Weak algorithm or strong decrypting power
Surmandal
http://canadanepal.net/youtube.php?v=BkAStXIX0hY
--
HACKER vs CRACKER
Pravin Dahal
recharge card system that can be manually calculated in 2 minutes"??
I'd pick the former any day.
While it is a threat (since he is somehow able to find the numbers
through the coating, assuming the news report is good enough), it is
hard for me to believe that NTC would implement an algorithm to
generate recharge card numbers based on the serial number itself,
specially if it can be manually calculated in under two minutes. If
they had done that, that is asking for trouble. I think that he is
somehow able to reconstruct the coating (by carefully removing it
perhaps??) or see through somehow??
That is because
- he insists on *taking the card* and that to *his* room. The news
report did not highlight this fact (for obvious reasons) and rather
focused on how big NTC is and how small that guy is.
- he refused to visit NTC because he had an exam? You have a chance to
prove that one of the largest earning organization in the country is
getting the basics wrong and all you are worried about some school
exam coming up in a few days?? Does not sound believable.
On Mar 8, 11:54 pm, Surmandal <surman...@gmail.com> wrote:
> Weak algorithm or strong decrypting power..!!! Bloody hell, this kid just
>
> --
> HACKER vs CRACKER
Bipin Gautam
Guys, thanks for the updates! Fast forward to, 12.45minutes.... to
jump to the news....... while...... code-breaking goes mainstream! :)
Bipin Gautam
key. I noticed in the video, the guy needs the "physical recharge
card" not just the serial key....... So, my guesswork ingredient is:
serial key, validity date, value of recharge card!
Is the validity_date or value_of_recharge_card (or both?)user as SALT here?
hash(f(serial_num), f(validity_date), f(value_of_card?) )== final
recharge no output!
Well, the jest is, some universal_gravity_constant and high school
maths? (Alebra? Arithmetic?)
Maybe, tomorrow i will go to a stationary shop to collect some sample
data (scratched recharge card :)
______
Password salting is a way of making passwords more secure by adding a
random string of characters to passwords before their hash is
calculated, which makes them harder to reverse engineer. Password
salts should be changed often with a pre-determined algorithm while
the salt value is then stored in the user database, together with the
result of the hash function!
How to salt and hash user passwords in PHP:
http://www.georgetruong.com/2009/09/02/how-to-salt-and-hash-user-passwords-in-php/
https://secure.wikimedia.org/wikipedia/en/wiki/Salt_%28cryptography%29
thanks,
-bipin
fr3ak
with Pravin.... Why does the kid need to take the recharge card with
him?? Maybe the trick is that he somehow manages to take the plastic out
without damaging the card and then reattaching it somehow... Othewise I
don't find any reasons behind taking the card along with him...
Bibek Paudel
Maybe just to confuse people? Maybe it has to do only with the serial
number, but saying that would make his trick look less attractive (he
has refused to explain his trick so far, so he wants it to remain a
secret for now)- that's why, in order to give no hints, he takes the
complete card with him.
-b
> --
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
>
> LEGAL DISCLAIMER: http://groups.google.com/group/NepSecure/web
>
Bipin Gautam
> Have a try :P But I don't think that its that simple.. I still agree
> with Pravin.... Why does the kid need to take the recharge card with
> him??
About an hour to it and still scratching my head...... :P
But, it is hard to assume, he physically tampered with the
recharge-card number and fixed the scratched card somehow?
Maybe, he shines a high intensity laser to the card to read the
shadow/shades of the number somehow? (this guesswork because, once we
tried to reverse-engineer the PCB circuitry of a sealed PCB board with
low intensity X-ray machine...)
Niraj Shrestha
The other is the value of the card has to do something with the salt or the length of salt hence it takes longer to solve higher value cards
I am sure Ntc is doing this on their own, I want to know what company in India they use to get these card out?
Navin
He also said he experimented his formula on over 10,000 cards within a year.
