If we think for a second about the possible technologies in a normal credit card, we know that we have three of them: Mag-stripe, Chip & NFC.

In this article, we will focus on Chip and NFC data. The idea of this post comes from an article that I wrote a year ago for Troopers; While researching about relays, I found that it was possible to extract Chip data with NFC technology. It is possible because both technologies shared the same application layer(APDU).

This means that the EMV Chip card does not need to have built-in NFC technology to be read it using NFC commands for a third device.

picture1-1

In the Troopers article, I showed a simple relay from NFC to Chip for a data extraction using Raspberry Pis and CC1101 radios. In this post, I will write about a tool that could be implementing locally in a single Raspberry Pi Zero W board with a smart-card reader & a small PN532; The RBPi will act as a bridge between the Chip(ISO7816) and NFC(ISO14443).

The Smart-card reader(SCR3310v2.0 USB Smart Card Reader) is connected by USB to the Raspberry Pi, and it will implement PCSC with Pyscard library. The PN532 will be on the SPI over the Raspberry Pi GPIO and implements the Adafruit Python library with some modifications.

The PN532 uses these pins:

CS = 8
MOSI = 10
MISO = 9
SCLK = 11

screen-shot-2019-02-13-at-2.30.32-pm.png

For my research, I used a cheap PN532 that you can find in Aliexpress. Make sure you setup correctly the small black switch in the corner for the SPI(0,1) configuration or if you use the Adafruit PN532, set the SPI correctly.

162316-1

 

This slideshow requires JavaScript.

For the power, I used a ZeroLipo shim to attach a 3.7v battery on the Raspberry GPIO.

Now we should understand what this project does:

  • When I run the script, the Raspberry Pi Zero W will request to insert a EMV chip card (it does not have to be a NFC card) in the smart card reader
  • When the EMV card is detected, the Raspberry Pi will test the PN532 connection checking its firmware version
  • The Raspberry Pi will put the PN532 board in target mode(which will behave as a NFC card)
  • I will use an Android app(Pro Credit Card Manager NFC) to simulates a PoS which will send APDU commands to the PN532 board; then, the Raspberry Pi will detect these commands, and it will send them to the smart card reader to interact with the EMV card.
  • The EMV card will answer back, and the Raspberry Pi will send this answer to the PN532. The Android app will detect the answer and interpret it; after the commands processing, the app will send the next command to the PN532, making a cycle until all the communication finishes.

Note: the Raspberry Pi will scan the EMV card answer, and if the EMV card requests special processing, the Raspberry Pi will try to do it automatically speeding-up the process. Some of these situations could be if the card does not have PPSE, the Raspberry Pi will change it to PSE and request again. Also, if the EMV card answers with a GET RESPONSE(0x61), the Raspberry Pi will generate a command depending of the variable data in the EMV card answer and request it again.

I will show you two different examples using two different Visa cards. The first has NFC, the second does not.

Testing the first card:

 

In the reading of the second card without NFC technology, we can see how the automatization process takes place:

chiptonfc

I added a simple example to run the PN532 board as target: https://github.com/salmg/Adafruit_Python_PN532/blob/master/examples/asTarget.py

You should use the modified PN532.py library because the original from Adafruit has some conditions that limits the emulation mode reading: https://github.com/salmg/Adafruit_Python_PN532/blob/master/Adafruit_PN532/PN532.py