IDTech SecuRed

Decryptx can process data from both the SecuRED and the SREDKey IDTECH models. The SecuRED is a magnetic swipe device and the SREDKey supports both keyed and magnetic swipe input. The SREDKey keyed input supports 6 different modes for manual data entry, capturing different combinations of: card number, expiration date, CVV2, zip code, and address house number. Both devices are Secure Reading and Exchange of Data (PCI SRED) certified, are capable of emulating USB keyboard input. The payload data is Derived Unique Key Per Transaction (DUKPT) encrypted and hex encoded.

Swiped Payloads

When a card is swiped on the SecuRED and SREDKey device, the track data is encrypted in separate data blocks.

Sample Payload:

029C01801F322400839B%*4124********9990^TEST/BLUEFIN^****************?*;4124********9990=****************?*C0A0ECE0C2E62E4542D3B823D9C2CDFBB3073350C5BF3D7471A40FF723EF092DD98C8E2E8D4D7C3FC369D5B64E99B1E92CD09168EC61FF081F3806B393B01CC4F440AB941B79AE28152B301FFC24B1CE560EE3F24E80FAF8515CFE9C7CC66DE90000000000000000000000000000000000000000000000000000000000000000000000000000000054313334303030303634629949960E0000A000726E0A03

This data is parsed as follows:

CharsValueDescription
1-202Start of transmission (STX)
3-69C01Total Data Length (low, high byte) of card data. It is 0x19C or 412 characters in decimal.
7-880Card Encoding type (ISO/ABA, new format)
9-101FTrack status (Track 1 and Track 2 are good)
11-1232Unencrypted Track 1 length (50 bytes)
13-1424Unencrypted Track 2 length (36 bytes)
15-1600Unencrypted Track 3 length (not present)
17-1883Clear/masked data sent status. Binary 1000 0011 is interpreted as follow:
Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not;
Bit 3: 1 = fixed key, 0 = DUKPT key;
Bits 4,5: 00=TDES encryption; 01=AES
Bit 6: 0= Data key; 1=PinKey
Bit 7: 1=Device Serial Number is included; 0= is not
19-209BEncrypted data sent status. Binary 1001 1011 is interpreted as follow:
Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not;
Bits 3,4,5 = Track 1 and 2 dummy hashes are sent, Track 3 is not;
Bit 6: 0 = session ID is not included.
Bit 7: 1=Key Sequence Number (KSN) is included
21-70%*4124...****?*Masked Track 1 data. It can be included as ASCII or as hex string
71-106;4124*...****?*Masked Track 2 data. It can be included as ASCII or as hex string Track 1 encrypted data. Total length is 56 bytes: real length 50 is rounded up to 8 bytes = 56 bytes. Decrypted Data in ASCII (6 zero bytes at the end): %B4124939999999990^TEST/BLUEFIN^2212101123456789?<0x00…0x00
107-218C0A0EC...61FF08
219-2981F3806...C66DE9Track 2 encrypted data. Total length is 40 bytes: real length 36 is rounded up to 8 bytes = 40 bytes.Decrypted Data in ASCII (4 zero bytes at the end); ;4124939999999990=2212101123456789?;0x00…0x00
299-338000000...000000Track 1 dummy hash data (20 zero bytes)
339-378000000...000000Track 2 dummy hash data (20 zero bytes)
379-398543133...30363410 bytes of device serial number. In ASCII: T134000064
399-418629949...A0007210 bytes of Key Sequence Number (KSN)
419-4206ECheckLRC - one byte Exclusive-OR sum calculated for all data bytes
421-4220ACheckSum - one byte Sum calculated for all data bytes
423-42403End of transmission (ETX)

Keyed Payloads

The SREDKey device allows users to key card data manually. Depending on the Admin option selected, the device will prompt the user for the PAN, expiration date, CVV, zip or Street address number. The device will create an encrypted track2 payload based on the PAN, expiration data and the Zip and Street Number will be passed as clear text track3 data.

