Thursday, June 9, 2011

Reading Chase Visa PayPass Credit Cards

On occasion I use a VivoPay 3500 for reading RFID enabled cards, usually for demos. Well, recently, the VivoPay went missing and I was looking for something to read the data from a Chase Visa PayPass/Blink card. There is ChAP.py from RFIDIOt (http://rfidiot.org/) but it stumbled reading the Chase card. So I took ChAP.py and slimmed it down to work specifically with the Chase card. The one think I noticed is that i cant seem to identify the Expiration date.

Nonetheless here it is, at the moment it can pull name and card number (thanks goes to samy from the proxmark forums for the query command).

Usage:

./ChasePayPassBlink.py -h

ChasePayPassBlink.py
usage:

 ChasePayPassBlink.py [options]

By Brad A. - Completely stripped down version of ChAP.py
             from rfidiot.org

Options:

        -d              Debug - Show PC/SC APDU data
        -h              Print detailed help message
        -r              Raw output - do not interpret EMV data
        -v              Verbose on
        -u              UnHide CC info
        -m              Minimal Info (just CC)




Source:



root@bt:/work# cat ChasePayPassBlink.py
#! /usr/bin/env python
"""
This is a modified ChAP.py from RFIDIOt
-Brad Antoniewicz

Script that tries to select the EMV Payment Systems Directory on all inserted cards.

Original Copyright 2008 RFIDIOt
Author: Adam Laurie, mailto:adam@algroup.co.uk
        http://rfidiot.org/ChAP.py
"""

from smartcard.CardType import AnyCardType
from smartcard.CardRequest import CardRequest
from smartcard.CardConnection import CardConnection
from smartcard.CardConnectionObserver import ConsoleCardConnectionObserver
from smartcard.Exceptions import CardRequestTimeoutException
from smartcard.Exceptions import CardConnectionException

import getopt
import sys
import string
import binascii
from operator import *
import time
# default global options
TryCommand= False
Debug= False
Protocol= CardConnection.T0_protocol
Verbose= False
HideCC= True
MinInfo= False
AID = [0xa0,0x00,0x00,0x00,0x03]

# define the apdus used in this script
GET_RESPONSE = [0x00, 0xC0, 0x00, 0x00 ]
SELECT = [0x00, 0xA4, 0x04, 0x00]
CMD = [0x00, 0xB2, 0x01, 0x0C, 0x00]

# define SW1 return values
SW1_RESPONSE_BYTES= 0x61
SW1_WRONG_LENGTH= 0x6c
SW12_OK= [0x90,0x00]
SW12_NOT_SUPORTED= [0x6a,0x81]
SW12_NOT_FOUND= [0x6a,0x82]
SW12_COND_NOT_SAT= [0x69,0x85]          # conditions of use not satisfied

def printhelp():
        print '\nChasePayPassBlink.py'
        print 'usage:\n\n ChasePayPassBlink.py [options]'
        print
        print 'By Brad A. - Completely stripped down version of ChAP.py'
        print '             from rfidiot.org'
        print '\nOptions:\n'
        print '\t-d\t\tDebug - Show PC/SC APDU data'
        print '\t-h\t\tPrint detailed help message'
        print '\t-r\t\tRaw output - do not interpret EMV data'
        print '\t-v\t\tVerbose on'
        print '\t-u\t\tUnHide CC info'
        print '\t-m\t\tMinimal Info (just CC)'
        print


def hexprint(data):
        index= 0

        while index < len(data):
                print '%02x' % data[index],
                index += 1
        print


def textprint(data):
        index= 0
        out= ''

        while index < len(data):
                if data[index] >= 0x20 and data[index] < 0x7f:
                        out += chr(data[index])
                else:
                        out += '.'
                index += 1
        print out

def try_cmd(cardservice):
        le= 0x00
        apdu = CMD
        response, sw1, sw2 = send_apdu(cardservice,apdu)
        if response:
                if Verbose:
                        print '\t[VERBOSE] Got Response!'
                return response
        else:
                print '\t[ERROR] No Response'
                return False, 0, ''


def parse_ccdata(response2):
        OFFSET_HDR= 3
        OFFSET_CC= 4
        OFFSET_NAMEFIELD= 23
        OFFSET_NAMELEN= 26
        print "Response:"
        if not MinInfo:
                print "\tHeader: ",
                index=0
                while index <= len(response2[:OFFSET_HDR]):
                        print '%02x' % response2[index],
                        print "(%d)" % response2[index],
                        index += 1
                print

