Scribd
Upload
112 views24 pages

Communication Protocol of CDM6240 Cash Dispenser

Uploaded by

Sebastian Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
112 views24 pages

Communication Protocol of CDM6240 Cash Dispenser

Uploaded by

Sebastian Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Communication Protocol

for CDM6240

No.:
Version: v1.0
Issued on:
Document History
Personnel
No. and name Version Date Revision description
involved
Communication Created and issued for the Prepared by:
V1.0 July 14, 2013
Protocol for CDM6240 first time Approved by:

Confidential material of GRG, No disclosure to unauthorized Party 2/24


I. Overview
1. Scope of Application
Communication Protocol for CDM6240 describes the communication protocol, commands of all
underlying interfaces and the corresponding data frame format of CDM6240 in detail. It is mainly
used for secondary development of the dispenser. The intended users can drive and test the cash
dispenser by using this document.
Note: This Protocol is only applicable to longitudinal cash dispensers.

2. Copyright Statement
All rights reserved by GRGBanking. Without its permission, any third party shall not copy or
publish this document. Without prior notification of the user, GRGBanking shall have the right to
modify and supplement this document at any time. Therefore, the information contained in this
document may not be the latest. If you want to get more precise information, please contact your
supplier.

3. Version number
Version number consists of:

Time of build in development


build number
Subversion number
Main version number
Version number

Requirements for version upgrade:


1. Upgrade of main version number:

Where there is major change in the medium program architecture;

Where there is major change in functions;

Where the upgraded contents are incompatible with previous versions.

2. Upgrade of sub-version number:

When a new function is added or defects are fixed, version number shall be upgraded, and upgrade
of version number shall be compatible with previous versions.
3. Upgrade of Build number:

When small defects and errors are fixed, it is necessary to upgrade the Build number

Confidential material of GRG, No disclosure to unauthorized Party 3/24


II. Communication Protocol
The communication mentioned above occurs between a PC (primary station) and the cash dispenser
(secondary station), which is implemented by RS232 protocol.

1. Communication protocol
Communication mode: asynchronous communication
Baud rate: 9600 Baud/s
Data structure: 10 bits, one start bit + 8 data bits + 1 end bit, no odd-even check.
Maximum transmission bytes: 2048Byte
Handshake: Non-handshake mode
The hardware non-handshake mode is supported between the cash dispenser and a PC. DTR and DSR are
short-circuited, and RTS and CTS are short-circuited at each communication terminal, and only three signal lines
of the RS232 interface (i.e. TXD, RXD and GND) are used. The connection method is as follows:

PC PC端
end 机芯端end
Dispenser

1 DCD 1 DCD

2 RXD 2 RXD

3 TXD 3 TXD

4 DTR 4 DTR

5 SG 5 SG

6 DSR 6 DSR

7 RTS 7 RTS

8 CTS 8 CTS

9 NC 9 NC

不支持硬件握手形式
The hardware handshake mode is not supported.

Confidential material of GRG, No disclosure to unauthorized Party 4/24


2. Communication control code and frame format
Communication control frame format
Code Value Meaning
STX 0x07 Start of prediction frame and end of frame header
ETX 0x08 End of prediction frame
ENQ 0x05 Request response
ACK 0x06 Correct response
NAK 0x15 Wrong response
DLE 0x10 Form transmission and control function together
with code following it
DLE ENQ ID 0x10 0x05 ID (3 BYTE) Command execution confirmation
DLE ACK ID 0x10 0x06 ID (3 BYTE) Response to correct receiving
DLE NAK ID 0x10 0x15 ID (3 BYTE) Response to wrong receiving
Note:
ID: The command sequence is indicated by 3 bytes, low bytes followed by high bytes. For each
communication, the receiving and sending progress requires the same ID; however, the front and
rear packets shall have different ID, otherwise packets may be judged as invalid.
Communication frame format
DLE STX LENGTH DATA ID DLE ETX CRC

Length range

CRC calculation range

Notes:
LENGTH: 2 bytes
Command frame: data length in DATA area, low bytes followed by high bytes, range [0 - 1000].
Response frame: data length in DATA area: -12 (excluding the first 12-byte data in DATA area),
high bytes followed by low bytes, range [0 - 1000].
DATA: command and response frame data.
CRC: 2-byte check code, high bytes followed by low bytes.
The total length of data frame is not more than 1024 bytes.

