Magtek MagneSafe V5 Скачать руководство пользователя | Manualshive

Страница: 128 / 138

background image

MagneSafe V5

120

26D9182EC11353C0 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F
  gets BF110311E7D5453A
XOR 87285D59A8920474
  gets 38395E484F47414E (decrypted block 3)

  Continue on in reverse block order:
87285D59A8920474 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F
  gets F2692820A5E12B9B
XOR C25C1D1197D31CAA
  gets 3035353132323731 (decrypted block 2)

  Continue on in reverse block order:
C25C1D1197D31CAA TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F
  gets 2542353435323330 (decrypted block 1)

  Ordering the decrypted blocks 1st to last we get:
  HEX ASCII
  2542353435323330 %B545230
  3035353132323731 05512271
  38395E484F47414E 89^HOGAN
  2F5041554C202020 /PAUL
  2020205E30383034 ^0804
  3332313030303030 32100000
  3030373235303030 00725000
  3030303F00000000 000?

  We can ignore the last four bytes because they are all hex 00 and fall
  after the End Sentinel.

  ASCII string "%B5452300551227189^HOGAN/PAUL ^08043210000000725000000?"

  This is an accurate decryption of the track.


Track 2 encrypted data
  Block # 1 724C5DB7D6F901C7
  2 F0FEAE7908801093
  3 B3DBFE51CCF6D483
  4 E789D7D2C007D539
  5 499BAADCC8D16CA2

  Appendix C tells us to decrypt the last block:
499BAADCC8D16CA2 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F
  gets D0BBE2E2FF07D539
XOR E789D7D2C007D539
  gets 373235303F000000 (decrypted last block)

  Continue on in reverse block order:
E789D7D2C007D539 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F
  gets 82EBCE61FCC6E4B3
XOR B3DBFE51CCF6D483
  gets 3130303030303030 (decrypted block 4)

  Continue on in reverse block order:
     B3DBFE51CCF6D483 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F
  gets C9C39E4138B423A1
XOR F0FEAE7908801093
  gets 393D303830343332 (decrypted block 3)

  Continue on in reverse block order:

«
...
126
127
128
129
130
...
»

Содержание MagneSafe V5

Страница 1: ...MMUNICATION REFERENCE MANUAL PART NUMBER 99875475 10 NOVEMBER 2012 REGISTERED TO ISO 9001 2008 1710 Apollo Court Seal Beach CA 90740 Phone 562 546 6400 FAX 562 546 6301 Technical Support 651 415 6800...

Страница 2: ...omments usb org REVISIONS Rev Number Date Notes 1 01 08 Jan 10 Initial Release previously part of 99875388 2 01 03 29 2010 Corrected settings for SureSwipe mode corrected data length values in a few o...

Страница 3: ...to the warranty service location and to use the original shipping container or equivalent MagTek will return the product prepaid via a three 3 day shipping service A Return Material Authorization RMA...

Страница 4: ...atus does not exceed the Class B limits for radio noise from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le pr sent appareil num rique...

Страница 5: ...d Encode Type 11 Encrypted Track Data 11 Track 1 Encrypted Data 12 Track 2 Encrypted Data 12 Track 3 Encrypted Data 12 Card Status 12 MagnePrint Status 13 MagnePrint Data Length 13 MagnePrint Absolute...

Страница 6: ...II to Keypress Conversion Type Property KB 42 CRC Flag Property KB and Serial Models 43 Keyboard SureSwipe Flag Property KB UART RS 232 44 Decode Enable Property 44 SS JIS Type 2 Property 45 ES JIS Ty...

Страница 7: ...te Command 68 Set Security Level Command 70 Get Transaction Count Command Flash Reader Only 71 Read Oldest Transaction Command Flash Reader Only 71 Erase Oldest Transaction Command Flash Reader Only 7...

Страница 8: ...viii...

Страница 9: ...format as described in this document but the MagnePrint data will not be sent In the HID mode the reader sends track data but does not send MagnePrint data By default the data is sent in the format de...

