I am trying to understand how to create a CDOL1 for a smart card, and the applet developer has been less than helpful. When I send a GET PROCESSING OPTIONS command to the card, I get this response:
80 0E 7D 00 40 01 01 00 48 01 03 01 50 01 03 00 90 00
I have been trying to understand what that 7D template is and how should I construct the CDOL, but have so far found nothing. I was hoping someone with more experience could help me.
According to "EMV Book 3 - Application Specification", Tag 0x80 Format 1 reply for GET PROCESSING OPTIONS contained:
Please keep in mind that Tag 0x80 formats are different for different APDU Commands.
Your APDU Data reply with EMV TLV Tag 0x80 Format 1 data contains (2 bytes) with AIP and AFL with 3 Records (4 bytes each, 12 bytes in total):
TLVs: # EMV, Tag + Length + Value (TLV) series
- x80: # EMV, Template, Response Message Format 1
tag: "80"
len: "0E" # // 14
val: "7D00400101004801030150010300" # Template, Response Message Format 1.
- AIP: # Application Interchange Profile, Tag 0x82
B01: "7D"
# _1______ - bit 7, SDA supported
# __1_____ - bit 6, DDA supported
# ___1____ - bit 5, Cardholder verification is supported
# ____1___ - bit 4, Terminal Risk Management is to be performed
# _____1__ - bit 3, Issuer Authentication is supported
# _______1 - bit 1, Combined DDA/AC Generation is supported
B02: "00" # RFU
- AFL: # Application File Locator, Tag 0x94
- S1: # AFL Record
B01: "40" # SFI [xxxxx___] // 8
B02: "01" # From record // 1
B03: "01" # To record // 1
B04: "00" # First hashed
- S2: # AFL Record
B01: "48" # SFI [xxxxx___] // 9
B02: "01" # From record // 1
B03: "03" # To record // 3
B04: "01" # First hashed // 1
- S3: # AFL Record
B01: "50" # SFI [xxxxx___] // 10
B02: "01" # From record // 1
B03: "03" # To record // 3
B04: "00" # First hashed
The format for EMV Data Object List (DOL) defined in the same EMV Book 3. There are several DOL tags used in EMV world. For sample:
All DOL Tags follow the same format rule - The Tag Value contains the Series of Tag_ID + Length bytes without Value parts.
The sample with CDOL1 - Tag 0x8C, Length 0x15 (21 bytes) and Value parsing.
https://iso8583.info/cmd/EMV/TLVs?8C159F02069F03069F1A0295055F2A029A039C019F3704
---
TLVs:#"8C159F02069F03069F1A0295055F2A029A039C019F3704" # EMV, Tag + Length + Value (TLV) series
- x8C:#"8C159F02069F03069F1A0295055F2A029A039C019F3704" # EMV, Card Risk Management DOL 1 (CDOL1)
- tag: "8C"
- len: "15" # // 21
- val:#"9F02069F03069F1A0295055F2A029A039C019F3704" # Card Risk Management DOL 1 (CDOL1).
- x9F02:#"9F0206" # EMV, Authorised Amount (Numeric)
- tag: "9F02"
- len: "06"
- x9F03:#"9F0306" # EMV, Amount, Other (Numeric)
- tag: "9F03"
- len: "06"
- x9F1A:#"9F1A02" # EMV, Country Code, Terminal
- tag: "9F1A"
- len: "02"
- x95:#"9505" # EMV, Terminal Verification Results (TVR)
- tag: "95"
- len: "05"
- x5F2A:#"5F2A02" # ISO 7816, Currency Code, Transaction
- tag: "5F2A"
- len: "02"
- x9A:#"9A03" # EMV, Date, Transaction
- tag: "9A"
- len: "03"
- x9C:#"9C01" # EMV, Transaction Type
- tag: "9C"
- len: "01"
- x9F37:#"9F3704" # EMV, Unpredictable Number
- tag: "9F37"
- len: "04"
CDOL1 Tag describes the list of Tags and their Lengths which real Values need to be included into First GENERATE APPLICATION CRYPTOGRAM (AC) APDU Request Data.
SmartCard APDU Request data for First Generate AC Command contained Series of Values mentioned in CDOL1. CDOL2 used for Second Generate AC.
Here is the sample for Generate AC APDU Command and Tag 0x80 Format 1 template in the Response (related to Generate AC Command).
> 80 AE 80 00 1D 000000001000 000000000000 0442 0000000000 0978 150310 00 11223344
< 80 12 80 0001 0102030405060708 06010A03A40000 9000
AE: # EMV, Generate AC
- rq: # ISO 7816-3, Case 4
CLA: "80" # Class byte
INS: "AE" # Instruction
- P1P2: # Parameters 1 and 2
- P1: "80" # Parameter 1
# 10______ - bits 8-7, Authorisation Request Cryptogram (ARQC)
P2: "00" # Parameter 2
- LcData:
len: "1D" # // 29
- val: "0000000010000000000000000372000000000009781112120000000000"
x9F02: "000000001000" # EMV, Authorised Amount (Numeric) // 100
x9F03: "000000000000" # EMV, Amount, Other (Numeric) // 0
x9F1A: "0442" # EMV, Country Code, Terminal // 442 - Luxembourg
x95: "0000000000" # EMV, Terminal Verification Results (TVR)
x5F2A: "0978" # ISO 7816, Currency Code, Transaction // 978 - euro
x9A: "150310" # EMV, Date, Transaction. // 2015.03.10
x9C: "00" # EMV, Transaction Type. // Purchase / Sale
x9F37: "11223344" # EMV, Unpredictable Number
- rs: # Response
- SW1SW2: # Status byte 1 and 2
SW1: "90" # Status byte 1 // Normal processing
SW2: "00" # Status byte 2
- DATA:
- x80:
tag: "80"
len: "12" # // 18
- val: # Template, Response Message Format 1.
- x9F27: # EMV, Cryptogram Information Data (CID)
val: "80" # Cryptogram Information Data (CID).
# 10______ - bits 8-7, ARQC
# _____000 - bits 3-1 (Reason/Advice/Referral Code), No information given
+ x9F36: "0001" # EMV, Application Transaction Counter (ATC)
+ x9F26: "0102030405060708" # EMV, Cryptogram, Application
+ x9F10: "06010A03A40000" # EMV, Issuer Application Data (IAD)
More details about the procedures and flows in EMV specifications available for free at EMVCo site.
Parsing samples were done with online EMV and APDU data parsers.