        print "\tCard Number: ",
        index=0
        ccnum=""
        count=0
        while index < len(response2[OFFSET_CC:OFFSET_CC + 8]):
                if HideCC:
                        if count<6:
                                ccnum += '**'
                        else:
                                ccnum += '%02x' % response2[OFFSET_CC + index]
                else:
                        ccnum += '%02x' % response2[OFFSET_CC + index]
                index +=1
                count +=1
        print ccnum

        if not MinInfo:
                print "\tStuff: ",
                index=0
                while index < len(response2[OFFSET_CC + 8:OFFSET_NAMEFIELD]):
                        print '%02x' % response2[OFFSET_CC + 8 + index],
                        print '(%d)' % response2[OFFSET_CC + 8 + index],
                        index +=1
                print

        if response2[OFFSET_NAMEFIELD] == 0x5f and response2[OFFSET_NAMEFIELD + 1] == 0x20:
                if Verbose:
                        print "\tName Field Code Found!: %02x" % response2[OFFSET_NAMEFIELD],
                        print "%02x" % response2[OFFSET_NAMEFIELD + 1]
        else:
                print "\t[WARNING]Could not find Name Field Code!! Something might not be good"


        length = '%d' % response2[OFFSET_NAMEFIELD + 2]
        if Verbose:
                print "\t[VERBOSE] Length:",length,"(",int(length),") %02x" % response2[OFFSET_NAMEFIELD + 2]

        print "\tName:",
        textprint(response2[OFFSET_NAMEFIELD+3:OFFSET_NAMEFIELD+3+int(length)])
        if Verbose:
                print "\t[VERBOSE] Name (Hex):",
                index=0
                while index < len(response2[OFFSET_NAMEFIELD+3:OFFSET_NAMEFIELD+3+int(length)]):
                        print '%02x' % response2[OFFSET_NAMEFIELD + 3 + index],
                        print '(%s)' % chr(response2[OFFSET_NAMEFIELD + 3 + index]),
                        index +=1
                print

        if not MinInfo:
                print "\tThe Rest: ",
                index=0
                while index < len(response2[OFFSET_NAMEFIELD + 3 + int(length):]):
                        print '%02x' % response2[OFFSET_NAMEFIELD + 3 + int(length) + index],
                        print '(%d)' % response2[OFFSET_NAMEFIELD + 3 + int(length) + index],
                        index += 1
                print


def check_return(sw1,sw2):
        if [sw1,sw2] == SW12_OK:
                return True
        return False

def send_apdu(cardservice,apdu):
        # send apdu and get additional data if required
        response, sw1, sw2 = cardservice.connection.transmit( apdu, Protocol )
        if sw1 == SW1_WRONG_LENGTH:
                # command used wrong length. retry with correct length.
                apdu= apdu[:len(apdu) - 1] + [sw2]
                return send_apdu(apdu)
        if sw1 == SW1_RESPONSE_BYTES:
                # response bytes available.
                apdu = GET_RESPONSE + [sw2]
                response, sw1, sw2 = cardservice.connection.transmit( apdu, Protocol )
        return response, sw1, sw2

def select_aid(cardservice,aid):
        # select an AID and return True/False plus additional data
        apdu = SELECT + [len(aid)] + aid + [0x00]
        #apdu = SELECT
        response, sw1, sw2= send_apdu(cardservice,apdu)
        if check_return(sw1,sw2):
                return True, response, sw1, sw2
        else:
                return False, [], sw1,sw2
def waitforcard():
        while(1):
                # request any card type
                cardtype = AnyCardType()
                # request card insertion
                print 'Waiting for a Card to enter the reader\'s field...'
                # cardrequest = CardRequest( timeout=10, cardType=cardtype )
                cardrequest = CardRequest(timeout=None, cardType=cardtype )
                cardservice = cardrequest.waitforcard()

                # attach the console tracer
                if Debug:
                        observer=ConsoleCardConnectionObserver()
                        cardservice.connection.addObserver( observer )

                # connect to the card
                cardservice.connection.connect(Protocol)


                print 'Connecting with AID:  ',
                hexprint(AID)
                selected, response, sw1, sw2= select_aid(cardservice,AID)
                if selected:
                        print "\tSuccess!"
                        print "Response: \n\t",
                        textprint(response)

                        if Verbose:
                                print "\t[VERBOSE]: ",
                                hexprint(response)
                        if not MinInfo:
                                print '\nRequesting Track Info: \n\t',
                                hexprint(CMD)
                        response2 = try_cmd(cardservice)
                        if Verbose:
                                print "\t[VERBOSE]: ",
                                hexprint(response2)
                                print "\t[VERBOSE]: ",
                                textprint(response2)
                        parse_ccdata(response2)


