# Data Format Multi-byte values like command and data lengths are always big-endian. ### Message Types #### Data Data Messages are formed in response to a cardholder event such as swiping a card or pressing a button. These messages are formatted as a block of ASCII text and compatible with all interfaces. #### Commands Commands consist of a 2-byte command, a 2-byte Parameter Data Length, and Parameter Data as needed. ### Table - Command Structure
CommandParameter Data LenParameter Data
2-bytes2-bytes0…n bytes
#### Responses Responses consist of a 2-byte return code, a 2-byte response data length, and response data as needed. ### Table - Response Structure | Return Code | Response Data Len | Response Data | | ----------- | ----------------- | ------------- | | 2-bytes | 2-bytes | 0...n bytes | #### Notifications Notifications consist of a 2-byte notification code, a 2-byte notification data length, and notification data when needed. They are sent asynchronously due to device events. They can also be used as delayed responses for commands that take longer to process. ### Table - Notification Structure | Notification ID | Notification Data Len | Notification Data | | --------------- | --------------------- | ----------------- | | 2-bytes | 2-bytes | 0...n bytes | ### Data Output #### MSR Track Data **Sentinels** Data for each card track is typically bracketed by a start and end sentinel. The sentinel characters can be changed by setting properties. The start sentinel can also indicate what format was used to encode the track. \[SS] Track Data \[ES] If a property value is set to 0, then no character will be sent. ### Table - Track Data Sentinel Properties
NameDescriptionLengthPropertyDefault
T1ISOTk1 SS if ISO10x240x25 ‘%’
T2ISOTk2 SS if ISO10x250x3B ‘;’
T3ISOTk3 SS if ISO10x260x2B ‘+’
T3AMVTk3 SS if AAMVA10x270x23 ‘#’
T27BTTk2 SS if 7bit10x280x40 ‘@’
T37BTTk3 SS if 7bit10x290x26 ‘&’
ESEnd sentinel10x2B0x3F ‘?’
**Masking** The PAN field must always be partially masked. The device can be configured to expose the 0-8 leading characters and 0-4 trailing characters. The 8-digit limit for leading characters automatically drops to 6 for cards where the PAN length is less than 16 (e.g. American Express). Properties 0x07 and 0x08 are used to configure PAN masking. {% hint style="info" %} **Note:** PCI Requirement – SCR devices that can be used with consumer devices must fully mask cardholder name, expiration date, and service code with no exceptions. {% endhint %} ### PCI/Non-PCI Masking {% hint style="info" %} **Note:** The description in this section is for non-PCI device case. The following table shows the difference between non-PCI device and PCI device masking rule. {% endhint %}
M001/M002 MessageNon-PCIPCI
PAN maskingCan be configured using Property 0x07 and 0x08.

Can be configured using Property 0x07 or 0x08 with the following exceptions.

· Masking Character, ‘V’, is not supported in Property 0x07/0x08.

· Not allowed to unmask leading PAN digits more than 6 digits when PAN length is 15 digits.

Name maskingAlways fully unmasked.Always fully masked with ‘*’.

ISO Only:

Expiration Date masking

Always fully unmasked (4 digits).Always masked with 5th character from Property 0x07.

ISO Only:

Service Code masking

Can be enabled or disabled using Property 0x6E (3 digits).Always masked with 5th character from Property 0x07.

AAMVA Only:

Expiration Date and Birth Date

Always fully unmasked (12 digits).Always masked with 5th character from Property 0x08.
Discretionary Data maskingUnmasked if error. Otherwise, masked with 5th character from Property 0x07 or 0x08.Unmasked if error. Otherwise, masked with 5th character from Property 0x07 or 0x08.
## **DUKPT Key Info for Encrypted Data Output** Data messages include DUKPT KEY information fields so the host can derive the correct decryption or MAC key. ### Table - DUKPT Key Derivation Information
ByteLenDescriptionValuesNotes
11DUKPT Key Info Version

0x00 – Legacy DUKPT

0x01 – Current (AES) DUKPT
21For Data Item

0x01 – RFU

0x01 – Message MAC

0x02 – MSR Data

0x03 – MP Token

0x04 – Qwantum Token

0x05 – Qwantum Data
31Using Mode/Operation

0x00 – RFU

0x01 – ENC-CBC-0

0x02 – ENC-CBC-SECURE

0x03 – ENC-CTR

0x10 – MAC-CBC-0

0x11 – CMAC

0x12 – HMAC

0x13 – GMAC
41Derived Key Algorithm

0x00 – 2-key TDEA

0x01 – 3-key TDEA

0x02 – AES 128-bit

0x03 – AES 192 bit

0x04 – AES 256 bit

0x05 – HMAC
5-62Generated Key Length (bits)