3. Communication flow
Communication principle

Confidential material of GRG, No disclosure to unauthorized Party 5/24


The dispenser cannot execute the received command directly without confirmation from the upper
layer;
The mode that one request corresponds to one response is used; and the host and the dispenser are
not allowed to send 2 or more information strings successively;
When the dispenser fails to respond a command, the communication layer of the host cannot request
the dispenser to execute it again.
Sequence diagram for normal communication

4. Calculation of check code

Calculation of CRC check code

Cyclical Redundancy Check (CRC) can implement error detecting based on the principle of
division method and remainder. During actual application, the transmitter installation calculates
CRC value and sends it to the receiving device together with data; and the receiving device
recalculates CRC according to the received data and compares it with the received CRC. Two
different CRC values indicate wrong data communication.
The check algorithm of medium program is based on CRC-CCITT. CRC-CCITT code is used to
transmit 8-bit character in European countries and consists of two bytes. CRC-CCITT polynomial is
X16+X12+X5+1.
The implementation method of CRC-CCITT code includes a bit algorithm, a half-byte algorithm
and a byte algorithm. In case of high speed transmission, the bit algorithm is inefficient and CRC
remains lookup table of the byte algorithm occupies large program memory. Thus, the half-byte
algorithm is used to calculate CRC of data packet according to look-up table.
Main idea of the algorithm is as follows: data circulation moves four digits leftwards, then new
CRC high byte value can be obtained by looking up the high type remains lookup table according to
the obtained CRC high byte plus the four digits, and new CRC low byte value can be obtained by
looking up the low type remains lookup table according to the obtained CRC low byte plus the four
digits. After all data circulation is removed from CRC, the obtained CRC is the final value.
The algorithm is as follows: (Refer to the appendix in this document for specific realization
method of functions)
The value among CRC is the first two bytes of data (if data have one byte only, assign 0 to low byte
of CRC).

Confidential material of GRG, No disclosure to unauthorized Party 6/24


While (data are not checked completely)
Begin
Move value among CRC leftwards for 4 digits, read new four digits and place them in low 4 digits
among CRC.
CRC_H=CRC_H^ cst_H [4 digits moved from CRC]
CRC_L=CRC_L^ cst_L [4 digits moved from CRC]
End
where, cst_H[ ] and cst_L[ ] are the high byte remains lookup table and the low byte remains
lookup table respectively. If the half-byte remains lookup table is used, the remains lookup table is
as follows:
unsigned char cst_H[16]=
{0x00,0x10,0x20,0x30,0x40,0x50,0x60,0x70,
0x81,0x91,0xa1,0xb1,0xc1,0xd1,0xe1,0xf1
};
unsigned char cst_L[16]=
{0x00,0x21,0x42,0x63,0x84,0xa5,0xc6,0xe7,
0x08,0x29,0x4a,0x6b,0x8c,0xad,0xce,0xef
};

Calculation of MAC check code

The calculation of MAC check code can be implemented by calling the function iGenerateMac() in
the GRGCDMMAC.dll file provided by the supplier. Refer to appendix of this document for
specific methods of using the function.

Confidential material of GRG, No disclosure to unauthorized Party 7/24


III. Command and Response Frames
1. Frame format
Command frame: C TTTTT [PP……]
C — Command code
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”, such as “1-30 16:49:28”, then the time
parameter is 0x01 0x1E 0x10 0x31 0x1C.
P — Input parameter according to command needs.
Response frame: C SSSSSSSS R EE [PP……]
C — Response code, the same as the command code
S — Sensor status, 8 bytes in total
R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning, low bytes followed by high bytes
P — Input parameter, selectable and input according to command needs
Sensor status:
First byte (bit7-0): SLS FCS 6 FCS 5 FCS 4 FCS 3 FCS 2 FCS1 NULL