# main loop

try:
        # 'args' will be set to remaining arguments (if any)
        opts, args  = getopt.getopt(sys.argv[1:],'dtvum')
        for o, a in opts:
                if o == '-d':
                        Debug= True
                if o == '-t':
                        Protocol= CardConnection.T1_protocol
                if o == '-v':
                        Verbose= True
                if o == '-u':
                        HideCC= False
                if o == '-m':
                        MinInfo= True

except getopt.GetoptError:
        # -h will cause an exception as it doesn't exist!
        printhelp()
        sys.exit(True)


try:
        waitforcard()
except CardConnectionException:
        print 'Wait what happened? Did you remove the card from the field?'
        time.sleep(2)
        waitforcard()

except KeyboardInterrupt:
        print 'Quiting'

63 comments:

  1. Hey, I'm trying to use your chasepaypassblink.py by typing python chasepaypassblink.py and I get this error

    Fourlakes:~ marius$ python ./ChasePayPassBlink.py -h
    Traceback (most recent call last):
    File "./ChasePayPassBlink.py", line 12, in
    from smartcard.CardType import AnyCardType
    ImportError: No module named smartcard.CardType

    any help would be grate. Thanks

    ReplyDelete
  2. The information you have given in the blog really marvelous and more interesting. www.creditrepair.com

    ReplyDelete
  3. This info you provided in the blog that was really unique I love it!!! advanced loans

    ReplyDelete
  4. I want to say thank to you people for this great and helpful info. Thanks!!!
    pay advance loan

    ReplyDelete
  5. This is actually a fantastic blogs! More of these details are superb -it is nice to see one that current.

    payday loans online

    ReplyDelete
  6. credit repair companiesIt's been good to see your blog when I always look for such type of blogs. It’s great to discover the post here.

    ReplyDelete
  7. This is really pretty cool place I like it because it has everything I want more on this blog soon.
    easy faxless

    ReplyDelete
  8. Great blog post! I don’t understand how long it will require me to obtain through all of them!
    cashin

    ReplyDelete
  9. Amiable articles and the blogs really helped me a lot, thanks for the valuable information.
    credit repair services

    ReplyDelete
  10. Thanks a lot for publishing the new good stuff for us. I’ll really get the great advantage from your good stuff. creditrepair.com review

    ReplyDelete
  11. Amiable articles and the blogs really helped me a lot, thanks for the valuable information.
    Bill Poulos options income engine

    ReplyDelete
  12. Fastidious blog you’ve got here. I’ve ever been seeing you just about many blogs recently.

    get cash now

    ReplyDelete
  13. The stuff in this blog is in not only incredible but also providing the great knowledge to the people. payday loan stores long beach ca

    ReplyDelete
  14. The stuff in this blog is in not only incredible but also providing the great knowledge to the people. 100 online payday loans

    ReplyDelete
  15. congratulations guys, quality information you have given!!! easy loan

    ReplyDelete
  16. I’m trampled by your contents carry on the wonderful work. 3 credit scores

    ReplyDelete
  17. I have really inspired from your blog post, I truly never got this type of informative things which I got from there. monument capital group

    ReplyDelete
  18. The information you have shared with us is really so great, nice effort!! free credit reports from all 3 bureaus

    ReplyDelete
  19. Hey buddy, you have done the fantastic job, your post is genuinely amazing. Monument Capital Group

    ReplyDelete
  20. You have discusses incredible points that sounds good, keep up the great work. professional networking

    ReplyDelete
  21. Keep on great working!! I didn’t expect that I will get such great thing from here. build business credit

    ReplyDelete
  22. Sure this is quite wonderful! That’s why this gives the enhanced quality of information. payday advance garden grove blvd

    ReplyDelete
  23. Nice to read this article will be very helpful in the future, share more info with us. Good job! building business credit fast

    ReplyDelete
  24. I wanted to learn something different and this blog is really like my all needs. consumer change

    ReplyDelete
  25. I just wanted to say you that your blog is highly energetic, I love that! Thanks payday loans

    ReplyDelete
  26. I frequently don’t respond to the posts but I have been dotty of your blog, it has compelled me to do this. personal loans

    ReplyDelete
  27. I know this website is perfect for everyone because it is quite beneficial information. start up business loans

    ReplyDelete
  28. What a nice information you have kept in your blog. The work is grateful. Self Employed Health Insurance

    ReplyDelete
  29. As a newcomer, I search for all time online for great posts and articles that will help me. So thank you for this awesome site.
    weblink

