11

I read about ISO 8583 messaging at WIKI and Code Project; I understood ISO 8583 messages can basically be divided in 3 parts:

  1. MTI (Message Type Indicator)

1.1. Version

1.2. Message Class

1.3. Message Function

1.4. Message Origin

  1. Bitmap

Indicate which data elements are present.

  1. DataElement

The essence of the whole ISO message, contain information about the transaction such as:

  • transaction type,

  • amount,

  • customerid, etc.

So, after reading these two web references, I want to make divide my ISO messaging log as MTI, bitmap, and Data Element.

For example:

(0800 2020000000800000   000000 000001 3239313130303031)
MTI:  0800 (1987 version, Network Management Message, Request, Acquirer)
Bitmap: 20 20 00 00 00 80 00 00 (eg. 20 = 0010 0000 ,so position 3 is on)
DataElement:(by seeing Bitmap , we can defined data element as follow)
    field 03:000000 (Processing Code)
    field 11:000001 (Systems trace audit number)
    field 41:3239313130303031 (Card acceptor terminal idenfication)

But my challenge is that I already have ISO 8583 messaging log from my ATM Machine.

This actual output messaging log is not very clear like the one in the snippet above.

So I cannot divide this message to MTI, Bitmap and Data element like upper example.

00000:00 5B 30 31 31 30 30 30 30 30 30 30 30 38 32 30 80 38 00 00  [.[01100000000820.8..]
00020:00 81 00 00 04 00 00 00 00 00 00 00 33 36 32 39 31 30 31 30  [............36291010]
00040:32 39 35 37 31 30 33 31 31 30 30 30 30 30 30 35 30 33 31 53  [2957103110000005031S]
00060:55 32 30 31 31 31 30 33 31 31 30 32 39 35 37 32 30 31 31 31  [U2011103110295720111]
00080:30 33 31 31 30 32 39 35 37 33 30 30 31                       [0311029573001       ]

I have no previous experience in ISO 8583 message and welcome suggestions.

nyedidikeke
  • 6,899
  • 7
  • 44
  • 59
Frank Myat Thu
  • 4,448
  • 9
  • 67
  • 113
  • I guess you'd get more help in a specialized forum, it seems to be a very localized question – CharlesB Nov 04 '11 at 08:45
  • thank you @CharlesB , could you please guide me which forum is suitable. – Frank Myat Thu Nov 04 '11 at 10:25
  • I have no idea as I'm not in the field, but an extensive search on the forums in the speciality could help – CharlesB Nov 04 '11 at 10:26
  • By the way, I proposed a dedicated site under stack exchange platform for these types of questions, and trust me they are a lot. http://area51.stackexchange.com/proposals/36383/payment-systems-delivery-channels-core-banking-applications?referrer=RSi_J2L_0RHscHukBCb_Dg2 – A.Rashad Nov 11 '11 at 07:04

3 Answers3

19

Got it,
This message is divided as follows:

First 2 bytes are the message length 00 5B = 91
Followed by 14 bytes of header = 01100000000820


Followed somehow by BMP as follows:

  • Primary BMP = 80 38 00 00 00 81 00 00 = Fields {1, 11,12, 13, 41, 48} exist
    Field 1 means secondary BMP exist
  • Secondary BMP = 04 00 00 00 00 00 00 00 = Field 70 exist

I am not sure where is MTI, will it be the 0820 at the trailer of the header? since it is in ASCII and usually it comes in numeric value of 08 20 but this might be part of the specs. 0820 means network management advice

anyways, the fields from the decoded BMP as follows:

  • DE 11 = 362910
    System Trace Audit Number
  • DE 12 = 102957
    Local transaction time hh(24)mmss
  • DE 13 = 1031
    Local transaction date MMDD
  • DE 41 = 10000005
    terminal ID
  • DE 48 = (031) SU20111031102957201110311029573
    notice the 3 digits length field preceding the remaining data in this field. which is a generic (future/private use) field
  • DE 70 = 001
    network management information code <001 = sign on>

From DE 70 value 001 this is a sign on message, which must be a 0800 MTI.

To get more information about the location of the MTI and the meaning of DE 48, you should read the manual (technical specs) of this device to get more information.

