Search code examples
androidnfcapduemvapplepay

Decrypting APDU response from iPhone6

I transmitted the following APDU command, from an android app, in my android phone,

send: 00 A4 04 00 07 A0 00 00 00 03 10 10 00

to an iPhone 6 through NFC and got the following response,

resp: 6F 39 84 07 A0 00 00 00 03 10 10 A5 2E 9F 38 1B 9F 66 04 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 4E 14 BF 0C 0D 9F 4D 02 14 01 9F 5A 05 11 08 40 08 40 90 00

Now, I've been trying to decrypt this using various sources, but the confusing part is to understand, whether this is the PKPaymenttoken data (which we receive in apple pay response) or is it just the encrypted card data from the passbook of iPhone 6.

I compared this result with the response that I got from PassKit- framework's-> paymentAuthorizationViewController method's-> payment.token string, both are completely different. So I guess its not the token response for apple pay. My concerns are,

  1. Is this the encrypted card data itself? Can I decrypt it directly to get the card details? (After all, will Apple give out the card details that easily?)

  2. My ultimate requirement is to accept payment through NFC in an Android phone from an iPhone6. So is my APDU request the correct one to obtain card data from iPhone6 (Passbook)?

Any thought is appreciated. Thanks.

Solution

  • I tried with the help of this link

    https://github.com/devnied/EMV-NFC-Paycard-Enrollment

    It really works. It gives device account number directly from the iPhone. No decryption needed to get this device account number.

    How to use this lib

    Download the library from this link

    Use the code below

    IProvider prov = new YourProvider();
// Create parser (true for contactless false otherwise)
EMVParser parser = new EMVParser(prov, true);
// Read card
EMVCard card = parser.readEmvCard();

    You will get the card details in card object.

    To answer your two major questions

    1. This is just a response for APDU command, if you use the library I've mentioned, you will directly get the card details required for payment via any gateways.

    2. The first answer is also the answer for your second question, you can read the iphone 6 from an android phone using the library. so just two steps Integrate the library -> get the card details -> forward to payment gateway. By this method, you need not send any private keys to the gateways, just send the card details like you do for normal card payment processing.