Страница 10: ...y Y S S 0x02 Reset Device Y X X 0x03 Get Keymap Item Y Y Y 0x04 Set Keymap Item Y S S 0x05 Save Custom Keymap Y S S 0x09 Get DUKPT KSN and Counter Y Y Y 0x0A Set Session ID Y Y Y 0x10 Activate Authent...

Страница 11: ...eless USB reader can also be directly connected to the host with a USB cable for updating firmware and charging the battery When the wireless reader is directly connected the PID is 0x0014 Since this...

Страница 12: ...a Input 33 Encrypted MagnePrint data Data Input 38 Card encode type Data Input 39 Card status Data Input 40 Device Serial Number Data Input 42 Reader Encryption Status Data Input 46 DUKPT serial numbe...

Страница 13: ...Size 8 75 08 Usage Track 1 decode status 09 20 Usage Track 2 decode status 09 21 Usage Track 3 decode status 09 22 Usage Track 1 encrypted data length 09 28 Usage Track 2 encrypted data length 09 29...

Страница 14: ...ount 10 95 0A Input Data Variable Absolute Buffered Bytes 82 02 01 Usage Track 1 Masked data length 09 47 Usage Track 2 Masked data length 09 48 Usage Track 3 Masked data length 09 49 Report Count 3 9...

Страница 15: ...09 57 Report Count 20 95 14 Input Data Variable Absolute Buffered Bytes 82 02 01 Usage Command Message 09 20 Report Count 60 95 3C Feature Data Variable Absolute Buffered Bytes B2 02 01 End Collectio...

Страница 16: ...tructured into HID reports follow later in this section Windows applications that communicate to this reader can be easily developed These applications can communicate to the reader using standard win...

Страница 17: ...ck 2 encrypted data length 5 Track 3 encrypted data length 6 Card encode type 7 118 Track 1 encrypted data 119 230 Track 2 encrypted data 231 342 Track 3 encrypted data 343 Card status 344 347 MagnePr...

Страница 18: ...ecoding track 3 Bit position zero indicates if there was an error decoding track 3 if this bit is set to one If it is zero then no error occurred If a track has data on it that is not noise and it is...

Страница 19: ...scription 0 ISO ABA ISO ABA encode format see Appendix E Identifying ISO ABA and AAMVA Cards for ISO ABA description 1 AAMVA AAMVA encode format see Appendix E Identifying ISO ABA and AAMVA Cards for...

Страница 20: ...bytes it is padded with binary zeros to fill up the 8 bytes After this final clear text block is XORed with the prior 8 bytes of encrypted data it is encrypted and placed in the Encrypted Data buffer...

Страница 21: ...age M Bits 1 15 Product revision mode usage R Bit 16 STATUS only state usage S Bit 17 Noise too high or move me away from the noise source used only in STATUS usage N Bit 18 Swipe too slow usage L Bit...

Страница 22: ...was an error decoding the track Track 3 Masked Data Length This one byte value indicates how many bytes of decoded card data are in the track 3 Masked Data field This value will be zero if there was n...

Страница 23: ...em will be set such that last digit of the PAN calculates an accurate Mod 10 check of the rest of the PAN as transmitted If the Mod 10 correction is not specified all of the intermediate characters of...

Страница 24: ...ted If the Mod 10 correction is not specified all of the intermediate characters of the PAN are set to the specified mask character All Field Separators are sent unmasked All other characters are set...

Страница 25: ...this CRC The CRC is converted to 16 characters of ASCII before being sent After the receiver decrypts the message the CRC is contained in the first 2 bytes of the message all other bytes are meaningl...

Страница 26: ...is then converted to two bytes of ASCII data representing the Hexadecimal value of the encrypted byte many of the encrypted bytes will not have values in the ASCII character range When the reader is i...

Страница 27: ...Sentinel 0x3F 0x3F 0x3F 0x3F Track 1 Track 2 and Track 3 Encrypted Data includes the Start and End Sentinel that were decoded from the card All fields with the format P are programmable configuration...

Страница 28: ...changed the first character of the Format Code will automatically change to a 1 The application may change the final three characters but making such a change will automatically cause the first charac...

