1. Manuals
  2. Brands
  3. Magtek Manuals
  4. Card Reader
  5. MagneSafe V5
  6. Reference manual

Magtek MagneSafe V5 Reference Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
MagneSafe V5
COMMUNICATION REFERENCE MANUAL
PART NUMBER 99875475-10
NOVEMBER 2012
REGISTERED TO ISO 9001:2008
1710 Apollo Court
Seal Beach, CA 90740
Phone: (562) 546-6400
FAX: (562) 546-6301
Technical Support: (651) 415-6800
www.magtek.com

Advertisement

Table of Contents
loading

Related Manuals for Magtek MagneSafe V5

Summary of Contents for Magtek MagneSafe V5

  • Page 1 MagneSafe V5 COMMUNICATION REFERENCE MANUAL PART NUMBER 99875475-10 NOVEMBER 2012 REGISTERED TO ISO 9001:2008 1710 Apollo Court Seal Beach, CA 90740 Phone: (562) 546-6400 FAX: (562) 546-6301 Technical Support: (651) 415-6800 www.magtek.com...
  • Page 2 Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of MagTek, Inc. MagTek is a registered trademark of MagTek, Inc.
  • Page 3 This warranty shall be provided only for a period of one year from the date of the shipment of the product from MagTek (the “Warranty Period”). This warranty shall apply only to the “Buyer” (the original purchaser, unless that entity resells the product as authorized by MagTek, in which event this warranty shall apply only to the first repurchaser).
  • Page 4 FCC WARNING STATEMENT This equipment has been tested and was found to comply with the limits for a Class B digital device pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a residential environment.

  • Page 5: Table Of Contents

    TABLE OF CONTENTS SECTION 1. SECURITY ......................1 SECURITY LEVEL 2 ..........................1 SECURITY LEVEL 3 ..........................1 SECURITY LEVEL 4 ..........................1 COMMANDS AND SECURITY LEVELS ....................2 SECTION 2. COMMUNICATIONS ..................... 3 HID USAGES ............................3 MAGNETIC STRIPE READER USAGE PAGE (HID) ................4 REPORT DESCRIPTOR (HID) ........................
  • Page 6 Command Number ..........................22 Data Length ............................23 Data ..............................23 Result Code ............................23 GET AND SET PROPERTY COMMANDS .................... 23 Get Property Command ........................23 Set Property Command ........................24 Result Codes ............................24 PROPERTIES ............................24 Property ID............................24 Property Default Values ........................
  • Page 7 Card Inserted Property (Insert Reader Only) ..................55 Send Clear AAMVA Card Data Property .................... 56 HID SureSwipe Flag Property (HID) ....................56 Software ID 2 Property (Wireless USB Reader Only) ................ 57 Inter-Key Delay Property (BulleT KB) ....................58 COMMAND LIST ............................
  • Page 8 viii...

  • Page 9: Section 1. Security

    (e.g., via RS-232 communication), the reader sends data in the SureSwipe format as defined in MagTek document 99875206. The default SureSwipe mode can be changed to allow the reader to send data in the V5 format as described in this document but the MagnePrint data will not be sent.

  • Page 10: Commands And Security Levels

    MagneSafe V5 Annex A. Note that data supplied to the MAC algorithm should NOT be converted to the ASCII-Hex, rather it should be supplied in its raw binary form. The MAC key to be used is as specified in the same document (“Request PIN Entry 2” bullet 2). Calculating the MAC requires knowledge of the current DUKPT KSN, which can be retrieved using the Get DUKPT KSN and Counter command.

  • Page 11: Section 2. Communications

    SECTION 2. COMMUNICATIONS The USB readers covered in this document conform to the USB specification revision 1.1 and to the Human Interface Device (HID) class specification version 1.1. The USB readers communicate to the host either as a vendor-defined HID device or as a HID Keyboard Emulation device.

  • Page 12: Magnetic Stripe Reader Usage Page (Hid)

    MagneSafe V5 MAGNETIC STRIPE READER USAGE PAGE (HID) Magnetic Stripe Reader usage page 0xFF00: Usage ID Usage Name Usage Report (Hex) Type Type Decoding reader device Collection None Track 1 decode status Data Input Track 2 decode status Data Input...

  • Page 13: Report Descriptor (Hid)

    Section 2. Communications REPORT DESCRIPTOR (HID) The Report Descriptor is made available to the hosting system during USB enumeration. The descriptor is shown here for completeness. Typically the hosting operating system will provide the ability to parse HID Reports based on the actual Report Descriptor, using the assigned Usage IDs.
  • Page 14 MagneSafe V5 Value Item (Hex) Report Size (8) 75 08 Usage (MagnePrint data length) 09 2B Report Count (1) 95 01 Input (Data, Variable, Absolute, Bit Field) 81 02 Usage (MagnePrint data) 09 33 Report Count (128) 95 80 Input (Data, Variable, Absolute, Buffered Bytes)

  • Page 15: Magnetic Stripe Reader Usage Page (Kb)

    Section 2. Communications Value Item (Hex) Usage (Track 2 Masked data length) 09 52 Usage (Track 3 Masked data length) 09 53 Usage (MagnePrint Absolute data length) 09 54 Report Count (4) 95 04 Input (Data, Variable, Absolute, Bit Field) 81 02 Usage (Encryption Counter) 09 55...

  • Page 16: Card Data (Hid)

    MagneSafe V5 Item Value(Hex) Report Count (8) 95 08 Input (Data, Variable, Absolute) 81 02 Report Count (1) 95 01 Report Size (8) 75 08 Input (Constant) 81 03 Report Count (5) 95 05 Report Size (1) 75 01 Usage Page (LEDs)
  • Page 17 Section 2. Communications Card data is only sent to the host on the Interrupt In pipe using an Input Report. The reader will send only one Input Report per card swipe. If the host requests data from the reader when no data is available, the reader will send a NAK to the host to indicate that it has nothing to send.

