CONNECT TO HSM

Dec 28, 2010 at 7:03 AM
Hi guys, I have a challenge, i use Thales 8000 HSM but solely depend on a third party tool to communicate with it. I need to bypass this third party tool and communicate with the HSM directly. All we do is use the HSM to decrpyt PIN OFFSETS to clear PIN, and also PIN Blocks to Clear PIN. i will like to have a sample code to help achieve this and then i can work on extending this. This is my personal project and will be glad if i can get help from you guys. I have started studying the library and plan to devote lots of time to understand and be able to extend in the future. Thanks
Dec 28, 2010 at 9:04 AM

You can have a look at the main form of the PVV clashing demo. This application uses some library helper functions to connect directly to an HSM (or the simulator) and send function commands to it. You'll obviously need to familiarize yourself with the relevant commands you want to send to the HSM.

Dec 28, 2010 at 9:46 AM

I have gone through the PVV clashing demo but need something that can get me started quickly. I am using a Thales 8000 HSM and need to send command to generate clear PIN from PAN + Pin Offset and also generate Clear PIN from sending command to generate Clear PIN from PAN + Pin Blocks. Please help put the code together as am still very new to this and need to test this as soon as i can. cheers

Dec 28, 2010 at 10:26 AM

The PVV clashing demo is something that can get you started quickly. The most time consuming task here is not the actual code but the commands you need to send. Are you familiar with them?

Dec 28, 2010 at 3:33 PM

I am a programmer and familiar with using DLL but not familiar with commands but i have a reference on Thales 8000 HSM which i think can guide. I have looked through the code in the PVV clashing DEMO which is this

        Me.Enabled = False

        Try
            thales = New TCP.WorkerClient(New Net.Sockets.TcpClient(txtIPAddress.Text, Convert.ToInt32(txtPort.Text)))
            thales.InitOps()
        Catch ex As Exception
            doLog("Connection error (" + ex.Message + ")")
            Me.Enabled = True
            Exit Sub
        End Try

        txtLog.Text = ""

        doLog("Finding PVV for PIN " + txtPIN.Text + "...")
        Dim key As New Cryptography.HexKey(txtClearTPK.Text)
        Dim PB As String = Cryptography.TripleDES.TripleDESEncrypt(key, txtPIN.Text + New String("F"c, 12))
        Dim acctNumber As String = txtPAN.Text.Substring(txtPAN.Text.Length - 13, 12)

        Dim reply As String = SendFunctionCommand("1234JC" + txtCryptTPK.Text + PB + "03" + acctNumber)
        If reply.Substring(6, 2) = "00" Then
            reply = SendFunctionCommand("1234DG" + txtCryptPVK.Text + reply.Substring(8, 5) + acctNumber + "1")
            If reply.Substring(6, 2) = "00" Then

                Dim PVV As String = reply.Substring(8, 4)
                doLog("PVV is " + PVV)
                doLog("Running PIN verification for all PINs and this PVV...")
                For i As Integer = 0 To 9999
                    PB = Cryptography.TripleDES.TripleDESEncrypt(key, i.ToString.PadLeft(4, "0"c) + New String("F"c, 12))
                    reply = SendFunctionCommand("1234DC" + txtCryptTPK.Text + txtCryptPVK.Text + PB + "03" + acctNumber + "1" + PVV)
                    If reply.Substring(6, 2) = "00" Then
                        doLog("Verified for PIN [" + i.ToString.PadLeft(4, "0"c) + "]")
                    End If
                    If i Mod 50 = 0 Then
                        lblStatus.Text = "Running verification for PIN #" + i.ToString.PadLeft(4, "0"c) + "..."
                        Application.DoEvents()
                    End If
                Next

                lblStatus.Text = "Done."
            Else
                doLog("Error on DG: " + reply)
            End If
        Else
            doLog("Error on JC: " + reply)
        End If

        thales.TermClient()
        thales = Nothing
        Me.Enabled = True

 

but i think this cannot help me cos its just finding the PVVs.

 

 

Dec 28, 2010 at 6:13 PM

I know, but the PVV clashing demo demonstrates the basics that you need:

  • Connect to the HSM (or the simulator) using a TCP socket.
  • Send arbitrary commands over that socket.

What you would now need to do is change that code to work with the appropriate commands, which is the real tricky part ;-) If you are uncertain of the commands issued by the third party tool to the HSM, your best bet is to install a packet analyzer such as Wireshark and fire it up so that you can get an idea which commands it sends to the HSM.

Dec 29, 2010 at 7:02 AM
Edited Jan 13, 2011 at 6:07 AM

hi NIck,

 i got from the

i tried connecting with third party tool to Thales HSM simulator to do the following and this is what application events

 

1. Generate PIN from PAN

2. Generate PIN using PAN + Pin Offset

3. Generate PIN from PAN + PIN Block

 

 

can you explain this to me?

Dec 29, 2010 at 7:10 AM

and also this

4. Generate Pin Offset from PAN + PIN

Client from 192.168.1.201:3441 is connected
Client: 192.168.1.201:3441
Request: 1011BA1234F834437216752
Parsing header and code of message 1011BA1234F834437216752...
Searching for implementor of BA...
No implementor for BA.
Disconnecting client.
Client disconnected.

 

Please explain all to me.

 

cheers

Dec 29, 2010 at 8:37 AM

That was good thinking, pointing the tool to the simulator!

It appears it's sending three commands:

  • EE (Derive a PIN using the IBM method). This command is not implemented in the simulator, hence you get the "No implementor for EE" message.
  • JE (Translate a PIN from ZPK to LMK encryption). This command is implemented but it gives an error because the encrypted keys passed to the simulator are encrypted under a different LMK set. As a result, the decryption of the PIN block yields an invalid value and an exception is raised when the simulator tries to find the clear PIN after decrypting the PIN block. This is something that you could easily bypass if you generate keys from the simulator with the simulator's LMK key set.
  • BA (Encrypt a clear PIN). This command is implemented in version 0.9.1 of the simulator - I guess you're using an older version.

So I guess you can't use the simulator unless EE is implemented. I can look into that but you would have to test the implementation yourself from the latest source code. Is that OK with you?

Dec 29, 2010 at 12:15 PM

Hi Nick,

 

When i tried the new Thales Simulator to Generate Pin Offset using PAN + PIN it give the following

 

1. Application Event

Client from 192.168.1.201:2730 is connected
Client: 192.168.1.201:2730
Request: 1004BA1234F832937216759
Parsing header and code of message 1004BA1234F832937216759...
Searching for implementor of BA...
Found implementor ThalesSim.Core.HostCommands.BuildIn.EncryptClearPIN_BA, instantiating...
Calling AcceptMessage()...
Exception while processing message
System.Exception: Invalid value [1234F] for field [PIN].
   at ThalesSim.Core.Message.XML.MessageParser.Parse(Message msg, MessageFields fields, MessageKeyValuePairs& KVPairs, String& result)
   at ThalesSim.Core.HostCommands.BuildIn.EncryptClearPIN_BA.AcceptMessage(Message msg)
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Implementor to Nothing

 

2. Command Event

=== [BA], starts 13:10:33.015 =======
Invalid value detected for field [PIN].
Received [1234F] but expected a numeric value.

 

Then what i can do about the EE implementor for Pin Generation using IBM method. any idea.

 

Cheers

Dec 29, 2010 at 12:44 PM

BA works in a peculiar way because of the implementation of the internally encrypted PIN. But it's easy enough to change it so that it behaves well when you send it a clear PIN padded with Fs, as you do.

Regarding EE, as I said I can provide an implementation but you'll have to test it so I can iron out any problems.

In short, I can fix BA for you and implement EE. How do you want to proceed?

Dec 29, 2010 at 12:53 PM

HI Nick,

 

Yes, i will appreciate if you help fix BA and Implement EE. i will download, test and give you feed back ASAP.

cheers

Dec 29, 2010 at 1:32 PM

Quick question, you're providing a decimalization table value of FFFFFFFFFFFFFFFF which cannot be used to reach a numeric natural PIN. Does this imply that a default decimalization table of FFFFFFFFFF012345 will be used?

Dec 29, 2010 at 2:03 PM

this is the decimalization table in the third party tool = 9876543210123456

i believe this is what is been used.

Dec 29, 2010 at 3:10 PM

I have posted changeset 59316 which includes the necessary changes. Please give it a try and let me know how it goes.

If you plan to use the simulator with the third party tool, you will first have to generate PVKs, ZPKs and other keys in the simulator environment. You can do that from the GUI simulator or by using the key manager utility found in the source code.

