Commands and security levels – MagTek MagneSafe V5 User Manual
Page 10
MagneSafe V5
2
Annex A. Note that data supplied to the MAC algorithm should NOT be converted to the
ASCII-Hex, rather it should be supplied in its raw binary form. The MAC key to be used is as
specified in the same document (“Request PIN Entry 2” bullet 2). Calculating the MAC requires
knowledge of the current DUKPT KSN, which can be retrieved using the Get DUKPT KSN
and Counter command. For each command processed successfully, the DUKPT Key is
advanced.
COMMANDS AND SECURITY LEVELS
The following table shows how security levels affect the various commands. “Y” means the
command can run. “N” means the command is prohibited. “S” means the command is protected
(requires MACing). “X” means other (notes to follow).
Number Command
Level 2
Level 3
Level 4
0x00
Get Property
Y
Y
Y
0x01
Set Property
Y
S
S
0x02
Reset Device
Y
X*
X*
0x03
Get Keymap Item
Y
Y
Y
0x04
Set Keymap Item
Y
S
S
0x05
Save Custom Keymap
Y
S
S
0x09
Get DUKPT KSN and Counter
Y
Y
Y
0x0A
Set Session ID
Y
Y
Y
0x10
Activate Authenticated Mode
N
Y
Y
0x11
Activation Challenge Reply
N
Y
Y
0x12
Deactivate Authenticated Mode
N
Y
Y
0x14
Get Reader State
Y
Y
Y
0x15
Set Security Level
S
S
S
0x16
Get Transaction count Command (Flash
Reader Only)
Y
Y
Y
0x17
Read Oldest Transaction Command
(Flash Reader Only)
Y
Y
Y
X018
Erase Oldest Transaction Command
(Flash Reader Only)
Y
Y
Y
0x1C
Get Encryption Counter
Y
Y
Y
0x28
Power Down Command (Wireless USB
Reader Only)
Y
Y
Y
0x29
Get Battery Status Command (Wireless
USB Reader Only)
Y
Y
Y
0x30
Encrypt Bulk Data Command
N
Y
Y
* The Reset command has special behavior. When an Authentication sequence has failed, only a
correctly MACd Reset command can be used to reset the reader. This is to prevent a dictionary
attack on the keys and to minimize a denial of service attack.