The BBPos WisePad mobile payment device is a PCI 3.x SRED compliant payment card reading device. It is capable of 3DES DUKPT encryption and supports manual card data entry, magnetic card swipes and smart card chip reads of EMV chip cards. The device must be connected to a host device, it communicates with its host device through Bluetooth 2.0 or a USB port. The device Vendor (AnywhereCommerce), provide a number of SDKs (.NET, Android and iOS) to support the development of point of sale applications.

The Serial Number

Before we can process a WisePad payload with Decryptx we must first identify the device's serial number. We do this by calling the SDKs getDeviceInfo() method; it retrieves parameters about the WisePad device. The following is sample output:

Bootloader Version: 3.3
Firmware Version: 3.16.031111
USB Connected: True
Charging: True
Battery Level: 4.161
Battery Percentage: 
Hardware Version: 6.0
Track 1 Supported: 
Track 2 Supported: 
Track 3 Supported: 
Product ID: 1000
PIN KSN:   02840620140175E00004
EMV KSN:   02830620140175E00012
Track KSN: 02820620140175E0001D

The Device Serial Number is the leading part of Track Key Sequence Number (KSN). In this example the serial number is 02820620140175. Be careful to not confuse the Track KSN with the similar but different PIN KSN and EMV KSN.

Swiped Payloads

To capture a swiped payload use the SDK's startSwipe() method to initiate magnetic stripe read. The card data will be passed into the callback listener onReturnCheckCardResult(). The following is sample output:

Format ID: 60
Masked PAN: 476173XXXXXX0119
PAN: 
Expiry Date: 2212
Cardholder Name: DI TEST/CARD 01           
KSN: 02820620140175E0001D
Service Code: 201
Track 1 Length: 79
Track 2 Length: 40
Track 3 Length: 
Encrypted Tracks: 
Encrypted Track 1: 8E82CE1710B9692341933738C709E1142F66A3BD734329E6BC25694AD02F05E75906DBB8EE6DAE61D8A966242600823E050FA6D69266BD359282520443279FF3D2DD6CBCCDC17DC095C2884FB06BC38F
Encrypted Track 2: E5D332318BED5C981F7B54E32D6E35B7A5525D067655A0577D986E42AE4AB584DEDBC73CB32E5EF9
Encrypted Track 3: 
Partial Track: 
Track 1 Status: 
Track 2 Status: 
Track 3 Status: 
Product Type: 3
Track Encoding: ASCII

The Decryptx API Call

To make an API call to the Decryptx decrypt endpoint we need to include the encrypted blobs (8E82CE...6BC38F and E5D332...2E5EF9) and the KSN (02820620140175E0001D) from the payload above. The following is the decrypted values are returned by Decryptx:

Track1

2542343736313733393030313031303131395e444920544553542f4341524420303120202020202020202020205e323231323230313131373538393030353430303030303030343032363332383f4200

Track2

3b343736313733393030313031303131393d32323132323031313735383935343038393632393f36

These values are hexadecimal encoded, to get the track1 and track2 data they must be converted to ASCII:

Track1 (ASCII)

%B4761739001010119^DI TEST/CARD 01 ^2212201117589005400000004026328?B

Track2 (ASCII)

;4761739001010119=22122011758954089629?6

EMV Payloads

To capture EMV data use the SDK's getEmvCardData method to initiate EMV card data read. The card data will be passed into the callback listener onReturnEmvCardDataResult(). The data will be output in TLV (tag-length-value) format.

📘

What is TLV?

Tag-length-value (TLV) is a data encoding scheme. Values are appended to a string in triplets. The first field in the triplet is the "type" of data being processed, the second field specifies the "length" of the value, the third field contains a "length" amount of data representing the value for the "type". Typically, the type and length fields are fixed in size (typically 1-4 bytes).

Multiple pieces of data can be transmitted in the same string by appending more triplets to a previously existing string.

The wisepad device outputs a number of standard EMV TLV values, including:

  • 5F20: the cardholder name.
  • 5F24: expiration date.

It also outputs a number of custom TLV values, including:

  • C4: the masked PAN.
  • C5: encrypted data.
  • C3: KSN for encryption data.

The following is sample EMV card data:

5F201A444920546573742F4361726420303120202020202020202020205F2403221231C5400A394F797BEA32971C9A14316A3A9020609BB6C41D33A90FBA69124696F1F0F61AE47A3247ADC39F2A0DB891219A4FF28E1FB1333F2C2DD850531662C3D5DBE2CD0848C2150987F7C265CE0A02850620140175E00034C30A02830620140175E00013C408476173FFFFFF0119

This data is parsed as follows:

CharsValueDescription
1-45F20Tag ID: Cardholder Name
5-61ACardholder Name Length in bytes (hex, 26 in decimal)
7-58444920...202020Cardholder Name in hexadecimal. The ASCII value is: "DI Test/Card 01 "
59-625F24Tag ID: Expiration Date
63-6403Tag length (Decimal 3)
65-70221231Expiration Date (YYMMDD)
71-72C5Tag ID: C5 Custom Tag
73-7440Tag length (Decimal 64)
75-2020A394F...D5DBE2C5 Custom Tag value: encrypted data
203-246CD0848...E00034 these TLVs are ignored
247-248C3Tag ID: Key Sequence Number (KSN)
249-2500ATag length (Decimal 10)
251-270028306...E00013EMV key sequence number (KSN)
271-272C4Tag ID: Masked PAN
273-27408Tag length (Decimal )
275-290476173...FF0119Masked PAN

The Decryptx API call To make an API call to the Decryptx decrypt endpoint we need to include the encrypted data from the C5 tag (0A394F...D5DBE2) and the KSN (02830620140175E00013) from the TLV string. The decrypted value that Decryptx outputs is a TLV string containing the following standard EMV TLVs:

  • 9F1F - Track 1 Discretionary Data
  • 5A - Application Primary Account Number (PAN)
  • 57 - Track 2 Equivalent Data

The string can be parsed as follows:

9f1f183137353839303038393330303030303030303030303030305a08476173900101011957134761739001010119d22122011175898938900f6000000000000

This data is parsed as follows:

CharsValueDescription
1-49f1fTag ID: Track 1 Discretionary Data
5-618Tag length
7-54313735...303030 Discretionary Data in hexadecimal.
55-565aTag ID: Application Primary Account Number (PAN)
57-5808Tag length (Decimal 8)
59-74476173...010119 The PAN
75-7657Tag ID: Track 2 Equivalent Data
77-7813Tag length (Decimal 19)
79-116476173...38900f EMV track2 equivalent.
117-129600000...000000padding

Did this page help you?