Dec 29, 2010 at 3:47 PM

Hi Nick,

Can you send a compiled version. I dont have dot net on my system.

 

cheers

Dec 29, 2010 at 6:17 PM

PM me so we can exchange email addresses.

Dec 29, 2010 at 9:17 PM

i have so we can exchange emails now.

 

cheers

Dec 29, 2010 at 10:10 PM
Edited Jan 13, 2011 at 6:08 AM

When i tried again to generate pin this what i get from application event

 

and also this when i try generate PIN from PAN + PIn offset

 

 

 

 

please help look through this

Dec 29, 2010 at 10:22 PM

Hi Nick,

 

have you done any work on safenet eracom HSM, i have a project i am trying to work on also and i need a simulator on that as well. I wont mind your help. I am trying to do the same thing, generate PIN , generate pin using offset or Pin Blocks.

Regards

Dec 29, 2010 at 10:30 PM

Well, now it looks like you also need the NG command (Decrypt an encrypted PIN). That looks easy enough so I'll post it tomorrow.

Regarding the problem with DE, the problem looks to be related with an invalid key. Have you generated the PVK under the HSM simulator? If so, what is the clear PVK value?

I've never worked with eracom, where I live Thales pretty much owns the whole market. The thought of creating an eracom simulator interests me though, but I haven't got any kind of documentation for it.

Dec 30, 2010 at 5:41 AM

I have not generated the PVK under the HSM simulator but will do that and then give a feed back ASAP. Can you also help to compile key manager utility so i can use to generate keys and upload into the third party tool that i am using. My challenge also is that i have been trying to get a documentation on the eracom HSM but its been very tough getting one. i will ask a friend cos they have an eracom HSM in their office. i await the update on the NG command (Decrypt and Encrypt).

Dec 30, 2010 at 5:57 AM
Edited Jan 13, 2011 at 6:06 AM

the third party tool returns the LMK from the simulator and shows LMK check which is 7B44AC. The ways its works is that it returns the Device LMK from any connected device which in this case is the simulator and this is used to encrypt other keys. The third party tool also has a Generate key button and this is the application event to generate ZCMK -

this is what i have done for all the keys needed PVKs, AWK, IWK, PINK, ZPK, ZAK, BDK and all keys have Key Check Values.

 

so please advice.

Dec 30, 2010 at 5:59 AM

When i tell the third party tool to get device LMK this is the application event

 

Client from 192.168.1.201:2122 is connected
Client: 192.168.1.201:2122
Request: 1300NC
Parsing header and code of message 1300NC...
Searching for implementor of NC...
Found implementor ThalesSim.Core.HostCommands.Runtime.HSMDiagnostics_NC, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1300ND007B44AC1DDEE2A94B0007-E000
Calling Terminate()...
Implementor to Nothing
Client: 192.168.1.201:2122
Request: 1301NO00
Parsing header and code of message 1301NO00...
Searching for implementor of NO...
Found implementor ThalesSim.Core.HostCommands.BuildIn.HSMStatus_NO, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1301NP003150007-E00000001
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

command events

 

=== [NC], starts 07:01:02.390 =======

=== [NC],   ends 07:01:02.406 =======

=== [NO], starts 07:01:02.406 =======
[Key,Value]=[Mode Flag,00]

=== [NO],   ends 07:01:02.406 =======

take a look at this also

Dec 30, 2010 at 6:03 AM

this third party generate PVK application and command event

 

Client from 192.168.1.201:2163 is connected
Client: 192.168.1.201:2163
Request: 1302A01002UUD586C45DD7BF8310AA83E5C7E822EB63U04
Parsing header and code of message 1302A01002UUD586C45DD7BF8310AA83E5C7E822EB63U04...
Searching for implementor of A0...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateKey_A0, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1302A100U0078A17B0428DA8322C2D69C0F7FBBDDU742945FA5CEC6D8AE3635DCD321B38408C0CB2
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

=== [A0], starts 07:04:18.015 =======
[Key,Value]=[Key Scheme LMK,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[Mode,1]
[Key,Value]=[ZMK,D586C45DD7BF8310AA83E5C7E822EB63]
[Key,Value]=[ZMK Scheme,U]

Key generated (clear): 83F1C251078373D6F84C29854C383B49
Key generated (LMK): U0078A17B0428DA8322C2D69C0F7FBBDD
Check value: 8C0CB2
ZMK (clear): 07B63DF84F80F89B5B23CB2F3B944A9E
Key under ZMK: U742945FA5CEC6D8AE3635DCD321B3840
=== [A0],   ends 07:04:18.046 =======

 

 

Dec 30, 2010 at 6:09 AM

 