0x0100 – 256 bits

0x0080 – 128 bits
7-82Derived Key Usage

0x2002 – MAC, both ways

0x3002 – Data Encryption, both ways

0xFF00 – Legacy PIN Variant

0xFF01 – Legacy MAC, both ways

0xFF02 – Legacy Data Encryption

AES DUKPT: Use “Legacy: FFnn”, which means “shift FF left nn bytes”.
Example: ``` 00 02 01 00 0080 FF02 MSR encrypt CBC zero pad with legacy DUKPT 128-bit TDEA data variant. ``` {% hint style="info" %} **Note:** Derived key algorithm, length, and usage information will be needed to generate the correct AES-DUKPT decryption key. {% endhint %} ## Data Messages Data messages will always be made up of ASCII text characters regardless of the interface for compatibility purposes. Text is used to address limitations when using keyboard emulation. ## **Normal Operation – Financial Card Read Message** Any Field with no value will be empty between separator characters. ### Table - Data Message M001 Definition
Field DescriptionProtTypeTxt LenNotes
Message ID = “M001”ClearASCII4MSR Data Message
Track 1 Masked DataClearASCIIvarPer masking configuration
Track 2 Masked DataClearASCIIvarPer masking configuration
Track 3 Masked DataClearASCIIvarPer masking configuration
Track 1 DataEncryptHEXvarEncrypted with MSR key.
Track 2 DataEncryptHEXvarEncrypted with MSR key.
Track 3 DataEncryptHEXvarEncrypted with MSR key.
MP Status CodeClearHEX8
MP TokenEncryptHEXvarEncrypted with MSR or MP key as configured (see Property 0x15).
Session IDEncryptHEX16/32Encrypted with MSR key. Session ID = RTC value.
KSN (MSR)ClearHEX20/24
DUKPT Key Info (MSR)ClearHEX16
KSN (MP)ClearHEX0/20/24Empty when MSR key is used
DUKPT Key Info (MP)ClearHEX16Empty when MSR key is used
Device Serial NumberClearASCII7

Indicates valid range of each hex digit –

  • ‘0’ ~ ‘9’ (0x30 ~ 0x39),
  • ’A’ ~ ‘F’ (0x41 ~ 0x46)
DUKPT Key Info (MAC)ClearHEX16Using MSR Key
Message LengthClearHEX4Include all of message except for MAC. Length required for MAC security. High byte first.
MACClearHEX16/32

MAC variant of MSR encryption key is used to calculate MAC.

  • CBC MAC if MSR DUKPT key is TDES
  • CMAC if MSR DUKPT key is AES
{% hint style="info" %} **Note:** Text length may vary depending on the key type that is being used. {% endhint %} ## **Normal Operation – Financial Card Read Message with Selectable Card Data Encryption Enabled** ### Table - Data Message M002 Definition
Field DescriptionProtTypeTxt LenNotes
Message ID = “M002”ClearASCII4MSR Data Message
Track 1 Masked DataClearASCIIvarPer masking configuration
Track 2 Masked DataClearASCIIvarPer masking configuration
Track 3 Masked DataClearASCIIvarPer masking configuration
Track 1 DataEncryptHEXvarEncrypted with MSR key.
Track 2 DataEncryptHEXvarEncrypted with MSR key.
Track 3 DataEncryptHEXvarEncrypted with MSR key.
MP Status CodeClearHEX8
MP TokenEncryptHEXvarEncrypted with MSR or MP key as configured (see Property 0x15).
Session IDEncryptHEX16/32Encrypted with MSR key. Session ID = RTC value.
KSN (MSR)ClearHEX20/24
DUKPT Key Info (MSR)ClearHEX16
KSN (MP)ClearHEX0/20/24Empty when MSR key is used
DUKPT Key Info (MP)ClearHEX0/16Empty when MSR key is used
Device Serial NumberClearASCII7Indicates valid range of each hex digit – ‘0’ ~ ‘9’ (0x30 ~ 0x39), ‘A’ ~ ‘F’ (0x41 ~ 0x46)
DUKPT Key Info (MAC)ClearHEX16Using MSR Key
Message LengthClearHEX4Include all of message except for MAC. Length required for MAC security. High byte first.
MACClearHEX16/32

MAC variant of MSR encryption key is used to calculate MAC.

