Skip to content
Reads EMV cards, extract public keys, checks them for ROCA vulnerability (https://crocs.fi.muni.cz/public/papers/rsa_ccs17). Uses code from https://github.com/devnied/EMV-NFC-Paycard-Enrollment for parsing EMV cards.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea
app
gradle/wrapper
publication_resources/1.0.0/screenshots
.gitignore
LICENSE
README.md
build.gradle
gradle.properties
gradlew
gradlew.bat
set_sl4j_loglevels_via_adb.sh
settings.gradle

README.md

EMV-Card ROCA-Keytest

What's this?

This is a simple Android app, which reads (NFC-enabled) EMV banking cards via NFC, tries to extract the public RSA keys (ICC, issuer and card-scheme CA), and displays the data in hexdecimal form.

The keys are also checked for the ROCA vulnerability (see also the note below).

Update Nov 19, 2017: I've written also a posting on Google+ summarizing what I've done here: https://plus.google.com/+JohannesZweng/posts/bjPMWHT8k7r

Source details

If you want to see how the EMV public keys are recovered from certificates look into EMVKeyReader.java.

The check for the ROCA vulnerability is done in ROCACheck.java which is based on the code from the crocs-muni/roca github repository where credits for porting it to Java go to Martin Paljak.

Download APK:

A readily built APK file can be found in the release section (direct download link: EMV-Key-Test-1.0.0.apk).

Screenshot:

Screenshot

TODO / not working:

  • get a nice logo
  • Currently the ICC PIN Encipherment RSA key (if present) is not checked (mostly because I don't have a card with such a key for testing)
  • the hash within the ICC public key certificate is not checked for validity (currently I didn't implement full data verification of all static authentication data)

Notes regarding ROCA vulnerability and EMV:

I would expect that EMV RSA keys are NOT vulnerable to the ROCA attack, because as far as I understand the EMVCo documents the RSA keys used in payment cards are created externally and then loaded into the payment card during card personalization using well-defined procedures. So the RSA keys are not generated within the payment card.

The ROCA vulnerability only affects keys generated within certain Infineon chips (when the "RSA Library v1.02.013" was used).

So as far as I understand, EMV RSA keys should not be vulnerable to ROCA. But you can check your cards yourself with this app.

I built this app to learn more about EMV certificate chain verification and for fun. :-)

Credits

This app uses code from Julien Millau's EMV-NFC-Paycard-Enrollment library for parsing EMV cards. The library is included as source as I modified it a little bit to get the key-related data fields (which it didn't read by default).

You can’t perform that action at this time.