was not performed
The card with the missing ICC data
is displayed in the terminal exception file
DDA failed
CDA failed
to submit an
expired application the application has not yet entered into force
the requested service is not allowed for the card product
cardholder verification failed
The limit of attempts to enter the PIN code has been exceeded
A PIN code is required, and the PIN panel is missing or does not work
A PIN code is required, a PIN code is present, but the PIN code was not entered
online,
the transaction entered exceeds the minimum limit
, the transaction is randomly selected for online processing
, the seller’s forced transaction is online
CA Public Key Index: 5 (05)
Issuer’s Public Key Certificate:
94 ED 79 BD 06 7B 12 46 39 D0 89 1E B3 CF EA AC
5A A1 44 9F 45 09 ED 3E C5 E1 BD 99 AC EF 5B 01
4D C8 02 60 55 C4 55 6A 97 01 62 D8 AC 61 29 A5
F8 1F 0E 11 86 2E 02 05 E1 AD 18 BB 98 12 39 88
2D 22 35 58 8D 68 4A 59 25 18 01 BA 74 DB C0 C9
59 4A ED 35 D2 E6 41 9F E1 C2 80 BE 69 63 61 16
B8 6F BC B8 64 4A E4 5B 83 69 37 49 9B 6C 74 52
9E FE FC DC D8 D9 8A 76 55 CE 63 C3 E3 91 E5 50 F9 B5 F1 31 F1 C5 7A 48 E7 B4 ED D4 C5 30 4B 99

1F 16 6C CA E5 7C 6F EA 91 CA 65 6E 20 20 EA C7
14 6D F4 EB DA 48 1B 42 46 30 F3 92 3F 61 70 47
Issuer’s Public Key Balance:
C9 BC 26 10 83 1D F1 A6 A7 DB A2 E9 E6 33 40 1A
54 0F 40 57 BD 56 49 F8 E3 15 8E 2C 03 0A 22 3C
45 B6 F7 ED.
Issuer’s public key indicator: 03
ICC Public Key Certificate:
91 7D 25 34 98 48 68 E3 4D 43 52 09 74 8C 5F 91
2C B1 80 18 E2 74 83 53 20 87 6F B6 75 DD 2D C2
71 93 5A 71 08 E5 A3 AD 1D 63 D7 D1 69 BF FF 83
20 25 39 D7 9D F8 99 E2 B7 69 05 F4 68 39 16 C6
1D 6E 3A AB F6 56 D4 CF 65 5D 7A C6 B2 D9 4A 55
30 59 44 66 BD B8 EA 53 80 06 80 6F A9 F3 81 91
B1 06 9B 73 10 E8 E5 95 62 19 8C 39 60 59 50 73
72 A4 E0 06 52 07 BF B1 66 5B FC 64 60 EE CB D5 AE 3D B8 99 B0 70 7A F6 AA 70 D8 E6 9E A9 07 CD 1C D8 FB 3E B0 8F E2 64 31 0A 1D 58 91 97 DC 60
24 C0 3E 1A 59 D4 10 E8 3D 7F 69 08 DC 01 6B 03
ICC Public Key index: 03
DOL for Dynamic Data Authentication (DDOL): 9F3704
9F37. 4 Unpredictable number
List of Static Data Authentication Tags: 82
82 Application Sharing Profile
Track 2 Equivalent data: 5225980034347618D21112011018600000208F
Main account number: 5225980034347618
Field separator: D
Expiration date: 11.2021
Service code: 201 (International, use the chip where possible; Normal transaction authorization; No restrictions)
Discretionary data: 1018600000208

Terminal Type (9F35.1): 22
Attended, Offline with online capability
Operational control provided by Merchant
Data Authentication Code (DAC) (9F45.2): 0000
ICC Dynamic Number (9F4C.8): 0000000000000000
CVM Results (9F34.3): 020300
Enciphered PIN verified online
If terminal supports the CVM
Unknown CVM Result
command execution time: 344 msec
the following data was received in response to the command:
77 81 A2 9F 27 01 80 9F 36 02 00 39 9F 4B 81 80
11 7B CB 74 AF 63 52 12 4B 99 E9 54 C6 DB 9E 67
24 3C 7B 49 F6 E5 A5 2D 0D E5 F1 5F 47 5C 54 0B DC FF C6 26 64 F7 D8 B1 90 38 54 A0 9B B2 F3 2D
87 9B F6 51 84 5A 2D C1 9E 63 75 81 E0 41 F4 50
D6 86 4A A0 C5 A0 05 7D B4 16 82 1C 2E B8 43
A7 1F 5C 44 56 88 D6 C9 5A 5B B9 11 B2 3D CE 05
20 40 C7 B8 89 35 70 54 7B 5C 12 37 71 5D C9 C8
EE 6C 0B CF 41 B0 A4 7D 26 70 07 75 1C D5 3B 00
9F 10 12 01 10 A4 40 01 12 00 00 00 00 00 00 00
04 20 00 00 FF
interpretation of the obtained TLV structure:
77.162 Response Message Template Format 2
9F27. 1 Cryptogram Information Data (CID)
9F36. 2 Application Transaction Counter (ATC)
9F4B. 128 Signed Dynamic Application Data
9F10. 18 Issuer Application Data
the data received in response to the command is analyzed
Cryptogram Information Data: 80
ARQC (Authorisation Request Cryptogram Online authorisation requested)
ATC: 0039

Signed Dynamic Application Data:
11 7B CB 74 AF 63 52 12 4B 99 E9 54 C6 DB 9E 67
24 3C 7B 49 F6 E5 A5 2D 0D E5 F1 5F 47 5C 54 0B DC FF C6 26 64 F7 D8 B1 90 38 54 A0 9B B2 F3 2D
87 9B F6 51 84 5A 2D C1 9E 63 75 81 E0 41 F4 50
D6 86 4A A0 C5 A0 A0 05 7D B4 16 82 1C 2E B8 43
A7 1F 5C 44 56 88 D6 C9 5A 5B B9 11 B2 3D CE 05
20 40 C7 B8 89 35 70 54 7B 5C 12 37 71 5D C9 C8
EE 6C 0B CF 41 B0 A4 7D 26 70 07 75 1C D5 3B 00
Issuer Application Data: 0110A44001120000000000000004200000FF
Derivation key index: 1
Cryptogram Version Number: 16
Card Verification Results:
AC returned in First Generate AC: ARQC
AC returned in Second Generate AC: second Generate AC not requested
Offline PIN verification performed
CDA returned in First Generate AC
Script Counter: 0
PIN Try Counter: 1
Offline PIN verification failed
Domestic transaction
DAC/ICC Dynamic Number 2 Bytes: 0000
Counters: 00000004200000FF
no errors were detected in the data received in response to the command
the Signed Dynamic Application Data certificate is checked
the Signed Dynamic Application Data certificate is recognized as valid
the following ICC Dynamic Number is defined in the certificate
: 5CA0B7A2ED4ABEB0 the cryptogram of the payment application is extracted from the certificate: 1CECDF76E8151DD9
the offline data authentication method CDA was successfully executed
Verification of the payment application cryptogram provided by the first GENERATE AC command, using the application data and the specified key value to calculate the cryptograms.
verification of the cryptogram of the payment application with this RID is not implemented

Online processing (emulation of terminal actions in the case when a transaction must be sent for authorization to the issuer).
the situation at the user’s request must be simulated in the process of online processing: the terminal requests the approval of the transaction (emulation status “Unable to go Online”)
to establish whether the deviation of the transaction from the perspective of the acquirer in a state of “Unable to go Online”, use the following TAC-Default: FC509C8800
offline data authentication was not performed
SDA failed
ICC data missing
card appears on terminal exception file
DDA failed
CDA failed
expired application
requested service not allowed for card product
cardholder verification was not successful
PIN required and PIN pad not present or not working
PIN required, PIN pad present, but PIN was not entered
online PIN entered
transaction exceeds floor limit
merchant forced transaction online
the following attributes were found to match in TVR and TAC-Default:
online PIN entered
in accordance with the acquirer’s policy, the transaction must be rejected
Issuing the second GENERATE AC command to make a final decision about processing the transaction after online processing.
the GENERATE AC command is issued with the following parameters:
requested cryptogram: AAC
the response does not request a Signed Dynamic Application Data certificate
to make a decision about executing a transaction with the command, the data listed in CDOL2 is transmitted:
00 00 00 00 00 00 00 00 00 00 5A 33 00 00 04 00
00 DC 6E 0B 1C 5C A0 B7 A2 ED 4A BE B0
data interpretation according to CDOL2:
Issuer Authentication Data (91.10): 00000000000000000000

Issuer Authentication Data not received by terminal
Authorization Response Code (8A.2): ‘Z3’
Terminal Verification Results (95.5): 0000040000
online PIN entered
Unpredictable Number (9F37.4): DC6E0B1C
ICC Dynamic Number (9F4C.8): 5CA0B7A2ED4ABEB0
command execution time: 172 msec
the following data was received in response to the command:
77 29 9F 27 01 00 9F 36 02 00 39 9F 26 08 5C 96
26 33 1B 95 C9 B4 9F 10 12 01 10 24 40 01 52 00
00 5C A0 00 00 00 04 20 00 00 FF
interpretation of the obtained TLV structure:
77.41 Response Message Template Format 2
9F27. 1 Cryptogram Information Data (CID)
9F36. 2 Application Transaction Counter (ATC)
9F26. 8 Application Cryptogram
9F10. 18 Issuer Application Data
the data received in response to the command is analyzed
Cryptogram Information Data: 00
AAC (Application Authentication Cryptogram Transaction declined)
ATC: 0039
Application Cryptogram: 5C9626331B95C9B4
Issuer Application Data: 01102440015200005CA000000004200000FF
Derivation key index: 1
Cryptogram Version Number: 16
Card Verification Results:
AC returned in First Generate AC: ARQC
AC returned in Second Generate AC: AAC
Offline PIN verification performed
CDA returned in First Generate AC
Script Counter: 0
PIN Try Counter: 1
Unable to go online

Offline PIN verification failed
Domestic transaction
DAC/ICC Dynamic Number 2 Bytes: 5CA0
Counters: 00000004200000FF
no errors were detected in the data received in response to the command
Verification of the payment application cryptogram provided by the second GENERATE AC command, using the application data and the specified key value to calculate the cryptograms.
verification of the cryptogram of the payment application with this RID is not implemented

The verification of the payment card in the contact mode is completed, since all the required operations with the card have been completed. During the verification process, the following actions were performed:
the payment application was selected on the card using the SELECT command
command is issued the GET PROCESSING OPTIONS to initiate a transaction and provide the information needed to accomplish it
read data from file record of the payment application
restored public key of the Issuer
restored public key card
successfully completed offline authentication data card
made method verification of the card holder “filing a PIN to transfer it to the Issuer”
issued in the GET DATA command to obtain information about the objects of the payment application
issued to the first GENERATE AC command to execute transactions in the contact mode
the second GENERATE AC command was issued to complete the transaction in contact mode