Страница 29: ...ers and they should contain only the characters 0123456789ABCDEF The receiver will combine two successive ASCII characters from the message to form one byte see the descriptions of the commands which...

Страница 30: ...umber Description 0x00 Get Property Gets a property from the reader 0x01 Set Property Sets a property in the reader 0x02 Reset Device Resets the reader 0x03 Get Keymap Item Gets a key map item KB only...

Страница 31: ...data Result Code This one byte field contains the value of the result code There are two types of result codes generic result codes and command specific result codes Generic result codes always have t...

Страница 32: ...s for the Get and Set Property commands can be any of the codes listed in the generic result code table If the Set Property command gets a result code of 0x07 it means the required MAC was absent or i...

Страница 33: ...x17 ASCII To Keypress Conversion Type Type of conversion performed when converting ASCII data to key strokes 0x19 0x19 CRC Flag Enables disables sending CRC 0x1A 0x1A Keyboard SureSwipe Flag Enables d...

Страница 34: ...length of the property The following table lists all of the property types and describes them Property Type Description Byte This is a one byte value The valid values depend on the property String Th...

Страница 35: ...the USB serial number This string can be 0 15 bytes long The value of this property if any will be sent to the host when the host requests the USB string descriptor This property is stored in non vola...

Страница 36: ...us bandwidth used by the reader and slowing down the card data transfer rate decreases the USB bus bandwidth used by the reader The value of this property if any will be sent to the host when the host...

Страница 37: ...the unit is power cycled When this property is changed the unit must be reset see Command Number 2 or power cycled to have these changes take effect This reader must be unplugged for at least 30 seco...

Страница 38: ...owed for that track will be decoded If the track cannot be decoded by the ISO method it will be considered to be in error T 00 Track Disabled 01 Track Enabled 10 Track Enabled Required Error if blank...

Страница 39: ...the Mod 10 Correction should be applied to the PAN Y means Yes the Mod 10 Correction will be applied N means No the Mod 10 will not be applied This option is only effective if the masking character i...

Страница 40: ...has units of bytes The maximum packet size tells the host the maximum size of the Interrupt In Endpoint packets For example if the maximum packet size is set to 8 the reader will send HID reports in m...

Страница 41: ...rs are in effect An application that wishes to communicate with the reader must use the correct speed and parity There is no method of bringing a reader to a default speed and parity thus the user tha...

Страница 42: ...operty Yes Default Value 120 0x78 seconds Description This property specifies in seconds the minimum amount of time a wireless reader will operate in the absence of activity Activity is defined as a S...

Страница 43: ...e memory so it will persist when the unit is power cycled When this property is changed the unit must be reset see Command Number 2 or power cycled for these changes to take effect Track Data Transmis...

Страница 44: ...after a good swipe In this case the reader may be powered down by pressing and holding the User Switch or it will go off after the activity timeout This property is stored in non volatile memory so i...

Страница 45: ...process at the time the reader and dongle are paired together Additionally the read and dongle pair should be labeled with a unique matching identifier so that they can be visually distinguished from...

Страница 46: ...ilable After this property is changed the reader should be power cycled before changing any other properties Readers other than the USB HID and KB emulation models return other Interface Type values a...

Страница 47: ...d the start sentinels that were modified to indicate the card encode type need to be converted back to their original values Note that this property only applies to track data sent via the keyboard in...

Страница 48: ...ransmitted in unless the ICL bit in this property is set to 1 Er 00 Don t send any card data if error NOT CURRENTLY IMPLEMENTED 01 Don t send track data if error 11 Send E for each track error This pr...

Страница 49: ...map The key map can be modified to another countries key map by using commands Get Key Map Set Key Map and Save Custom Key Map See the command section of this manual for a complete description of thes...

Страница 50: ...is set to 1 ALT ASCII code instead of using the key map a international keyboard key press combination consisting of the decimal value of the ASCII character combined with the ALT key modifier is used...

Страница 51: ...ows 0 0 0 0 0 0 E S E 0 The Encrypted CRC will NOT be sent 1 The Encrypted CRC will be sent S 0 The Clear Text CRC will NOT be sent 1 The Clear Text CRC will be sent This property is used to designate...

