Source Code
We make available all artifacts for our research. Below is a brief description
of the repositories. Please see each repo’s README.md
for more details
details.
Tamarin Models – contains the formal models for verifying the L1RP protocol described in the paper, as well as the models for the mobile versions of Visa/Mastercard.
L1RP
implementation
– source code for Proxmark firmware and client which implements our new
proposed protocol, L1RP
, via two extra commands (hf 14a noncerdr
and hf
14a noncesim
).
Timing Data – contains the raw data and processing scripts for the Level 1 and Level 3 timings discussed in the paper.
Relays
NFCProxy – the starting-point for our
relay-based Android Apps were the CardEmulator
app and the TerminalEmulator
apps in [1], which are in
turn based on code from
[2].
NFCProxy_uid – our modified Android Apps, for performing our attack against Visa’s relay-protection protocol.
Proxmark transport
firmware – source
code for Proxmark firmware and client, which contains an extra command hf
14a tfl
acting as a Transport for London barriers reader.
RRP Relay – implements the replay of APDUs to a Mastercard RRP test card.
Servers – folder containing all the python scripts needed to run the different servers for our relay apps.
Traces – proxmark traces obtained from our relays (et = express transit; no CDCVM).
[1] Ioana Boureanu, Tom Chothia, Alexandre Debant, Stephanie Delaune, “Security Analysis and Implementation of Relay-Resistant Contactless Payments”, at the 27th ACM Conference on Computer and Communications Security (ACM CCS), 2020.
[2] Tom Chothia et al. “Relay cost bounding for contactless EMV payments.” International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2015.