  • Page 18: Track 1 Decode Status

    MagneSafe V5 Track 1 Decode Status Bits Value Reserved Error This is a one-byte value, which indicates the status of decoding track 1. Bit position zero indicates if there was an error decoding track 1 if the bit is set to one. If it is zero, then no error occurred.

  • Page 19: Track 3 Encrypted Data Length

    Section 2. Communications Track 3 Encrypted Data Length This one-byte value indicates the number of bytes in the Track 3 encrypted data field. The field is always a multiple of 8 bytes in length. This value will be zero if there was no data on the track or if there was an error decoding the track.

  • Page 20: Track 1 Encrypted Data

    MagneSafe V5 may vary. Therefore, the Input Report always contains the maximum amount of bytes that can be encoded on the card and the number of valid bytes in each track is indicated by the Encrypted Data Length field. The encrypted data from each track is decoded and converted to ASCII, and then is encrypted.

  • Page 21: Magneprint Status

    Section 2. Communications MagnePrint Status This Binary field represents 32 bits of MagnePrint status information. Each character represents 4 bits (hexadecimal notation). For example, suppose the characters are: “A1050000”: Nibble Value 7 6 5 4 3 2 1 0 15 14 13 12 11 10 9 8 23 22 21 20 19 18 17 16 31 30 29 28 27 26 25 24 Value 1 0 1 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Usage*...

  • Page 22: Encrypted Magneprint Data

    MagneSafe V5 Encrypted MagnePrint Data This 128 byte Binary field contains the MagnePrint data. Only the number of bytes specified in the MagnePrint data length field are valid. The least significant bit of the first byte of data in this field corresponds to the first bit of MagnePrint data.

  • Page 23: Track 1 Masked Data

    Section 2. Communications masked; all other card types are either entirely masked or sent totally in the clear. There is a separate masking property for ISO/ABA cards and AAMVA cards. See the ISO Track Masking property and the AAMVA Track Masking property for more information. (Refer to Appendix E. Identifying ISO/ABA and AAMVA Cards for a description on how ISO/ABA and AAMVA cards are identified.) Each of these properties allows the application to specify masking details for the Primary...

  • Page 24: Track 3 Masked Data

    MagneSafe V5 For an AAMVA card, the DL/ID# is masked as follows: • The specified number of initial characters are sent unmasked. The specified number of trailing characters are sent unmasked. If Mod 10 correction is specified, all but one of the intermediate characters of the DL/ID#PAN are set to zero;...

  • Page 25: Magnesafe Version Number

    Section 2. Communications MagneSafe Version Number This eight byte field contains the MagneSafe Version Number with at least one terminating byte of zero to make string manipulation convenient. See the MagneSafe Version Number Property for more information. Hashed Track 2 Data This twenty (20) byte field contains the hashed track 2 data with SHA1 algorithm.
  • Page 26 ASCII character range). When the reader is in Security Level 2, the factory default settings cause the data to be transmitted in the SureSwipe format (see MagTek manual 99875206). The card data format for all programmable configuration options is as follows:...

  • Page 27: Reader Encryption Status

    Section 2. Communications Label Property Description Default Value 0x1E Pre card string 0 (0x00) 0x1F Post card string 0 (0x00) 0x20 Pre track string 0 (0x00) 0x21 Post track string 0 (0x00) 0x22 Terminating string C/R (0x0D) 0x23 Programmable field separator (this key is never “|”...

  • Page 28: Format Code

    Most users will not need to know these details because the reader will be configured at the factory or by a program supplied by MagTek. Most users may want to skip over the next few sections on low level communications and continue with the details of the...

  • Page 29: Low Level Communications

    Section 2. Communications Low Level Communications It is strongly recommended that application software developers become familiar with the HID USB specification before attempting to communicate directly with this reader. This document assumes that the reader is familiar with these specifications. These specifications can be downloaded free from www.usb.org.

  • Page 30: Privileged Commands

    MagneSafe V5 Privileged Commands Some commands are, for security purposes, privileged. These commands are: 1. Set Property 2. Reset Device* 3. Set Key Map Item 4. Save Custom Key Map 5. Set Security Level† * The Reset Device command is usually not Privileged. The exception is during a sequence to Activate the Authenticated Mode.

  • Page 31: Data Length

    Section 2. Communications Value Command Number Description Power Down Command (Wireless Powers down the MSR circuits (if running on 0x28 USB Reader Only) battery turns reader off). Get Battery Status Command 0x29 Gets Charge Status of battery (Wireless USB Reader Only) 0x30 Encrypt Bulk Data Encrypts Bulk Data...

  • Page 32: Set Property Command

    MagneSafe V5 Get Property Request Data: Data Offset Value Property ID Get Property Response Data: Data Offset Value 0 – n Property Value Set Property Command Command number: 0x01 Description: The Set Property command sets a property in the reader. For security purposes, this command is privileged.
  • Page 33 Section 2. Communications Property ID Property Description Value Other mode mode 0x05 0x05 0x05 Track ID Enable Track enable / ID enable 0x07 0x07 0x07 ISO Track Mask Specifies Masking factors for ISO cards Specifies Masking factors for AAMVA 0x08 0x08 0x08 AAMVA Track Mask...

  • Page 34: Property Default Values

    MagneSafe V5 Property ID Property Description Value Other mode mode 0x2F 0x2F ES Track 3 End sentinel char for track 3 Enables/disables sending of Encryption 0x30 0x30 Send Encryption Counter Counter Enables/disables masking of cards that 0x31 0x31 0x31 Mask Other Cards don’t meet the ISO Financial or the...

  • Page 35: Usb Serial Num Property (Usb)

    Section 2. Communications to the host using a USB cable, as is the case when doing firmware updates, this property will return the software ID of the wireless reader. Example Get Software ID property Request (Hex): Cmd Num Data Len Prp ID Example Get Software ID property Response (Hex): Result Code...

