Search code examples
cryptography3des

How API on POS creating pin block?

We develop software for POS terminals, and use their library of developers POS. The function that generates pin block, ask us the PIN key. And in order to generate PIN key, we need to specify the master key and in order to generate master key, you first need to specify the loading key. So the order is: loading key -> master key -> PIN key.

We need to find out how these keys are interrelated. What's going on inside the function. Since we can not look inside their functions. What do we know about their application? On the application uses the method of encryption 3des and maybe some key is XORing. And we know exactly which pin block, it displays.

For example, if you specify the following keys:

loading key: 11111111111111111111111111111111

master key: 11111111111111111111111111111111

PIN key: 11111111111111111111111111111111

PAN: 1111111111111111

PIN: 1111

We get pin block like this: 0C43B779D7A1CB72

Please help those who are well versed in encryption and in the terminals. Thank you in advance!

Solution

  • Your scheme is master/session PIN encryption using master key loaded under "loading key".

    1. The loading key 11111111111111111111111111111111 is loaded into the device in plain.

      loadingKey = 11111111111111111111111111111111

    2. The PIN master key cryptogram 11111111111111111111111111111111 is decrypted using DES in ECB mode giving plain PIN master key 237B2304C393D3AC237B2304C393D3AC (using the loading key).

      pinMasterKey = DES_Dec_ECB(key=loadingKey,data=11111111111111111111111111111111)

      pinMasterKey = 237B2304C393D3AC237B2304C393D3AC

    3. PIN entry is requested with working key cryptogram 11111111111111111111111111111111 which decrypts using DES in ECB mode into plain working key 5CC98C26CB8C00CE5CC98C26CB8C00CE (using PIN master key).

      pinWorkingKey = DES_Dec_ECB(key=pinMasterKey,data=11111111111111111111111111111111)

      pinWorkingKey = 5CC98C26CB8C00CE5CC98C26CB8C00CE

    4. This working key is used to encrypt plain Format 0 PIN block 041100EEEEEEEEEE (which is formed by XORing 041111FFFFFFFFFF and 0000111111111111 as described here) into 0C43B779D7A1CB72.

      pinBlock = (041111FFFFFFFFFF XOR 0000111111111111)

      pinBlock = 041100EEEEEEEEEE

      encryptedPinBlock = DES_Enc_ECB(key=pinWorkingKey,data=pinBlock)

      encryptedPinBlock = 0C43B779D7A1CB72

    Good luck!

    Desclaimer: I am no crypto expert, so please do validate my thoughts.

    (Note: DES key parities are not adjusted)