Страница 52: ...e of 0x01 enables SureSwipe emulation a value of 0x00 disables it A user might disable SureSwipe emulation to allow the reader to emit keyboard data in the full V5 format without encryption This could...

Страница 53: ...ex Cmd Num Data Len Prp ID 00 01 1B Example Get property Response Hex Result Code Data Len Prp Value 00 01 01 SS JIS Type 2 Property Property ID 0x1C Property Type Byte Length 1 byte Get Property Yes...

Страница 54: ...gth 0 7 bytes Get Property Yes Set Property Yes Default Value No string with a length of zero Description The value is an ASCII string that represents the reader s pre card string This string can be 0...

Страница 55: ...ample Set Post Card String property Response Hex Result Code Data Len Data 00 00 Example Get Post Card String property Request Hex Cmd Num Data Len Prp ID 00 01 1F Example Get Post Card String propert...

Страница 56: ...t after the data for each track The string can be 0 7 bytes long If the value is 0 no character is sent This property is stored in non volatile memory so it will persist when the unit is power cycled...

Страница 57: ...rint info reader info DUKPT info etc If the value is 0 no character is sent If the value is in the range 1 127 then the equivalent ASCII character will be sent This property is stored in non volatile...

Страница 58: ...ack 3 start sentinel for cards that have track 3 encoded in ISO ABA format If the value is 0 no character is sent If the value is in the range 1 127 then the equivalent ASCII character will be sent Th...

Страница 59: ...0x29 Property Type Byte Length 1 byte Get Property Yes Set Property Yes Default Value 0x26 Description This character is sent as the track 3 start sentinel for cards that have track 3 encoded in 7 bi...

Страница 60: ...ans the Format Code is user defined This property is stored in non volatile memory so it will persist when the unit is power cycled When this property is changed the unit must be reset see Command Num...

Страница 61: ...Description This character is sent as the end sentinel for track 3 with any format If the value is 0 no character is sent If the value is in the range 1 127 then the equivalent ASCII character will be...

Страница 62: ...encoded data read If a card is encoded according to ISO ABA rules track 1 in 7 bit format tracks 2 3 in 5 bit format and track 1 does not begin with the character B the track 1 masked data field will...

Страница 63: ...te Get Property Yes Set Property No Default Value None Description This value is used to determine if a card is fully inserted into the device If a card is fully inserted into the device this property...

Страница 64: ...lear AAMVA card data Example Set Send Clear AAMVA Card Data property Request Hex Cmd Num Data Len Prp ID Data 01 06 34 01 xx xx xx xx where xx xx xx xx is the MAC Example Set Send Clear AAMVA Card Dat...

Страница 65: ...be reset see Command Number 2 or power cycled to have these changes take effect Example Set HID SureSwipe Flag property Request Hex Cmd Num Data Len Prp ID Data 01 02 38 01 Example Set HID SureSwipe F...

Страница 66: ...ers will get dropped from the card data The larger this delay is made the longer it will take the card data to get transferred to the host A delay of 12ms 0x0C was observed to work reliably with a Win...

Страница 67: ...ends this command to the reader it should close the USB port wait a few seconds for the operating system to handle the reader detach followed by the attach and then re open the USB port before trying...

Страница 68: ...ier byte modifies the meaning of the key usage ID The modifier byte indicates if any combination of the right or left Ctrl Shift Alt or GUI keys are pressed at the same time as the key usage ID For a...

Страница 69: ...strokes are sent to the host to represent the ASCII character The key map maps a single ASCII character to a single USB key usage ID and USB key modifier byte The key usage ID and the key modifier byt...

Страница 70: ...et the key map item for ASCII character card data end sentinel use the ASCII value of which is 63 0x3F 1 Key Usage ID The value of the USB key usage ID that is to be mapped to the given ASCII value Fo...

Страница 71: ...rect MAC Command not authorized Example Save Custom Keymap Request Hex Cmd Num Data Len Data 05 00 Example Save Custom Keymap Response Hex Result Code Data Len Data 00 00 DUKPT Operation Since key loa...

