IDTech SecuRed
Decryptx can process data from both the SecuRED and the SREDKey IDTECH models. The SecuRED is a magnetic swipe device and the SREDKey supports both keyed and magnetic swipe input. The SREDKey keyed input supports 6 different modes for manual data entry, capturing different combinations of: card number, expiration date, CVV2, zip code, and address house number. Both devices are Secure Reading and Exchange of Data (PCI SRED) certified, are capable of emulating USB keyboard input. The payload data is Derived Unique Key Per Transaction (DUKPT) encrypted and hex encoded.
Swiped Payloads
When a card is swiped on the SecuRED and SREDKey device, the track data is encrypted in separate data blocks.
Sample Payload:
029C01801F322400839B%*4124********9990^TEST/BLUEFIN^****************?*;4124********9990=****************?*C0A0ECE0C2E62E4542D3B823D9C2CDFBB3073350C5BF3D7471A40FF723EF092DD98C8E2E8D4D7C3FC369D5B64E99B1E92CD09168EC61FF081F3806B393B01CC4F440AB941B79AE28152B301FFC24B1CE560EE3F24E80FAF8515CFE9C7CC66DE90000000000000000000000000000000000000000000000000000000000000000000000000000000054313334303030303634629949960E0000A000726E0A03
This data is parsed as follows:
| Chars | Value | Description |
|---|---|---|
| 1-2 | 02 | Start of transmission (STX) |
| 3-6 | 9C01 | Total Data Length (low, high byte) of card data. It is 0x19C or 412 characters in decimal. |
| 7-8 | 80 | Card Encoding type (ISO/ABA, new format) |
| 9-10 | 1F | Track status (Track 1 and Track 2 are good) |
| 11-12 | 32 | Unencrypted Track 1 length (50 bytes) |
| 13-14 | 24 | Unencrypted Track 2 length (36 bytes) |
| 15-16 | 00 | Unencrypted Track 3 length (not present) |
| 17-18 | 83 | Clear/masked data sent status. Binary 1000 0011 is interpreted as follow: Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not; Bit 3: 1 = fixed key, 0 = DUKPT key; Bits 4,5: 00=TDES encryption; 01=AES Bit 6: 0= Data key; 1=PinKey Bit 7: 1=Device Serial Number is included; 0= is not |
| 19-20 | 9B | Encrypted data sent status. Binary 1001 1011 is interpreted as follow: Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not; Bits 3,4,5 = Track 1 and 2 dummy hashes are sent, Track 3 is not; Bit 6: 0 = session ID is not included. Bit 7: 1=Key Sequence Number (KSN) is included |
| 21-70 | %*4124...****?* | Masked Track 1 data. It can be included as ASCII or as hex string |
| 71-106 | ;4124*...****?* | Masked Track 2 data. It can be included as ASCII or as hex string Track 1 encrypted data. Total length is 56 bytes: real length 50 is rounded up to 8 bytes = 56 bytes. Decrypted Data in ASCII (6 zero bytes at the end): %B4124939999999990^TEST/BLUEFIN^2212101123456789?<0x00…0x00 |
| 107-218 | C0A0EC...61FF08 | |
| 219-298 | 1F3806...C66DE9 | Track 2 encrypted data. Total length is 40 bytes: real length 36 is rounded up to 8 bytes = 40 bytes.Decrypted Data in ASCII (4 zero bytes at the end); ;4124939999999990=2212101123456789?;0x00…0x00 |
| 299-338 | 000000...000000 | Track 1 dummy hash data (20 zero bytes) |
| 339-378 | 000000...000000 | Track 2 dummy hash data (20 zero bytes) |
| 379-398 | 543133...303634 | 10 bytes of device serial number. In ASCII: T134000064 |
| 399-418 | 629949...A00072 | 10 bytes of Key Sequence Number (KSN) |
| 419-420 | 6E | CheckLRC - one byte Exclusive-OR sum calculated for all data bytes |
| 421-422 | 0A | CheckSum - one byte Sum calculated for all data bytes |
| 423-424 | 03 | End of transmission (ETX) |
Keyed Payloads
The SREDKey device allows users to key card data manually. Depending on the Admin option selected, the device will prompt the user for the PAN, expiration date, CVV, zip or Street address number. The device will create an encrypted track2 payload based on the PAN, expiration data and the Zip and Street Number will be passed as clear text track3 data.