Second byte (bit7-0): NULL NULL NULL NULL PES TES RFS NULL

Third byte (bit7-0): NULL LOCK6 LOCK5 LOCK4 LOCK3 LOCK2 LOCK1 RVES

Fourth byte (bit7-0): NULL NULL NULL NULL NULL NULL NULL NULL

Fifth byte (bit7-0): NULL CLLS6 CLLS5 CLLS4 CLLS3 CLLS2 CLLS1 NULL

Sixth byte (bit7-0): CIDS2d CIDS2c CIDS2b CIDS2a CIDS1d CIDS1c CIDS1b CIDS1a

Seventh byte (bit7-0): CIDS4d CIDS4c CIDS4b CIDS4a CIDS3d CIDS3c CIDS3b CIDS3a

Eighth byte (bit7-0): CIDS6d CIDS6c CIDS6b CIDS6a CIDS5d CIDS5c CIDS5b CIDS5a

Note: NULL is reserved byte;

TES is the dispenser exit sensor, RFS is the retract entrance sensor, and SLS is the thickness
front-sensor,
PES is the bundle dispenser exit sensor, FCS(n) is the cassette exit sensor;
All the sensors are opposite-type transport sensors, 0 indicates that the sensors are not blocked, and
1 indicates that notes are blocked.

Confidential material of GRG, No disclosure to unauthorized Party 8/24


LOCK(n) indicates that the cassette lock is a U-sensor, 0 indicates that the cassette lock is normal,
and 1 indicates that the cassette lock is unlocked;
RVES indicates reject vault exist test, 0 indicates that the reject vault is pulled out, and 1 indicates
that the reject vault is in an insertion status;
CLLS(n) indicates cassette low level Hall sensor, and 1 indicates cassette low level;
CIDS(n) indicates magnetic cassette ID consisting of 4 bytes, i.e., d-a from high byte to low byte.

Confidential material of GRG, No disclosure to unauthorized Party 9/24


Command 0x49('I') Initialize

Command frame:
C TTTTT
C — Command code, 0x49, ‘I’
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
Response frame:
C SSSSSSSS R EE J O NIPPP NIPPP NIPPP NIPPP NIPPP NIPPP
C — Response code, 0x49, 'I', the same as the command code
S — Sensor status, 8 bytes in total
R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
J — Number of rejected notes
O — Number of notes delivered to the presenter
N — Hopper number
I — Magnetic ID of cassette
P — Cassette parameters, i.e., note width, length and thickness
Notes:
Each NIPPP corresponds to a piece of cassette information;
The hopper number is fixed from 1 to 6 and cannot be modified;
The magnetic ID of cassette: from 0x01 to 0x0F;
Note width: from 60 to 82;
Note length: from 120 to 165;
Note thickness: from 60 to 180.
Command execution action:
Check whether the set values of note parameters are correct;
Check whether the diverter can move correctly, and finally remain the diverter in an upward
position;
Check the status of the reject vault and cassette;

Confidential material of GRG, No disclosure to unauthorized Party 10/24


Clear the transport, and reject notes if any in the transport to the reject vault;
Check whether the main motor is blocked;
Check for note jamming;
Check whether the thickness sensor is normal;
Display error code on the Nixie tube in case of any error.
Timeout: The recommended timeout is 180s.

Confidential material of GRG, No disclosure to unauthorized Party 11/24


Command 0x53('S') Get status

Command frame:
C TTTTT
C — Command code, 0x53, 'S'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
Response frame:
C SSSSSSSS R EE PPPPPPPPPP
C — Response code, 0x53, 'S', the same as the command code

S — Sensor status, 8 bytes in total


R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
P — Reserve a 10-byte parameter
Command function description:
Read the status of all sensors of the dispenser;
Display error code on the Nixie tube in case of any error.
Timeout:
The recommended timeout is 3s.

Confidential material of GRG, No disclosure to unauthorized Party 12/24


Command 0x52('R') Read cassette parameters

Command frame:
C TTTTT
C — Command code, 0x52, 'R'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
Response frame:
C SSSSSSSS R EE NIPPP NIPPP NIPPP NIPPP NIPPP NIPPP
C — Response code, 0x52, 'R', the same as the command code

S — Sensor status, 8 bytes in total


R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
N — Hopper number
I — Magnetic ID of cassette
P — Cassette parameters, i.e., note width, length and thickness
Notes:
Each NIPPP corresponds to a piece of cassette information;
The hopper number is fixed from 1 to 6 and cannot be modified;
The magnetic ID of cassette: from 0x01 to 0x0F;
Note width: from 60 to 82;
Note length: from 120 to 165;
Note thickness: from 60 to 180;
Command function description:
Read cassette parameter information from EEPROM and return;
Display error code on the Nixie tube in case of any error.
Timeout:
The recommended timeout is 5s.