Страница 72: ...uely identify the present transaction Its primary purpose is to prevent replays After a card is read the Session ID will be encrypted along with the card data a supplied as part of the transaction mes...

Страница 73: ...ly command followed by the last two bytes of the KSN These last two bytes of the KSN may be compared with the last two bytes of the clear text KSN sent in the message to authenticate the reader The ap...

Страница 74: ...003 9845 A48B 7ED3 C294 7987 5FD4 03FA 8543 Activation Challenge Reply Command Command number 0x11 Description This command is used as the second part of an Activate Authentication sequence In this co...

Страница 75: ...Len Data 11 08 8579827521573495 Example Activation Challenge Reply Response Hex Result Code Data Len Data 00 00 Deactivate Authenticated Mode Command Command number 0x12 Description This command is us...

Страница 76: ...Key Response Data None Result codes 0x00 Success 0x02 Bad Parameters the Request Data is not a correct length 0x03 Bad Data the encrypted reply data could not be verified 0x07 Sequence not expecting...

Страница 77: ...d since it was powered up 0x01 GoodAuth Authentication Activation Successful The reader processed a valid Activation Challenge Reply command 0x02 GoodSwipe Good Swipe The user swiped a valid card corr...

Страница 78: ...nt the MAC field should NOT be sent 1 MAC Four byte MAC to secure the command Response Data Offset Field Name Description 0 Security Level Only present if there was no request data This field gives th...

Страница 79: ...nsactions stored Hex Result Code Data Len Data 00 01 09 Read Oldest Transaction Command Flash Reader Only Command number 0x17 Description This command is used to stimulate the reader to send the oldes...

Страница 80: ...ore erasure Example Request Erase Oldest Transaction Hex Cmd Num Data Len Data 18 00 Example Response Erase Oldest Transaction Hex Result Code Data Len Data 00 00 Get Encryption Counter Command Comman...

Страница 81: ...Counter Response Hex Encryption Counter is 2033 Result Code Data Len Data 00 13 54455354205345545550203030303100 0007F1 Power Down Command Wireless USB Reader Only Command number 0x28 Description Thi...

Страница 82: ...ypt Bulk Data Command Command number 0x30 Description This command will encrypt up to a maximum of 120 bytes The Data Response variant of the DUKPT key will be used to encrypt data It will also comput...

Страница 83: ...less than 15 bytes it will be left justified The 16th byte will always be set to NULL Cryptogram Encrypted data the length of which is always a multiple of 8 this field can be maximum of 120 characte...

Страница 84: ...MagneSafe V5 76...

Страница 85: ...rd data HID mode only The part numbers for the demo program can be found in this document in Section 1 under Accessories INSTALLATION To install the demo program run the setup exe file and follow the...

Страница 86: ...ult The command request and the command result will be displayed in the Communications Dialog edit box The Clear Dialog button clears the Communication Dialog edit box To read cards and view the card...

Страница 87: ...should be used so that a keyboard may be modified for a different language by simply printing different keycaps One example is the Y key on a North American keyboard In Germany this is typically Z Rat...

Страница 88: ...01 104 28 1C Keyboard y and Y 4 22 4 101 104 29 1D Keyboard z and Z 4 46 4 101 104 30 1E Keyboard 1 and 4 2 4 101 104 31 1F Keyboard 2 and 4 3 4 101 104 32 20 Keyboard 3 and 4 4 4 101 104 33 21 Keyboa...

Страница 89: ...104 68 44 Keyboard F11 122 101 104 69 45 Keyboard F12 123 101 104 70 46 Keyboard PrintScreen 1 124 101 104 71 47 Keyboard Scroll Lock 11 125 4 101 104 72 48 Keyboard Pause 1 126 101 104 73 49 Keyboard...

Страница 90: ...ation 10 129 104 102 66 Keyboard Power 9 103 67 Keypad 104 68 Keyboard F13 62 105 69 Keyboard F14 63 106 6A Keyboard F15 64 107 6B Keyboard F16 65 107 6C Keyboard F17 109 6D Keyboard F18 110 6E Keyboa...