This application event for CVK

Client from 192.168.1.201:2966 is connected
Client: 192.168.1.201:2966
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2967 is connected
Client: 192.168.1.201:2967
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2968 is connected
Client: 192.168.1.201:2968
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2969 is connected
Client: 192.168.1.201:2969
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2970 is connected
Client: 192.168.1.201:2970
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2971 is connected
Client: 192.168.1.201:2971
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2972 is connected
Client: 192.168.1.201:2972
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2973 is connected
Client: 192.168.1.201:2973
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2974 is connected
Client: 192.168.1.201:2974
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2975 is connected
Client: 192.168.1.201:2975
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2976 is connected
Client: 192.168.1.201:2976
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2977 is connected
Client: 192.168.1.201:2977
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2978 is connected
Client: 192.168.1.201:2978
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2979 is connected
Client: 192.168.1.201:2979
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2980 is connected
Client: 192.168.1.201:2980
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2981 is connected
Client: 192.168.1.201:2981
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2982 is connected
Client: 192.168.1.201:2982
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2983 is connected
Client: 192.168.1.201:2983
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2984 is connected
Client: 192.168.1.201:2984
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2985 is connected
Client: 192.168.1.201:2985
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2986 is connected
Client: 192.168.1.201:2986
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2987 is connected
Client: 192.168.1.201:2987
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2988 is connected
Client: 192.168.1.201:2988
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2989 is connected
Client: 192.168.1.201:2989
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2990 is connected
Client: 192.168.1.201:2990
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2991 is connected
Client: 192.168.1.201:2991
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2992 is connected
Client: 192.168.1.201:2992
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2993 is connected
Client: 192.168.1.201:2993
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2994 is connected
Client: 192.168.1.201:2994
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2995 is connected
Client: 192.168.1.201:2995
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2996 is connected
Client: 192.168.1.201:2996
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2997 is connected
Client: 192.168.1.201:2997
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:2998 is connected
Client: 192.168.1.201:2998
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client from 192.168.1.201:2999 is connected
Client disconnected.
Client: 192.168.1.201:2999
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3000 is connected
Client: 192.168.1.201:3000
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3001 is connected
Client: 192.168.1.201:3001
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3002 is connected
Client: 192.168.1.201:3002
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3003 is connected
Client: 192.168.1.201:3003
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3004 is connected
Client: 192.168.1.201:3004
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3005 is connected
Client: 192.168.1.201:3005
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3006 is connected
Client: 192.168.1.201:3006
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3007 is connected
Client: 192.168.1.201:3007
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client from 192.168.1.201:3008 is connected
Client disconnected.
Client: 192.168.1.201:3008
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3009 is connected
Client: 192.168.1.201:3009
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client from 192.168.1.201:3010 is connected
Client disconnected.
Client: 192.168.1.201:3010
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3011 is connected
Client: 192.168.1.201:3011
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3012 is connected
Client: 192.168.1.201:3012
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3013 is connected
Client: 192.168.1.201:3013
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3014 is connected
Client: 192.168.1.201:3014
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3015 is connected
Client: 192.168.1.201:3015
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3016 is connected
Client: 192.168.1.201:3016
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3017 is connected
Client: 192.168.1.201:3017
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3018 is connected
Client: 192.168.1.201:3018
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3019 is connected
Client: 192.168.1.201:3019
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3020 is connected
Client: 192.168.1.201:3020
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3021 is connected
Client: 192.168.1.201:3021
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3022 is connected
Client: 192.168.1.201:3022
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3023 is connected
Client: 192.168.1.201:3023
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3024 is connected
Client: 192.168.1.201:3024
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3025 is connected
Client: 192.168.1.201:3025
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3026 is connected
Client: 192.168.1.201:3026
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3027 is connected
Client: 192.168.1.201:3027
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3028 is connected
Client: 192.168.1.201:3028
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3029 is connected
Client: 192.168.1.201:3029
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3030 is connected
Client: 192.168.1.201:3030
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3031 is connected
Client: 192.168.1.201:3031
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3032 is connected
Client: 192.168.1.201:3032
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3033 is connected
Client: 192.168.1.201:3033
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3034 is connected
Client: 192.168.1.201:3034
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3035 is connected
Client: 192.168.1.201:3035
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3036 is connected
Client: 192.168.1.201:3036
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3037 is connected
Client: 192.168.1.201:3037
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3038 is connected
Client: 192.168.1.201:3038
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3039 is connected
Client: 192.168.1.201:3039
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3040 is connected
Client: 192.168.1.201:3040
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3041 is connected
Client: 192.168.1.201:3041
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3042 is connected
Client: 192.168.1.201:3042
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3043 is connected
Client: 192.168.1.201:3043
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3044 is connected
Client: 192.168.1.201:3044
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3045 is connected
Client: 192.168.1.201:3045
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3046 is connected
Client: 192.168.1.201:3046
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3047 is connected
Client: 192.168.1.201:3047
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3048 is connected
Client: 192.168.1.201:3048
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3049 is connected
Client: 192.168.1.201:3049
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3050 is connected
Client: 192.168.1.201:3050
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3051 is connected
Client: 192.168.1.201:3051
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3052 is connected
Client: 192.168.1.201:3052
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3053 is connected
Client: 192.168.1.201:3053
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3054 is connected
Client: 192.168.1.201:3054
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3055 is connected
Client: 192.168.1.201:3055
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3056 is connected
Client: 192.168.1.201:3056
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3057 is connected
Client: 192.168.1.201:3057
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3058 is connected
Client: 192.168.1.201:3058
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3059 is connected
Client: 192.168.1.201:3059
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3060 is connected
Client: 192.168.1.201:3060
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3061 is connected
Client: 192.168.1.201:3061
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3062 is connected
Client: 192.168.1.201:3062
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3063 is connected
Client: 192.168.1.201:3063
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3064 is connected
Client: 192.168.1.201:3064
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3065 is connected
Client: 192.168.1.201:3065
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
Client from 192.168.1.201:3066 is connected
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3067 is connected
Client: 192.168.1.201:3066
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client from 192.168.1.201:3068 is connected
Client disconnected.
Client: 192.168.1.201:3067
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3068
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
Client from 192.168.1.201:3069 is connected
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3070 is connected
Client: 192.168.1.201:3069
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client from 192.168.1.201:3071 is connected
Client disconnected.
Client: 192.168.1.201:3070
Request: 1312RY0
Parsing header and code of message 1312RY0...
Client from 192.168.1.201:3072 is connected
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3073 is connected
Client: 192.168.1.201:3071
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
Client from 192.168.1.201:3074 is connected
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3072
Request: 1312RY0
Client from 192.168.1.201:3075 is connected
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client from 192.168.1.201:3076 is connected
Client disconnected.
Client: 192.168.1.201:3073
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3074
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3075
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3076
Request: 1312RY0
Parsing header and code of message 1312RY0...
Client from 192.168.1.201:3077 is connected
Searching for implementor of RY...
Client from 192.168.1.201:3078 is connected
No implementor for RY.
Disconnecting client.
Client from 192.168.1.201:3079 is connected
Client disconnected.
Client from 192.168.1.201:3080 is connected
Client from 192.168.1.201:3081 is connected
Client: 192.168.1.201:3077
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3078
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3079
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3080
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3081
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3082 is connected
Client from 192.168.1.201:3083 is connected
Client: 192.168.1.201:3082
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client: 192.168.1.201:3083
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3084 is connected
Client: 192.168.1.201:3084
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3085 is connected
Client: 192.168.1.201:3085
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3086 is connected
Client: 192.168.1.201:3086
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3087 is connected
Client: 192.168.1.201:3087
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3088 is connected
Client: 192.168.1.201:3088
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3089 is connected
Client: 192.168.1.201:3089
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3090 is connected
Client: 192.168.1.201:3090
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3091 is connected
Client: 192.168.1.201:3091
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3092 is connected
Client: 192.168.1.201:3092
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3093 is connected
Client: 192.168.1.201:3093
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3094 is connected
Client: 192.168.1.201:3094
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3095 is connected
Client: 192.168.1.201:3095
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3096 is connected
Client: 192.168.1.201:3096
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3097 is connected
Client: 192.168.1.201:3097
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3098 is connected
Client: 192.168.1.201:3098
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3099 is connected
Client: 192.168.1.201:3099
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3100 is connected
Client: 192.168.1.201:3100
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3101 is connected
Client: 192.168.1.201:3101
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3102 is connected
Client: 192.168.1.201:3102
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3103 is connected
Client: 192.168.1.201:3103
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3104 is connected
Client: 192.168.1.201:3104
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3105 is connected
Client: 192.168.1.201:3105
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3106 is connected
Client: 192.168.1.201:3106
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3107 is connected
Client: 192.168.1.201:3107
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3108 is connected
Client: 192.168.1.201:3108
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3109 is connected
Client: 192.168.1.201:3109
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3110 is connected
Client: 192.168.1.201:3110
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3111 is connected
Client: 192.168.1.201:3111
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3112 is connected
Client: 192.168.1.201:3112
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3113 is connected
Client: 192.168.1.201:3113
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3114 is connected
Client: 192.168.1.201:3114
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3115 is connected
Client: 192.168.1.201:3115
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3116 is connected
Client: 192.168.1.201:3116
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3117 is connected
Client: 192.168.1.201:3117
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3118 is connected
Client: 192.168.1.201:3118
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3119 is connected
Client: 192.168.1.201:3119
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3120 is connected
Client: 192.168.1.201:3120
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3121 is connected
Client: 192.168.1.201:3121
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3122 is connected
Client: 192.168.1.201:3122
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3123 is connected
Client: 192.168.1.201:3123
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3124 is connected
Client: 192.168.1.201:3124
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:3125 is connected
Client: 192.168.1.201:3125
Request: 1312RY0
Parsing header and code of message 1312RY0...
Searching for implementor of RY...
No implementor for RY.
Disconnecting client.
Client disconnected.

Dec 30, 2010 at 9:28 AM

The A0/A8 command series look uneventful, although I don't know what the 3rd-party tool does with this information.

NC also looks OK - this is HSM status info.

RY (Calculate AMEX CSC) is not implemented, plus I don't have the necessary information to implement it. If you can provide details regarding how an AMEX CSC is calculated, I can look into coding this command as well.

Working on NG, will post back upon completion.

Dec 30, 2010 at 9:52 AM

NG posted, please let me know how it goes.

Dec 30, 2010 at 1:34 PM

Hi Nick,

 

the latest compiled version you sent to email does not have the NG implementor and the key manager utility . Please check.

Dec 30, 2010 at 1:41 PM

I just sent it again, can you please let me know if it's ok?

Dec 30, 2010 at 1:43 PM

The A0/A8 command is used to generate generic keys using the device such as if you dont have any keys you can tell the third party tool to generate any of PVK, ZCMK, AWK, IWK and then it invokes the commands and the end returns the encrypted key with the key check values. What i mean is that the third party tool first retrieves the LMK and then allows you to optionally generate generic key for PVK, ZCMK etc. which can be used to test. I am thinking then if that the case the PIN BLOCK (JE command ) should work. since the keys are coming from the device.

Dec 30, 2010 at 1:50 PM
tolokunfol wrote:

The A0/A8 command is used to generate generic keys using the device such as if you dont have any keys you can tell the third party tool to generate any of PVK, ZCMK, AWK, IWK and then it invokes the commands and the end returns the encrypted key with the key check values..

That's the way I interpret it as well. If you also need the clear values of the keys being generated, you can look at the HSM simulator traces.

tolokunfol wrote:

What i mean is that the third party tool first retrieves the LMK...

Do you mean the LMK or the PIN under the LMK?