    ReplyDelete
  30. Thanks a lot guys you have helped me wonderfully by providing the great information... top credit repair companies

    ReplyDelete
  31. It’s an outstanding blog to help new comers I am also getting benefit from it, thanks vendors to build business credit

    ReplyDelete
  32. Thanks for the tips. i really got some good points form the post. its really nice. i am using credit card and its from Alliance Bankcard . and i think its good for me. thanks

    ReplyDelete
  33. These are actually wonderful some ideas in the blog. You have touched good quality points here. In whatever way continue writing. Allach Porcelain

    ReplyDelete
  34. Wonderful illustrated information. I thank you about that. No doubt it will be very useful for my future projects. Would like to see some other posts on the same subject!
    free credit report gov

    ReplyDelete
  35. oro gold
    School was designed to help answer your skin care questions.One thing we are really excited to introduce it OROpedia...
    the OROGOLD Encyclopedia. Not only will it include a comprehensive list of OROGOLD ingredient but we will keep you updated on the latest scientific updates in the
    skin care and cosmetics industry.

    ReplyDelete
  36. I am glad to see such amazing things at one place, how did you do this? I am still surprised.
    credit repair services

    ReplyDelete
  37. Hi, I just desired to give you quick thumbs up on your work, really fantastic blog!
    quick cash loans

    ReplyDelete
  38. Excellent post! I had been fed up for a long time searching lots of sites, but now I have come on the right place. Thanks
    payday loans

    ReplyDelete
  39. For a long time me & my friend were searching for informative blogs, but now I am on the right place guys, you have made a room in my heart! insurance rates

    ReplyDelete
  40. Each time I used to always check blog posts within the first hours in the break of day, because I like to get information increasingly more.online payday

    ReplyDelete
  41. Hey very nice blog!! Man you have done the Amazing efforts to make this blog... I will surely bookmark your blog. car insurance rates

    ReplyDelete
  42. If you should be opting for finest contents like me, just visit this blog site daily because it provides the feature contents, thanks.life insurance quotes

    ReplyDelete
  43. An unbelievable blog. This blog will indisputably be definitely recommended to my friends as well.generators 2016

    ReplyDelete
  44. This is my destiny to visit this site and got the necessary details here that are also in quality. cash advance

    ReplyDelete
  45. Have big thanks! That you presented this blog for us full of great knowledge, features, important points that nobody can say wrong. cash advance

    ReplyDelete
  46. I love this information and will spend amongst my friends too. Thanks pay day loans

    ReplyDelete
  47. http://www.aceofbeauty.com --- fat loss sexy

    http://www.sextamina.com --- sex xx

    http://www.bestbuyx.com --- sex xx

    http://www.theorchidx.com --- orchids orchidaceae phalaenopsis care

    http://www.babxyz.com --- dog food xx

    http://www.babysolve.com --- baby potty xx

    http://www.googleclickbank.com --- forex fx xx

    http://www.jelema.com --- fat loss xx

    http://www.bestbuygameguide.com --- betting money xx

    http://www.suwandri.com --- options trading xx

    mesothelioma master xx

    ReplyDelete
  48. Bundles of thanks for providing such an awesome information, I have been a die heart fan of yours!! direct payday loan

    ReplyDelete
  49. Of course, what a superb site with wonderful posts, enlightening issues has been discussed I like it. payday direct lenders

    ReplyDelete
  50. Truly awesome blog! I desire the same top-quality blog post from you in the forthcoming also. small payday loans

    ReplyDelete
  51. I conclude I have selected the smart and inconceivable website along with interesting stuff.best convertible life insurance

    ReplyDelete
  52. Your blog is really one amongst my most favorite blogs, it’s so creative. payday loans

    ReplyDelete
  53. I think this is a charming issue, I expect you would surely post on it again sometime near the future. Thanks guys!MacFarlane Curry

    ReplyDelete
  54. The information you have given in the blog really marvelous and more interesting. whole life insurance

    ReplyDelete
  55. your blog is giving very useful knowledge for all, i'm sharing your information to all friends.Do you need cash loan against credit card?.Swipe Your Credit Card And have Immediate cash With Cheapest Costs. Provide Your ID Card Photo Copy As A Document Resistant.Kindly
    Click Here

    ReplyDelete
  56. Very informative article which is about the solicitar cartão de crédito and i must bookmark it, keep posting interesting articles.



    solicitar cartão de crédito

    ReplyDelete
  57. A very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post.
    Credit Card Application
    Credit Card Payment
    walmart credit card application
    Apply for Sears Credit Card
    Chase Credit Card Payment


    ReplyDelete