Страница 91: ...ational9 22 144 90 Keyboard Lang1 25 145 91 Keyboard Lang2 26 146 92 Keyboard Lang3 30 147 93 Keyboard Lang4 31 148 94 Keyboard Lang5 32 149 95 Keyboard Lang6 8 150 96 Keyboard Lang7 8 151 97 Keyboard...

Страница 92: ...ypad 196 C4 Keypad 197 C5 Keypad 198 C6 Keypad 199 C7 Keypad 200 C8 Keypad 201 C9 Keypad 202 CA Keypad 203 CB Keypad 204 CC Keypad 205 CD Keypad Space 206 CE Keypad 207 CF Keypad 208 D0 Keypad Memory...

Страница 93: ...a non locking key sent as member of an array 12 Implemented as a locking key sent as a toggle button Available for legacy support however most systems should use the non locking version of this key 13...

Страница 94: ...es the Zenkaku Hankaku key for Japanese USB word processing keyboards 33 The symbol displayed will depend on the current locale settings of the operating system For example the US thousands separator...

Страница 95: ...ce Class Definition for Human Interface Devices HID Version 1 11 and specifically for this manual Section 8 3 Report Format for Array Items The modifier byte is defined as follows Table B 1 Modifier B...

Страница 96: ...MagneSafe V5 88...

Страница 97: ...he derived key is used These sequences are based on the following data Derivation Key 0123 4567 89AB CDEF FEDC BA98 7654 3210 Initially Loaded Key Serial Number KSN FFFF 9876 5432 10E0 0000 Initially...

Страница 98: ...MagneSafe V5 90...

Страница 99: ...N 02 DATA 10 00 Response RC 00 LEN 00 DATA 02 00 Reset so changes take effect Request CMND 02 LEN 00 DATA Response RC 00 LEN 00 DATA Delay waited 5 seconds 00 01 10 Get current interface should return...

Страница 100: ...t interface should be 00 Request CMND 00 LEN 01 DATA 10 Response RC 00 LEN 01 DATA 00 00 01 01 Get current USB SN should be 1234 Request CMND 00 LEN 01 DATA 01 Response RC 00 LEN 04 DATA 31 32 33 34 0...

Страница 101: ...00 00 00 Example 2 Configuring a reader before encryption is enabled Secureity Level 2 In this example the reader is set up for Keyboard Emulation This script demonstrates configuration commands for...

Страница 102: ...t ISO Track Mask 0404 N uses as mask char Request CMND 01 LEN 07 DATA 07 30 34 30 34 2A 4E Response RC 00 LEN 00 DATA 00 01 19 Get current CRC Flags Request CMND 00 LEN 01 DATA 19 Response RC 00 LEN 0...

Страница 103: ...FF FF FF FF 01 05 2C 31323334 Set to 1234 Request CMND 01 LEN 05 DATA 2C 31 32 33 34 Response RC 00 LEN 00 DATA 02 00 Reset so changes take effect Request CMND 02 LEN 00 DATA Response RC 00 LEN 00 DA...

Страница 104: ...06 DATA 54 52 4B 45 4E 44 00 01 22 Get current Termination String should return TXEND ENTER Request CMND 00 LEN 01 DATA 22 Response RC 00 LEN 06 DATA 54 58 45 4E 44 0D 00 01 2C Get current Format Code...

Страница 105: ...00 00 00 00 00 340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...

Страница 106: ...ack 3 Masked data 844 851 Encrypted Session ID 852 Track 1 Absolute data length 853 Track 2 Absolute data length 854 Track 3 Absolute data length 855 MagnePrint Absolute data length Using this informa...

Страница 107: ...0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 477 492 Device serial number not set not filled 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 493 494 Reader Encryptio...

Страница 108: ...al Reference Manual and USB KB SureSwipe USB KB Swipe Reader Technical Reference Manual 99875206 the KB Data SureSwipe format is broken down like this Tk1 SS Tk1 Data ES Tk2 SS Tk2 Data ES Tk3 SS Tk3...