Dec 30, 2010 at 2:39 PM

I mean the LMK from the DEVICE

 

and i have tested the NG this what i am getting

 

Client from 192.168.1.201:1851 is connected
Client: 192.168.1.201:1851
Request: 1003NG83293721675901234
Parsing header and code of message 1003NG83293721675901234...
Searching for implementor of NG...
Found implementor ThalesSim.Core.HostCommands.BuildIn.DecryptEncryptedPIN_NG, instantiating...
Exception while parsing message or creating implementor instance
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.IO.FileNotFoundException: Could not find file 'C:\Program Files\NTG\Thales Simulator\XMLDefs\HostCommands\DecryptEncryptedPIN_NG.xml'.
File name: 'C:\Program Files\NTG\Thales Simulator\XMLDefs\HostCommands\DecryptEncryptedPIN_NG.xml'
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
   at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
   at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
   at System.Threading.CompressedStack.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
   at System.Xml.XmlTextReaderImpl.OpenUrl()
   at System.Xml.XmlTextReaderImpl.Read()
   at System.Xml.XmlTextReader.Read()
   at System.Xml.XmlReader.MoveToContent()
   at System.Data.DataSet.ReadXml(XmlReader reader, Boolean denyResolving)
   at System.Data.DataSet.ReadXml(String fileName)
   at ThalesSim.Core.Message.XML.MessageFields.RecursiveReadXMLFields(String xmlFile)
   at ThalesSim.Core.Message.XML.MessageFields.ReadXMLFields(String xmlFile)
   at ThalesSim.Core.HostCommands.AHostCommand.ReadXMLDefinitions(Boolean forceRead, String fileName)
   at ThalesSim.Core.HostCommands.AHostCommand.ReadXMLDefinitions(String fileName)
   at ThalesSim.Core.HostCommands.AHostCommand.ReadXMLDefinitions()
   at ThalesSim.Core.HostCommands.BuildIn.DecryptEncryptedPIN_NG..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.Activator.CreateInstance(Type type)
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Client disconnected.
Client from 192.168.1.201:1852 is connected

 

Client from 192.168.1.201:1457 is connected
Implementor to Nothing
Client disconnected.
Client: 192.168.1.201:1457
Request: 1002DEU7424B3ED034D5920816DE8A673F8467F0123404832937216759FFFFFFFFFFFFFFFF4458329372N3
Parsing header and code of message 1002DEU7424B3ED034D5920816DE8A673F8467F0123404832937216759FFFFFFFFFFFFFFFF4458329372N3...
Searching for implementor of DE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Exception while processing message
ThalesSim.Core.Exceptions.XEncryptError: Could not find any recognizable digits.
   at ThalesSim.Core.Cryptography.DES.DESEncrypt(String sKey, String sData)
   at ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE.ConstructResponse()
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Client from 192.168.1.201:1458 is connected
Implementor to Nothing
Client disconnected.
Client: 192.168.1.201:1458
Request: 1002DEU7424B3ED034D5920816DE8A673F8467F0123404832937216759FFFFFFFFFFFFFFFF4458329372N3
Parsing header and code of message 1002DEU7424B3ED034D5920816DE8A673F8467F0123404832937216759FFFFFFFFFFFFFFFF4458329372N3...
Searching for implementor of DE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Exception while processing message
ThalesSim.Core.Exceptions.XEncryptError: Could not find any recognizable digits.
   at ThalesSim.Core.Cryptography.DES.DESEncrypt(String sKey, String sData)
   at ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE.ConstructResponse()
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Client from 192.168.1.201:1459 is connected
Implementor to Nothing
Client disconnected.

 

please help look through it.

 

Dec 30, 2010 at 2:45 PM

Darn, I made a stupid mistake in packing the MSI.

Sending it again, sorry for that.

Dec 30, 2010 at 2:49 PM

 

ok.

Dec 30, 2010 at 3:07 PM

All the other commands works except for Generate Pin Offset with the follwong exceptions

 

Client from 192.168.1.201:1310 is connected
Implementor to Nothing
Client disconnected.
Client: 192.168.1.201:1310
Request: 1017DEU7424B3ED034D5920816DE8A673F8467F0123404832937216759FFFFFFFFFFFFFFFF4458329372N3
Parsing header and code of message 1017DEU7424B3ED034D5920816DE8A673F8467F0123404832937216759FFFFFFFFFFFFFFFF4458329372N3...
Searching for implementor of DE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Exception while processing message
ThalesSim.Core.Exceptions.XEncryptError: Could not find any recognizable digits.
   at ThalesSim.Core.Cryptography.DES.DESEncrypt(String sKey, String sData)
   at ThalesSim.Core.HostCommands.BuildIn.GenerateIBMOffset_DE.ConstructResponse()
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

How do i create and reference an LMK storage File for the Thales simulator.

How do i use the key manager utility. When i open i cant see any key and the keys to left. ZMK etc are all greyed out. please advice on how to use then utility. 

Dec 30, 2010 at 3:21 PM

i discovered that when i run generate encrypted PIn and generate Pin, EE it returns the same thing but on the third party tool its returns different values. e.g

Thales simulator

encrypted PIn = 05348      

PIN = 5348

 

Application and command Event generate encrypted PIN

 

Client from 192.168.1.201:2039 is connected
Client: 192.168.1.201:2039
Request: 1140EEU7424B3ED034D5920816DE8A673F8467F0000FFFFFFFF04832937216759FFFFFFFFFFFFFFFF4458329372N3
Parsing header and code of message 1140EEU7424B3ED034D5920816DE8A673F8467F0000FFFFFFFF04832937216759FFFFFFFFFFFFFFFF4458329372N3...
Searching for implementor of EE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.DerivePINUsingTheIBMMethod, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1140EF0005348
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

=== [EE], starts 16:19:36.718 =======
[Key,Value]=[Account Number,832937216759]
[Key,Value]=[Check Length,04]
[Key,Value]=[Decimalisation Table,FFFFFFFFFFFFFFFF]               ******************************** note Decimalisation table in the third party tool is 9876543210123456 not FFFFFFFFFFFFFFFF
[Key,Value]=[Offset,0000FFFFFFFF]                                         ******************************** note its showing Offset as 0000
[Key,Value]=[PIN Validation Data,4458329372N3]
[Key,Value]=[PVK,7424B3ED034D5920816DE8A673F8467F]
[Key,Value]=[PVK Scheme,U]

=== [EE],   ends 16:19:36.734 =======

Application and command Event generate PIN

 

Client from 192.168.1.201:2041 is connected
Client: 192.168.1.201:2041
Request: 1142EEU7424B3ED034D5920816DE8A673F8467F0000FFFFFFFF04832937216759FFFFFFFFFFFFFFFF4458329372N3
Parsing header and code of message 1142EEU7424B3ED034D5920816DE8A673F8467F0000FFFFFFFF04832937216759FFFFFFFFFFFFFFFF4458329372N3...
Searching for implementor of EE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.DerivePINUsingTheIBMMethod, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1142EF0005348
Calling Terminate()...
Implementor to Nothing
Client: 192.168.1.201:2041
Request: 1143NG83293721675905348
Parsing header and code of message 1143NG83293721675905348...
Searching for implementor of NG...
Found implementor ThalesSim.Core.HostCommands.BuildIn.DecryptEncryptedPIN_NG, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1143NH005348F
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

[Key,Value]=[Check Length,04]
[Key,Value]=[Decimalisation Table,FFFFFFFFFFFFFFFF]                    ******************************** note Decimalisation table in the third party tool is 9876543210123456 not FFFFFFFFFFFFFFFF
[Key,Value]=[Offset,0000FFFFFFFF]                                            ******************************** note its showing Offset as 0000
[Key,Value]=[PIN Validation Data,4458329372N3]
[Key,Value]=[PVK,7424B3ED034D5920816DE8A673F8467F]
[Key,Value]=[PVK Scheme,U]

=== [EE],   ends 16:20:45.296 =======

=== [NG], starts 16:20:45.312 =======
[Key,Value]=[Account Number,832937216759]
[Key,Value]=[PIN,05348]

Encrypted PIN: 05348
Clear PIN: 5348F
=== [NG],   ends 16:20:45.328 =======

 

Third party tool

encrypted PIn = 54396      

PIN = 9233      

 

Note from command event

[Key,Value]=[Decimalisation Table,FFFFFFFFFFFFFFFF]                    ******************************** note Decimalisation table in the third party tool is 9876543210123456 not FFFFFFFFFFFFFFFF
[Key,Value]=[Offset,0000FFFFFFFF]                                            ******************************** note its showing Offset as 0000
[

 

Dec 30, 2010 at 3:34 PM

I think I fixed DE, send you the new version.

The LMK keys used by the simulator are all stored in the LMKSTORAGE.txt file but you should definitely not need to have access to those in a production environment.

To start with the key manager, click the "Click to start without keys" button. After that, you can create your own keys by clicking on the "Add clear-text key". Once you do that, you can then encrypt the keys you add under any LMK key set. When you exit the key manager, it asks you where to save the keys you generated, just select any file you prefer. When you start over, click the "Click to load a key manager file" button to load previously saved keys.

Internally the simulator does not encrypt the clear PIN. That is, for a clear PIN of 1234 the simulator internally represents it as 01234. This should be just semantics as far as the caller is concerned. I can't say I understand why the third party tool gives away different values - the whole point of accessing the HSM is to not have to calculate anything.

