Author Topic: [FASM+PB] Democode for Bank Robbing ;-)  (Read 12728 times)

0 Members and 1 Guest are viewing this topic.

Offline covetous.eyes

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 4
    • View Profile
[FASM+PB] Democode for Bank Robbing ;-)
« on: January 26, 2013, 09:22:29 pm »

I coded some funny demo what robbing a bank  :P  . (iBank software from ex-USSR)
Algorithm:
   * identify software «iBank 2» in JavaVM SE
   * inject DLL in JavaVM SE
   * save all keypass in file by keyloggers
   * splice WinAPI GetFileAttributesExW
   * in new spliced GetFileAttributesExW finding signature "iBKS" on beginning of file.
   * save results of work «iBank 2» (screenshot, keylog,  keystore)
   * open "robbed" in folder


SourceCode In FASM + PureBASIC  :D  Sourcedode in Pastebin: DLL, EXE

Sorry for my English.

« Last Edit: January 26, 2013, 09:27:50 pm by covetous.eyes »

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #1 on: January 26, 2013, 09:44:56 pm »
I don't get this... maybe put up a screenshot of how it works?

Offline covetous.eyes

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 4
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #2 on: January 26, 2013, 10:27:50 pm »
It simple one what inject DLL in Java SE (only x86) memory space  then save filekey, screenshot and keypress.  You can test it on this site - https://my.ukrsibbank.com/ua/sme/operations/staraccess/login/. But you haven`t key. It`s not problem because all real keys for iBank has signatire iBKS in begginning of file (you can create in text exitor this "key". Of course, this "key" is invalid but for test it`s ok). This program has not user interface(only icon in taskbar with "Exit" option).
Firstly program show messagebox with text "I`m found running iBank2`s login window"
Then you open your bank key and write your password what my injected DLL save in own folder. When you close "iBank2`s login window", then you will see one of these message: on good way - "Now user have closing iBank2`s login window.\nNow bank is robbed! :-)" or in bad way - "Now user have closing iBank2`s login window,\nbut it don`t use file key"(if user logged in by USB token or another sucks).  In good way this demo open forder with 3 files: screenshot, keystore and keylog.

Offline Zesh

  • Royal Highness
  • ****
  • Posts: 699
  • Cookies: 42
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #3 on: January 26, 2013, 10:37:05 pm »
I don't get this... maybe put up a screenshot of how it works?

Yeah...I don't understand this myself :P

Offline covetous.eyes

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 4
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #4 on: January 26, 2013, 10:40:55 pm »
Then more simple: it`s banker(trojan horse for bank robbing) what has not rootkit but has messageboxes in main functions :)

Offline IFailStuff

  • VIP
  • Knight
  • *
  • Posts: 338
  • Cookies: 25
  • Certified fuckup
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #5 on: January 26, 2013, 11:16:50 pm »
What is the goal/action/point of this app?

Offline covetous.eyes

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 4
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #6 on: January 26, 2013, 11:52:51 pm »
What is the goal/action/point of this app?

Steal key from bank java applet and show you it.

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #7 on: January 27, 2013, 01:28:33 am »
So it's a keylogger.
>>>import this
-----------------------------

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #8 on: January 27, 2013, 10:43:31 am »
I am still having some hard time understanding wtf it really is. And your grammar isn't helping too.\
Also what kind of a fucked up bank uses applets for internet banking!
« Last Edit: January 27, 2013, 10:44:10 am by Kulverstukas »

Offline z3ro

  • Knight
  • **
  • Posts: 345
  • Cookies: 60
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #9 on: January 27, 2013, 11:27:34 am »
 ???
~ God is real. Unless declared as an integer.

Offline covetous.eyes

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 4
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #10 on: January 27, 2013, 12:56:57 pm »
Also what kind of a fucked up bank uses applets for internet banking!

Many banks from ex-USSR use "iBank". iBank uses applets for internet banking.
BIFIT is company, what developed "iBank" http://www.bifit.com/ru/ - (in russian)

Offline Zesh

  • Royal Highness
  • ****
  • Posts: 699
  • Cookies: 42
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #11 on: January 27, 2013, 06:02:11 pm »
So I can use this to hack banks from the ex-USSR? :P

Offline covetous.eyes

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 4
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #12 on: January 27, 2013, 09:28:05 pm »
Quote
So I can use this to hack banks from the ex-USSR?

No, you can use this to hack client of banks from the ex-USSR :)

Offline Zesh

  • Royal Highness
  • ****
  • Posts: 699
  • Cookies: 42
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #13 on: January 27, 2013, 10:10:10 pm »
No, you can use this to hack client of banks from the ex-USSR :)

Lol, time to hack some ex-USSR clients! :P

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: [FASM+PB] Democode for Bank Robbing ;-)
« Reply #14 on: February 25, 2013, 08:00:03 pm »
lol guys, there is not much to this to not understand. You go to a bank and you sneak in the vault and steal the keys from within. It's just like that
~Factionwars