Forum Library
Professional
ATMs and credit cards has long been on the streets of large cities and gradually enter into our lives. What is a cash machine in terms of the hacker? Correctly, the source of freebies and fast way to earn some pocket some money. After all, if to steal a dozen or two dollars, who would you look for?
According to bank employees, justified from a financial point of view will search for the kidnapper, umyknuvshego in your pocket at least $ 300 evergreen.
Reduce that figure by half for security and accept received one hundred and fifty dollars as of the ceiling, go beyond that is not worth even if very, very much want to buy a new motherboard or microprocessor, and to them faster modem into the bargain.
However, from a legal point of view of the abduction of even one dollar - theft. So, before you go to the nearest ATM with pliers and a screwdriver, be reserved just in case, grab a pair of lawyers and Schwarzenegger in the event that a little bit to withhold the security services of the bank, while you reel fishing rod. In order to get money enough to find a lost card and insert it into the slot machine. Need to type the specific code on the card is not written and stored on the client in mind
By itself without the card useless piece of plastic. In addition, its former owner, as soon discovers the loss, immediately call the bank, and cards will be issued a sign removal. In other words, it will disappear in the bowels of the ATM and has never gets to your hands. Therefore, we need not only to find the card, but also spy on the input by its owner password, and withdraw the required amount before, as he discovers the loss.
However, if we really were able to peek the password, then steal the card is absolutely unnecessary. It is enough to count. What did in his time the guys from Estonia. History noisy and known to almost everyone carders. In expensive restaurants, waiter, while carrying the card customer, managed to take her portable device the size of a pack of cigarettes manufactured from conventional tape heads, batteries, a signal amplifier and recorder. Error hot Estonian guys was that they robbed and often long hours. In other words, greed.
But in other stories attackers were more fortunate. Once on the unfrequented street of one small town, a new ATM. Naturally, there were those that wished to use it. Immersed in his card, enter the password. Waiting for themselves waiting for a teller he says: I'm sorry, they say, no money or connections - in short, gives nepodozritelnoe explanation can not give money. The bank for a long time could not understand - how committed the theft? Somehow, no one in the head and could not come to the idea that the ATM is a sham and a specially installed by hackers to read maps, and remembering passwords. Later, he was dismantled, but the attackers appear to have not been found. Over half of the year (and that is how much he managed to stand) carders siphoned into your account a considerable amount. Yet ordinary hacker soon finds dropped by someone in a hurry tysyachedollarovuyu bills than stale in a landfill ATM. Maybe there is a simpler way?
Yes, but this will require the ability to keep the soldering iron in your hands to make myself a hardvaringovy device, as well as to understand the network protocols at the link layer. The idea is simple to outrageous: as an ATM in itself does not store any information and always seeks the answer to the bank, it is possible, crashing into a cable between it and the bank, to intercept the traffic and falsify it fit us properly. No bank is unable to guarantee the integrity of the cable along its entire length.
Of course, for the analysis of communications protocol will need a personal computer and a program to remove the dump and presenting it in a readable form. You can, for example, use the compact and small utility pio and navigator control bleak_l, carefully written by a hacker to break into KRMS NTV, but it is quite appropriate for this case.
The only thing that will have to solder their own, so this is a controller for connection to a bank cable. On the Net a lot of different schemes and enthusiasts, offering a relatively small amount of money to buy ready-made products. One way or another, but we shall assume that such a device we have.
Our next steps:
1. Cuts into the line between the ATM and authorization cent (note that the crash would have to break the cable, so you continue to not only capture but also to block any pass packets). Of course, that if we could at least momentarily interrupt the integrity of the cable, it failed miserably. Therefore, the search in books circuitry instantaneous switching on the fly. " Similarly, fraudsters neutralized complex system of electronic alarms. Not those in stores, on the order perfect.
2. Observe the shipment of packages without any action. Only observe, to understand the logic. In fact it is "only" is a tedious and laborious protocol analysis and decoding of all the fields of packet headers with a view to later be able to generate and send your own packages, without fear that they somehow will be different from reality.
3. Now manipulate the legal card (this means that at a measure of one card you'll have all the same make) in order to understand the logic of exchange. In particular, to find and identify the transmitted ATM requests and returns responses to it.