But first things first, please have a look to see if DE is now working for you and check that you're comfortable with the key manager. Then we can see if any problems remain.

Dec 30, 2010 at 6:10 PM

 

yes it all works now except for the Pin Blocks (JE)

Client from 192.168.1.201:3131 is connected
Client: 192.168.1.201:3131
Request: 1002JEUBCFED836595240AA1B78C8AD47ECE6DAE7195CD928A3354901832937216759
Parsing header and code of message 1002JEUBCFED836595240AA1B78C8AD47ECE6DAE7195CD928A3354901832937216759...
Searching for implementor of JE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromZPKToLMK_JE, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Exception while processing message
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string.
Parameter name: length
   at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
   at System.String.Substring(Int32 startIndex, Int32 length)
   at ThalesSim.Core.PIN.PINBlockFormat.ToPIN(String PINBlock, String AccountNumber_Or_PaddingString, PIN_Block_Format Format)
   at ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromZPKToLMK_JE.ConstructResponse()
   at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len)
Disconnecting client.
Calling Terminate()...
Implementor to Nothing

 

=== [JE], starts 19:08:19.140 =======
[Key,Value]=[Account Number,832937216759]
[Key,Value]=[PIN Block,E7195CD928A33549]
[Key,Value]=[PIN Block Format Code,01]
[Key,Value]=[ZPK,BCFED836595240AA1B78C8AD47ECE6DA]
[Key,Value]=[ZPK Scheme,U]

 

 

Dec 30, 2010 at 7:05 PM

The exception is because the PIN block appears to be invalid. How did you come up with that PIN block value?

Dec 30, 2010 at 7:29 PM

 

the third party tool acts as a simulator too and when i pass that same pin block to it, it returns an encrypted Pin and a clear PIN. i got it from a sample file generated by A Visa TPP.

Test Values used with the Third Party Simulator

Input

PAN = 4458329372167593

Pin Block = E7195CD928A33549

Output

Encrypted PIN = 68818      

Clear PIN = 0685      

Dec 30, 2010 at 7:36 PM

An encrypted ZPK=UBCFED836595240AA1B78C8AD47ECE6DA is a clear key=EA574F04A498D5D9D934616E6EC215E3 with the default simulator set.

With this key, I think that the PIN block is incorrect.

Key: EA574F04A498D5D9 D934616E6EC215E3

PAN: 4458329372167593

PIN: 0685

PIN block format: ANSI X9.8

PIN block: C8EB58D8720036CA

Can you verify this?

Dec 30, 2010 at 7:46 PM

the key which i was advised to use to decrypt pin block is PEK / ZMK or AWK / ZMK or IWK / ZMK.

this data worked -

PAN: 4458329372167593

PIN: 0685

PIN block format: ANSI X9.8

PIN block: C8EB58D8720036CA

the one you just sent to me  worked but like i said we are decrypting the PIN Blocks using PEK / ZMK or AWK/ZMK or IWK/ZMK not ZPK / ZMK

i have some sample data that i am testing with and it all works with PEK / ZMK or  AWK / ZMK or IWK / ZMK .

please advise.

 

 

Dec 30, 2010 at 8:04 PM

It all comes down to the key you're using. Note that JE uses a ZPK and not a ZMK. All I can be sure of at this point is that the expected encrypted PIN block should be C8EB58D8720036CA and not E7195CD928A33549 if you use UBCFED836595240AA1B78C8AD47ECE6DA as an encrypted ZPK.

Dec 30, 2010 at 8:11 PM

the Pin blocks that i have are encrypted using PEK not ZPK. i believe that is why the Pin blocks returns exceptions when i try to decrypt them. How can i get the simulator to use PEK instead of ZPK.

Dec 30, 2010 at 8:20 PM

What's a PEK?

Dec 30, 2010 at 8:26 PM

the instruction i have is that the PEK is encrypted under the ZMK that is why i used PEK /ZMK so also is the ZPK encrypted under the ZMK which is why i have ZPK / ZMK. but the pin blocks that i have are encrypted using PEK Pin Encryption key which i believe is for PIn Blocks from the Thales Manual.

 

There is a command RO (RP) which will allow translation of a PIN from PEK to ZPK encryption.

just saw this in the Thales programmer's reference

Dec 30, 2010 at 8:33 PM

PEK - Pin Encrypting Key

 

i just saw this extract from the Thales Manual

 

The acquirer host performs the request Message MAC verification and returns the PIN Encrypting Key (PEK) under which the Pin Block is encrypted. The PIN block is double Encrypted, first by the card key, a value not normally available to an acquirer, then by the PEK. The acquirer can perform the decryption using the PEK but cannot carry-out the second decryption to reveal the plain PIN block.

 

just trying the explain the process of generating a pin block, encrypting and then decrypting. The PEK is used in this instance.

Dec 30, 2010 at 8:35 PM

According to what I know RO = Transaction response with auth para from card issuer.

I still don't know what PEK stands for and is not present in the copy of Thales programmer's reference that I have. Does PEK mean PIN Encryption Key? What LMK pair is used to encrypt PEK? ZPK is encrypted under LMK 06-07, ZMK under 04-05.

Dec 30, 2010 at 8:40 PM

OK, in addition to letting me know under what LMK pair is PEK encrypted under, please also indicate:

  • What version of the Thales programmer's reference you have?
  • What method are you using for PIN verification?
Dec 30, 2010 at 8:40 PM

 

i have the thales RG7000 programmer's reference and the PEK is inside.

Dec 30, 2010 at 9:00 PM

 

i think PEK is  under AUSTRALIAN TRANSACTION KEY SCHEME (ATKS). forgive my answers but referring to the reference

Dec 30, 2010 at 9:08 PM

Now I see the source of confusion. You're referring to RO (Translate a PIN from PEK to ZPK encryption) which can happen under the Australian Transaction Key Scheme (ATKS). This has changed some under HSM 8000.

PEK is encrypted under LMK set 14-15, which makes it equivalent to a TPK. Unfortunately, that doesn't help much - you might think that the CA command would help (translate PIN block from TPK to ZPK). The thing, though, is that as you indicated the PIN block is encoded differently under ATKS and the simulator doesn't know about ATKS at all.

Dec 30, 2010 at 9:10 PM

Pin Encrytping Key (PEK) is encrypted under LMK pair 14-15.

 

Dec 30, 2010 at 9:13 PM

okay, but can we use TPK to decrypt instead of ZPK?

Dec 30, 2010 at 9:19 PM

if we use TPK instead of ZPK, the sample data will work. i am just trying to see if i cant get it done that way also.

 

Dec 30, 2010 at 9:30 PM

I don't think it will work because, as you said, the clear PIN block is not just encrypted under the PEK, there's another step in there. No PIN translation commands currently implemented know about ATKS at all. The trick here is that you want to translate from PEK to LMK. That means that the simulator would need to not only decrypt the encrypted PIN block but also break down that PIN block to actually find the PIN. Since the encrypted PIN block is also encrypted under the card key, the simulator cannot find the actual PIN. Even if you were to translate the PIN block from a key to another key most translation commands also involve translating the PIN block format - in order to do that, they too need to break down the PIN block and actually find the PIN before translating.

The hard part about implementing ATKS would not be the commands themselves but all the underlying infrastructure that also needs to be implemented (PIN block formats, encryption/decryption of PIN blocks, implementation of key types relevant to ATKS and other stuff like that).

Jan 5, 2011 at 11:10 PM

hi nick,

Compliments of the season.

Are you back from your holiday? you said you will be away for 3 days, so thought confirm if you are back.

 

regards

Jan 6, 2011 at 7:03 PM

I'm back. No rest for the wicked ;-)

Jan 7, 2011 at 9:16 PM
Hi Nick, Can you give the update that will allow pins to be generated from pin blocks using TPK instead of ZPK. i await your response. i hope you have an understanding of the way the third party tool works now based on the third party tool documentation. Regards
Jan 9, 2011 at 9:29 PM

As discussed, I cannot change the JE command to work with TPK because it's not supposed to. However, you can use the JC command which is the TPK-equivalent of JE.

Jan 9, 2011 at 10:02 PM

how do i achieve the use JC command  instead of JE command?

i thought it may be it requires you to the simulator so that it can use JC instead of JE when you try to generate PIN from Pin blocks.

 

Jan 9, 2011 at 10:22 PM

No, both JE and JC are implemented so you can call either one.

Jan 10, 2011 at 5:25 AM

how do i do that?

the third party tool makes all the call. All i do is click on the option generate pin from pin blocks and it takes over.

i dont understand how to make it work, please kindly assist.