Confidential material of GRG, No disclosure to unauthorized Party 13/24


Command 0x50('P') Set cassette parameters

Command frame:
C TTTTT NPPP NPPP NPPP NPPP NPPP NPPP
C — Command code, 0x50, 'P'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
N — Hopper number
P — Cassette parameters, i.e., width, length and thickness
Response frame:
C SSSSSSSS R EE
C — Response code, 0x50, 'P', the same as the command code
S — Sensor status, 8 bytes in total
R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
Note:
Each NPPP corresponds to a piece of cassette information;
The hopper number is fixed from 1 to 6 and cannot be modified;
Note width: from 60 to 82;
Note length: from 120 to 165;
Note thickness: from 60 to 180;
The cassette parameters can be set at any time according to the configuration of the cassette in each
hopper.
Command function description:
Check the effectiveness of the set parameters;
Store effective parameters in EEPROM;
Display error code on the Nixie tube in case of any error.
Timeout:
The recommended timeout is 5s.

Confidential material of GRG, No disclosure to unauthorized Party 14/24


Command 0x44(‘D’) Dispensing

Command frame:
C TTTTT Y ID ID ID ID ID ID MMMM
C — Command code, 0x44, 'D'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
Y — Fixed value: 0x55
I — Hopper number, fix from 1 to 6 and cannot be modified
D — Number of notes dispensed form cassettes; if D is 0, no notes are dispensed form cassettes.
M — MAC check, 4 bytes in total, 4-byte MAC check code obtained by calling iGenerateMac()
function, a total of 19 bytes from C to D are involved in the calculation. Refer to the appendix for
specific calling method of functions.
Response frame:
C SSSSSSSS R EE D J Y IDJA IDJA IDJA IDJA IDJA IDJA MMMM
C — Response code, 0x44, 'D', the same as the command code
S — Sensor status, 8 bytes in total
R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
D — The first D is the total number of notes rejected, and the following 6 bytes are the number of
notes rejected by each cassette
J — The first J is the total number of notes rejected, and the following 6 bytes are the number of
notes rejected by each cassette
Y — Fixed value: 0x55
I — Hopper of the cassette
A — Corrected value, it is suspected to be the number of overlapped notes
M — MAC check, 4 bytes in total, 4-byte MAC check code obtained by calling iGenerateMac()
function, a total of 27 bytes from D to A are involved in the calculation.
Note: The maximum number of notes dispensed is 20.
Command execution action:
CDM self test, check to see if sensor and motor are normal;

Confidential material of GRG, No disclosure to unauthorized Party 15/24


Test the legality of dispensing parameters;
Successively specify cassettes to dispense notes based on the sequence of the hoppers;
Check to see if notes in the transport are acceptable;
Check the transport for note jamming;
Deliver valid notes to the presenter and invalid notes to the reject vault;
Count the number of valid and invalid notes;
Display error code on the Nixie tube in case of any error.
Timeout: The recommended timeout is 180s.

Confidential material of GRG, No disclosure to unauthorized Party 16/24


Command 0x76 (‘v’) Get version

Command frame:
C TTTTT
C — Command code, 0x76, 'v'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
Response frame:
C SSSSSSSS R EE VVVVVVV
C — Response code, 0x76, 'v', the same as the command code
S — Sensor status, 8 bytes in total
R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
V — Version information
Note:
Version information (7 bytes in total) is in the form of vx.xbxx, the first, third and fifth bytes are
fixed at ‘v’‘.’‘b’.
Command function description:
Return the medium program version number;
Display error code on the Nixie tube in case of any error.
Timeout:
The recommended timeout is 3s.

Confidential material of GRG, No disclosure to unauthorized Party 17/24


Command 0x43('C') Purge

Command frame:
C TTTTT
C — Command code, 0x43, 'C'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
Response frame:
C SSSSSSSS R EE J D
C — Response code, 0x43, 'C', the same as the command code

S — Sensor status, 8 bytes in total


R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
J — Number of rejected notes
D — Reserved byte
Command execution action:
When the main motor runs, periodically check the status of each sensor;
If notes are detected in the feeder transport, start the feed motor to feed the notes;
Count the number of notes delivered to the reject vault after the main motor stops;
Check the transport for note jamming;
Deliver the notes in the transport to the reject vault;
No note is allowed to be delivered out of the presenter. Immediately stop the dispenser when notes
are delivered to TES;
Display error code on the Nixie tube in case of any error.