4. Let us now compare this with the outstanding card to determine the response of the system in such a situation, as well as find and identify the error codes (they are then we need).
5. Finally, the small tyapnem for bravery, and leaving Schwarzenegger to ride, will start the process. Puts our map, on account of which are left after the experiments with the ATM a few dollars.
6. Observe how the ATM sends a request, including the number of our accounts and everything else. We do not interfere in this process.
7. Authorisation Centre must return the response, which contains much useful information. Among her - the maximum possible amount for withdrawal. This is where we intercept the package and replace him another hat does it differ from the original, you should not, perhaps, even to speak - and so everything is clear. But be careful! This amount may be present in several fields, in addition, need to be adjusted and the checksum field, otherwise nothing happens! This is the most difficult moment of breaking.
8. However, at this stage you have no risk. If you make a mistake, just intercept back a response ATM and do not miss it. After all, you still remember the error codes, is not it? And why try, while the ATM is not "swallow" the false packets.
9. Well, now requires so much money from the ATM, how much you have enough conscience. At this time, ATM transfers to the bank how much money had been withdrawn. Real. This information should be intercepted and sent a false pack that money from only 1 dollar (or how much you have left there earnest on the card). Be very careful. Now forged packet has a bank, and any false move will irrevocably fixed the security system, and even Schwarzenegger will soon appear zharkovato.
10. Well that's all. Has a little problem - how to ensure the convergence of debits and credits. Because ATM is logs and records of all actions. Think about how you can cheat the system.
11. Finally, all! You disconnect your laptop from the cable, possibly disguised illegal connections, and set off to the nearest computer salon for a new microprocessor.
12. However, remember that many ATMs are equipped with control television cameras that is not good. But fortunately, not all and steel rat always find the slot!
But in general, to break the ATM, a good idea to look into their device, a typical exchange protocol and software That is, one way or another to choose a job related to their development, creation, or at least the operation in case you get really accurate information about their device, as well as the strengths and weaknesses But the vulnerability they really have only one that is not obvious to an outsider, not a man who worked with them. But like any human creation, it is not inherent flaws in a smaller number. However, whether you will engage in petty cheating, being on the high-paying job?...
According to bank employees, justified from a financial point of view will search for the kidnapper, umyknuvshego in your pocket at least $ 300 evergreen.
Reduce that figure by half for security and accept received one hundred and fifty dollars as of the ceiling, go beyond that is not worth even if very, very much want to buy a new motherboard or microprocessor, and to them faster modem into the bargain.
However, from a legal point of view of the abduction of even one dollar - theft. So, before you go to the nearest ATM with pliers and a screwdriver, be reserved just in case, grab a pair of lawyers and Schwarzenegger in the event that a little bit to withhold the security services of the bank, while you reel fishing rod. In order to get money enough to find a lost card and insert it into the slot machine. Need to type the specific code on the card is not written and stored on the client in mind
By itself without the card useless piece of plastic. In addition, its former owner, as soon discovers the loss, immediately call the bank, and cards will be issued a sign removal. In other words, it will disappear in the bowels of the ATM and has never gets to your hands. Therefore, we need not only to find the card, but also spy on the input by its owner password, and withdraw the required amount before, as he discovers the loss.
However, if we really were able to peek the password, then steal the card is absolutely unnecessary. It is enough to count. What did in his time the guys from Estonia. History noisy and known to almost everyone carders. In expensive restaurants, waiter, while carrying the card customer, managed to take her portable device the size of a pack of cigarettes manufactured from conventional tape heads, batteries, a signal amplifier and recorder. Error hot Estonian guys was that they robbed and often long hours. In other words, greed.
But in other stories attackers were more fortunate. Once on the unfrequented street of one small town, a new ATM. Naturally, there were those that wished to use it. Immersed in his card, enter the password. Waiting for themselves waiting for a teller he says: I'm sorry, they say, no money or connections - in short, gives nepodozritelnoe explanation can not give money. The bank for a long time could not understand - how committed the theft? Somehow, no one in the head and could not come to the idea that the ATM is a sham and a specially installed by hackers to read maps, and remembering passwords. Later, he was dismantled, but the attackers appear to have not been found. Over half of the year (and that is how much he managed to stand) carders siphoned into your account a considerable amount. Yet ordinary hacker soon finds dropped by someone in a hurry tysyachedollarovuyu bills than stale in a landfill ATM. Maybe there is a simpler way?