I need programmable pin pads that can be used for customers to choose their PIN at the point of picking up their debit/credit cards from their banks. does your company have such and how i can integrate it to work with a solution to achieve the same purpose.

thanks

Jan 10, 2011 at 9:14 AM

I can't know how it works internally. However, I'm guessing that the tool knows that the key it uses is a ZPK, hence it knows what the appropriate function to call is. I suspect that if the key was to have another type, it would all another function.

Jan 10, 2011 at 8:22 PM

Client from 192.168.1.201:2503 is connected
Client: 192.168.1.201:2503
Request: 1099A43000UU70ADE3CD57F6CD94DF51AE4225F162EDU0E2A534551EADE0861D8BE2FDDFECFA5U9F0268FC5E3CB1A98F0B99E548130CC9
Parsing header and code of message 1099A43000UU70ADE3CD57F6CD94DF51AE4225F162EDU0E2A534551EADE0861D8BE2FDDFECFA5U9F0268FC5E3CB1A98F0B99E548130CC9...
Searching for implementor of A4...
Found implementor ThalesSim.Core.HostCommands.BuildIn.FormKeyFromEncryptedComponents_A4, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1099A510
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

=== [A4], starts 21:08:24.096 =======
[Key,Value]=[Key Component #1,70ADE3CD57F6CD94DF51AE4225F162ED]
[Key,Value]=[Key Component #2,0E2A534551EADE0861D8BE2FDDFECFA5]
[Key,Value]=[Key Component #3,9F0268FC5E3CB1A98F0B99E548130CC9]
[Key,Value]=[Key Component Scheme #1,U]
[Key,Value]=[Key Component Scheme #2,U]
[Key,Value]=[Key Component Scheme #3,U]
[Key,Value]=[Key Scheme (LMK),U]
[Key,Value]=[Key Type,000]
[Key,Value]=[Number of Components,3]

=== [A4],   ends 21:08:24.096 =======

 

Hi Nick,

 

the above is from the simulator. i have a test key and it has 3 clear ZMK components. i used both the EC and Z command on the simulator and also tried the key manager to generate the 3 encrypted components for the third party tool but the tool return this error and does accept the keys from me:

Error - Source key parity Error.

 

I have tried severally and even tried using Enforce Odd Parity in  the key manager it still returns the same error.

when i looked at the ZMK KCV sent by the simulator for the 3 encrypted components its different from the one expected using the 3 clear Components.

 

KCV from simulator - 1099A510

KCV from the clear component - 2D 61

 

please advice.

 

 

Jan 10, 2011 at 8:29 PM

Nick,

 

the same set of clear ZMK keys when entered into the third party tool, it accepts it as clear and allows pin generation using PIn blocks. please advice.

I need information on your pin PADs. i need a pin pad for a project i am working on. please help

 

Jan 10, 2011 at 8:40 PM

Nick,

 

i tried using the ThalesCore.dll in our visual basic 6.0 and we could not add the reference. please help so that we can use same in visual basic 6.0.

thanks

Jan 10, 2011 at 9:34 PM
Edited Jan 10, 2011 at 9:42 PM
tolokunfol wrote:

Client from 192.168.1.201:2503 is connected
Client: 192.168.1.201:2503
Request: 1099A43000UU70ADE3CD57F6CD94DF51AE4225F162EDU0E2A534551EADE0861D8BE2FDDFECFA5U9F0268FC5E3CB1A98F0B99E548130CC9
Parsing header and code of message 1099A43000UU70ADE3CD57F6CD94DF51AE4225F162EDU0E2A534551EADE0861D8BE2FDDFECFA5U9F0268FC5E3CB1A98F0B99E548130CC9...
Searching for implementor of A4...
Found implementor ThalesSim.Core.HostCommands.BuildIn.FormKeyFromEncryptedComponents_A4, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1099A510
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

=== [A4], starts 21:08:24.096 =======
[Key,Value]=[Key Component #1,70ADE3CD57F6CD94DF51AE4225F162ED]
[Key,Value]=[Key Component #2,0E2A534551EADE0861D8BE2FDDFECFA5]
[Key,Value]=[Key Component #3,9F0268FC5E3CB1A98F0B99E548130CC9]
[Key,Value]=[Key Component Scheme #1,U]
[Key,Value]=[Key Component Scheme #2,U]
[Key,Value]=[Key Component Scheme #3,U]
[Key,Value]=[Key Scheme (LMK),U]
[Key,Value]=[Key Type,000]
[Key,Value]=[Number of Components,3]

=== [A4],   ends 21:08:24.096 =======

 

Hi Nick,

 

the above is from the simulator. i have a test key and it has 3 clear ZMK components. i used both the EC and Z command on the simulator and also tried the key manager to generate the 3 encrypted components for the third party tool but the tool return this error and does accept the keys from me:

Error - Source key parity Error.

 

I have tried severally and even tried using Enforce Odd Parity in  the key manager it still returns the same error.

when i looked at the ZMK KCV sent by the simulator for the 3 encrypted components its different from the one expected using the 3 clear Components.

 

KCV from simulator - 1099A510

KCV from the clear component - 2D 61

 

please advice.

 

 

The problem seems to be that EC doesn't ensure that the key has odd parity. I'll post a fix for this but for the time being you can try the KG console command to generate a key.

EDIT: Fix is posted. One more thing, if you need to encrypt a specific key and KG doesn't work for you, you can also use the Key Manager utility.

Jan 10, 2011 at 9:35 PM
tolokunfol wrote:

Nick,

 

the same set of clear ZMK keys when entered into the third party tool, it accepts it as clear and allows pin generation using PIn blocks. please advice.

I need information on your pin PADs. i need a pin pad for a project i am working on. please help

 

See my previous.

I can't really say that I'm doing the work you need done with PIN pads at the moment. I've mainly used them in projects but the programming was already done by the vendor.

Jan 10, 2011 at 9:38 PM
tolokunfol wrote:

Nick,

 

i tried using the ThalesCore.dll in our visual basic 6.0 and we could not add the reference. please help so that we can use same in visual basic 6.0.

thanks

You can do this yourself from the source code. From what I know, you need to expose the .Net assembly for COM Interop and create a type library. I don't know the specifics of actually doing it but I think that there's more than one MSDN article on it.

Jan 10, 2011 at 10:11 PM

Nick,

 

the KG command allows the ZMK to be loaded but when i try to generate Pin from pin blocks with the generated ZMK components its throws an exception. I am trying to load the the test keys that came with the sample data that i am unis which is where the 3 encrypted ZMK component generated by the simulator returns source parity error.

 

 

Jan 10, 2011 at 10:13 PM

i will appreciate a fix for the source parity error so i can further test the pin generation using pin blocks if it will work using the sample data and the test keys.

Jan 10, 2011 at 11:28 PM

Fix has been posted, changeset 59988.

Jan 11, 2011 at 5:08 AM

Nick, can you help compile the change set and send the installation to my email for me to test.

cheers.

Jan 11, 2011 at 8:53 PM

Sure, check out this wiki article. Latest dev builds will be placed there from now on.

Jan 12, 2011 at 5:19 AM

it has accepted the test keys without throwing any exceptions on source key parity but the thing is the KCV with the test ZMK and PEK key is different from the one generated by the Simulator and i think ideally it should be same.

what i did was to use the EC command to generate the encrypted key from the clear ZMK and PEK sent in clear as sample and loaded same into the third party tool for use during the Pin generation from pin blocks connecting to the thales simulator and it still didnt give any pin, the command and application events are below. The third party tool also act as a simulator and returned the same KCV with the sample clear test keys after loading the keys into the third party tool and when i try doing pin generation from pin blocks with the third party tool simulator i got same pin with the ones sent with the sample data.

when i tried using the test key to generate Pin from pin block using the thales simulator this is the event:

 

Client from 192.168.1.201:3219 is connected
Client: 192.168.1.201:3219
Request: 1000JEU8AA8108D5D46A754627A5557895B200CE7195CD928A3354901832937216759
Parsing header and code of message 1000JEU8AA8108D5D46A754627A5557895B200CE7195CD928A3354901832937216759...
Searching for implementor of JE...
Found implementor ThalesSim.Core.HostCommands.BuildIn.TranslatePINFromZPKToLMK_JE, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1000JF10
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

=== [JE], starts 06:10:40.234 =======
[Key,Value]=[Account Number,832937216759]
[Key,Value]=[PIN Block,E7195CD928A33549]
[Key,Value]=[PIN Block Format Code,01]
[Key,Value]=[ZPK,8AA8108D5D46A754627A5557895B200C]
[Key,Value]=[ZPK Scheme,U]

=== [JE],   ends 06:10:40.234 =======

Please help look through and advice.