  • Page 36: Polling Interval Property (Usb)

    MagneSafe V5 Polling Interval Property (USB) Property ID: 0x02 Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x01 Description: The value is a byte that represents the reader’s polling interval for the Interrupt In Endpoint. The value can be set in the range of 1 – 255 and has units of milliseconds.

  • Page 37: Device Serial Num Property

    Section 2. Communications Device Serial Num Property Property ID: 0x03 Property Type: String Length: 0 – 15 bytes Get Property: Set Property: Yes (Once only) Default Value: ASCII device serial number set when the reader is configured. Description: The value is an ASCII string that represents the reader serial number. This string can be 0 –...

  • Page 38: Track Id Enable Property

    MagneSafe V5 Example Get MagneSafe Version Number property Request (Hex): Cmd Num Data Len Prp ID Example Get MagneSafe Version Number property Response (Hex): Result Code Data Len Prp Value 56 30 35 Track ID Enable Property Property ID: 0x05...

  • Page 39: Iso Track Mask Property

    Section 2. Communications Example Get Track ID Enable property Response (Hex): Result Code Data Len Prp Value ISO Track Mask Property Property ID: 0x07 Property Type: String Length: 6 bytes Get Property: Set Property: Default Value: ”04040Y” Description: This property specifies the factors for masking data on ISO/ABA type cards: •...

  • Page 40: Max Packet Size Property (Hid)

    MagneSafe V5 o The PAN will be masked according to the rules of this property (the Send Clear AAMVA Card Data property is ignored) o The character used for masking the PAN will be ‘0’ o All data after the PAN will be sent without masking •...

  • Page 41: Uart/Rs-232 Communications Property (Uart/Rs-232 Readers Only)

    Section 2. Communications Example Set Max Packet Size property Response (Hex): Result Code Data Len Data Example Get Max Packet Size property Request (Hex): Cmd Num Data Len Prp ID Example Get Max Packet Size property Response (Hex): Result Code Data Len Prp Value UART/RS-232 COMMUNICATIONS PROPERTY (UART/RS-232 READERS ONLY)

  • Page 42: Activity Timeout Period Property (Bullet, Flash, Wireless Usb)

    MagneSafe V5 Description Baud Rate 2400 Baud Rate 4800 Baud Rate 9600 Baud Rate 14400 Baud Rate 19200 Baud Rate 38400 Baud Rate 9600 Baud Rate 9600 No Parity (8 bit characters) Even Parity (7 bit characters) Odd Parity (7 bit characters)

  • Page 43: Bluetooth Disconnect Message Property (Bullet Only)

    Section 2. Communications Bluetooth Disconnect Message Property (BulleT Only) Property ID: 0x0D Property Type: String Length: 7 bytes Get Property: Set Property: Default Value: No string with a length of zero. Description: This property specifies a string to be used as part of a Bluetooth Disconnect Message.

  • Page 44: Stay Powered After Swipe Property (Bullet, Flash, Wireless Usb)

    MagneSafe V5 Example Set Track Data Transmission Delay property Response (Hex): Result Code Data Len Data Example Get Track Data Transmission Delay property Request (Hex): Cmd Num Data Len Prp ID Example Get Track Data Transmission Delay property Response (Hex):...
  • Page 45 Section 2. Communications This property should be the first property changed so that all other communications will not conflict with other pairs that may be in range. After this property is changed, the reader should be reset (see Command Number 2) before changing any other properties.

  • Page 46: Interface Type Property

    MagneSafe V5 Interface Type Property Property ID: 0x10 Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x00 (HID) Description: The value is a byte that represents the reader’s interface type. With USB readers, the value can be set to 0x00 for the HID interface or to 0x01 for the Keyboard Emulation interface.

  • Page 47: Track Data Send Flags Property (Kb, Bullet Spp, Bullet Kb, Uart, Rs-232)

    Section 2. Communications Track Data Send Flags Property (KB, BulleT SPP, Bullet KB, UART, RS-232) Property ID: 0x14 Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x63 for all models except BulleT KB which defaults to 0x6B Description: This property is defined as follows: 0 –...

  • Page 48: Mp Flags Property

    MagneSafe V5 When minimizing key reports, the minimum number of key reports is sent to represent each character. When the ASCII-to-keypress conversion type property is set to ACTIVE KEYMAP, this consists of one key report per character (key down) if not sending the same key usage ID that was sent in the last key report...

  • Page 49: Active Keymap Property (Kb)

    Section 2. Communications This property is stored in non-volatile memory, so it will persist when the unit is power cycled. When this property is changed, the unit must be reset (see Command Number 2) or power cycled to have these changes take effect. Active Keymap Property (KB) Property ID: 0x16...

  • Page 50: Ascii To Keypress Conversion Type Property (Kb)

    MagneSafe V5 Example Get Active Keymap property Response (Hex): Result Code Data Len Prp Value ASCII to Keypress Conversion Type Property (KB) Property ID: 0x17 Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x00 (keymap) Description: The value is a byte that represents the reader’s ASCII-to-keypress conversion...

  • Page 51: Crc Flag Property (Kb And Serial Models)

    Section 2. Communications Example Set ASCII To Keypress Conversion Type property Response (Hex): Result Code Data Len Data Example Get ASCII To Keypress Conversion Type property Request (Hex): Cmd Num Data Len Prp ID Example Get ASCII To Keypress Conversion Type property Response (Hex): Result Code Data Len Prp Value...

  • Page 52: Keyboard Sureswipe Flag Property (Kb, Uart, Rs-232)

    This property enables/disables SureSwipe emulation when the Security Level is 2 and the Interface Type is Keyboard. The default is SureSwipe emulation enabled, keyboard data will be emitted in the SureSwipe format (see MagTek document 99875206). This allows clients to receive a reader without security enabled (Security Level 2) and use it exactly like a SureSwipe reader.

