I am trying to build a card pin solution whereby customers are able to logon to a web portal and set their own card PIN and afterwards generate a PVV value of the new PIN.
The list of commands I trying to use are
JG\JH (Translate PIN)
DG\DH (Generate PVV)
The JG\JH command requires a PIN under LMK which means I need to do a BA\BB command on the customer PIN first before I can proceed. To do this the HSM must be in an authorized state.
Is there a different way of achieving this?
Well, the right way is to do it in a similar manner as it would have been on an ATM terminal.
1. Create a clear PIN block
For ex.
PIN = 1234
PAN = 400000000000002
Block 1 [0+Pin Length+Filler to make it 16]: 0+ 4+1234+FFFFFFFFFF = 41234FFFFFFFFFF
Block 2 [0000 + PAN(12, exclude first 3 and last check digit)]: 0000 + 000000000000 = 0000000000000000
Clear PIN Block = XOR(Block 1 , Block 2)
2. Encrypt (apply 3DES) clear PIN block under ZPK.
If you are using java then try javax.crypto.Cipher.
3. Use encrypted PIN Block in command "FW" to generate PVV
Command Code (FW)
PIN Encryption Key Type (001 for ZPK)
PIN Encryption Key (ZPK)
PIN Verification Key
PIN Block
PIN Block Format Code
PAN/Account(12)
PVKI
Related
I'm completely new to tcl and am trying to understand how to script the command "adapter usb location" in openOCD.
From the openOCD manual, the command has this description:
I want to point it to the port with the red arrow below:
Thanks.
It's not 100% clear, but I would expect (from that snippet of documentation) a bus location to be a dotted “path” something like:
1-6
where the values are:
1 — Bus ID
6 — Port ID
Which would result in a call to the command being done like this:
adapter usb location 1-6
When there's a more complex structure involved (internally because of chained hubs) such as with the item above the one you pointed at, I'd instead expect:
1-5.3
Notice that there are is a sequence of port IDs (5.3) in there to represent the structure. The resulting call would then be:
adapter usb location 1-5.3
Now for the caveats!
I can't tell what the actual format of those IDs is. They might just be numbers, or they might have some textual prefix (e.g., bus1-port6). Those text prefixes, if present, might contain a space (or other metacharacter) which will be deeply annoying to use if true. You should be able to run adapter usb location without any other arguments to see what the current location is; be aware though that it might return the empty string (or give an error) if there is no current location. I welcome feedback on this, as that information appears to be not present in any online documentation I can find (and I don't have things installed so I can't just check).
I also have no idea what (if anything) to do with the device and interface IDs.
I am controlling 4 led using the arduino using millis. I am trying to get the control the same section through 1 generic code and load in variables like what output pin to control. watching through serial I can see it is analogWrite(13, 255) however the pin does nothing.
void led_script_effect(......, int red_output , int green_output, int blue_output)
where
led_script_effect(red_wanted = red_wanted_strip_1, green_wanted = green_wanted_strip_1, blue_wanted = blue_wanted_strip_1)
What would be the correct argument to pass in a valid pin output or would the output have to be returned and then within the loop be analog write?
The reason analogWrite(13,255) is not working for you is because, pin 13 is NOT a PWM pin.
Read more about it in the link below:
https://www.arduino.cc/reference/en/language/functions/analog-io/analogwrite/
The use of the sentence 'I am controlling 4 led using the Arduino using millis.' threw me off, but then I realized that you are using the generic function for PWM control on Arduino.
I really think you would benefit from the Arduino code in the Hackster project below:
https://www.hackster.io/devashish-gupta/controlling-led-brightness-using-bolt-and-arduino-2041b9
May I know that after the generate a AC , what kind of information i need to pass to issue for verification ? Do i need to send my AC with PAN , PAN SN , CID and ATC to issuer for card identification ?
Thank you
David
Simple rule - data used during creation should be available during verification. The data elements used for creating GEN AC1 you can find from CDOL1. (another is to get it from Cryptogram version number, check based on context) These data you should make sure is passed to issuer. Card sequence number is not a part of CDOL1, but this has to be made available to the issuer( a common mistake).
I am trying figure out a way to calculate if a given address or list of addresses correspond to a valid file offset. I know to calculate an offset for a valid address uses the formula:
ByteVirutalAddress - (ImageBase + SectionRelativeVirtualAddress) + PointerToRawdata = ByteOffset
I use this formula when patching instructions using a manual hex editor method as opposed to a nice easy to use GUI like Immunity.
What I am trying to do is find out weather an address or list of addresses correspond to a file offset. For example:
Section name - Address - Size
Image base: 00400000 - 00001000
.text: 00401000 - 00003000
.rdata: 00404000 - 00001000
.data: 00405000 - 0002B000
How do I calculate if addresses 00404185 or 0042F300 relate to a valid file offset or not?
My logic for this is:
you would need to do PointerToRawData + SizeOfRawdata + IMagebase, 400000 in this case. And do this for each section.
OR
Would it be correct to add Virtual Address of the section to the SizeOfRawdata of the section. From the result you should be able to see if either of these 2 addresses correspond to a valid file offset.
From the results, see which of the 2 above addresses are referenced in the result, i.e. result = 42D100. this references 0042300 however does not reference or correspond to 00403185.
Please let me know if my logic is flawed.
I have looked around a lot and have not found an information for this kind of calculation specifically. It is only useful if checking for correct alignment or possible corruption. I know that there are tools out there to do it for you but I like to know how to do things manually rather than rely on a script or tool. It helps when things go wrong with tools and scripts.
just so this can be answered. I have figured out the correct logic for figuring this one out.
It would be correct to use the second option, + < Section SizeOfRawdata> = Maximum possible RVA range for that section. This should give you the maximum possible relative virtual address of that section and then from this, you can see if the address either falls within this value or not.
I use CheatEngine as a debugger (and get a lot of crap for it). When I find addresses, I always write them down based on the offset from where the start of the instructions are (e.g. program.exe+402C0). It would be nice to be able to use the goto function with this method of referencing a location; is there a way to do this?
According to IDA Pro's documentation:
If the entered [goto] string can not be recognized as a hexadecimal or location name, IDA will try to interpreet it as an expression using the current script interpreter. The default interpreter is IDC.
So what you can do is define a global variable in the IDC interpreter (using the bar at the bottom of your IDA view) that identifies the base address of your module as such:
extern ModuleBaseAddress;
ModuleBaseAddress = 0x400000; // Example base address
Then whenever you want to go to the base address + offset you would simply open the Jump window (using the g-key) and type in:
ModuleBaseAddress + 0x1000 // 0x1000 is your offset