 

 

Jan 12, 2011 at 8:46 AM
tolokunfol wrote:

it has accepted the test keys without throwing any exceptions on source key parity but the thing is the KCV with the test ZMK and PEK key is different from the one generated by the Simulator and i think ideally it should be same.

what i did was to use the EC command to generate the encrypted key from the clear ZMK and PEK sent in clear as sample and loaded same into the third party tool for use during the Pin generation from pin blocks connecting to the thales simulator and it still didnt give any pin, the command and application events are below. The third party tool also act as a simulator and returned the same KCV with the sample clear test keys after loading the keys into the third party tool and when i try doing pin generation from pin blocks with the third party tool simulator i got same pin with the ones sent with the sample data.

when i tried using the test key to generate Pin from pin block using the thales simulator this is the event:


I didn't follow that. Please list:

  • The value of any clear or encrypted components you used.
  • The exact console commands you used.

This way I can duplicate your actions and see if there is a problem. If you have a clear ZMK and a PEK encrypted under the ZMK and you need to import the PEK, the simplest way to do it is to decrypt the PEK under the ZMK and import the clear PEK. The formal way of doing it is to import all ZMK components, form the encrypted ZMK and then import the PEK encrypted. But please show the exact data you used and the steps you followed.

Jan 12, 2011 at 9:02 AM

Command: EC
Key Type: 000
Key Scheme: U
Enter component: E38FD6D9EF85A892F2FBFDF083A407AE
Encrypted Component: U 70AD E3CD 57F6 CD94 40E4 C7D6 CE3A 4D1B
Key check value: 5983 47
Command: EC
Key Type: 000
Key Scheme: U
Enter component: D0085DBFFB3723B926CB7980B9EA6268
Encrypted Component: U 0E2A 5345 51EA DE08 61D8 BE2F DDFE CFA5
Key check value: DACA F5
Command: EC
Key Type: 000
Key Scheme: U
Enter component: 20295EBC0B80BF5EF7F78C9125686D3B
Encrypted Component: U 9F02 68FC 5E3C B1A9 8F0B 99E5 4813 0CC9
Key check value: DE5A A9

 

This is from the thales simulator console, i loaded the 3 encrypted components into the third party tool and the KCV from it is 76D81C. the Expected KCV is 2D617C using the clear 3 components.

 

i also used this

 

Command: Z
Enter ZMK Component: E38FD6D9EF85A892F2FBFDD083A407AE
Encrypted ZMK component: E38F D6D9 EF85 A892 F2FB FDD0 83A4 07AE
Key check value: DD13 75

Command: Z
Enter ZMK Component: D0085DBFFB3723B926CB7980B9EA6268
Encrypted ZMK component: D008 5DBF FB37 23B9 26CB 7980 B9EA 6268
Key check value: DACA F5

Command: Z
Enter ZMK Component: 20295EBC0B80BF5EF7F78C9125686D3B
Encrypted ZMK component: 2029 5EBC 0B80 BF5E F7F7 8C91 2568 6D3B
Key check value: DE5A A9

and it didnt work.

 

 

 

Jan 12, 2011 at 9:20 AM

Got you. You can use FK (form key from components). If it's a ZMK, the key type is 000.

FK
Key length [1,2,3]: 2
Key Type: 000
Key Scheme: U
Component type [X,H,E,S]: X
Enter number of components (2-9): 3
Enter component #1: E38FD6D9EF85A892F2FBFDF083A407AE
Enter component #2: D0085DBFFB3723B926CB7980B9EA6268
Enter component #3: 20295EBC0B80BF5EF7F78C9125686D3B
Encrypted key: U 602A 83E3 3EE7 267B 109D 0491 5800 0B87
Key check value: 76D8 1C

Jan 12, 2011 at 10:50 AM

NIck,

I understand i can form the keys but the KCV is not the expected.

the KCV from the 3 clear components is 2D617C and the encrypted 3 components returns 76D8 1C which is not the expected. the KCV should be 2D617C

Jan 12, 2011 at 11:29 AM
Edited Jan 12, 2011 at 11:41 AM

Are the three clear components E38FD6D9EF85A892F2FBFDF083A407AE, D0085DBFFB3723B926CB7980B9EA6268 and 20295EBC0B80BF5EF7F78C9125686D3B? Are they XOR combined to form the clear key?

Jan 12, 2011 at 12:03 PM
Edited Jan 13, 2011 at 6:15 AM

Nick,

 

i dont know if its XOR combined or not but i was just given to test the pin blocks. it works with the third party tool just by entering the clear components and it generates the KCV with an encrypted ZMK component.

 

 

Jan 12, 2011 at 12:17 PM

I understand that the 3rd party tool does this for you but you're in a position where you want to externally replicate what it internally does. You cannot do it unless you know exactly what happens with all the steps of the process.

You absolutely need to know how these keys are combined to form the final key, otherwise how are you ever going to find out how to construct the key? There is no point in even trying to call other commands if you do not know this information, to begin with.

 

I am quite certain in telling you that

E38FD6D9EF85A892F2FBFDF083A407AE

                  XOR

D0085DBFFB3723B926CB7980B9EA6268

                  XOR

20295EBC0B80BF5EF7F78C9125686D3B

is equal to 13AED5DA1F32347523C708E11F2608FD, whose KCV is 76D81CD2E666B6F0. Therefore, either XOR is not how these keys are combined or the KCV you have is incorrect (or it is the KCV of another key).

Jan 12, 2011 at 3:24 PM
Edited Jan 13, 2011 at 7:19 AM

Nick,

 

 i tried using the third party tool to generate the ZMK and this is the command and application events

 

Client from 192.168.1.201:4616 is connected
Client: 192.168.1.201:4616
Request: 1023A00000U
Parsing header and code of message 1023A00000U...
Searching for implementor of A0...
Found implementor ThalesSim.Core.HostCommands.BuildIn.GenerateKey_A0, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1023A100UD9FDE58DD23ACD168F2012F57A3A3BBA6D5FE5
Calling Terminate()...
Implementor to Nothing
Client: 192.168.1.201:4616
Request: 1024A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUE2547BB496E4584724D4906979E02122U04
Parsing header and code of message 1024A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUE2547BB496E4584724D4906979E02122U04...
Searching for implementor of A8...
Found implementor ThalesSim.Core.HostCommands.BuildIn.ExportKey_A8, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1024A900UF5CDDBBCE67B711B489A30576718A9E21C0633
Calling Terminate()...
Implementor to Nothing
Client: 192.168.1.201:4616
Request: 1025A8002UD9FDE58DD23ACD168F2012F57A3A3BBAU1EF9693D97255919B4B707ADB6119E4BU04
Parsing header and code of message 1025A8002UD9FDE58DD23ACD168F2012F57A3A3BBAU1EF9693D97255919B4B707ADB6119E4BU04...
Searching for implementor of A8...
Found implementor ThalesSim.Core.HostCommands.BuildIn.ExportKey_A8, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1025A900U4F704123AA521C09B5F7AD021E94A24F524C5E
Calling Terminate()...
Implementor to Nothing
Client: 192.168.1.201:4616
Request: 1026A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUE78EEB80BB2E95A9547733F97E8609DCU04
Parsing header and code of message 1026A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUE78EEB80BB2E95A9547733F97E8609DCU04...
Searching for implementor of A8...
Found implementor ThalesSim.Core.HostCommands.BuildIn.ExportKey_A8, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1026A900UA316F8381C7FB35150A10D564DAF2136481874
Calling Terminate()...
Implementor to Nothing
Client: 192.168.1.201:4616
Request: 1027A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUFE334ECB996525F87395904C4B093BF1U04
Parsing header and code of message 1027A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUFE334ECB996525F87395904C4B093BF1U04...
Searching for implementor of A8...
Found implementor ThalesSim.Core.HostCommands.BuildIn.ExportKey_A8, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1027A900U414E4624ECF71C7A6458603E6F5FA4852C8777
Calling Terminate()...
Implementor to Nothing
Client: 192.168.1.201:4616
Request: 1028A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUA244A286BA83B5C92613A9349252FE7EU04
Parsing header and code of message 1028A8002UD9FDE58DD23ACD168F2012F57A3A3BBAUA244A286BA83B5C92613A9349252FE7EU04...
Searching for implementor of A8...
Found implementor ThalesSim.Core.HostCommands.BuildIn.ExportKey_A8, instantiating...
Calling AcceptMessage()...
Calling ConstructResponse()...
Calling ConstructResponseAfterOperationComplete()...
Attaching header/response code to response...
Sending: 1028A900UBF0E4EEC45E677187D3B33EEAE1CD32C46F7BB
Calling Terminate()...
Implementor to Nothing
Client disconnected.