  • Page 53: Ss Jis Type 2 Property

    Section 2. Communications This property is stored in non-volatile memory, so it will persist when the unit is power cycled. When this property is changed, the unit must be reset (see Command Number 2) or power cycled for these changes to take effect. Example Set property Request (Hex): Cmd Num Data Len...

  • Page 54: Es Jis Type 2 Property

    MagneSafe V5 ES JIS Type 2 Property Property ID: 0x1D Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x7F ‘DEL’ Description: This character is sent as the end sentinel for cards that are encoded in the JIS type 2 format.

  • Page 55: Post Card String Property (Kb, Bullet, Uart, Rs-232)

    Section 2. Communications Post Card String Property (KB, BulleT, UART, RS-232) Property ID: 0x1F Property Type: String Length: 0 – 7 bytes Get Property: Set Property: Default Value: No string with a length of zero. Description: The value is an ASCII string that represents the reader’s post card string. This string can be 0 –...

  • Page 56: Post Track String Property (Kb, Bullet, Uart, Rs-232)

    MagneSafe V5 Example Set Pre Track String property Response (Hex): Result Code Data Len Data Example Get Pre Track String property Request (Hex): Cmd Num Data Len Prp ID Example Get Pre Track String property Response (Hex): Result Code Data Len...

  • Page 57: Termination String Property (Kb, Bullet, Uart, Rs-232)

    Section 2. Communications Termination String Property (KB, BulleT, UART, RS-232) Property ID: 0x22 Property Type: String Length: 0-7 bytes Get Property: Set Property: Default Value: 0x0D (carriage return) Description: This string is sent after the all the data for a transaction. The string can be 0 – 7 bytes long.

  • Page 58: Ss Track 2 Iso Aba Property (Kb, Bullet, Uart, Rs-232)

    MagneSafe V5 SS Track 2 ISO ABA Property (KB, BulleT, UART, RS-232) Property ID: 0x25 Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x3B ‘;’ Description: This character is sent as the track 2 start sentinel for cards that have track 2 encoded in ISO/ABA format.

  • Page 59: Ss Track 2 7Bits Property (Kb, Bullet, Uart, Rs-232)

    Section 2. Communications SS Track 2 7bits Property (KB, BulleT, UART, RS-232) Property ID: 0x28 Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x40 (‘@’) Description: This character is sent as the track 2 start sentinel for cards that have track 2 encoded in 7 bits per character format.

  • Page 60: Format Code Property (Kb, Bullet, Uart, Rs-232)

    The application sends four characters, but only the last three will be set. The first character is reserved for MagTek use. A value of ‘0’ in the first character means the Format Code is defined by MagTek; a value of ‘1’...

  • Page 61: Track 2 Property (Kb, Bullet, Uart, Rs-232)

    Section 2. Communications ES Track 2 Property (KB, BulleT, UART, RS-232) Property ID: 0x2E Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0xFF (use ES property) Description: This character is sent as the end sentinel for track 2 with any format. If the value is 0 no character is sent.

  • Page 62: Mask Other Cards Property

    MagneSafe V5 NOTE: If this property is set to 0x01 and the Format Code is currently “0001”, the Format Code will be changed to “0002”. This property is stored in non-volatile memory, so it will persist when the unit is power cycled. When this property is changed, the unit must be reset (see Command Number 2) or power cycled to have these changes take effect.

  • Page 63: Card Inserted Property (Insert Reader Only)

    Section 2. Communications This property is stored in non-volatile memory, so it will persist when the unit is power cycled. When this property is changed, the unit must be reset (see Command Number 2) or power cycled to have these changes take effect.

  • Page 64: Send Clear Aamva Card Data Property

    MagneSafe V5 Send Clear AAMVA Card Data Property Property ID: 0x34 Property Type: Byte Length: 1 byte Get Property: Set Property: Default Value: 0x00 Description: This property is used to control how to send out AAMVA card data when the security level is above 2.

  • Page 65: Software Id 2 Property (Wireless Usb Reader Only)

    Section 2. Communications This property controls whether, when the reader is configured with Interface Type HID and at Security Level 2, the reader functions as described in this manual or as described in 99875191 (USB HID SURESWIPE & USB HID SWIPE READER TECHNICAL REFERENCE MANUAL).

  • Page 66: Inter-Key Delay Property (Bullet Kb)

    MagneSafe V5 wireless reader. To get the software ID from the dongle use the “SOFTWARE ID” property. Example Get Software ID 2 property Request (Hex): Cmd Num Data Len Prp ID Example Get Software ID 2 property Response (Hex): Result Code...

  • Page 67: Command List

    Section 2. Communications Example Set Inter-Key Delay property Response (Hex): Result Code Data Len Data Example Get Inter-Key Delay property Request (Hex): Cmd Num Data Len Prp ID Example Get Inter-Key Delay property Response (Hex): Result Code Data Len Data COMMAND LIST The following commands are available for use with the readers.

  • Page 68: Get Keymap Item Command (Kb)

    MagneSafe V5 Example Reset Device Response (Hex): Result Code Data Len Data Get Keymap Item Command (KB) Command number: 0x03 Description: This command is used to get a key map item from the active key map. The active key map is determined by the active key map property. Data from a magnetic stripe card is a sequence of ASCII characters.

  • Page 69: Set Keymap Item Command (Kb)

    Section 2. Communications Response Data: Offset Field Name Description Key Usage ID The value of the USB key usage ID that is mapped to the given ASCII value. For example, for the United States keyboard map, usage ID 56 (0x38) (keyboard / and ?) is mapped to ASCII character ‘?’.
  • Page 70 MagneSafe V5 Starting with the firmware release with software ID 21042812F01, when both the key usage ID and the key modifier byte are set to 0xFF for a given ASCII value, the ALT ASCII code is sent instead of the key map values.

  • Page 71: Save Custom Keymap Command (Kb)

    Example Save Custom Keymap Response (Hex): Result Code Data Len Data DUKPT Operation Since key loading is proprietary and performed at MagTek, there are no user commands to support key injection. Get DUKPT KSN and Counter Command Command number: 0x09...