Note:
If invalid note and note jamming error exist in the sensor, clear notes through this command. In
order to prevent delivering out any invalid note, the notes cannot be cleared through this command
when invalid notes enter the TES or note jamming exists in the TES.
Timeout:
The recommended timeout is 30s.

Confidential material of GRG, No disclosure to unauthorized Party 18/24


Command 0x46('F') Force purge

Command frame:
C TTTTT
C — Command code, 0x46, 'F'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
Response frame:
C SSSSSSSS R EE J O
C — Response code, 0x46, 'F', the same as the command code

S — Sensor status, 8 bytes in total


R — Response result: ’e’: command execution error; ’s’: correct command execution; ’w’:
command execution warning
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning
J — Number of rejected notes
O — Number of notes delivered out of the presenter
Command execution action:
When the main motor runs, periodically check the status of each sensor;
If notes are detected in the feeder transport, start the feed motor to feed the notes;
Count the number of notes delivered to the reject vault and presenter after the main motor stops;
Check the transport for note jamming;
Deliver notes not passing the diverter in the transport to the reject vault;
Deliver out notes passing the diverter in the transport;
Display error code on the Nixie tube in case of any error.
Note:
If notes in the transport are delivered out of the dispenser through this command, only authorized
personnel can clear notes at the TES through this command.
Timeout:
The recommended timeout is 30s.

Confidential material of GRG, No disclosure to unauthorized Party 19/24


Command 0x4D(‘M’) Write RFID data

Command frame:
C TTTTT N S L DDDD...
C — Command code, 0x4D, 'M'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
N — Hopper number; 0: reject vault, 1-6: the corresponding hopper
S — Block address. See Appendix 3 “Storage structure of non-contact IC card”. It is recommended
to use the block address 0x0C
L — Data length, 1-16
D — Data, maximally 16 bytes
Response frame:
C SSSSSSSS R EE
C — Command code, 0x4D, 'M'
S — 8 bytes in total, sensor status
R — Response result: ’e’: command execution error; ’s’: correct command execution
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning, low bytes followed by high bytes
Command function description:
Directly write RFID data, RFID data can be written according to customer needs;
Display error code on the Nixie tube in case of any error.
Timeout:
The recommended timeout is 5s.

Confidential material of GRG, No disclosure to unauthorized Party 20/24


Command 0x4E(‘N’) Read RFID data

Command frame:
C TTTTT N S L
C — Command code, 0x4E, 'N'
T — Time, 5 bytes in total, i.e., “MM/DD/hh/mm/ss”
N — Hopper number; 0: reject vault; 1-6: the corresponding hopper
S — Block address. See Appendix 3 “Storage structure of non-contact IC card”. It is recommended
to use the block address 0x0C
L — Data length, 1-16
Response frame:
C SSSSSSSS R EE DDDD...
C — Command code, 0x4E, 'N'
S — 8 bytes in total, sensor status
R — Response result: ’e’: command execution error; ’s’: correct command execution
E — Error code presenting when the command is incorrectly executed and valid only when the
response result is error or warning, low bytes followed by high bytes
D — Data, maximally 16 bytes, the actual length is returned based on the length specified by the
command frame
Command function description:
Directly read RFID data, maximally 16 bytes;
Display error code on the Nixie tube in case of any error.
Timeout:
The recommended timeout is 5s.

Confidential material of GRG, No disclosure to unauthorized Party 21/24


Appendix Description of CRC and MAC Check Functions

I. Description of CRC check function

word uiCrc(unsigned char *p_pcData, unsigned int p_uiLength)

Functional description: Calculate the CRC check value according to the input data.
Parameter description:
Parameter type Parameter name Input/output Description
char * p_pcData in Data to be checked
unsigned int p_uiLength in Input data length
Function return: Return check code, the type is word.

word uiCrc(unsigned char *p_pcData, unsigned int p_uiLength)