10,000 cards??? averaging $50 /card.. that would total Rs. 5,00,000 lakh at very minimum. Now
considering his locale and his getup definitely do not suggest that he's in a position to buy all those
cards by himself. Even if he did it on others cards, I doubt it, because he goes to school and the
remaining time ?? , in a sense he is implying that he spent whole year on it.
When the interviewer asked if he has any devices in his room, he nodded somewhat 'Yes' and
later vaguely answered. And then, when his room was combed, nothing was found.
Long story short, this kid is lying. There is no formula. He's using some light emitting diodes,
negligible size may be.
do you guys remember, writing on blank sheet of paper with lemon juice, turns it invisible but when
heated reveals the writings. In the same manner, this kid is using some unknown homemade trick
to do his job.
If he does his formula not going inside his room, but right infront and convince NTC Corp Crooks,
that it's legit, then I honor his genuineness and change the above written view of mine, else
he's is a trickster using homemade trick.
The length of the serial numbers and the possibility of every permutation to be so accurate, whao..
either we need help of silicon's processing powers or some higher intelligence knowledge from sky.
Navin
http://www.hoax-slayer.com/peepal-leave-phone-charge.shtml
Right now, I'm having an extreme itch to debunk this hoax '16 years old cracking prepaid card pin number with pen and paper'
Navin
bibstha
goodfriend4u
interesting. I am a student and wanted to share an incident with you.
It's not about but ncell.
Once i was trying to recharge my ncell but it showed some error. I
tried a few times more but still the same. Later i contacted ncell
help center and told the lady there my problem. She asked me the
serial number of the card and told me to try again after about 1 hr. I
did so and it worked. Does this mean the recharge number has something
to do (only) with the serial key?
Bipin Gautam
I collected a few 1000 rupees card, that comes in bundle with same
expiry date. I found NO obvious pattern that would justify the SALT
theory, except the pin code of thousand rs card i had started with 611
sequence.
Conclusion: I am giving up on the salt theory....... i feel this kid
has to be really smart in code-breaking to have calculated it
manually! I see no obvious pattern!
I will experiment with LASER light in a few days and let you all know
if anything turns up....
For the curious few, here is some data to do the experiment.
_____________________________________
Expiry date:31/12/2012, Amount: 1000Rs (of all four S/N as mentioned below)
...
S/N:10900755955 PIN:6114241135094
S/N:10900755957 PIN:6110790813792
S/N:10900737362 PIN:6118309363087
S/N:10900798222 PIN:6114794724687
------------------------------------------------------------------
Thanks,
-bipin
Sulav
--
You received this message because you are subscribed to the Google Groups "NepSecure (Nepali computer security and hacking community )" group.
LEGAL DISCLAIMER: http://groups.google.com/group/NepSecure/web
--
sulav
Pravin Dahal
What the serial number has to do with is that they probably have a
database with card numbers they have sent to the market. That database
contains the activated recharge card numbers with corresponding serial
numbers.
I know that Ntc activates the keys just before they send out cards to
the market. We owned a PCO in our village a few years back and once
all the cards we brought were not working (not "all" exactly, we
tested a few and all of them didn't work). We had to call Ntc office
and they told us the cards had not been activated. They activated them
and they worked.
I guess Ncell does it in the same way and you had a similar problem.
Pravin Dahal
Any chance of getting the trick out? Take it to news agency or
something (not Kantipur) and get some fame while debunking that poor
fellow (and discouraging other school kids doing lame stunts for cheap
popularity... after all, all we hear about school kids is that they
have some big established theory to debunk... while some of us
obviously know how lame those are, the shitty media takes it to the
general masses and astonishes them).
On Mar 11, 9:01 pm, Sulav <sulavar...@gmail.com> wrote:
> my friend and i tried doing the same as be went about collecting quite a few
> cards as my friend had a recharge card selling shop. We did even find quite
> a few with sequence like 1,2,3 ......
> But because were/are not into hacking (read "we did not have any idea what
> to do with them" haha) we abandoned the idea.
> Ok coming to the point My friend cracked the code eventually.
>
> It was just like a magic trick.
>
> -He came with a clean looking recharge card which had no visible tamper.
> Not that we could see at that time.
