From: Lyal Collins <lyalc@ozemail.com.au>
Date: Wed, 17 Jul 1996 01:10:14 +0800
To: emedia@bned.design.net.au
Subject: Re: FYI: Cybank
In-Reply-To: <199607151154.VAA16581@bned.design.net.au>
Message-ID: <31EC5EA1.1D45@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


To clarify my earlier post :
Up until anbout 29 May, 1996, the Cybank site
had a "test" file that was placed as a challenge.
As there was a challenge, I took it.
The following describes the data I was able to 
recover from the test file.

I have received a number of files asking
how I had hacked the Cybank server. I have acheived
no such feat, merely determining the
methodology used at the Cybank site.
I communicated that fact to Cybank's operators,
who subsequently seemto have altered their
site, and download client.

Taking this issue any further has no interest
to me, and I am unable to post any
VB source code - I "cleaned" some hard 
disk space, and have deleted the working files
I used at the time. Silly me.

Also, the Cybank site seems to have changed, so I don't
know how you would get a test fle without becoming a 
Cybank user, which would probably mean passing your name,
credit card etc to them.

At the time, Cybank seemed very happy with actual user testing,
however, I have had little further contact (1-2 emails).

Lyal

ps - i have also learned some interesting spelling 
methods as a result of informative emails. 
-- 
All mistakes in this message belong to me - you should not use them!



*******************************************
included text from previous emails.
*******************************************

On Wed, 29 May 1996 12:20:08 Cybank wrote:

> >Return-Path: lyalc@ozemail.com.au
> >Date: Tue, 28 May 1996 23:55:21 -0700
> >From: Lyal Collins <lyalc@ozemail.com.au>
> >To: info@oxford.com.au
> >Subject: The text in the "securely encrypted" test message
> >X-UIDL: 833321608.007
> >
> >According to me, this decodes to :
> >Text1!O1! 12!O2!I1!830304962394!I2!A1!0.10!A2!P1!!P2!C1!0.10!C2
> >Text1                = data to follow is text ?
> >!O1! 12!O2   = I don't understand these bits yet
> >!I1!                 = a common delimiter  - 1 = start
> >830304962394 = serial number that this 10 cents is for/from
> >!I2!                 = a common delimiter  - 2 = end
> >A1!0.10!A2!  = ammount is 10 cents, $0.10
> >P1!!P2!              = seems to be a token of some kind
> >C1!0.10!C2   = a check value to ensure amount is correct.
> >

well done Lyal!

not bad so far but you've missed a few things  :-)

presume that you've used a VB3.0 decompiler to do it

but we're upgrading to VB4.0 and changing the encryption process

very soon :-)

where are you?

your prize might well be a job!!!!!!

:-)

plus the whole cash environment is becoming server-based
within a couple of weeks.

stay in touch, we need a beta-tester!

Martin Haynes
Oxford Media Group Pty Ltd
CYBANK