  • Page 72: Set Session Id Command

    MagneSafe V5 Example Get DUKPT KSN and Counter Request (Hex): Cmd Num Data Len Data None Example Get DUKPT KSN and Counter Response (Hex): Result Code Data Len Data FFFF 9876 5432 10E0 0001 Set Session ID Command Command number:...

  • Page 73: Activate Authenticated Mode Command

    Section 2. Communications Activate Authenticated Mode Command Command number: 0x10 Description: This command is used to Activate the Authenticated Mode. When set to Security Level 4, this reader will not transmit card data unless it is in the Authenticated Mode. The Authenticated Mode may only be entered by this command.

  • Page 74: Activation Challenge Reply Command

    MagneSafe V5 Response Data: Offset Field Name Description Current Key This eighty-bit field includes the Initial Key Serial Number Serial Number in the leftmost 59 bits and a value for the Encryption Counter in the rightmost 21 bits. Challenge 1...

  • Page 75: Deactivate Authenticated Mode Command

    Section 2. Communications If the reader decrypts the CR response correctly the Activate Authenticated Mode has succeeded. If the reader can not decrypt the CR command correctly the Activate Authenticated Mode has failed, the DUKPT KSN advances. Data structure: Request Data: Offset Field Name Description...

  • Page 76: Get Reader State Command

    MagneSafe V5 behavior is intended to discourage denial of service attacks. Exiting the Authenticated Mode by timeout or card swipe always increments the KSN, exiting Authenticated Mode by the Deactivate Authenticated Mode command may increment the KSN. Data structure: Request Data:...
  • Page 77 Section 2. Communications Data Structure: Request Data: None Response Data: The first byte specifies the current state as follows: Current Reader State Value Name Meaning 0x00 WaitActAuth Waiting for Activate Authenticated Mode. The reader requires Authentication before swipes are accepted. 0x01 WaitActRply Waiting for Activation Challenge Reply.

  • Page 78: Set Security Level Command

    MagneSafe V5 Set Security Level Command Command number: 0x15 Description: This command is used to set the Security Level (see Section 1). The Security Level can be set higher, but never lower. There are two versions of this command, the first one is used to retrieve the current Security Level and does not require MACing.

  • Page 79: Get Transaction Count Command (Flash Reader Only)

    Section 2. Communications Get Transaction Count Command (Flash Reader Only) Command number: 0x16 Description: This command is used to get the count of stored transactions (card swipes) currently stored in the reader. It will return one byte giving the count of stored transactions.

  • Page 80: Erase Oldest Transaction Command (Flash Reader Only)

    MagneSafe V5 Example Response Read Oldest Transaction (Hex): Result Code Data Len Data Erase Oldest Transaction Command (Flash Reader Only) Command number: 0x18 Description: This command is used to erase the oldest transaction (card swipe) stored in the reader. It has no request and no response data. The response indicates whether or not a transaction was erased.

  • Page 81: Power Down Command (Wireless Usb Reader Only)

    Section 2. Communications Request Data: None Response Data: Offset Field Name Description Device Serial # 16 bytes, if DSN is shorter than 15 bytes, left justify and fill with binary zeroes. At least one byte (usually the last one) must contain binary zero. Actual Encryption This three byte field returns the current value of the Counter...

  • Page 82: Get Battery Status Command (Wireless Usb Reader Only)

    MagneSafe V5 Get Battery Status Command (Wireless USB Reader Only) Command number: 0x29 Description: This command is used to get the status of the battery. Data structure: Request Data: None Response Data: Offset Field Name Description Battery Status Value of 0x00 indicates battery charge is low;...
  • Page 83 Section 2. Communications DSN – Device Serial Number, this data field will always be fixed at 16 bytes. If the serial number is less than 15 bytes, it will be left justified. The 16 byte will always be set to NULL. Cryptogram –...
  • Page 84 MagneSafe V5...

  • Page 85: Section 3. Demo Program

    SECTION 3. DEMO PROGRAM The demo program, which is written in Visual Basic, can be used to do the following: • Send command requests to the reader and view the command responses. • Guide application developers in their application development by providing examples, in source code, of how to properly communicate with the reader using the standard Windows APIs.

  • Page 86: Source Code

    MagneSafe V5 • To send commands to the reader, click the Send Commands tab (if not already selected). • Enter a command in the Message edit box. All data entered should be in hexadecimal bytes with a space between each byte. Enter the command number followed by the command data if there is any.

