From proff Wed Jul 17 00:05:07 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id AAA31247 for best-of-security; Wed, 17 Jul 1996 00:05:06 +1000 Received: from toad.com (toad.com [140.174.2.1]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id XAA30869 for ; Tue, 16 Jul 1996 23:56:31 +1000 Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id CAA06932 for cypherpunks-outgoing; Tue, 16 Jul 1996 02:35:25 -0700 (PDT) Received: from cba.com.au (firewall-user@gw.cba.com.au [203.17.185.171]) by toad.com (8.7.5/8.7.3) with ESMTP id CAA06924 for ; Tue, 16 Jul 1996 02:35:11 -0700 (PDT) Received: by cba.com.au; id TAA06410; Tue, 16 Jul 1996 19:12:25 +1000 (EST) Received: from unknown(192.168.112.4) by gw.cba.com.au via smap (V3.1.1) id xma006403; Tue, 16 Jul 96 19:11:54 +1000 Message-ID: <31EC5EA1.1D45@ozemail.com.au> Date: Tue, 16 Jul 1996 20:31:45 -0700 From: Lyal Collins X-Mailer: Mozilla 2.02 (Win16; I) MIME-Version: 1.0 To: emedia@bned.design.net.au CC: cypherpunks@toad.com Subject: Re: FYI: Cybank References: <199607151154.VAA16581@bned.design.net.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: proff Precedence: bulk To clarify my earlier post : Up until anbout 29 May, 1996, the Cybank site had a "test" file that was placed as a challenge. As there was a challenge, I took it. The following describes the data I was able to recover from the test file. I have received a number of files asking how I had hacked the Cybank server. I have acheived no such feat, merely determining the methodology used at the Cybank site. I communicated that fact to Cybank's operators, who subsequently seemto have altered their site, and download client. Taking this issue any further has no interest to me, and I am unable to post any VB source code - I "cleaned" some hard disk space, and have deleted the working files I used at the time. Silly me. Also, the Cybank site seems to have changed, so I don't know how you would get a test fle without becoming a Cybank user, which would probably mean passing your name, credit card etc to them. At the time, Cybank seemed very happy with actual user testing, however, I have had little further contact (1-2 emails). Lyal ps - i have also learned some interesting spelling methods as a result of informative emails. -- All mistakes in this message belong to me - you should not use them! ******************************************* included text from previous emails. ******************************************* On Wed, 29 May 1996 12:20:08 Cybank wrote: > >Return-Path: lyalc@ozemail.com.au > >Date: Tue, 28 May 1996 23:55:21 -0700 > >From: Lyal Collins > >To: info@oxford.com.au > >Subject: The text in the "securely encrypted" test message > >X-UIDL: 833321608.007 > > > >According to me, this decodes to : > >Text1!O1! 12!O2!I1!830304962394!I2!A1!0.10!A2!P1!!P2!C1!0.10!C2 > >Text1 = data to follow is text ? > >!O1! 12!O2 = I don't understand these bits yet > >!I1! = a common delimiter - 1 = start > >830304962394 = serial number that this 10 cents is for/from > >!I2! = a common delimiter - 2 = end > >A1!0.10!A2! = ammount is 10 cents, $0.10 > >P1!!P2! = seems to be a token of some kind > >C1!0.10!C2 = a check value to ensure amount is correct. > > well done Lyal! not bad so far but you've missed a few things :-) presume that you've used a VB3.0 decompiler to do it but we're upgrading to VB4.0 and changing the encryption process very soon :-) where are you? your prize might well be a job!!!!!! :-) plus the whole cash environment is becoming server-based within a couple of weeks. stay in touch, we need a beta-tester! Martin Haynes Oxford Media Group Pty Ltd CYBANK