Sample Payloads
Admin Option 1
02A600C0170018008292;4217********1119=****?*65316B7CD65E2D25333E328ECC7EDB6DB11C0C1A7919F4E9000000000000000000000000000000000000000054313430393030303036629949960E000220000A18CA03
Admin Option 2
02AD00C0370018078E92;4217********1119=****?*030004=6AB33B308CBDDFE706C9BB4F5C17BB143AEC7D9A197B4981000000000000000000000000000000000000000054313430393030303036629949960E000220000B278703
Admin Option 3
02B200C03700180CCE92;4217********1119=****?*1715=030004=79334A78E575B63DB97C235D6C4DE64C1326E4F177F8AACD000000000000000000000000000000000000000054313430393030303036629949960E000220000BCEAC03
Admin Option 4
02C100C037001C078E92;4217********1119=****:***?*030004=1513F5D5AE6069AA5E2CAD43F331A5E6D292C8364F83B57529E7AC410DAB65000000000000000000000000000000000000000054313430393030303036629949960E000220000BCEAC03
Admin Option 5
02C600C037001C0CCE92;4217********1119=****:***?*1715=030004=7B69B529A6D7C816A1B8CB2B31EE13B9CFC625743ACF3D2D298494B9131EDB36000000000000000000000000000000000000000054313430393030303036629949960E000220000BAD7D03
Admin Option 6
02BA00C017001C008292;4217********1119=****:***?*8FD0F3181B3347FE642C4916773958E2FFC05875CFD7B63F5751D968DBAA0E85000000000000000000000000000000000000000054313430393030303036629949960E000220000BB16103
| Chars | Value | Description |
|---|---|---|
| 1-2 | 02 | Start of transmission (STX) |
| 3-6 | **** | Total Data Length (low, high byte) of card data. |
| 7-8 | C0 | Card Encoding type (manual entry mode, enhanced encrypted data format) |
| 9-10 | 37 | Tracks 1-3 status byte. 0x17=Track 2 only; 0x37=Track 2 and Track 3 |
| 11-12 | 00 | Always zero |
| 13-14 | ** | Length of unencrypted keyed-in data presented as Track 2 |
| 15-16 | ** | Length of unencrypted keyed-in data presented as Track 3 |
| 17-18 | 82 | Clear/masked data sent status. Binary 1000 0011 is interpreted as follow: Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not; Bit 3: zip is present; Bits 4: 0=TDES encryption; 1=AES Bit 5: 0 Bit 6: 1= address is present Bit 7: 1=Device Serial Number is included; 0= is not |
| 19-20 | 92 | Encrypted data sent status. Binary 1001 1011 is interpreted as follow: Bits 0,1,2 = Track 1 and 2 are sent, Track 3 is not; Bits 3,4,5 = Track 1 and 2 dummy hashes are sent, Track 3 is not; Bit 6: 0 = session ID is not included. Bit 7: 1=Key Sequence Number (KSN) is included |
| 21-56 | ;4124*...****?* | Masked keyed-in data presented as Track 2: ;PAN=EXP:[CVV]?LRC |
| 57-68 | 1715=030004= | Additional clear keyed-in data presented as Track 3: [1ADR=][0ZIP=]. For example, Admin# 2,4 : 030004= reports ZIP code 30004 Admin# 3,5: 1715=030004= reports street address 715 and ZIP code 30004 |
| 69-132 | 8FD0F3...AA0E85 | Track 2 encrypted data. Total length is on 8 byte edge (24 for Admin# 1 and 2 and 32 for Admin# 3-6 : real length is rounded up to 8 bytes. Decrypted Data in ASCII: (zero bytes at the end to make up 8 byte edge). Decrypted data: Admin# 1,2: ;4217651111111119=0416? Admin# 3-6: ;4217651111111119=0416:123? |
| 133-172 | 000000...000000 | Track 1 dummy hash data (20 zero bytes) |
| 173-212 | 000000...000000 | Track 2 dummy hash data (20 zero bytes) |
| 213-232 | 543134...303036 | 10 bytes of device serial number. In ASCII: T140000006 |
| 233-252 | 629949...20000F | 10 bytes of Key Sequence Number (KSN) |
| 253-254 | 6E | CheckLRC - one byte Exclusive-OR sum calculated for all data bytes |
| 255-256 | 0A | CheckSum - one byte Sum calculated for all data bytes |
| 257-258 | 03 | End of transmission (ETX) |
Updated about 2 years ago