From: Lyal Collins <lyalc@ozemail.com.au>
Date: Sun, 14 Jul 1996 23:20:29 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <v03007606ae0dd5274a4e@[199.0.65.105]>
Message-ID: <31E9DCF8.43EA@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Actually, it doesn't take too much effort to discover them yourself.
Get a visual basic discomplier (VB version 4 compatible need, I think), 
and go for It.
I cracked version 1.5 of the Cybank software - I could load up an ".INI 
file" with as much "value" as I wanted.

Basically, they seem to convert ASCII characters to the decimal value of 
the hex code, then add, subtract etc on that value, along with some 
XOR'ing of the resulting string and an embedded table of data.
Oh, and it's all "locked" by the serial number, generated from the 
install date and time.
Yeah I trust it - not.

I hesitate to distribute the discomplied source code I used, asince it 
may get used by the unscrupulous to do trusting Cybank customers out of 
their hard earned money. Maybe, enough resquests will convince me 
otherwise.

Or, take a challenge, - it took me 6 hours to achieve this, including 
learing enough VB3 (ther version I cracked, 1.5 was in VB3).

Lyal 

-- 
All mistakes in this message belong to me - you should not use them!