maandag 12 juli 2010

Getting EMV/CAP challenge/response to work

Let's recap; I've been sing my Belgian EID smartcard reader to query my KBC debit card. This has been working great, and I'm now able to select the SecureCode application and unlock it by verifying my PIN code.

Now I'm trying to get the challenge/response mechanism to work, so I can have my PC automatically login to KBC Online. This should work by now, but for some reason the response always turns out to be wrong...

Warning: if you're playing with this as well, keep in mind that KBC will only allow 3 failed attempts at logging in. So when you've failed twice, log in using the normal method (that actually works) to reset the login try counter.

According to the specs, we need to generate an Application RQ Cryptogram, and then cancel it by requesting an Application Cryptogram. See my script for the dirty details... much of this work is based on EMV CAP examples from "Chip & PIN is broken".

Now if only I could figure out what's wrong with the responses I'm generating !

1 opmerking:

  1. Hello,

    Did you succeed of getting a correct response ?

    Where did you find the examples you are speaking about ?

    Best regards,