  • Page 87: Appendix A. Keyboard Usage Id Definitions

    APPENDIX A. KEYBOARD USAGE ID DEFINITIONS This appendix is from the following document found on www.usb.org: Universal Serial Bus HID Usage Tables, Version 1.12 and specifically for this manual, Section 10, Keyboard/Keypad Page (0x07). KEYBOARD/KEYPAD PAGE (0X07) This section is the Usage Page for key codes to be used in implementing a USB keyboard. A Boot Keyboard (84-, 101- or 104-key) should at a minimum support all associated usage codes as indicated in the “Boot”...
  • Page 88 MagneSafe V5 Ref: Usage ID Usage ID Typical Usage Name Boot (Dec) (Hex) AT-101 Position √ √ √ Keyboard i and I 4/101/104 √ √ √ Keyboard j and J 4/101/104 √ √ √ Keyboard k and K 4/101/104 √...
  • Page 89 Appendix A. Keyboard Usage Ref: Usage ID Usage ID Typical Usage Name Boot (Dec) (Hex) AT-101 Position √ √ √ Keyboard ‘ and “ 4/101/104 √ √ √ Keyboard Grave Accent and Tilde 4/101/104 √ √ √ Keyboard, and < 4/101/104 √...
  • Page 90 MagneSafe V5 Ref: Usage ID Usage ID Typical Usage Name Boot (Dec) (Hex) AT-101 Position √ √ √ Keypad 4 and Left Arrow 4/101/104 √ √ √ Keypad 4 and Left Arrow 4/101/104 √ √ √ Keypad 4 and Left Arrow 4/101/104 √...
  • Page 91 Appendix A. Keyboard Usage Ref: Usage ID Usage ID Typical Usage Name Boot (Dec) (Hex) AT-101 Position √ Keyboard Locking Scroll Lock Keypad Comma Keypad Equal Sign 15-28 Keyboard International1 Keyboard International2 Keyboard International3 Keyboard International4 Keyboard International5 Keyboard International6 Keyboard International7 Keyboard International8 Keyboard International9...
  • Page 92 MagneSafe V5 Ref: Usage ID Usage ID Typical Usage Name Boot (Dec) (Hex) AT-101 Position Keypad ( Keypad ) Keypad { Keypad} Keypad Tab Keypad Backspace Keypad A Keypad B Keypad C Keypad D Keypad E Keypad F Keypad XOR...
  • Page 93 Appendix A. Keyboard Usage Ref: Usage ID Usage ID Typical Usage Name Boot (Dec) (Hex) AT-101 Position 222-223 DE-DF Reserved √ √ √ Keyboard LeftControl √ √ √ Keyboard LeftShift √ √ √ Keyboard LeftA;t 10;23 √ √ √ Keyboard Left GUI √...
  • Page 94 MagneSafe V5 29. Used on AS/400 keyboards. 30. Defines the Katakana key for Japanese USB word-processing keyboards. 31. Defines the Hiragana key for Japanese USB word-processing keyboards. 32. Usage 0x94 (Keyboard LANG5) “Defines the Zenkaku/Hankaku key for Japanese USB word-processing keyboards.

  • Page 95: Appendix B. Modifier Byte Definitions

    APPENDIX B. MODIFIER BYTE DEFINITIONS This appendix is from the following document found on www.usb.org: Device Class Definition for Human Interface Devices (HID) Version 1.11, and specifically for this manual, Section 8.3 Report Format for Array Items. The modifier byte is defined as follows: Table B-1.
  • Page 96 MagneSafe V5...

  • Page 97: Appendix C. Guide On Decrypting Data

    APPENDIX C. GUIDE ON DECRYPTING DATA The key that was used to encrypt each data block can be determined by using the Key Serial Number field along with the Base Derivation Key associated with this reader. The resulting DUKPT key, as described in ANS X9.24 Part 1, is the key which was used to encrypt the data. (The key is described as the PIN key in the standard but since there are no PINs being used in this application, the derived key is used.) These sequences are based on the following data:...
  • Page 98 MagneSafe V5...