{
unsigned char cst_H[16]=
{0x00,0x10,0x20,0x30,0x40,0x50,0x60,0x70,
0x81,0x91,0xa1,0xb1,0xc1,0xd1,0xe1,0xf1
};
unsigned char cst_L[16]=
{0x00,0x21,0x42,0x63,0x84,0xa5,0xc6,0xe7,
0x08,0x29,0x4a,0x6b,0x8c,0xad,0xce,0xef
};

unsigned char j;
unsigned int i;
unsigned char kh,kl;

if(p_uiLength==0)
return(0);

kh=*p_pcData;

if(p_uiLength>1)
kl=*(p_pcData+1);
else
kl=0;

for(i=0;i<p_uiLength;i++)
{

Confidential material of GRG, No disclosure to unauthorized Party 22/24


j= (byte)(kh/16);

kh=(byte)(kh*16);
kh=(byte)(kh+(kl/16));

kl=(byte)(kl*16);
if( (i+2)<p_uiLength )
kl=(byte)(kl + (*(p_pcData+i+2)/16));

kh=(byte)(kh^cst_H[j]);
kl=(byte)(kl^cst_L[j]);

j= (byte)(kh/16);

kh=(byte)(kh*16);
kh=(byte)(kh+(kl/16));

kl=(byte)(kl*16);
if( (i+2)<p_uiLength )
kl=(byte)(kl + (*(p_pcData+i+2)&0x0F));

kh=(byte)(kh^cst_H[j]);
kl=(byte)(kl^cst_L[j]);
}
return(word)(kh*256+kl);
}

II. Description of MAC validation interface function


Overview: GRGCDMMAC.dll is a MAC calculation interface dynamic library provided by
GRGBanking to the third party to develop the CDM (Cash Dispenser Module) driver. In the CDM
driver, this interface is used to dispense and test the dispensing function.
Scope of application: Software tester, software developer
Dynamic link library name: GRGCDMMAC.dll
Software environment: operating in WINDOWS2000 or WINDOWS XP SP2.
Interface function description:
int iGenerateMac(char *p_pbyInputData, int p_iLength, char *p_byCheckData)
Functional description: Calculate the MAC check value according to the input data.
Parameter description:
Parameter type Parameter name Input/output Description

Confidential material of GRG, No disclosure to unauthorized Party 23/24


char * p_pbyInputData in MAC data to be calculated
int p_iLength in Input data length
char * p_byCheckData out MAC check value (8 bytes)
Function return: The returned values are in the type of int, being 0 or 1. If a returned value is 0, a
command is correctly executed; if the value is 1, the command is not correctly executed.
Note: The 8-byte MAC check value is returned, and the first 4 bytes are only used for calculation.
III. Storage structure of non-contact IC card
The non-contact Mifare card has a storage capacity of 1KB. It uses EEPROM as the storage medium. Data on the
card can be read and written for more than 100,000 times, data can be stored for more than 10 years, and the
antistatic protection ability of the card is above 2KV. The whole structure is divided into 16 sectors numbered
from 0 to 15. Each sector consists of 4 blocks, i.e., block 0, block 1, block 2 and block 3. Each block has 16 bytes,
and each sector has a total of 64 bytes. Except sector 0, the first 3 blocks of each sector are data blocks that can be
read and written in. The fourth block is a key block that cannot be accessed to ensure data security. Data in block
0 of sector 0 (i.e., the first 16 bytes) are the manufacturer code. These data can be read only. Block 1 and block 2
are factory reserved data areas. Both the blocks are in a read-only mode.

Sector Block Data Read-write Block address


0 Manufacturer code RO 0x00
1 Reserved data block RO 0x01
0
2 Reserved data block RO 0x02
3 Key block NWNR 0x03
0 Data block WR 0x04
1 Data block WR 0x05
1
2 Data block WR 0x06
3 Key block NWNR 0x07
0 Data block WR 0x08
1 Data block WR 0x09
2
2 Data block WR 0x0A
3 Key block NWNR 0x0B
0 Data block WR 0x0C
1 Data block WR 0x0D
3
2 Data block WR 0x0E
3 Key block NWNR 0x0F
......
0 Data block WR 0x3C
1 Data block WR 0x3D
15
2 Data block WR 0x3E
3 Key block NWNR 0x3F

RO is read-only, WR is write-read, NWNR is not accessible.

Confidential material of GRG, No disclosure to unauthorized Party 24/24

You might also like