A.Rashad
  • 1,066
  • 12
  • 26
  • 1
    By the way, do you use any ISO 8583 analyzer software ? If you do, please let me know this tool also. – Frank Myat Thu Nov 11 '11 at 03:22
  • 1
    you are most welcome @MyatThu . believe it or not I am using "My Own Brain" v 1.0 , I've been working in ISO for almost 13 years, reading a dump message would be as simple as reading English. However, I've seen some free tools capable of decoding ISO Msgs before. try to go through the technical specs, use notepad and it will be an easy task, easier than a ready made S/W – A.Rashad Nov 11 '11 at 06:45
  • 2
    Please don't get me wrong, @A.Rashad. I believe that you have great experiences about ISO 8583, but why i ask you about analyzer software is I just want to test with these tool. I am so sure that you don't need any tool to translate message, because of you own experience can make you understand. Please don't get me wrong. – Frank Myat Thu Nov 11 '11 at 09:36
  • 3
    don't worry, I totally understand what you are saying, that's why I wish we could have some site to discuss such matters. we suffered big time back n the 90's and we had to decode ISO messages with pencil and paper, same goes to other message formats, such as NDC & D912. I believe we need to build a community for this to pass tools and experience to the new generation. good work and keep it up – A.Rashad Nov 11 '11 at 10:56
  • I really appreciate your help @A.Rashad. Now I understand overview of the ISO 8583 because of your answer. But I still have one more question to ask, and I also hope that if you don't mind you will give me answer back. By seeing the way you analyzing about ISO 8583, I think that you don't use below digits when you reading these message. "0000: at first line, 00020: at second line, 00040: at third line of my logging." Aren't those digits essential to include at reading ISO message ? If so, why ? – Frank Myat Thu Nov 11 '11 at 11:01
  • well, those are only to inform you the byte number of the first byte in this line. so 00 is bye #0, 5B is byte #1 and so on. this would differ from one data dump to another, in this case it shows 20 bytes per row and is showing byte number in decimal. some other would show only 16 and byte numbers are shown in hex – A.Rashad Nov 11 '11 at 11:52
6

while sending ISO 8583 message we are converting it in BCD/HEX form ,use Wireshark tool to

track communication between IP and Ports.

Tush
  • 181
  • 1
  • 10
0

A good online bitmap analysis tool is https://neapay.com/online-tools/bitmap-fields-decoder.html.

Sometime helps the https://codebeautify.org/hex-string-converter tool.

For a better understanding of the ISO 8583 message format, it is useful to analyse each field manually. However, each field can have length and value subfields in different formats (BCD, EBCDIC, ASCII ...). And some fields may have inner fields, for example BMP 48 or 60 often used as containers for nested field trees. These inner fields may have tag, length and value. And nested fields of these fields may have different formats again :). For example the https://github.com/credibledoc/credible-doc/blob/master/iso-8583-packer/doc/ebcdic/ebcdic-decimal-tag-packer.md page describes a field with EBCDIC tag and BCD value.

You can use the https://github.com/credibledoc/credible-doc/tree/master/iso-8583-packer Java library (I am the author) for building ISO 8583 messages. The example of ISO message above can be unpacked and packed with the iso-8583-packer library.

Message data:

<f name="Root" lenHex="005B">
    <f name="Header" val="0110000000" valHex="30313130303030303030"/>
    <f name="MTI" val="0820" valHex="30383230"/>
    <f name="Bitmap" bitmapHex="80380000008100000400000000000000" bitSet="{1, 11, 12, 13, 41, 48, 70}">
        <f name="SystemTraceAuditNumber" fieldNum="11" val="362910" valHex="333632393130"/>
        <f name="LocalTransactionTimeHHMMSS" fieldNum="12" val="102957" valHex="313032393537"/>
        <f name="LocalTransactionDateMMDD" fieldNum="13" val="1031" valHex="31303331"/>
        <f name="TerminalId" fieldNum="41" val="10000005" valHex="3130303030303035"/>
        <f name="PrivateData_48" fieldNum="48" val="SU20111031102957201110311029573" lenHex="303331" valHex="53553230...39353733"/>
        <f name="NetworkManagementInformationCode" fieldNum="70" val="001" valHex="303031"/>
    </f>
</f>

Message Structure:

<f type="LEN_VAL" name="Root" lengthPacker="BinaryLengthPacker" bodyPacker="AsciiBodyPacker">
    <f type="VAL" name="Header" bodyPacker="AsciiBodyPacker" len="10"/>
    <f type="VAL" name="MTI" bodyPacker="AsciiBodyPacker" len="4"/>
    <f type="BIT_SET" name="Bitmap" bitMapPacker="IfbBitmapPacker">
        <f type="VAL" fieldNum="11" name="SystemTraceAuditNumber" bodyPacker="AsciiBodyPacker" len="6"/>
        <f type="VAL" fieldNum="12" name="LocalTransactionTimeHHMMSS" bodyPacker="AsciiBodyPacker" len="6"/>
        <f type="VAL" fieldNum="13" name="LocalTransactionDateMMDD" bodyPacker="AsciiBodyPacker" len="4"/>
        <f type="VAL" fieldNum="41" name="TerminalId" bodyPacker="AsciiBodyPacker" len="8"/>
        <f type="LEN_VAL" fieldNum="48" name="PrivateData_48" lengthPacker="AsciiLengthPacker" bodyPacker="AsciiBodyPacker"/>
        <f type="VAL" fieldNum="70" name="NetworkManagementInformationCode" bodyPacker="AsciiBodyPacker" len="3"/>
    </f>
</f>

The example above can be found on GitHub https://github.com/credibledoc/credible-doc/blob/master/iso-8583-packer/src/test/java/com/credibledoc/iso8583packer/examples/UnderstandingIso8583MessageLogTest.java

BMP 55 often contains TLV EMV data. The https://paymentcardtools.com/emv-tlv-parser tool is useful in the case.

Kyrylo Semenko
  • 866
  • 9
  • 11