×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Capturing and decoding encrypted serial data
2

Capturing and decoding encrypted serial data

Capturing and decoding encrypted serial data

(OP)
Hi,

I've been asked to decode serial data passing between a point of sale system (fancy name for fancy cash register) and a gasoline fuel controller.  Data typically consists of commands from the POS to the controller such as "what is your status", "you are auhorized to dispense fuel", "how much fuel did you dispense", etc. and things are easy when the baud, data bits, parity, etc. are fixed.  I've got a micro-based board that measures pulse widths, sets the baud rate, then runs through combinations of data bits, parity, etc. until no parity or framing errors happen.  Crude perhaps but it works on a "well-behaved" data stream.  However, the new challenge is to decode the data from a "PCI compliant" data stream that contains encrypted credit card information.  The encryption confounds my device.  What is the proper way to decode this data?

Thank you,

Rob

RE: Capturing and decoding encrypted serial data

I'm guessing your answer lies here:
https://www.pcisecuritystandards.org/security_standards/documents.php

I couldn't figure out from the sample that I read if they dynamically mess with the baud rate and such, or not.  I'm guessing, not, so fixing the parameters in your box may work.

Beyond that, I don't think discussion is appropriate in a global public forum like this one.
 

Mike Halloran
Pembroke Pines, FL, USA

RE: Capturing and decoding encrypted serial data

Rob,

I've read your other posts and the one thing I can glean from them is you're pretty fresh as an engineer.  What you're getting into with this project will challenge you, to say the least.

I'll add that what you are attempting to do may very well be illegal (on a federal level), it is likely against the TOS (Terms of Service) for most (all?) processing companies, and it certainly opens up a door for hacking.  Playing "man in the middle" to an encrypted PCI data stream and decoding it is a very dangerous position to be in.

As Mike said, this is not exactly a discussion for an open forum.  Hackers get enough help as it is (I particularly like the new breed of card skimmers that transmit their data over BlueTooth so the hacker doesn't need to re-acquire the skimmer to grab his data).  If this is a legitimate product, I highly recommend you check with your company's lawyers first, and then bring in a consultant EE to help (if not do it for you outright).

Dan - Owner
http://www.Hi-TecDesigns.com

RE: Capturing and decoding encrypted serial data

(OP)
Mike,

Thank you for the link and I agree the content is not suitable.  I should not have included the acronym.  I don't see any way to delete or edit the post as I surely would.  The general question was how to go about decoding "dynamic" RS-232 serial communication.

Regards,

Rob

RE: Capturing and decoding encrypted serial data

(OP)
Mac,

Thank you for the reply and assessment of my abilities.  The reality is that I'm about the only engineer at my company and have had to resort to professing my ignorance to the world out of sheer desperation - nobody here with whom to truly collaborate.  That said, I have found an uncanny outcome of asking dumb questions - sometimes once I ask them the answer comes to me.  I chalk that up to what I'll call the magic of synergy.

I think I'm more capable than you give me credit for, but agree that I have much to learn.  Believe it or not I knew almost nothing after 10 years working with dozens of engineers at a large defense contractor.  Luckily I landed a job at this small company and under the tutelage of a now deceased mentor I began to learn how to be an engineer, and to realize how little I actually knew after earning a BSEE and an MSEE.  My problem is that I'm not an "engineer's engineer", do not make circuits at home for the fun of it.  I can do that at work but not at home.  Problem was the defense contractor job had no work of that kind, and the education was all about theory and passing tests.

That said it is time for me to move on and find some new mentors and engineers with whom to collaborate.

Best regards,

Rob

RE: Capturing and decoding encrypted serial data

Let me see if I understand what you are trying to do.
Your employer sells magic boxes that monitor a data stream, and record or report gasoline sales data, without altering the data stream, and without modification to or cooperation from the transmitter or the receiver.

But now the boxes are getting confused by encrypted credit card data passing through the data link.

If the gasoline sales data, pump commands, etc., are still unencrypted, then your box just has to get smart enough to identify and completely ignore encrypted data that is of no interest to it.  That sounds like a soluble  problem.

If the entire data stream is encrypted, you are screwed, for now.

 

Mike Halloran
Pembroke Pines, FL, USA

RE: Capturing and decoding encrypted serial data

(OP)
Mike,

You are spot on about the magic box that extracts what it needs from a data stream without effect on the data.  Sender and receiver are unaware of its presence.  And yes, the box will not work in this new data path.  My guess is that all of the data is encrypted, as the output is total garbage.  Otherwise I'd expect to see data packets missing the first few bytes.

Thanks again and given the subject matter let's close this one, as I'm convinced there's not some "off the shelf" solution, which is what I was looking for.

Best,

Rob

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members!


Resources