Sample Payloads

Admin Option 1

02A600C0170018008292;4217********1119=****?*65316B7CD65E2D25333E328ECC7EDB6DB11C0C1A7919F4E9000000000000000000000000000000000000000054313430393030303036629949960E000220000A18CA03

Admin Option 2

02AD00C0370018078E92;4217********1119=****?*030004=6AB33B308CBDDFE706C9BB4F5C17BB143AEC7D9A197B4981000000000000000000000000000000000000000054313430393030303036629949960E000220000B278703

Admin Option 3

02B200C03700180CCE92;4217********1119=****?*1715=030004=79334A78E575B63DB97C235D6C4DE64C1326E4F177F8AACD000000000000000000000000000000000000000054313430393030303036629949960E000220000BCEAC03

Admin Option 4

02C100C037001C078E92;4217********1119=****:***?*030004=1513F5D5AE6069AA5E2CAD43F331A5E6D292C8364F83B57529E7AC410DAB65000000000000000000000000000000000000000054313430393030303036629949960E000220000BCEAC03

Admin Option 5

02C600C037001C0CCE92;4217********1119=****:***?*1715=030004=7B69B529A6D7C816A1B8CB2B31EE13B9CFC625743ACF3D2D298494B9131EDB36000000000000000000000000000000000000000054313430393030303036629949960E000220000BAD7D03

Admin Option 6

02BA00C017001C008292;4217********1119=****:***?*8FD0F3181B3347FE642C4916773958E2FFC05875CFD7B63F5751D968DBAA0E85000000000000000000000000000000000000000054313430393030303036629949960E000220000BB16103
CharsValueDescription
1-202Start of transmission (STX)
3-6****Total Data Length (low, high byte) of card data.
7-8C0Card Encoding type (manual entry mode, enhanced encrypted data format)
9-1037Tracks 1-3 status byte. 0x17=Track 2 only; 0x37=Track 2 and Track 3
11-1200Always zero
13-14**Length of unencrypted keyed-in data presented as Track 2
15-16**Length of unencrypted keyed-in data presented as Track 3
17-1882Clear/masked data sent status. Binary 1000 0011 is interpreted as follow:
Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not;
Bit 3: zip is present;
Bits 4: 0=TDES encryption; 1=AES
Bit 5: 0
Bit 6: 1= address is present
Bit 7: 1=Device Serial Number is included; 0= is not
19-2092Encrypted data sent status. Binary 1001 1011 is interpreted as follow:
Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not;
Bits 3,4,5 = Track 1 and 2 dummy hashes are sent, Track 3 is not;
Bit 6: 0 = session ID is not included.
Bit 7: 1=Key Sequence Number (KSN) is included
21-56;4124*...****?*Masked keyed-in data presented as Track 2: ;PAN=EXP:[CVV]?LRC
57-681715=030004= Additional clear keyed-in data presented as Track 3: [1ADR=][0ZIP=]. For example,
Admin# 2,4 : 030004= reports ZIP code 30004
Admin# 3,5: 1715=030004= reports street address 715 and ZIP code 30004
69-1328FD0F3...AA0E85Track 2 encrypted data. Total length is on 8 byte edge (24 for Admin# 1 and 2 and 32 for Admin# 3-6 : real length is rounded up to 8 bytes. Decrypted Data in ASCII: (zero bytes at the end to make up 8 byte edge). Decrypted data:
Admin# 1,2: ;4217651111111119=0416?
Admin# 3-6: ;4217651111111119=0416:123?
133-172000000...000000Track 1 dummy hash data (20 zero bytes)
173-212000000...000000Track 2 dummy hash data (20 zero bytes)
213-232543134...30303610 bytes of device serial number. In ASCII: T140000006
233-252629949...20000F10 bytes of Key Sequence Number (KSN)
253-2546ECheckLRC - one byte Exclusive-OR sum calculated for all data bytes
255-2560ACheckSum - one byte Sum calculated for all data bytes
257-25803End of transmission (ETX)