Key Block problem

[Long Tran]

Hi all, please help me with this issue trying to create PIN Block.

The ATM simulator key configuration as in the attached image, for your easy reading, it is:

1. Initial Master Key: 46A74689B608A1545EB37AAE105B7CEA 

2. Initial Comms Key: F8DFC7FBAE919743FEFB318C91F2DFC8

After executing a PIN transaction on a card # 4374210000101985 and PIN # 796888, the PIN Block generated was capture by our host is: D0CCB367311F68B8 

However, when I try using the emvlab.org interface, I cannot create the same PIN Block in many situations. Such situation that I thought it would be most accurate was:

- 3Des Decrypt the Comms Key by the Master Key, result: B8D38759A8648AA7959B96E5E4FF9A25.

- Generate PIN Block by using the emvlab.org tools with the key above, result PIN Block: B321DB4E0C49F625

Can you please let me know what I am supposed to do with the keys above to get the right PIN Block as D0CCB367311F68B8?

(All data are on our UAT environment and has no values in real life, so, don't worry about the confidentiality of the data)     

Thanks,

Long

[chhil]

What pinblock format is being used? (the format is sent in the download to the atmulator).

What is the encrypted pin block generated by Amulator? Remember the pinlock sent is encrypted using the comms key.

What is emvlab doing here? Acting as an HSM? Or is it being used as a crypto calc to validate/understand pinblock sent by Atmulator?

Lastly where does jpos fit in all this? ;)

-chhil

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
 
Join us in IRC at http://webchat.freenode.net/?channels=jpos
 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/c4e52233-0a26-4fc9-820c-5a00dcea6d66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Mark Salter]

On 28/05/2014 12:32, Long Tran wrote:
> Hi all, please help me with this issue trying to create PIN Block.

Back on the 11th March, you had very similar problems, I gave you
questions to get answers for back then, and they still stand.

Please find out what keys you should be using and for what, if the keys
are clear or encrypted.

Putting random data through pin block algorithms will get you just that
random data.

--
Mark

[chhil]

Having used the atmulator previously,  the snapshot provided with the various keys are all clear keys.

I tried generating encrypted pin blocks using the standard pinblock formats but none matched what the their host was receiving.

This can be because
1. I don't know the pinblock
2. The ATM state flow may be incorrect and the pinblock in the transaction request may not be correct or interpreted incorrectly.

Answering previously asked questions would definitely help moving forward.

-chhil

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage.  Please support jPOS, contact: sa...@jpos.org

Join us in IRC at http://webchat.freenode.net/?channels=jpos

You received this message because you are subscribed to the  "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/5386441D.1080404%40talktalk.net.

[Long Tran]

Hi Mark,

Back in March, I had the same problem with other Atm/POS. Learning from that, I used the same approach this time to decrypt the comms key.

Isn't the master key supposed to be clear in the terminal and the comms key supposed to be encrypted (by the TMK)? (The ones in my attachment previously)

Regards,

Long

[Long Tran]

On Wednesday, May 28, 2014 7:15:11 PM UTC+7, chhil wrote:

What pinblock format is being used? (the format is sent in the download to the atmulator).

I *assume* it is ISO-0. I will double check again today and let you know. 

What is the encrypted pin block generated by Amulator? Remember the pinlock sent is encrypted using the comms key.

It is: D0CCB367311F68B8 

What is emvlab doing here? Acting as an HSM? Or is it being used as a crypto calc to validate/understand pinblock sent by Atmulator?

Just as a crypto calc to understand the Atmulator. 

Lastly where does jpos fit in all this? ;)

Well, I can't think of any other usergroups that have brilliant minds like you and Mark which got any questions answered, :). Plus, I am using jPos to program all the messages later on. :)

Thanks, Long 

[chhil]

I stand corrected and sorry for confusing everyone. The comms key is encrypted.

-chhil

--

--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
 
Join us in IRC at http://webchat.freenode.net/?channels=jpos
 
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/645bbcc5-95f1-4a6b-b669-c4da8e9a3eb0%40googlegroups.com.

