Ingenico RUA Series
Ingenico manufacturers a number of PCI 5.X certified payment terminals. The terminals allows contactless, card insertion, and card swipe entry methods. The device is a firmware based device and the RUA SDK is used to communicate to the machine. The terminal supports DUKPT encryption of track data.
The following guide outlines how to extract the P2PE data from RAA payloads for processing on decryptx. At Bluefin we have integrated and verified the following RUA devices:
- Ingenico Moby5500
Obtaining the Payload
Typically, RUA terminals are connected to host computers that run special software referred to as point of sale (POS) applications. POS applications obtain payment data from a paired terminal and sends the data to a card payment processing gateway. Conveniently, Ingenico's developer portal has a number of RUA software development kits for a wide variety of operating systems and development languages. They make it easy for POS applications to obtain data from payment terminals.
Note the following payload examples are using the PackedEncrypedTrack payload information to highlight all the steps involved in preparing the track information for decryption. The SDK should output the encrypted track data as well and that can be used in place of the PackedEncryptedTrack data to remove extra steps.
Swiped Payloads
Request
EMVStartTransaction
Response
KSN : FFFF9999990000800041
PackedEncryptedTrack :
$77$6JLv/DuvzLo20gXz7Y1sy4y3IUetkKuoskWTBVxtRI7dxsUKtPrpLPdny6/S502748UxPMDjrPfP19jAweO6fDTTsKBkL3oneD06XX7fjpoE0A0X+Vzz81e6Pu5o1nVgNC/tAc7x5BkpuNuW64LrfaIkgTcVBYq6xpdXRm2bTXM=EncryptedTrack : E892EFFC3BAFCCBA36D205F3ED8D6CCB8CB72147AD90ABA8B24593055C6D448EDDC6C50AB4FAE92CF767CBAFD2E74DBBE3C5313CC0E3ACF7CFD7D8C0C1E3BA7C34D3B0A0642F7A27783D3A5D7EDF8E9A04D00D17F95CF3F357BA3EEE68D67560342FED01CEF1E41929B8DB96EB82EB7DA224813715058ABAC69757466D9B4D73
Processing swiped data
To prepare the encrypted payload for decryption, first remove the $77$ from the PackEncryptedTrack data.
6JLv/DuvzLo20gXz7Y1sy4y3IUetkKuoskWTBVxtRI7dxsUKtPrpLPdny6/S502748UxPMDjrPfP19jAweO6fDTTsKBkL3oneD06XX7fjpoE0A0X+Vzz81e^Pu5o1nVgNC/tAc7x5BkpuNuW64LrfalkgTcVBYq6xpdXRm2bTXM=
Next covert the payload to HEX
E892EFFC3BAFCCBA36D205F3ED8D6CCB8CB72147AD90ABA8B24593055C6D448EDDC6C50AB4FAE92CF767CBAFD2E74DBBE3C5313CC0E3ACF7CFD7D8C0C1E3BA7C34D3B0A0642F7A27783D3A5D7EDF8E9A04D00D17F95CF3F357BA3EEE68D67560342FED01CEF1E41929B8DB96EB82EB7DA224813715058ABAC69757466D9B4D73
Send the payload and KSN to decrypt for decryption
FFFF9999990000800041
And the following is returned.
564e2542343736313733303030303030303031315e554154205553412f5445535420434152442030312020202020205e323431323230313131343338303434303030303030303030303030303030303f57273b343736313733303030303030303031313d32343132323031313330333133303630303030303f58000000000000
Note the decrypted data is in Tag, Length, Value (TLV) format
What is TLV?
Tag length value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).
Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.
Chars | Value | Description |
---|---|---|
1-2 | 56 | This is the Track 1 Tag |
3-5 | 4e | This is the length of the track 1 data in HEX |
6 - 162 | 25423437......30303f | Track 1 Data |
163-164 | 57 | This is the Track 2 Tag |
165-166 | 27 | This is the length of track 2 data in HEX |
167-164 | 3b3437......3030303f | Track 2 Data |
163-164 | 58 | This is the Track 3 Tag |
165-166 | 00 | This is the length of track 3 data in HEX |
167-164 | 0000000000 | Track 3 Data |
EMV Payloads
Request
EMVStartTransaction
Response
KSN : FFFF9999990000800043
EncryptedTrack: BFFC8884C89A4BE041A589059A53C20848130B3B70A5EDDFF9B6D998A6752B14C35BEB9D027EFE66
PackedEncryptedTrack : $77$v/yIhMiaS+BBpYkFmlPCCEgTCztwpe3f+bbZmKZ1KxTDW+udAn7+Zg==
Extracting the Decryptx Parameters
The encrypted data is stored in the 57 TLV tag.
The KSN and Encrypted Track data is sent to Decryptx to be decrypted and the following is returned.
"value":"5a08476173000000001157134761730000000011d24122011303130600000f00"
Updated about 1 year ago