Страница 109: ...ession ID P35 DUKPT serial number counter P35 Clear Text CRC P35 Encrypted CRC P35 Format Code P34 Each of the Pxx elements has the default value in this configuration thus we can reinterpret the form...

Страница 110: ...se RC 00 LEN 0A DATA FF FF 98 76 54 32 10 E0 00 01 For KSN 1 MAC Key 042666B4918430A3 68DE9628D03984C9 The command to change Security Level looks like 15 05 03 nnnnnnnn where nnnnnnnn is the MAC The d...

Страница 111: ...MAC The data to be MACd is 15 05 04 Data to be MACd must be in blocks of eight bytes so we left justify and zero fill the block to get 15 05 04 00 00 00 00 00 This is the block to MAC For convenience...

Страница 112: ...For convenience show it as the compacted form 1505040000000000 The MAC algorithm run with this data uses the following cryptographic operations Single DES Encrypt the data to be MACd with the left hal...

Страница 113: ...Polling Interval to 1 ms Request CMND 01 LEN 06 DATA 02 01 87 20 CE 23 Response RC 00 LEN 00 DATA 00 01 1E Get current Pre Card String Request CMND 00 LEN 01 DATA 1E Response RC 00 LEN 00 DATA Form M...

Страница 114: ...32F gets 1FA9A44C703099E1 MAC is first four bytes 1FA9A44C 01 05 21 1FA9A44C Set to Request CMND 01 LEN 05 DATA 21 1F A9 A4 4C Response RC 00 LEN 00 DATA 00 01 22 Get current Termination String Reques...

Страница 115: ...A 21 Response RC 00 LEN 00 DATA 00 01 22 Get current Termination String should return ENTER Request CMND 00 LEN 01 DATA 22 Response RC 00 LEN 01 DATA 0D 00 01 2C Get current Format Code Request CMND 0...

Страница 116: ...using Current Encryption Key variant as above A72D2DB236BF29D2 TDES Dec with FD0329B2DA3AA6EA B7979DF75D9B5DF5 34DB9230698281B4 Build an Activation Challenge Reply command cmd len cryptogram 11 08 XXX...

Страница 117: ...D0 F0 72 A6 CB 34 40 36 56 0B 30 71 FC 1F D1 1D 9F 7E 74 88 67 42 D9 BE E0 CF D1 60 EA 10 64 C2 13 BB 55 27 8B 2F 12 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

Страница 118: ...00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 840 00 00 00 00 21 68 5F 15 8B 5C 6B E0 3C 25 1F 36 According to the USB MagneS...

Страница 119: ...00 00 00 231 342 Track 3 encrypted data 76 BB 01 3C 0D FD 81 95 F1 6F 2F BC 50 A3 51 71 AA 37 01 31 F8 74 42 31 3E E3 64 57 B8 7C 87 F9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

Страница 120: ...00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 844 851 Encrypted Session ID user didn t load all zeroes 21 68 5F 15 8B 5C 6B E0 852...

Страница 121: ...7F gets 0704673B0041CC2F XOR 3436560B3071FC1F gets 3332313030303030 decrypted block 6 Continue on in reverse block order 3436560B3071FC1F TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets 718DF68EC...

Страница 122: ...0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 As Track 2 Encrypted Data Length cites 40 bytes only we c...

Страница 123: ...curate decryption of the track Track 3 encrypted data 76 BB 01 3C 0D FD 81 95 F1 6F 2F BC 50 A3 51 71 AA 37 01 31 F8 74 42 31 3E E3 64 57 B8 7C 87 F9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...

Страница 124: ...D5244FF621E AA6F6120EDEB427F gets AF4EABEE4973E402 XOR D0E31706106903E6 gets 7FADBCE8591AE7E4 decrypted block 5 Continue on in reverse block order D0E31706106903E6 TDES Dec with 27F66D5244FF621E AA6F6...

Страница 125: ...ata received Raw KB Data Byte Content 0 B5452000000007189 HOGAN PAUL 08040000000000 50 000000000 5452000000007189 080400000000000000 51 100 63000050000445 000000000000 0600 C25C1D1197D31CAA 150 87285D...