  • Page 99: Appendix D. Command Examples

    APPENDIX D. COMMAND EXAMPLES This Appendix gives examples of command sequences and cryptographic operations. The intent is to clarify any ambiguities the user might find in the body of the document. Each example shows a sequence as it actually runs, thus the user can check algorithms against the examples to assure they are computing correctly. Example 1: Configuring a reader before encryption is enabled (Security Level 2).
  • Page 100 MagneSafe V5 01 02 05 85 ; Set to read only Tracks 1 & 2 Request : CMND=01, LEN=02, DATA=05 85 Response : RC= 00, LEN=00, DATA= 00 01 07 ; Get current ISO Track Mask Request : CMND=00, LEN=01, DATA=07...
  • Page 101 Appendix D. Command Examples Track 1 Encrypted = 25 42 35 34 35 32 33 30 30 35 35 31 32 32 37 31 38 39 5E 48 4F 47 41 4E 2F 50 41 55 4C 20 20 20 20 20 20 5E 30 38 30 34 33 32 31 30 30 30 30 30 30 30 37 32 35 30 30 30 30 30 30 3F 00 00 00 00 Track 2 Encrypted = 3B 35 34 35 32 33 30 30 35 35 31 32 32 37 31 38 39 3D 30 38 30 34 33 32 31 30 30 30 30 30 30 30 37 32 35 30 3F 00 00 00...
  • Page 102 MagneSafe V5 01 02 02 02 ; Set Polling Interval to 2 ms Request : CMND=01, LEN=02, DATA=02 02 Response : RC= 00, LEN=00, DATA= 00 01 03 ; Get current Device Serial Number Request : CMND=00, LEN=01, DATA=03 Response...
  • Page 103 Appendix D. Command Examples 00 01 20 ; Get current Pre Track String Request : CMND=00, LEN=01, DATA=20 Response : RC= 00, LEN=00, DATA= 01 07 20 54524B545354 ; Set to "TRKTST" Request : CMND=01, LEN=07, DATA=20 54 52 4B 54 53 54 Response : RC= 00, LEN=00, DATA=...
  • Page 104 MagneSafe V5 00 01 19 ; Get current CRC Flags (should return 03) Request : CMND=00, LEN=01, DATA=19 Response : RC= 00, LEN=01, DATA=03 00 01 1A ; Get Current SureSwipe Flag (should return 00, if Set was done) Request...
  • Page 105 Appendix D. Command Examples |010002AC501724CC063E08E2C52B53793DD53167753CDC3CE8EBC5C3555E30B68B73E4DB8912E6372CA772E 723EFEAADC02F02048C76 |B000795 |0000000000000000 |DB3E |1234 TXEND Example 3: HID reader card swipe in Security Level 2: This example shows the data received in a HID report for a reader at Security Level 2. Raw HID Report: Byte Content 00 00 00 3C 25 1F 00 25 42 35 34 35 32 33 30 30 35 35 31 32...
  • Page 106 MagneSafe V5 00 00 00 00 00 00 00 00 00 00 00 00 3C 25 1F 36 According to the USB MagneSafe Swipe Reader Technical Reference Manual the HID report is broken down like this: Offset Usage Name Track 1 decode status...
  • Page 107 Appendix D. Command Examples 119 - 230 Track 2 encrypted data (37 bytes, not encrypted, no keys yet) 3B 35 34 35 32 33 30 30 35 35 31 32 32 37 31 38 39 3D 30 38 30 34 33 32 31 30 30 30 30 30 30 30 37 32 35 30 3F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...
  • Page 108 MagneSafe V5 00 00 00 00 00 00 00 00 00 00 00 00 844 - 851 Encrypted Session ID (user didn't load, all zeroes) 00 00 00 00 00 00 00 00 Track 1 Absolute data length (same as above)
  • Page 109 Appendix D. Command Examples 63000050000445=000000000000?|0200|%B54523005512271 89^HOGAN/PAUL ^08043210000000725000000?|;5452 300551227189=080432100000007250?|+5163499080020445 =000000000000?||||0000000000000000||6F36||1000 According to the MagneSafe Swipe Reader Technical Reference Manual the Data is broken down like this: [P30] [P32] [Tk1 SS] [Tk1 Masked Data] [ES] [P33] [P32] [Tk2 SS] [Tk2 Masked Data] [ES] [P33] [P32] [Tk3 SS] [Tk3 Masked Data] [ES] [P33] [P31] [P35] [Reader Encryption Status]...
  • Page 110 MagneSafe V5 |0000000000000000 |6F36 |1000 Note: The Device Serial Number field is empty because the DSN has not been set. Note: The MagnePrint Status, the MagnePrint Data, the DUKPT serial number/counter and Encrypted CRC fields are empty because this reader is at Security Level 2 (encryption not enabled).
  • Page 111 Appendix D. Command Examples 02 00 ; Reset so changes take effect Request : CMND=02, LEN=00, DATA= Response : RC= 00, LEN=00, DATA= Delay : (waited 5 seconds) 09 00 ; Get current KSN (should be FFFF9876543210E00002) Request : CMND=09, LEN=00, DATA= Response : RC= 00, LEN=0A, DATA=FF FF 98 76 54 32 10 E0 00 02...
  • Page 112 MagneSafe V5 Response : RC= 00, LEN=0A, DATA=FF FF 98 76 54 32 10 E0 00 02 15 00 ; Get current Security Level (Should be 04) Request : CMND=15, LEN=00, DATA= Response : RC= 00, LEN=01, DATA=04 Example 8: Changing from Security Level 3 to Security Level 4: ;...
  • Page 113 Appendix D. Command Examples Example 9: Configuring a reader after encryption is enabled (Security Level 3 or 4). In this example the reader is in Keyboard Mode: ; This script demonstrates configuration commands for KB mode. ; It assumes the reader is at Security Level 3 or 4 and that the KSN counter ;...
  • Page 114 MagneSafe V5 00 01 20 ; Get current Pre Track String Request : CMND=00, LEN=01, DATA=20 Response : RC= 00, LEN=00, DATA= ; Form MAC for Set Property command Message to be sent is: 01 05 20 nnnnnnnn (nnnnnnnn is the MAC)
  • Page 115 Appendix D. Command Examples MAC is first four bytes: D1538615 01 09 2C 31303030 D1538615 ; Set to "1000" Request : CMND=01, LEN=09, DATA=2C 31 30 30 30 D1538615 Response : RC= 00, LEN=00, DATA= 02 00 ; Reset so changes take effect Request : CMND=02, LEN=00, DATA= Response...
  • Page 116 MagneSafe V5 |------- Current KSN -------| |---- Challenge 1 --- -| |---- Challenge 2 ----| Response : RC= 00, LEN=1A, DATA=FF FF 98 76 54 32 10 E0 00 03 BE 5C 98 35 17 7E 45 2A A7 2D 2D B2 36 BF 29 D2...
  • Page 117 Appendix D. Command Examples ; Build a Deactivate Authenticated Mode command (cmd, len, cryptogram) 12 08 XXXXXXXXXXXXXXXX The clear text input for the cryptogram is composed of the first seven bytes of the decrypted Challenge 2 followed by one byte specifying whether to increment the DUKPT KSN or not (00 = no increment, 01 = increment).
  • Page 118 MagneSafe V5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 FF FF 98 76 54 32 10 E0 00 08 3C 25 1F 25 42 35 34 35 32 30 30 30 30 30 30...
  • Page 119 Appendix D. Command Examples Track 2 decode status Track 3 decode status Track 1 encrypted data length 40 (64 bytes, always in multiples of 8) Track 2 encrypted data length 28 (40 bytes, always in multiples of 8) Track 3 encrypted data length 20 (32 bytes, always in multiples of 8) Card encode type (ISO/ABA) 7 - 118...
  • Page 120 MagneSafe V5 25 42 35 34 35 32 30 30 30 30 30 30 30 30 37 31 38 39 5E 48 4F 47 41 4E 2F 50 41 55 4C 20 20 20 20 20 20 5E 30 38 30 34...
  • Page 121 Appendix D. Command Examples As Track 1 Encrypted Data Length cites 64 bytes only, we can eliminate the trailing blocks: Block # 1 C25C1D1197D31CAA 87285D59A8920474 26D9182EC11353C0 51ADD6D0F072A6CB 3436560B3071FC1F D11D9F7E74886742 D9BEE0CFD1EA1064 C213BB55278B2F12 Appendix C tells us to decrypt the last block: C213BB55278B2F12 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets E98ED0F0D1EA1064 XOR D9BEE0CFD1EA1064...
  • Page 122 MagneSafe V5 Ordering the decrypted blocks 1st to last we get: ASCII 2542353435323330 %B545230 3035353132323731 05512271 38395E484F47414E 89^HOGAN 2F5041554C202020 /PAUL 2020205E30383034 ^0804 3332313030303030 32100000 3030373235303030 00725000 3030303F00000000 000? We can ignore the last four bytes because the Track 1 Absolute Length field cites only 60 characters.
  • Page 123 Appendix D. Command Examples Continue on in reverse block order: F0FEAE7908801093 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets 47796C85E4CE30FF XOR 724C5DB7D6F901C7 gets 3535313232373138 (decrypted block 2) Continue on in reverse block order: 724C5DB7D6F901C7 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets 3B35343532333030 (decrypted block 1) Ordering the decrypted blocks 1st to last we get: ASCII 3B35343532333030...
  • Page 124 MagneSafe V5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 As MagnePrint Data Length cites 56 bytes only, we can eliminate the trailing blocks: Block # 1 4703576BC5C2CB20 BC04C68B5CE1972A E89E087B1C4D47D5 D0E31706106903E6 0B82030792690A57...
  • Page 125 Appendix D. Command Examples BEA104C4EF584ED5 CE07C0D55B810000 We can ignore the last four bytes because the MagnePrint Data Absolute Length field cites only 54 characters. 01000184EA10B939408C872A5C513C90C78B57A6F3FAA663CE0678B879D0D78B7FADBCE8591AE7E4BEA104C4 EF584ED5CE07C0D55B81 This is an accurate decryption of the MagnePrint data. Encrypted Session ID (user didn't load, all zeroes) 21 68 5F 15 8B 5C 6B E0 As this is a simple eight byte block, we only need decrypt it with the appropriate key:...
  • Page 126 MagneSafe V5 [P35] [Encrypted Session ID] [P35] [DUKPT serial number/counter] [P35] [Clear Text CRC] [P35] [Encrypted CRC] [P35] [Format Code] [P34] Each of the Pxx elements has the default value in this configuration, thus we can reinterpret the format as: %[Tk1 Masked Data]? ;[Tk2 Masked Data]?
  • Page 127 Appendix D. Command Examples Note that all other fields are represented as Hexadecimal data, that is, two ASCII characters together give the value of a single byte. The data is coherent structurally, let's work on decryption. First, we note the KSN = FFFF9876543210E00008, counter is 8. For the standard ANSI key example, counter 8 gets us the following Encryption Key: 27F66D5244FF621E AA6F6120EDEB427F...
  • Page 128 MagneSafe V5 26D9182EC11353C0 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets BF110311E7D5453A XOR 87285D59A8920474 gets 38395E484F47414E (decrypted block 3) Continue on in reverse block order: 87285D59A8920474 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets F2692820A5E12B9B XOR C25C1D1197D31CAA gets 3035353132323731 (decrypted block 2) Continue on in reverse block order:...
  • Page 129 Appendix D. Command Examples F0FEAE7908801093 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets 47796C85E4CE30FF XOR 724C5DB7D6F901C7 gets 3535313232373138 (decrypted block 2) Continue on in reverse block order: 724C5DB7D6F901C7 TDES Dec with 27F66D5244FF621E AA6F6120EDEB427F gets 3B35343532333030 (decrypted block 1) Ordering the decrypted blocks 1st to last we get: ASCII 3B35343532333030 ;5452300...
  • Page 130 MagneSafe V5 We can ignore the last byte because it is hex 00 and falls after the End Sentinel. ASCII string "+5163499080020443=000000000000? " This is an accurate decryption of the track. MagnePrint data Block # 1 8628E664C59BBAA2 32BA90BFB3E6B41D 6F4B691E633C311C BE6EE7466B81196E...
  • Page 131 Appendix D. Command Examples 010002D4B69CD2C0 C7617D0463316E85 3F9CB00FE2C5A355 6E9CE5A9B2E6DB89 14A6372CA7736703 6EFAADC02F02C4FB 76C6CFD8A59C0000 We can ignore the last two bytes because we know the MagnePrint data is actually 54 bytes long. 010002D4B69CD2C0C7617D0463316E853F9CB00FE2C5A3556E9CE5A9B2E6DB8914A6372C A77367036EFAADC02F02C4FB76C6CFD8A59C0000 This is an accurate decryption of the MagnePrint data. Encrypted Session ID (user didn't load, all zeroes) 21685F158B5C6BE0 As this is a simple eight byte block, we only need decrypt it with...
  • Page 132 MagneSafe V5...

