Here's a tidied up version of the Python code to generate the MRZ from the passport data. It also corrects a padding error.
https://pastebin.com/k0Tty22a
I've written some Rust code to do the same thing. Mainly to get a copy of the photo stored on my passport, and because I was curious about how eMRTDs worked. I enjoyed reading through the ICAO 9303 specs, they were very detailed.
Example: https://github.com/alexrsagen/rs-nfc1/blob/main/examples/rea...
Library with eMRTD specific code: https://github.com/alexrsagen/rs-mrtd1
Many passports also contain digitized fingerprint scans. But those are even harder to access. You need a private key that only governments have.
Hm, he doesn't say whether he managed to decrypt the passport with the missing checksum in the end, or whether the piercing doesn't matter because it's trivial to calculate the checksum from the rest of the info, or how long that would take. Did I miss it, or is that useful information omitted?
There's an android application on fdroid which allows you to do the same thing in a pretty nice UI: https://f-droid.org/packages/com.tananaev.passportreader/ I found it useful as I don't have a USB NFC reader.
You need to enter the passport number and dates yourself though.
I always wondered isn't this kind of specification also have digital signature of the passport issuer or something? Otherwise how do other countries can verify it's not a fake one?
I read this article, but seems like any information about it is kind a omited.
I wonder if you could create a chip that could break the passport reader system. That could really disrupt things, so hopefully that’s not possible.
Its odd that the dates aren't Y2K safe (hard to believe I am typing this in '25).
Hol up. So what stops you from uploading custom photo + metadata onto random chip and planting it in a fake passport?
Is any of this specific to Linux? It looks like it should work in Windows an macOS as well.
You can do this easily with a proxmark 3 rdv4 or clone
The spec for machine readable travel documents is sadly not the most concise but if you're interested in the nitty-gritty details of how to validate documents, how to read data from them, etc then jump into ICAO 9303:
https://www.icao.int/publications/documents/9303_p10_cons_en...
https://www.icao.int/publications/documents/9303_p11_cons_en...
But please keep in mind that this is just the spec for how it's supposed to be implemented. Real world implementations of it have lots of creative interpretations of the spec in addition to straight bugs in their implementations, so if you're going to write software that has to work with various different documents issued by various governments, you'll have many fun debugging sessions :)