Specifications
Smart Cards Lab COMPGA12 University College London
One needs also to know how to encode the PIN and the special padding
that extends it to 8 bytes.
The encoding is somewhat strange, we simply write the decimal PIN as
text, treat it as a hex number, 4 digits makes 2 bytes, then we prepend ’24’,
and append five times ’FF’. Thus we get 8 bytes.
VERIFY CHV with DF-specific password (P2=80)
CLA INS P1 P2 Lc DataIn
00 20 00 80 08 24 (PIN in text) FF FF FF FF FF
The answer will be:
If the PIN is correct, the answer should be 90 00.
Please don’t try to find out what is the answer when the PIN is in-
correct. This is very risky. If the PIN is already blocked, the answer is:
SW1 SW2
69 84
This bank card will not work anymore.
If the PIN is incorrect, but we have still several cardholder verification
attempts left, the answer will be:
SW1 SW2
63 C
Where is the number
of PIN attempts left before the card will block itself forever.
Remark: From this we see that current bank cards have the capacity
to process at least twice longer PINs than commonly used (could be also be
longer with a better encoding). However very few banks use longer PINs.
c
Nicolas T. Courtois 2009-10