I posted this in BI, but I think I could get more help here.
Background: I have a basic understanding of computer networks, and how information is sent over a network

I know ATMs interact with the bank via telephone line.
I am just assuming that an ATM interacts with the bank via a unique computer protocol
What I'm thinking about is just the same as Packet Sniffing.
Basically, listen in on the line, understand the protocol, then send a packet of information to the ATM approving a withdrawl of a large amount of money. All while this is happening, just send packets to the main bank server of an inactive atm.

any info/ links?

This is all speculation, but:

It wont be a single packet to 'authenticate transaction'. It will be a complicated process, involving a large number of packets, all heavily encrypted.

In order for you to do something of this nature, it would require allot of work. You would have to completely understand every little detail involved in the process, and then figure out how to exploit it.

In order to understand the process, you would first have to figure out the encryption process in place. Now seeing as this is a bank, it's safe to say that they will probably have some serious encryption in place. If I was to make a guess, I would say that they used several different forms, as an added security measure. Packets have to come in/go out in a specific order, each one is encrypted using a different method/key.

You would have to crack the code(s), and also be able to encode your own data. Again, another guess here, but I would suspect that they don't use a single encryption key, rather it changes daily, hourly perhaps. Making the time frame so small, that the only way to crack it would either be luck, or by having access to one beast of a machine.

If I was setting this up I would send the information containing the next key, inside a packet using the current encryption system. The key would then change, and the only information the hackers could get, is the ability to decrypt (over time) the packets on the old system. This would give a very useful insight into the system, but without the current key, no means to exploit such knowledge.


I suggest you take a different approach to ATM hacking.

First, pick a specific make and model to focus on. They may execute the same task, however their workings are not the same make to make, or even model to model.

Once you've made your choice, start to go about learning as much about it as you can. Find the make and model details, and try to locate a manual. (yes, they are available on google.) Try to find out how exactly the technicians interface with it. If you have to open it up, then you're probably going to want to pick a different target. Try to find one where they attach an external device, or simply use 'secret codes' to navigate through hidden menus. Machines like this do exist, guy got caught fucking about in one a while back. If I recall correctly, he got the machine to spit out $200 every time he withdrew $20.

Look for a phone number, or contact details of some kind on a machine. Contact them, pretending to be a store, and tell them you're machine has locked up. Ask for help, you might get something (unlikely, but you never know)

Could always indulge in a spot of dumpster diving as well, :)

Well nto quite ATM but Interac machines in stores ..

Were i am we have 7-11's and small corner stores ect ect... our "Interac" machinces are fairly simple that is to say the machine itself is usally defualt pin and easily programmed... they use a mag card to select the account to transfer to ..

i suggest you look into those ... and read into how they are programmed because im sure if you walked into a corner store with a "bank" uniform on and were clean cut and all you did was punch in a few things swipe a card and leave they would assume nothing of it .. make them sign somthing thats it .. next thing you know the next interac purchase is deposited into your account ..

I walked in my bank last week only to find 1 of the 3 ATM's had not loaded proberly... it was running a windows type OS, with 2 msdos screens, i peered over alittle, though being in a bank didn't able me to do a full 45degree angle stretch to read much, but it was connecting or something.

I wish i took a picture of it now.. if i had a camera that is..

I've got a few operator's manuals on some different ATMs somewheres. I can only remember how to log into a few different ones but I've logged into them dozens and dozens of times and could have done some damage if I felt like it. The person that owns the ATM is supposed to change the default passwords but a lot of times, if it is a small business owner, they don't ever get around to doing it. They either assume this info is secret or don't feel like figuring out how to do it themselves. Most of the time they only worry about changing the code to the keypad and combination lock where the bills are stored. Hopefully they change that...

I have the Triton and Tranax Manuals with default pins in the manuals if anyone wants to trade for a Tidel ATM manual

Hey man..its way easier to stick a false one up.
:cool:

is that a fact....

seems to me like some one has been watching a little to much of the real hustle .....

constructing ones own "atm" is alot more difficult then you may think

Actually it wouldn't be all that difficult, just a little expensive. If you knew what you were doing and had a couple thousands dollars and a lot of free time to throw away you could build an ATM lookalike. Finding a good location for it would probably be the hardest part. Still easier to just find unsecured ATMs though for now.

yeah well if you had a vaccum molding machine lots of sheet metal some spare mushroom locks a EPP pin pad and either a old like 5.7 inch VGA monitor tube or a liquid crystal one advance programing knowledge in building not only GUI's but being able to interperupt the input of the pin pads also you would need a a descent 1/2/3 track dip style mag reader and you would need to have a descent serial interface to dump raw data also coing to need a 3 1/8th thermal printer with auto cut a ADA standard auduio jack for the disabled
probally going to want a 56k modem or dsl hookup so you can run a RMS (remote managment system)

you would probally have to powder coat the sheetmetal base to give it a more look alike look

http://www.bandbfinancial.com/images/atm.jpg

now granted im sure it could be done relativly cheaply but it's a matter of skill level and the correct tools available ...

not only do you need skills in hardware and plastic casting or molding

but you need advance programming skills

you need machining skills and advance electronics skills


ect ect.

Definitely not something the average joe could pull off by himself but everything you need is readily available if you got the cash the shell out. The pay off would be epic if you could get this bastard located in a busy place for a few days. People tend to notice when an ATM pops up though. People tend to get pissed off when its out of money and will probably complain to the nearest business or some kind of public figure. Really where the fuck could you put a fake ATM? It would probably be easier to con a shady Indian gas station owner who doesn't already have one. I can't remember going to a gas station without an ATM though.

Here is a proof of concept video on the atm managment functions and reprograming sorry the quality sucks balls and jewt00b fucked the audio but you get the point

http://www.youtube.com/watch?v=-gQFoMqjDWw

"the person" enters the keys to access the managment function then goes to transaction setup were he can set dispense limits and note values and such

cheers,

warweed

Lol, nice video. The owner better be glad you didn't take this tutorial any further.

I have my morals

I believe ATMs use a version of Windows called Windows XP Embedded. Something like that anyway...

I don't know if that helps or not. I don't really know all that much about the technicality of network security and hacking, but it is quite interesting.

Might help to know the OS of the machine you plan to compromise.

only some of the new ATM's use windows embedded such ATM's as Tidel

www.arx.com/documents/the_unbearable_lightness_of_pin_cracking.pdf

Cool thread...

-F☺rd

4 years ago at a hockey game I was being a jack ass and smashing my head against the keypad and I got to a test menu. It pays to be a retard.