ISO8583消息解码
[英]ISO8583 message decoding
问题描述
I am just beginner to ISO 8583 messaging format. 
我只是ISO 8583消息格式的初学者。
So, i already search information about that at WIKI and Code Project 所以,我已经在WIKI和Code Project上搜索了相关信息
So as i understand about that is.. 所以据我了解的是......
this message we can divide 3 parts ... 这个消息我们可以划分3个部分......
1.MTI (Message Type Indicator)
1.1.Version
1.2.Message Class
1.3.Message Function
1.4.Message Origin
2.Bitmap
Indicate which data elements are present.
3.DataElement
The essence of the whole ISO message, contain information about the transaction such as ... 整个ISO消息的本质,包含有关交易的信息,如...
- transaction type, 交易类型
- amount, 量,
- customerid 顾客ID
and so on. 等等。
So, After i reading these two web references, I want to make divide my ISO messaging log as MTI, bitmap, and Data Element. 所以,在我阅读这两个Web引用之后,我想将我的ISO消息传递日志划分为MTI,位图和数据元素。
For example. 例如。
(0800 2020000000800000 000000 000001 3239313130303031)
MTI: 0800 (1987 version, Network Management Message, Request, Acquirer)
Bitmap: 20 20 00 00 00 80 00 00 (eg. 20 = 0010 0000 ,so position 3 is on)
DataElement:(by seeing Bitmap , we can defined data element as follow)
field 03:000000 (Processing Code)
field 11:000001 (Systems trace audit number)
field 41:3239313130303031 (Card acceptor terminal idenfication)
But my problem is, I already have ISO 8583 messaging log from my ATM Machine. 但我的问题是,我已经从我的ATM机上获得了ISO 8583消息传递日志。 This actual output messaging log is not very clear like this upper example. 这个实际的输出消息日志不像这个上面的例子那样清晰。 So I cannot divide this message to MTI, Bitmap and Data element like upper example. 所以我不能将此消息分为MTI,Bitmap和Data元素,如上例。
Here are my Example of data 这是我的数据示例
00 14 5e 47 2e d8 00 1a d4 0c 32 0f 08 00 45 00
00 7b b2 ec 40 00 80 06 e5 29 ac 11 05 37 ac 11
05 0d 1a 78 1a 78 bf 1c 66 c8 8f 11 b5 a9 50 18
3f b6 c8 f6 00 00 00 51 31 31 1c 30 30 32 1c 1c
1c 31 3b 1c 3b 35 32 36 34 30 32 31 37 30 33 32
36 34 30 32 34 3d 31 34 30 35 32 32 31 31 30 30
4 个解决方案
解决方案1
3 2014-01-23 08:39:47
What you have there as a sample is just the representation of the transaction info as it's transmitted over the wire. 你在那里作为样本只是交易信息的表示,因为它是通过网络传输的。 This is effectively the way all data transmission looks like at the transport layer, regardless of application. 无论应用如何,这实际上都是传输层所有数据传输的方式。
Depending on the terminal management application/switch you're using (Postilion and Base24 are good examples), there should be a translation of that hex payload into ASCII text somewhere in your logs. 根据您正在使用的终端管理应用程序/交换机(Postilion和Base24是很好的示例),应该在日志中的某处将该十六进制有效负载转换为ASCII文本。