  • CBC MAC if MSR DUKPT key is TDES
  • CMAC if MSR DUKPT key is AES
Encrypted SCDEEncryptHEXvar
KSN (SCDE)ClearHEX20/24
DUKPT Key Info (SCDE)ClearHEX16
{% hint style="info" %} **Note:** * Text length may vary depending on the key type that is being used. * The three SCDE fields at the bottom of the message are not part of the MAC calculation. {% endhint %} The device transmits an M002 message with three new data fields: Encrypted SCDE, KSN (SCDE) and DUKPT Key Info (SCDE) to the host instead of an M001 message when the following four conditions are satisfied. Selectable Card Data Encryption is enabled through Property 0x78. * Any of the defined property 0x78 bits are set to 1 (enabled), * Card Encode Type is ISO (a.k.a. financial card), * SCDE DUKPT key is injected or present in the device, and * SCDE DUKPT future keys are available (not exhausted) If any one of the four conditions is not met, an M001 message will be returned to the host instead of an M002 message. The encrypted SCDE field in the M002 message, \[Encrypted SCDE], includes six data fields, field\_1 \~ field\_6. The six data fields are placed in a buffer prior to encryption. The selectable card data element starts with a field separator (FS) followed by a data field, and the last field separator is appended following the sixth data field (field\_6) as shown below (total seven FS characters). The field separator used in the SCDE is the same FS used in the M001 or M002 message, which may be changed using Property 0x23. Each data field in the SCDE is defined as follows. ### Table - SCDE Data Fields
DescriptionTypeLength (bytes)Property 0x78
field_1Cardholder Name from Track 1ANvar (max 26)bit 0
field_2PAN from Track 1or Track 2 (padding nibble=F)CNvar (max 19)bit 1
field_3Expiration Date from Track 1 or Track 24N2bit 2
field_4Service Code from Track 1 or Track 23N2bit 3
field_5T1 discretionary dataANvarbit 4
field_6T2 discretionary data (padding nibble=F)CNvarbit 5
The SCDE DUKPT key (DKPTM1F) is used to encrypt the six data fields (| field\_1 | field\_2 | field\_3 | field\_4 | field\_5 | field\_6 |)only. No other keys should be used for the SCDE. The encrypted SCDE field in the M002 message is an encrypted blob holding six card data fields selected with Property 0x78 bits. If a defined bit is set to zero, the corresponding data field will be empty in the clear-text SCDE. The clear-text SCDE including enabled data fields will be encrypted with an SCDE DUKPT future key. When all defined bits in the property 0x78 are set to zeros, the encrypted SCDE is disabled. As a result, the M001 message should be transmitted to the host instead of the M002 message. Encrypt( | field\_1 | field\_2 | field\_3 | field\_4 | field\_5 | field\_6 | ) **Field Separation** This device uses configurable properties to define characters that get inserted into the message for parsing purposes. The simplest option is to have characters for start of message (SOM), end of message (EOM), and field separation (FS) only. ### Table - Separating text fields for host parsing.
NameDescriptionLengthPropertyDefaultTo Disable
SOMStart of Message0-70x1E00
EOMEnd of Message0-70x22‘\r’ (0x0D)0
FSField Separator10x23‘|’ (0x7C)0
{% hint style="info" %} **Note:** Portion in bold shows the data included in the output MAC calculations. {% endhint %} ``` [SOM] M001 [FS] [Track 1 Masked Data] [FS] [Track 2 Masked Data] [FS] [Track 3 Masked Data] [FS] [Track 1 Encrypted Data] [FS] [Track 2 Encrypted Data] [FS] [Track 3 Encrypted Data] [FS] [MP Status] [FS] [Encrypted MP Data] [FS] [Encrypted Session ID] [FS] [MSR DUKPT Key Serial Number] [FS] [MSR DUKPT Key Info] [FS] [MP DUKPT Key Serial Number] [FS] [MP DUKPT Key Info] [FS] [Device Serial Number] [FS] [MAC DUKPT Key Info] [FS] [MAC message length] [FS] [MAC] [EOM] [FS] [MAC][EOM] [SOM] M002 [FS] [Track 1 Masked Data] [FS] [Track 2 Masked Data] [FS] [Track 3 Masked Data] [FS] [Track 1 Encrypted Data] [FS] [Track 2 Encrypted Data] [FS] [Track 3 Encrypted Data] [FS] [MP Status] [FS] [Encrypted MP Data] [FS] [Encrypted Session ID] [FS] [MSR DUKPT Key Serial Number] [FS] [MSR DUKPT Key Info] [FS] [MP DUKPT Key Serial Number] [FS] [MP DUKPT Key Info] [FS] [Device Serial Number] [FS] [MAC DUKPT Key Info] [FS] [MAC message length] [FS] [MAC] [FS] [Encrypted SCDE] [FS] [SCDE DUKPT Key Serial Number] [FS] [SCDE DUKPT Key Info] [EOM] [SOM] Q001 [FS] [Token DUKPT Key Serial Number] [FS] [Token DUKPT Key Info] [FS] [QWANTUM Status] [FS] [QWANTUM Token] [FS] [Encrypted Session ID] [FS] [QWANTUM Card ID] [FS] [Device Serial Number] [FS] [MAC DUKPT Key Info] [FS] [MAC message length] [FS] [MAC] [EOM] [SOM] Q002 [FS] [Token DUKPT Key Serial Number] [FS] [Token DUKPT Key Info] [FS] [Encrypted Session ID] [FS] [Encrypted Qwantum Data Buffer] [FS] [Device Serial Number] [FS] [MAC DUKPT Key Info] [FS] [MAC message length] [FS] [MAC] [EOM] [SOM] Q003 [FS] [Message Code] [FS] [Message] [EOM] ``` ## Qwantum Card Read/Qwantum Mode All Card Read This is the message format for Qwantum cards, or for any card when Qwantum Mode is on. ### Table - Data Message Q001 Definition
DescriptionProtTypeTxt LenNotes
Message ID = “Q001”ClearASCII4Qwantum Card message
KSN (Token)ClearHEX20/24TDES or AES
DUKPT Key Info (Token)ClearHEX16
Qwantum StatusClearHEX8from ASIC
Qwantum TokenEncryptHEXvar
  • Encrypted with Qwantum Token Key
  • Padded with zeros
Session IDEncryptHEX16/32Encrypted with MSR key. Session ID = RTC value
Qwantum Card IDClearHEX6432-byte SHA256 hash of TK1 name, TK2 PAN and TK2 Expiration Date
Device Serial NumberClearASCII7Indicates valid range of each hex digit – ‘0’ ~ ‘9’ (0x30 ~ 0x39), ‘A’ ~ ‘F’ (0x41 ~ 0x46)
DUKPT Key Info (MAC)ClearHEX16for Qwantum Token Key
Message LengthClearHEX4Includes all of message fields except for MAC (High byte first)
MACClearHEX16/32

