// Host challenge (HC):
hc = 42 BE 93 29 54 7D B1 F9
auth_level = 00
init_cmd = 80 50 $auth_level 00 08 42 BE 93 29 54 7D B1 F9 1C
init_resp = 00 00 31 19 32 01 18 16 23 5D 01 01 8E 5F 21 90 90 8C BA 34 A1 93 A7 B1 35 91 56 47 90 00
// Diversification data of keys
diversification_data_of_keys = mid( $init_resp, 0, 10 )
// Keys information: 01 01 (keyset=1 & version=1)
keys_information = mid( $init_resp, 10, 2 )
// Card challenge (CC): 8E 5F 21 90 90 8C BA 34
cc = mid( $init_resp, 12, 8 )
// Card cryptogram: A1 93 A7 B1 35 91 56 47
card_cryptogram = mid( $init_resp, 20, 8 )
? "分析 diversification data of keys"
// 2 last bytes of AID Card Manager or AID Security Domain: 00 00
// IC Fabrication Date: 31 19
// IC Serial Number: 32 01 18 16
// IC Batch Identifier: 23 5D
2_last_aid = mid( $diversification_data_of_keys, 0, 2 )
ic_fabrication_date = mid( $diversification_data_of_keys, 2, 2 )
ic_serial_number = mid( $diversification_data_of_keys, 4, 4 )
ic_batch_identifier = mid( $diversification_data_of_keys, 8, 2 )
key = 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F
kdc = $2_last_aid $ic_serial_number f0 02 $2_last_aid $ic_serial_number 0f 02
kdcmac = 3des_encode_ecb( $kdc, $key )
if $kdcmac != B66780AA689F56C8785171DB990317DE
?
pause
endif
kdc = $2_last_aid $ic_serial_number f0 01 $2_last_aid $ic_serial_number 0f01
kdcenc = 3des_encode_ecb( $kdc, $key )
if $kdcenc != 5ECF992F735B3782830335AF8D99E4F8
?
pause
endif
cc1 = left( $cc, 4 )
cc2 = right( $cc, 4 )
hc1 = left( $hc, 4 )
hc2 = right( $hc, 4 )
kscmac = 3des_encode_ecb( $cc2 $hc1 $cc1 $hc2, $kdcmac )
if $kscmac != 42560E63B5DDD23D50F2002C360BEE7E
?
pause
endif
kscenc = 3des_encode_ecb( $cc2 $hc1 $cc1 $hc2, $kdcenc )
if $kscenc != 9BDBE1C5795E78C275B0D8AF2F73DCF7
?
pause
endif
// CardCryptogram = 3DES-CBC (HC + CC + Padding, KSCenc)
card_cryptogram = 3des_encode_cbc( , $hc $cc 80, $kscenc )
card_cryptogram = right( $card_cryptogram, 8 )
if $card_cryptogram != A193A7B135915647
?
pause
endif
// CH = 3DES-CBC (CC + HC + Padding, KSCenc)
ch = 3des_encode_cbc( 00, $cc $hc 80, $kscenc )
ch = right( $ch, 8 )
auth_command = 84 82 $auth_level 00 10 $ch
mac = 3des_encode_cbc( , $auth_command 80, $kscmac )
mac = right( $mac, 8 )
auth_command = $auth_command $mac