EMV Tools

Introduction

EMV tools live under Tools → EMV. They’re organised by transaction phase: parsers and references for inspecting card data, then authentication and cryptogram tools for the cryptographic stages of an EMV flow.

If you’re unsure which tool you need, start with the EMV Data Parser — paste a captured response, and the parser will name the tags involved and link out to per-tag documentation.

ATR Parser

Decodes the Answer To Reset (ATR) returned by a contact smart card.

Inputs

• ATR — Hex bytes returned during card power-up (e.g. 3B 7F 96 00 00 80 31 80 65 B0 84 12 11 84 80 0F 90 00).

Output

The parser breaks the ATR into:

• TS — Initial character (direct vs inverse convention).
• T0 — Format byte; indicates the presence of TA1, TB1, TC1, TD1.
• TA_i / TB_i / TC_i / TD_i — Interface bytes describing protocol parameters.
• Historical Bytes — Often contain a Card Issuer Identifier or pre-issuing data.
• TCK — Optional check byte.

EMV Tag Dictionary

A searchable database of EMV tags drawn from EMV Books 1–4 plus scheme-specific kernels (Visa, MasterCard, JCB, AMEX, Discover).

Search

• Tag — Search by hex tag (e.g. 9F26).
• Name — Search by tag name (e.g. cryptogram).
• Kernel — Filter by Visa, MasterCard, JCB, AMEX, etc.
• Source — Limit to tags originating from the ICC, terminal, or both.

Per-Tag Information

• Tag, name, scope (template), and book reference.
• Format (binary, numeric, alphanumeric, compressed numeric, etc.).
• Length range.
• Description and usage notes.

EMV Data Parser

Paste raw EMV transaction data (hex) and the parser splits it into BER-TLV tags, recursively expanding nested templates.

Sample

Input:
9F1A 02 0840 9F35 01 22 9F33 03 E0F8C8 9F40 05 F000F0A001

Output:
9F1A (Terminal Country Code)        0840         (United States)
9F35 (Terminal Type)                22           (Attended, online-only)
9F33 (Terminal Capabilities)        E0F8C8       (Manual, magstripe, IC; offline + online; no PIN)
9F40 (Additional Terminal Capab.)   F000F0A001   (cash, goods, services, transfer; voice, alpha)

Each parsed tag is clickable — opening it reveals the tag’s full description from the Tag Dictionary in a side panel.

APDU Response Query

Look up the meaning of a 2-byte SW1/SW2 status word.

Inputs

• SW1 SW2 — e.g. 9000, 6982, 6A82.

Output

• Friendly name and meaning.
• ISO 7816-4 reference.
• Common causes and recommended terminal action.

SDA Verification

Static Data Authentication: the terminal verifies issuer-signed static data against a CA public key.

Inputs

• CA Public Key — Modulus + exponent from the Visa / MasterCard CA hierarchy.
• Issuer Public Key Certificate — Tag 90.
• Issuer Public Key Remainder — Tag 92 (optional).
• Issuer Public Key Exponent — Tag 9F32.
• Signed Static Application Data — Tag 93.
• Static Data to be Authenticated — Built from AFL records.

Walk-through

1. Provide the CA public key for the matching CA index.
2. Provide the issuer public key certificate, remainder, and exponent.
3. Provide the signed static data.
4. Click Verify. The tool recovers the issuer public key, then verifies the signed static data and reports the recovered hash and SDA result.

DDA Verification

Dynamic Data Authentication: the card signs terminal-supplied dynamic data, proving possession of the ICC private key.

Inputs

• CA Public Key
• Issuer Public Key Certificate (as in SDA)
• ICC Public Key Certificate — Tag 9F46.
• ICC Public Key Remainder — Tag 9F48.
• ICC Public Key Exponent — Tag 9F47.
• Signed Dynamic Application Data — Tag 9F4B (returned by INTERNAL AUTHENTICATE).
• Dynamic Data — Terminal-supplied UN and ICC Dynamic Number.

The tool produces a verification result and shows the recovered hash for inspection. CDA (Combined DDA / GENERATE AC) is supported in the same tab via a flag.

Application Cryptogram

Generates ARQC, TC, AAC values for online and offline authorisation. Separate sub-tools cover EMV 4.1, EMV 4.2, MasterCard, and Visa Smart Debit/Credit (VSDC) variants.

Inputs (typical)

• Master Key (MK_AC) — Issuer master cryptogram key.
• PAN, PAN Sequence — To derive the ICC master key.
• ATC — Application Transaction Counter.
• UN, ARQC Data — Built from the CDOL or DOL.
• Cryptogram Version Number (CVN) — Selects the derivation tree.

Output

• Derived ICC master key.
• Session key (when applicable).
• ARQC / TC / AAC value.
• ARPC and ARC for the host response, when supplied.

Secure Messaging

Generates and verifies EMV Secure Messaging for Confidentiality (SMC) and Integrity (SMI) on issuer scripts.

Inputs

• Master Keys — MK_SMC for confidentiality, MK_SMI for integrity.
• PAN / PAN SEQ / ATC — To derive session keys.
• Plain Script Command — APDU to wrap.

Output

• Wrapped script command with MAC and (optionally) encrypted payload.
• Session keys used.

ICC Dynamic Number Generator

Computes the ICC Dynamic Number used during DDA / CDA. Useful for stub testing of card-side cryptography.

DS Partial Key

Helpers for the Data Storage Partial Key operations introduced in MasterCard / Mobile MasterCard kernels.

CAP Token Computation

Computes Chip Authentication Programme (CAP) tokens used by some banks for online banking 2FA.

Inputs

• Card data — Track 2 equivalent data, ATC.
• IPB / CAP Token Mask — Issuer-defined masking.
• Master Key — Issuer master AC key.

Output is the typed-on-screen CAP code (typically 8 digits) the customer would key into the banking website.

HCE (Host Card Emulation)

Helpers for HCE token-based contactless flows. Generates Limited-Use Keys (LUKs) and Single Use Keys (SUKs) used by mobile wallet implementations following EMVCo Tokenisation.

Tips

• For SDA / DDA work, double-check the CA public key index in tag 8F matches the CA you supply — mismatched indices is the most common SDA failure.
• Cryptogram versions vary by issuer. Use the EMV Data Parser to extract the IAD (tag 9F10) — the CVN is encoded inside it.
• The EMV Tag Dictionary is exposed inside other tools as a side panel; you don’t need to keep a separate window open.