MasterCard PIN change issuer script fails, Thales HSM used for MAC generation. EMV

Question

I use Thales Payshield 9000 HSM. So far, all commands has worked and everything has been achieved what i wanted.

Now the problem is when trying to change pin in ATM. Pin change script is generated and format looks like is OK when checking MasterCard docs.

Our pin change script looks like this: 86158424000210PPPPPPPPPPPPPPPPMMMMMMMMMMMMMMMM where 16 P letters are PIN block sent in DE125 and 16 M letters represents MAC. (I masked them, but below will be used data from example)

With this script all looks ok here from my side. Now i suspect the problem is MAC generation.

To generate MAC we use following HSM commands:

• HA (generate TAK (its a random key, every time (every PIN change operation) i call this command, key is different)) - the input is: key = PVK key (U+32Hex symbols under LMK), delimiter = ';', keySchemeTmk = 'U', keySchemeLmk = 'U'; Then the TAK key is received
• M6 (generate MAC) - input is: modeFlag = 0, inputFormatFlag = 2, macSize = 1, macAlgorithm = 3, paddingMethod = 0, keyType = '003', key = 'Tak key from HA command', messagelength = '0030', message = '8424000210345755BFDC4F2903A392B3E1229A502C892680' (message is concatenated like in the screenshot above: command header + ApplicationtransactionCounter + ARQC + PIN Block) (message data here is from example in screenshot)

So, when those two commands are executed, i receive 16HEX symbols MAC which exatcly i need. So the script is prepared like this: 8424000210 B3E1229A502C8926 422A8FF11056ACD4: header => 8424000210, pinBlock => B3E1229A502C8926 and MAC => 422A8FF11056ACD4

When i go to ATM and do Pin change, my pin never get changed and i receive reversal message.

Also can anyone explain what are those flags, i'm not sure which ones i should use (command M6):

So the questions are:

• Is HSM command M6 correct command to generate MAC for PIN change/unblock script? It requires TAK key while MasterCard docs clearly states that it should be done with SMI key.
• Is my config for M6 command is not correct when trying to retrieve MAC hash?

---

Updated

I managed to get KU command working and it brings me response but the PIN change itself is not successfully completed. Below i will show you what request i generate to the KU command:

{ "mode_flag": "3", "scheme_id": "1", "mk_smi": "U25A22A6553A7F68ABACBD1E04BBD8889", "pan": "7891234567891200", "integrity_session_data": "55BFDC4F2903A392", "plaintext_message_data_length": "0018", "plaintext_message": "8424000210345755BFDC4F2903A392B3E1229A502C892680", "delimiter": ";", "confidentiality_session_data": "55BFDC4F2903A392", "offset": "000F", "cipher_text_message_data_length": "0008", "cipher_text_message_data": "B3E1229A502C8926", "delimiter2": ";", "source_pin_encryption_key_type": "0", "source_pin_encryption_key": "UBAAAA3488AA6AA564AAC8AA3AAC1AAA2", "source_pin_block_format_code": "01", "destination_pin_block_format_code": "35", "pan2": "891234567891" }

Keys and sensitive data is masked so the PAN is used here: 5678912345678912 and sequence number 000. For the first pan parameter 14 last PAN digits used + two last digits from sequence number. For pan2 parameter, only 12 last PAN digits used, with check digit excluded.

Am i using correct Offset flag for replacing PIN block in plaintext data with the new encrypted pin block ?

Answer 1

Answering your question, M6 is not what you should call for script generation. It's purely for message integrity when communicating with acceptance devices or other hosts. That's why there is even no option for derivation of keys required for cards.

For EMV cards there are seperate sets of commands for verification of ARQC, generation of ARPC as well as generation of issuer scripts.

For Issuer scripts generation purpose, please have a look at KY command where you shall supply master keys for integrity and confidentiality as well as other parameters (including PAN, PSN, ATC, etc) that are required for session key derivation. There is a particular mode for PIN change command where PINblock is supplied under ZPK or TPK.

You should check precisely security parameters you have set for your cards as there are different algorithms that may be used for session keys derivation (verify what are your card application settings). Cards may also support different MAC length and you should take care of it as well.

Answer 2

I am fighting the same issue. I may be wrong but speaking to other folks I was told that KU is the one to use for CVN10. Now, I was also told to only use KU command as it does everything that is needed. This means it will translate the new pinblock that is coming in from the ATM using the pin key that is stored on the chip. The only thing I see is that the destination pinblock you use is 35 which is Europay > MC Pay now, but I think you have to use 34 which is the default for offline clear pin.