Страница 126: ...to the structure B5452000000007189 HOGAN PAUL 08040000000000000000000 5452000000007189 080400000000000000 5163000050000445 000000000000 0600 C25C1D1197D31CAA87285D59A892047426D9182EC11353C051ADD6D0F07...

Страница 127: ...74886742 7 D9BEE0CFD1EA1064 8 C213BB55278B2F12 Appendix C tells us to decrypt the last block C213BB55278B2F12 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets E98ED0F0D1EA1064 XOR D9BEE0CFD1EA1064...

Страница 128: ...000 000 We can ignore the last four bytes because they are all hex 00 and fall after the End Sentinel ASCII string B5452300551227189 HOGAN PAUL 08043210000000725000000 This is an accurate decryption o...

Страница 129: ...91059A0FB 2 FE627954EE21868A 3 EE3979540B67FCC4 4 0F61CECA54152D1E Appendix C tells us to decrypt the last block 0F61CECA54152D1E TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets DE0949643B57C3C4...

Страница 130: ...ntinue on in reverse block order C07B12648DCAC4FD TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets AAC8D06ACCF27E6D XOR BE6EE7466B81196E gets 14A6372CA7736703 decrypted block 5 Continue on in reve...

Страница 131: ...0FE2C5A3556E9CE5A9B2E6DB8914A6372C A77367036EFAADC02F02C4FB76C6CFD8A59C0000 This is an accurate decryption of the MagnePrint data Encrypted Session ID user didn t load all zeroes 21685F158B5C6BE0 As t...

Страница 132: ...MagneSafe V5 124...

Страница 133: ...cy will be sent in the clear c If the Format Code PAN Name or Expiration Date contain the character End Sentinel the field is not correctly structured d A correctly structured Format Code is the first...

Страница 134: ...e the card is considered to be an AAMVA card 3 AAMVA card masking when enabled works as follows a Tracks 1 3 are sent entirely masked i e zeros are supplied in all character positions b Track 2 The go...

Страница 135: ...re 0x01 USB Serial Num No string with a length of zero 0x02 Polling Interval 1 ms 0x03 Device Serial Num No string with a length of zero 0x04 MagneSafe Version Number V05 0x05 Track ID Enable 0x95 0x0...

Страница 136: ...perty JIS 0x00 0x1C SS JIS TYPE 2 0x7F DEL 0x1D ES JIS TYPE 2 0x7F DEL 0x1E Pre Card String 0x00 0x1F Post Card String 0x00 0x20 Pre Track String 0x00 0x21 Post Track String 0x00 0x22 Termination Stri...

Страница 137: ...Enable MagneSafe 2 0 format 0x00 Disabled 0x37 MagneSafe 2 0 Decode Status 0x00 no decodes performed yet 0x38 HID SureSwipe Flag 0x00 0x39 MagneSafe 2 0 Track Handling 0x00 always create MS 2 0 forma...

Страница 138: ...0x46 Transaction Threshold Exhausted Message 0x47 Bad Read Message 0x48 Good Read Message 0x49 Authenticated Message 0x4A Waiting Authentication Message 0x4B Transaction Validation Rejected text 0x50...

Отзывы:

Нет отзывов

Похожие инструкции для MagneSafe V5

Perfect Binder D1

Бренд: Canon Страницы: 99

Бренд: U-Prox Страницы: 4

Бренд: Zonet Страницы: 2

Бренд: GeoVision Страницы: 44

Бренд: BluStream Страницы: 6

Бренд: Akai Страницы: 15

Бренд: QFX Страницы: 8

Бренд: ECG Страницы: 80

Бренд: Axxera Страницы: 18

USB RFID Reader

Бренд: ThingMagic Страницы: 16

Бренд: Cognex Страницы: 29

Бренд: Metra Electronics Страницы: 16

Бренд: Panasonic Страницы: 12

Бренд: IDTECH Страницы: 62

Бренд: Wolf Garten Страницы: 25

Gemplus 41N3005

Бренд: Lenovo Страницы: 42

Бренд: Panasonic Страницы: 2

ePassport Reader JT-P100

Бренд: Panasonic Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды