Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IDTECH credit card reader data decrypting

I am trying to decrypted IDTECH credit card reader's encrypted data.

This details has been encrypted using Triple DES with CBC cipher using DUKPT.

Encrypted Swipe (coming from IDTECH credit card reader):

028801001F372300%*5150********7903^PAYPASS/MASTERCARD^************
***?*;5150********7903=***************?*8871B640F379F3BD8D057A13F81454
39B28D80BE8A43F3440D85928F576065EEE1BA54CAADFF67D552C2B0CBF1A9F
34B63402B967998FC7C80487C8A6DBFD46975985D3D7E865FEEF6A48930751DC9
71FDFCBC1989294B7EF6F0D0007AA731C31F574608EB85E57751DA48970F96B0E
8BECDB94D672D746C2CC75176FA6E0C9E6FEFE0B154A0959B6299490125000000
00197F6903

Available details for decryption::

Key Value: F5 BF 6B E8 55 AB 92 3A DE 7E 77 40 D8 46 F9 DE
KSN: 62 99 49 01 25 00 00 00 00 1A

Decrypted Data (Result): Data in ASCII Format

%B5150710200107903^PAYPASS/MASTERCARD^090910140000631??;5150710200
107903=090910140000631?0

Can any security algorithm or JAVA expert can guide me how I can go ahead for decryption of this data.

I am looking for solution in java.

Is above information sufficient to decrypt data or need more info?

like image 324
Tushar Trivedi Avatar asked Apr 19 '13 14:04

Tushar Trivedi


1 Answers

It's highly unlikely you'll be able to decrypt it, as you would also need to know the Base Derivation Key (BDK) and/or the Inital PIN Encrypting Key (IPEK) which the manufacturer has embeded into the device. You'd also need to know how they generate the KSN from the BDK. They're unlikely to share all that information with you, as it would render the encryption useless.

Source: http://en.wikipedia.org/wiki/Derived_unique_key_per_transaction

Which leads onto the next question. Why do you want to decrypt this information? The plain text portion of the returned data contains (PCI Compliant) segments of the card number (first four digits, last four digits). If you were able to decrypt the full card number, then the full weight of PCI compliance would fall on your shoulders, and consequently make using a 3rd party device useless.

like image 122
PaulG Avatar answered Oct 06 '22 17:10

PaulG