MAC variant of MSR encryption key is used to calculate MAC.

  • CBC MAC if MSR DUKPT key is TDES
  • CMAC if MSR DUKPT key is AES
## Quantum Buffer Output This message is used when the device sends out encrypted data from the Secure Buffer. ### Table - Qwantum Buffer Output Q002 Data Message
DescriptionProtTypeTxt LenNotes
Message ID = “Q002”ClearASCII4Qwantum Buffer Message
KSN (Token)ClearHEX20/24TDES or AES
DUKPT Key Info (Token)ClearHEX16
Session IDEncryptHEX16/32Encrypted with MSR key. Session ID = RTC value
Qwantum BufferEncryptHEX1-2K
  • Encrypted with Qwantum Token Key
  • Padded with pad length
Device Serial NumberClearASCII7Indicates valid range of each hex digit – ‘0’ ~ ‘9’ (0x30 ~ 0x39), ‘A’ ~ ‘F’ (0x41 ~ 0x46)
DUKPT Key Info (MAC)ClearHEX16for Qwantum Token Key
Message LengthClearHEX4Includes all of message fields except for MAC (High byte first)
MACClearHEX16/32

MAC variant of MSR encryption key is used to calculate MAC.

  • CBC MAC if MSR DUKPT key is TDES
  • CMAC if MSR DUKPT key is AES
## Empty Qwantum Buffer Output This message is used when the device sends out when Qwantum Secure Data is empty. ### Table - Qwantum Buffer Output Q003 Data Message
DescriptionProtTypeTxt LenNotes
Message ID = “Q003”ClearASCII4Qwantum Buffer Message
Message CodeClearASCII2Text characters indicating message code
MessageClearASCII36Message for empty buffer
#### Example: ``` Q003|01|No Data Stored. Nothing to Transmit.| ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.magtek.com/hardware/card-readers/magnetic-stripe-readers/idynamo-5-gen-iii/documentation/developers-manuals/programmers-manual-commands/data-format.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.