Yes, but this will require the ability to keep the soldering iron in your hands to make myself a hardvaringovy device, as well as to understand the network protocols at the link layer. The idea is simple to outrageous: as an ATM in itself does not store any information and always seeks the answer to the bank, it is possible, crashing into a cable between it and the bank, to intercept the traffic and falsify it fit us properly. No bank is unable to guarantee the integrity of the cable along its entire length.
Of course, for the analysis of communications protocol will need a personal computer and a program to remove the dump and presenting it in a readable form. You can, for example, use the compact and small utility pio and navigator control bleak_l, carefully written by a hacker to break into KRMS NTV, but it is quite appropriate for this case.
The only thing that will have to solder their own, so this is a controller for connection to a bank cable. On the Net a lot of different schemes and enthusiasts, offering a relatively small amount of money to buy ready-made products. One way or another, but we shall assume that such a device we have.
Our next steps:
1. Cuts into the line between the ATM and authorization cent (note that the crash would have to break the cable, so you continue to not only capture but also to block any pass packets). Of course, that if we could at least momentarily interrupt the integrity of the cable, it failed miserably. Therefore, the search in books circuitry instantaneous switching on the fly. " Similarly, fraudsters neutralized complex system of electronic alarms. Not those in stores, on the order perfect.
2. Observe the shipment of packages without any action. Only observe, to understand the logic. In fact it is "only" is a tedious and laborious protocol analysis and decoding of all the fields of packet headers with a view to later be able to generate and send your own packages, without fear that they somehow will be different from reality.
3. Now manipulate the legal card (this means that at a measure of one card you'll have all the same make) in order to understand the logic of exchange. In particular, to find and identify the transmitted ATM requests and returns responses to it.
4. Let us now compare this with the outstanding card to determine the response of the system in such a situation, as well as find and identify the error codes (they are then we need).
5. Finally, the small tyapnem for bravery, and leaving Schwarzenegger to ride, will start the process. Puts our map, on account of which are left after the experiments with the ATM a few dollars.
6. Observe how the ATM sends a request, including the number of our accounts and everything else. We do not interfere in this process.
7. Authorisation Centre must return the response, which contains much useful information. Among her - the maximum possible amount for withdrawal. This is where we intercept the package and replace him another hat does it differ from the original, you should not, perhaps, even to speak - and so everything is clear. But be careful! This amount may be present in several fields, in addition, need to be adjusted and the checksum field, otherwise nothing happens! This is the most difficult moment of breaking.
8. However, at this stage you have no risk. If you make a mistake, just intercept back a response ATM and do not miss it. After all, you still remember the error codes, is not it? And why try, while the ATM is not "swallow" the false packets.
9. Well, now requires so much money from the ATM, how much you have enough conscience. At this time, ATM transfers to the bank how much money had been withdrawn. Real. This information should be intercepted and sent a false pack that money from only 1 dollar (or how much you have left there earnest on the card). Be very careful. Now forged packet has a bank, and any false move will irrevocably fixed the security system, and even Schwarzenegger will soon appear zharkovato.
10. Well that's all. Has a little problem - how to ensure the convergence of debits and credits. Because ATM is logs and records of all actions. Think about how you can cheat the system.
11. Finally, all! You disconnect your laptop from the cable, possibly disguised illegal connections, and set off to the nearest computer salon for a new microprocessor.
12. However, remember that many ATMs are equipped with control television cameras that is not good. But fortunately, not all and steel rat always find the slot!
But in general, to break the ATM, a good idea to look into their device, a typical exchange protocol and software That is, one way or another to choose a job related to their development, creation, or at least the operation in case you get really accurate information about their device, as well as the strengths and weaknesses But the vulnerability they really have only one that is not obvious to an outsider, not a man who worked with them. But like any human creation, it is not inherent flaws in a smaller number. However, whether you will engage in petty cheating, being on the high-paying job?...