 

=== [A0], starts 15:59:35.812 =======
[Key,Value]=[Key Scheme LMK,U]
[Key,Value]=[Key Type,000]
[Key,Value]=[Mode,0]

Key generated (clear): 98CBBFA419E3FBD908A1A21685BF15BF
Key generated (LMK): UD9FDE58DD23ACD168F2012F57A3A3BBA
Check value: 6D5FE5
=== [A0],   ends 15:59:35.890 =======

=== [A8], starts 15:59:35.906 =======
[Key,Value]=[Key,E2547BB496E4584724D4906979E02122]
[Key,Value]=[Key Scheme,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[ZMK,D9FDE58DD23ACD168F2012F57A3A3BBA]
[Key,Value]=[ZMK Scheme,U]

ZMK (clear): U98CBBFA419E3FBD908A1A21685BF15BF
Key (clear): U15CB61BAC8D9A4DC5D2CBF8C4FECD09D
Key (ZMK): UF5CDDBBCE67B711B489A30576718A9E2
Check value: 1C0633
=== [A8],   ends 15:59:35.953 =======

=== [A8], starts 15:59:35.984 =======
[Key,Value]=[Key,1EF9693D97255919B4B707ADB6119E4B]
[Key,Value]=[Key Scheme,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[ZMK,D9FDE58DD23ACD168F2012F57A3A3BBA]
[Key,Value]=[ZMK Scheme,U]

ZMK (clear): U98CBBFA419E3FBD908A1A21685BF15BF
Key (clear): U571037CEEA29893D5B7F02E3BF762CDA
Key (ZMK): U4F704123AA521C09B5F7AD021E94A24F
Check value: 524C5E
=== [A8],   ends 15:59:36.015 =======

=== [A8], starts 15:59:36.031 =======
[Key,Value]=[Key,E78EEB80BB2E95A9547733F97E8609DC]
[Key,Value]=[Key Scheme,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[ZMK,D9FDE58DD23ACD168F2012F57A3A3BBA]
[Key,Value]=[ZMK Scheme,U]

ZMK (clear): U98CBBFA419E3FBD908A1A21685BF15BF
Key (clear): UEF322CAE02E0CE4AB37398D38F45E5D0
Key (ZMK): UA316F8381C7FB35150A10D564DAF2136
Check value: 481874
=== [A8],   ends 15:59:36.062 =======

=== [A8], starts 15:59:36.078 =======
[Key,Value]=[Key,FE334ECB996525F87395904C4B093BF1]
[Key,Value]=[Key Scheme,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[ZMK,D9FDE58DD23ACD168F2012F57A3A3BBA]
[Key,Value]=[ZMK Scheme,U]

ZMK (clear): U98CBBFA419E3FBD908A1A21685BF15BF
Key (clear): UD698409816EC4C7AABAE5B2520A4971A
Key (ZMK): U414E4624ECF71C7A6458603E6F5FA485
Check value: 2C8777
=== [A8],   ends 15:59:36.093 =======

=== [A8], starts 15:59:36.109 =======
[Key,Value]=[Key,A244A286BA83B5C92613A9349252FE7E]
[Key,Value]=[Key Scheme,U]
[Key,Value]=[Key Scheme ZMK,U]
[Key,Value]=[Key Type,002]
[Key,Value]=[ZMK,D9FDE58DD23ACD168F2012F57A3A3BBA]
[Key,Value]=[ZMK Scheme,U]

ZMK (clear): U98CBBFA419E3FBD908A1A21685BF15BF
Key (clear): U5D346D7A9E10AEEA7992AEA2345254FB
Key (ZMK): UBF0E4EEC45E677187D3B33EEAE1CD32C
Check value: 46F7BB
=== [A8],   ends 15:59:36.140 =======

 

Please look through and see if you can pick out how its forming the keys.

Jan 12, 2011 at 4:12 PM
Edited Jan 12, 2011 at 4:16 PM

We've been down this road before.

A0 generates a ZMK component. I assume that the 3rd party tool uses it as a ZMK key.

The first A8 command encrypts a component under the generated ZMK. In order to do that, it passes the following info to A8:

  1. Key encrypted under the appropriate LMK.
  2. Type of above key (in this case, a PVK/TPK/TMK).
  3. ZMK encrypted under the appropriate LMK.
  4. Expected key scheme.

Where does the encrypted value of the key (step 1) come from? Who creates it and how? How is its encrypted value being formed? It cannot come out of thin air.

Jan 12, 2011 at 8:28 PM
Edited Jan 13, 2011 at 6:10 AM

Nick,

 

now i have been able to load the ZMK and the KCV is ok.  i used FK command to generate an LMK encrypted value and loaded same and it gave me the right KCV.

i tried doing some simulation with the third party tool using thales simulator and discovered that for this command event it only uses A0 all the other A8 commands are not used at all in the third party tool. i guess its just running some test by using some stored keys which what we saw in A8.

 

my challenge now is when i type in the PEK which is encrypted under the ZMK into the third party, the KCV is not matching the one with the sample key. all i did was to type the sample encrypted key directly into the third party tool.

 

 

 

with the above, the ZMK is correct and this is the PEK encrypted key under the ZMK and the expected KCV is 142623 but the thales simulator returns 5B65EA. when i tried providing the LMK encrypted value it returned source key parity error.

 

This is the application events that generated the ZMK

 

 

 

the KCV is correct.

 

Jan 12, 2011 at 11:02 PM

Glad to see that it was an error in the first component and that it now makes sense.

Well, finding PEK under LMK is now easy using the console. This is the PEK as a TPK/TMK/PVK.

IK
Key Type: 002
Key Scheme: U
Enter encrypted ZMK: U602A83E33EE7267B427417A80506E82C   <<< The ZMK you calculated.
Enter key: X56C8DACE4447FFC02D9F385D67072A88   <<< PEK under ZMK. Note the X designation, since keys are normally transmitted as Ansi keys.
Key under LMK: U BAD3 021D E396 0838 4112 14A3 D7AC 44A8
Key Check Value: 1426 23

And this is the PEK as a ZPK.

IK
Key Type: 001
Key Scheme: U
Enter encrypted ZMK: U602A83E33EE7267B427417A80506E82C
Enter key: X56C8DACE4447FFC02D9F385D67072A88
Key under LMK: U 0063 506C A59A A28A E226 5377 A0F5 5B70
Key Check Value: 1426 23

The problem with the A6 command you've send is that you designated the key under ZMK as having key scheme U (variant). This normally happens when keys are encrypted under the LMK. When keys are encrypted under for transmission under a ZMK they almost always are of Ansi format. If you want to cross-check the above results, try sending the A6 command again using X56C8DACE4447FFC02D9F385D67072A88 instead of U56C8DACE4447FFC02D9F385D67072A88.

Jan 13, 2011 at 6:05 AM

nick,

 

thanks its all working now.

Jan 13, 2011 at 7:23 AM

Nick,

Thanks a bunch, i guess i owe you one.

Can you give some tip on any Pin PAd that i can program for use to choose PIN.

 

Jan 13, 2011 at 9:02 AM

No problem, glad it's now working!

Hardware-wise, I guess that any PIN pad will do the job of choosing a PIN. It's always a matter of choosing a vendor that's local to you who know their stuff and can code the PIN pad application the way you want it to work.

Jan 14, 2011 at 10:01 PM

 

Hi Nick,

thanks for the help on thales HSM. I need help on postillion. I need to talk to postillion to initiate Pin change request using e-socket web. i have tried going through the samples that came with postillion but configuring postillion itself is bit of a challenge cos i dont use in a production environment. please help with some code snippet if you have. I also need an instant card solution that can allow issuance of chip and pin card instantly from a remote location.

Jan 16, 2011 at 7:10 PM

I don't have good experience with eSocket.Web, sorry. Regarding chip and pin instant issuance, I believe you should talk to your Postilion distributor in the region because they have a solution that integrates with Postilion.

Jan 20, 2012 at 6:55 AM

Hi Nick

How are you? quiet a long time.

i am trying to use the library to connect to a thales 8000 and all works fine but when i attempt to derive a pin using IBM method (EE) it returns '02' instead of '00'. any ideas what might be happening.

 

Thanks Nick