  • Page 133: Appendix E. Identifying Iso/Aba And Aamva Cards

    APPENDIX E. IDENTIFYING ISO/ABA AND AAMVA CARDS ISO/ABA FINANCIAL CARDS 1. If low level decoding algorithm finds data for available tracks to be in the ISO format particular to each track, the card is classified as ISO. In order to be considered for ISO Financial masking, the card must first be classed as ISO.

  • Page 134: Aamva Driver Licenses

    Track 2 is formatted per ISO Track 2 rules, and Track 3 is formatted per ISO Track 1 rules, the card is considered to be an AAMVA card. Some MagTek readers do not support reading of Track 3, so this rule will not apply on such readers.

  • Page 135: Appendix F. List Of Properties

    APPENDIX F. LIST OF PROPERTIES This list shows all of the properties that are supported among the MagneSafe reader families. The properties associated with a particular MagneSafe model are indicated with a check mark. The default setting for each property is indicated. Dynamag Dynamo BulleT...
  • Page 136 MagneSafe V5 Dynamag Dynamo BulleT BulleT UART Properties Default Flash iDynamo U-Finity Insert RS-232 0x14 Track Data Send Flags 0x6B  0x15 MP Flags 0x01       0x16 Active Keymap 0 (United States)  0x17 ASCII To Keypress 0 (keymap) ...
  • Page 137 Appendix F. List of Properties Dynamag Dynamo BulleT BulleT UART Properties Default Flash iDynamo U-Finity Insert RS-232 0x30 Send Current Encryption 0x00 (don’t send      Counter Encryption Counter) 0x00 (Don’t Mask 0x31 Mask Other Cards  ...
  • Page 138 MagneSafe V5 Dynamag Dynamo BulleT BulleT UART Properties Default Flash iDynamo U-Finity Insert RS-232  0x44 Hardware Error Message 0x45 Blank Card Message  0x46 Transaction Threshold  Exhausted Message 0x47 Bad Read Message   0x48 Good Read Message ...

Table of Contents