For the sample you have, you should first convert it to binary and then convert the binary result to ASCII . 对于您拥有的示例,应首先将其转换为二进制 ,然后将二进制结果转换为ASCII 。 Using those steps, I can tell you the Institution Identifier Number (or Bank Identifier Number) in that sample is 526402 . 使用这些步骤,我可以告诉您该样本中的机构标识号(或银行标识号)是526402 。 The snippet you've posted contains the Track 2 data, which also has the PAN in it. 您发布的代码段包含Track 2数据,其中也包含PAN。 I'm not posting that here for obvious reasons (I'm not even going to apply the masking to it) 我不是因为显而易见的原因而在这里发帖(我甚至不打算对它进行掩蔽)
解决方案2
3 2016-07-14 02:49:01
The hexadecimal dump for sure is not ISO 8583 dialect message. 十六进制转储肯定不是ISO 8583方言消息。 There are lot Field Separators with Hex code 0x1C. 有很多字段分隔符,十六进制代码0x1C。
The bytes at the beginning of your example looks like several layers of different packets. 示例开头的字节看起来像几层不同的数据包。 I do not pretend to correct decryption, but it might be Mobile IP packet inside IP packet inside TCP packet. 我不假装正确解密,但它可能是TCP数据包内的IP数据包内的移动IP数据包。
The last, most important part for your investigations - is the part of NDC Message - the Network message protocol from NCR for ATMs. 调查的最后一个也是最重要的部分 - 是NDC消息的一部分 - 来自NCR的ATM网络消息协议。
TCP - RFC 793 TCP - RFC 793
00 14 5e 47 2e d8 00 1a d4 0c 32 0f 08 00 45 00
00 7b b2 ec __ __ __ __ __ __ __ __ __ __ __ __
source_port: "0014" # // 20
destination_port: "5E47" # // 24135
sequence: "2ED8001A" # // 785907738
acknowledgment: "D40C320F" # // 3557569039
offset: "00" # [xxxx____]
bits: "00" # Control Bits
window: "4500" # // 17664
crc: "007B"
urgency: "B2EC" # // 45804
IP - RFC 791 IP - RFC 791
__ __ __ __ __ __ 40 00 80 06 e5 29 ac 11 05 37 ac 11
05 0d 1a 78 1a 78 bf 1c __ __ __ __ __ __ __ __ __ __
b1:
version: "4"
IHL: "0" # Internet Header Length (in DWORDs)
type: # Type of Service
precedence: "00"
# 000_____ - Routine
delay: "00"
# ___0____ - Normal Delay
throughput: "00"
# ____0___ - Normal Throughput
relibility: "00"
# _____0__ - Normal Relibility
size: "8006" # // 32774
identifier: "E529"
fragment:
flags: "AC11"
# _0______________ - May Fragment
# __1_____________ - More Fragments
offset: "0C11" # [___xxxxxxxxxxxxx] // 3089
ttl: "05" # // 5
protocol: "37" # // 55 - MOBILE
crc: "AC11"
source_ip: "050D1A78" # // 5.13.26.120
destination_ip: "1A78BF1C" # // 26.120.191.28
Mobile IP (?) - RFC 3344 移动IP(?) - RFC 3344
__ __ __ __ __ __ __ __ 66 c8 8f 11 b5 a9 50 18
3f b6 c8 f6 __ __ __ __ __ __ __ __ __ __ __ __
protocol: "66" # // 102 - PNNI
code: "C8" # // 200
crc: "8F11"
destination_ip: "B5A95018" # Home address // 181.169.80.24
source_ip: "3FB6C8F6" # Original sender // 63.182.200.246
Plus not identified part or already header from NDC message: 加上未标识NDC消息的部分或已标题:
__ __ __ __ 00 00 00 51 __ __ __ __ __ __ __ __
NDC Transaction Request Message (beginning) NDC交易请求消息(开始)
__ __ __ __ __ __ __ __ 31 31 1c 30 30 32 1c 1c
1c 31 3b 1c 3b 35 32 36 34 30 32 31 37 30 33 32
36 34 30 32 34 3d 31 34 30 35 32 32 31 31 30 30
a: "" # Protocol Header // skipped
b: "1" # Message Class
c: "1" # Message Sub-Class
FS: 0x1c
d: "002" # Logical Unit Number (LUNO)
FS: 0x1c
FS: 0x1c
e: // empty ?
