MagTek Bluetooth MagneSafe V5 Swipe Reader User Manual
Page 80
Bluetooth MagneSafe V5 Swipe Reader
72
; The block is encrypted using a variant of the Current Encryption Key
; (Current Encryption Key XOR with 3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C)
;
; Current Key 0DF3D9422ACA561A 47676D07AD6BAD05
; XOR 3C3C3C3C3C3C3C3C 3C3C3C3C3C3C3C3C
; = 31CFE57E16F66A26 7B5B513B91579139
;
; 34DB923069828100 TDES Enc with 31CFE57E16F66A26 7B5B513B91579139 = CA CB BD 5F 58
D5 C9 50
;
; Send the Deactivate Authenticated Mode command
12 08 CACBBD5F58D5C950
Example 4: Swipe decryption, Bluetooth Reader in Security Level 3 or 4:
This example shows the data received in a Card Swipe for a reader at Security Level 3,
KSN Count = 8. It will go on to show the steps to decrypt ALL the data received.
Raw Card Swipe Data:
Byte Content
0 %B5452000000007189^HOGAN/PAUL ^08040000000000
50 000000000?;5452000000007189=080400000000000000?+51
100 63000050000445=000000000000?|0600|C25C1D1197D31CAA
150 87285D59A892047426D9182EC11353C051ADD6D0F072A6CB34
200 36560B3071FC1FD11D9F7E74886742D9BEE0CFD1EA1064C213
250 BB55278B2F12|724C5DB7D6F901C7F0FEAE7908801093B3DBF
300 E51CCF6D483E789D7D2C007D539499BAADCC8D16CA2|E31234
350 A91059A0FBFE627954EE21868AEE3979540B67FCC40F61CECA
400 54152D1E|A1050000|8628E664C59BBAA232BA90BFB3E6B41D
450 6F4B691E633C311CBE6EE7466B81196EC07B12648DCAC4FD7F
500 D0E212B479C60BAD8C74F82F327667||21685F158B5C6BE0|F
550 FFF9876543210E00008|B78F||0000
The Card Swipe Data is broken down like this:
[P30]
[P32] [Tk1 SS] [Tk1 Masked Data] [ES] [P33]
[P32] [Tk2 SS] [Tk2 Masked Data] [ES] [P33]
[P32] [Tk3 SS] [Tk3 Masked Data] [ES] [P33]
[P31]
[P35] [Reader Encryption Status]
[P35] [Tk1 Encrypted Data (including TK1 SS and ES)]
[P35] [Tk2 Encrypted Data (including TK2 SS and ES)]
[P35] [Tk3 Encrypted Data (including TK3 SS and ES)]
[P35] [MagnePrint Status]
[P35] [Encrypted MagnePrint data]
[P35] [Device serial number]
[P35] [Encrypted Session ID]
[P35] [DUKPT serial number/counter]
[P35] [Clear Text CRC]
[P35] [Encrypted CRC]
[P35] [Format Code]
[P34]
Each of the Pxx elements has the default value in this configuration, thus we can
reinterpret the format as: