Skip to content

A puzzle solved. [en]

4 juillet 2012
By Askarel in en
Vasco Digipass 810

Vasco Digipass 810

Do you remember when i opened my bank calculator ? Beside replacing dead batteries, i wanted to see what made it tick and eventually replace it by an ordinary smartcard reader and some code running on a computer.

Turns out that other people had the same idea, but they beat me by having put more time and energy into that project and ended up producing something usable.

It’s just a Python script to talk to the card. The usage is very straightforward, here are some examples:

To authenticate with the M1 key and the 23543696 challenge, type the following command:

$ ./EMV-CAP -m 1 23543696
***************************************************************************
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
***************************************************************************
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45108749
$

To sign a transaction the same way than the M2 key with the challenges 09356196 and 345, use the following command:

$ ./EMV-CAP -m 2 09356196 345
***************************************************************************
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
***************************************************************************
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45201783
$

Thank you Jean-Pierre Szicora and Philippe Teuwen, nice work !! 🙂

Tags: , , ,

Comment Feed

One Response



Some HTML is OK

or, reply to this post via trackback.

Continuing the Discussion

  1. […] ce protocole EMV-CAP sur mon ordinateur, en communiquant directement avec la carte. C’est un blog belge qui m’a redirigé vers cette application apparemment développée et hébergée par un type […]