FS: 0x1c
f: "1" # Top of Receipt Transaction Flag
g: ";" # Message Co-Ordination Number // 0x3b
FS: 0x1c
h: ";526402******4024=1405221100" # Track 2 Data // masked and expired
The rest part of NDC message in the next network packet / fragment. NDC消息的其余部分在下一个网络数据包/片段中。
解决方案3
2 2014-09-24 19:01:34
@user3223324 I agree with @kolossus on many of his points including someones personal info appears in your trace. @ user3223324我同意@kolossus的许多观点,包括某些个人信息出现在你的追踪中。 I can only hope it is a true test card. 我只能希望它是一张真正的测试卡。
This looks like a packet sniffer trace such as from Wireshark and not trace off of the terminal. 这看起来像是来自Wireshark的数据包嗅探器跟踪,而不是从终端跟踪。 Most ATM manufacturers have a trace mechanism right on the terminal itself that can be activated to capture Terminal to Host message and vice-versa but on newer machines requires escalated privilege or something in the possession of the field technician to activate with masking disabled. 大多数ATM制造商在终端本身上都有一个跟踪机制,可以被激活以捕获终端到主机消息,反之亦然,但在较新的机器上需要升级的权限或现场技术人员拥有的东西,以禁用屏蔽激活。 The host systems all also have a trace functionality that will at least turn it to text usually also accompanied by the hex for comparison. 主机系统都具有跟踪功能,至少将其转换为文本,通常还附带十六进制用于比较。 I believe Wireshark also has some basic HEX to Text conversion tools built into it. 我相信Wireshark还内置了一些基本的HEX to Text转换工具。
The other problem I see you possibly encountering is that you are trying to decode something that you think is ISO-8583 but it is not. 我看到你可能遇到的另一个问题是你试图解码你认为是ISO-8583的东西,但事实并非如此。 I know there are ISO-8583 ATMs out there, but they are few and far between as I believe most still run IFX, NDC, 911/912 or one of the other vendor specific formats or an emulation of them. 我知道那里有ISO-8583自动柜员机,但它们很少,因为我相信大多数仍然运行IFX,NDC,911/912或其他供应商特定格式之一或模拟它们。 Those are much shorter payload messages and there is little to no commonality between them and / or ISO-8583. 这些是有效载荷消息要短得多,它们和/或ISO-8583之间几乎没有共性。
On variants of ISO-8583, there are many many variants that share the same primary, secondary, and some tertiary bitmaps. 在ISO-8583的变体上,有许多变体共享相同的主要,次要和一些三级位图。 The specification itself allows for a lot of flexibility and customization and definition within certain criteria for many of the bitmaps, and then even the standard ones can have unique differences in the values they contain. 规范本身允许在许多位图的某些标准内进行大量灵活性和定制和定义,然后即使是标准位图也可以在它们包含的值中具有唯一的差异。
Most I see today are still a variant of ISO-8583-87 (Deluxe's is baseline of many) or a hybrid primarily supporting 01xx, 02xx, 04xx, and 08xx messages. 我今天看到的大多数仍然是ISO-8583-87的变体(Deluxe是许多的基线)或主要支持01xx,02xx,04xx和08xx消息的混合。 I wouldn't get hung up on the first position too much as other than internally within applications (ie Postilion & Base24) it is almost always 0. Some are all text, some BCD with packed bitmaps, some text bitmaps with packed numerics. 我不会在第一个位置上挂得太多而不是内部应用程序(即Postilion和Base24),它几乎总是0.有些都是文本,一些带有打包位图的BCD,一些带有数字填充的文本位图。
The other thing you are going to have to account for is data element ByteMaps and now TLV as well. 您要考虑的另一件事是数据元素ByteMaps,现在也是TLV。
So long answer, but we would need to know the format you are trying to parse or at least the make of the ATM. 如此长的答案,但我们需要知道您要解析的格式或至少是ATM的品牌。
解决方案4
1 2014-01-30 11:52:38
To reverse a hex dump to a message can be very error prone. 将十六进制转储反转为消息可能非常容易出错。 ISO8583 protocol implementation varies based on the data it carries and the format of the individual fields. ISO8583协议的实现因其携带的数据和各个字段的格式而异。 The field data can be BCD, ASCII etc and it may be fixed data or variable data that has a length indicator preceding the data to enable parsing. 字段数据可以是BCD,ASCII等,它可以是固定数据或可变数据,其在数据之前具有长度指示符以启用解析。
If I look at your message closely, I see a lot of 0x1C's in it. 如果我仔细查看你的消息,我会看到很多0x1C。 These are generally field separators and it leads me to believe the message is a raw atm message in the atms specification and is not a traditional ISO8583 message. 这些通常是字段分隔符,它使我相信消息是atms规范中的原始atm消息,而不是传统的ISO8583消息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.