[chhil]

​​

1. Initial Master Key: 46A74689B608A1545EB37AAE105B7CEA 

2. Initial Comms Key : F8DFC7FBAE919743FEFB318C91F2DFC8

The following were done using a tool other than emvlabs

Decrypted comms key using the master key : B8D38759A8648AA7959B96E5E4FF9A25

Clear ISO-0 pin block for pan 4374210000101985 and PIN # 796888

06792A98FFFEFE67

Pinblock encrypted with clear comms key 

B321DB4E0C49F625

This matches the one you got via emvlabs.

So get us a confirmed pinblock format used by the atmulator and if possible a raw hexdump of the atms consumer request. Its possible to get one via a sniffer/your host/atmulator log.

Also do check your host is extracting the pinblock correctly from the request it has received.

-chhil

[Long Tran]

Thanks chhil,

I've done further debug from the HSM Simulator: The debug from the HSM logs are:

=== [DC], starts 12:07:58.843 =======

[Key,Value]=[Account Number,421000010198]

[Key,Value]=[PIN Block,D0CCB367311F68B8]

[Key,Value]=[PIN Block Format Code,01]

[Key,Value]=[PVK,ABA7A1DE5C72C3F72849C07F6581CD4B]

[Key,Value]=[PVK Scheme,U]

[Key,Value]=[PVKI,1]

[Key,Value]=[PVV,9089]

[Key,Value]=[TPK,9A94D1793EF44E6E429021A5A152FC8E]

[Key,Value]=[TPK Scheme,U]

Clear PVKs: U15EA4CA20131C2FD15EA4CA20131C2FD

Clear TPK: UF8DFC7FBAE919743FEFB318C91F2DFC8

Clear PIN Block: 06792A9800010198

Clear PIN: 796888

This looks like the PIN Block Generation from the Atmulator was a bit weird (ISO-0 !?!?):

1. XOR ( 0679 6888 0000 0000, 0000 4210 0001 0198 ) = 0679 2A98 0001 0198

2. 3DES ( 06792A9800010198 ,  F8DFC7FBAE919743FEFB318C91F2DFC8) ) = D0CCB367311F68B8

Isn't it supposed to be that the XOR would be with 0679 6888 FFFF FFFF?

Thanks,

Long

[chhil]

On Thu, May 29, 2014 at 10:57 AM, Long Tran <lt...@long-tran.com> wrote:

1. XOR ( 0679 6888 0000 0000, 0000 4210 0001 0198 ) = 0679 2A98 0001 0198

2. 3DES ( 06792A9800010198 ,  F8DFC7FBAE919743FEFB318C91F2DFC8) ) = D0CCB367311F68B8

​Well step 1 is correct.

Step 2 indicates the comms key is in the clear and not encrypted under master key :)

Did you manually enter the value in the atmulator or did a key exchange to populate the comms key? (Must be manual).

In any case, using emvlabs the comms key was being treated as an encrypted value and thats where the difference lies.

-chhil

[Long Tran]

The keys were manually entered.

Can you please tell me why step 1 is correct again?

I thought we were supposed to create the XOR from:

06PP PPPP FFFF FFFF   (0 = ISO-0 Format, 6 = length of PIN)

XOR with

0000 AAAA AAAA AAAA (Formatted PAN)

Regards,

Long

[chhil]

Ideally the pad character should be an F. If we think about it does it matter if its 0 of F?

The clear pinblock has an indicator what the format is based on the first digit, its a 0 indicating its ISO-0.

The second digit indicates the length of the pin, 6 in your case.

Since that is formed using xor'ing the account number and pin 

. XOR ( 0679 6888 0000 0000, 0000 4210 0001 0198 ) = 0679 2A98 0001 0198

. XOR ( 0679 6888 FFFF FFFF, 0000 4210 0001 0198 ) = 0679 2A98 FFFE FE67

I am excluding the encrypt here as its just a cover to protect the clear pinblock and its encrypted at one end and decrypted at the other and the hsm is basically going to deal with the pinblock.

 

The reverse XOR'ing of pinblock with account number will get you original with a pad of 0 or F which is redundant as the 6 digit pin is the same. 

This of course will put you off if you are trying to understand the process with clear values. May want to check if the atmulator has some setting that will allow you to set the padding character for the pinblock or it can be configured by the host by sending some atm command to set it on the fly (check atm manual or ask  the atmulator support guys).

-chhil