> -He claimed he could get the recharge card number without scratching. I was
> not convinced/I needed proof.
> - He went to the other room with the card.
> -He came with the number written in the slip of paper
> -I personally scratched the number and it was the same number
> !!!!!!!!!!!!!!!!
>
> I have been scratching my head ever since. I have not watched the video post
> here but. I think he used the same trick my friend used.
>
Sulav
high. I don't think it is a good idea.
Navin
Bipin Gautam
> Won't my friend be landing into trouble? The chances of misuse is so
> high. I don't think it is a good idea.
>
Sulav, are you kiddin', lying ? :P
You or your friend will not land in trouble for disclosing the idea.
Least NOT by LAW...... afaik
So far, here is a trick that seem to work!
___
i am able to peal off the card into two pieces, one part with the
hardcover (which is blue and has amount and ntc logo) the second
part is the laminated plastic from back of the card that has recharge
amount and scratch-off coating!
You can easily read the number (in opposite direction) by shining it
through a bright light. Once done, glue it back together nicely.......
(and smooth the edges with a blade, if necessary)
DONE! Its almost impossible to find if the card is tampered and glued
back together...
Thoughts?
Navin
--
You received this message because you are subscribed to the Google Groups "NepSecure (Nepali computer security and hacking community )" group.
LEGAL DISCLAIMER: http://groups.google.com/group/NepSecure/web
--
Navin
Sulav
once without breaking. in single piece.
Not kidding.
Bipin Gautam
He specifically wanted a 1000Rs card because he wanted to make it look
like a 1000 Rs. hack? haha... while there is no mathematic calculation
involved here and his maths-talk was just to mislead the audience.
___
The recharge card PIN numbers looks like they are random number and i
couldnt find a pattern in it with trigonometric eqn, or geometric mean
or interpolation or predictable salt. While i am perfecting the
skills. Here are a few notes@! :)
Conclusion: This trick works FLAWLESSLY and maybe it should work on
any type of "scratch card" (like, NCELL recharge card?) Ref,
attachment for screenshots...
Requirement: Blade, bright light, Glue stick
- Hold the card horizontally in the table.
- From bottom left, use a sharp blade to slip it in between -- the
laminated core and hard cover (minor dent will do). Now slowly, peal
the laminated cover with your fingers BUT only upto the scratched-off
coating. ie. only peal it up-to 40% of the card up-to "PIN No." mark
careful not to rip it whole or that would dislocate the whole and
maybe give hints of tampering!!!
- Use a bright light (sun/mobile/led/torch/LASER) to shine the number
through so that the numbers are easily visible from backwards. Make a
note...
- Use a "Glue Stick" to apply a uniform-thin coat gum inbetween the
laminated cover and hard cover to glue it back together. (use glue
stick because it's neat and doesnt leave a mess) Dry it over a FAN for
some seconds if you must and clean the edges if the card for any glue
residue.
Are 100 Rs. recharge card of poor quality hence hard to tamper? (white
thin laminated cover) I really dont know..... in my case i am just
experimenting with recharge card of 1000Rs. with a nice pink laminated
side which is very easy to peal-off. )
Thanks,
-bipin
Diwash Pradhan
as per looking at the data present by bipin dai..
The Sum of the Last No of the S/N and Pin sum ups to 9,
and the 2nd last no 9 for even and 8 for odd ..
well dont know if it is the same in all other cards too..
regards,
Diwash
> --
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
>
> LEGAL DISCLAIMER: http://groups.google.com/group/NepSecure/web
>
--
Diwash Pradhan
Samar Dhwoj Acharya
pins. I guess NTC holds the database with the list of activated and
also used random pin numbers rather than relying on the mathematical
calculations. Btw, a while ago, I had tried to do some mathematical
analysis on pin numbers and I fell into 13-digit trap, something that
would always work for 13 digit number :P
On Mar 14, 9:51 am, Diwash Pradhan <diwa...@gmail.com> wrote:
> About the Mathematical thing
>
> as per looking at the data present by bipin dai..
> The Sum of the Last No of the S/N and Pin sum ups to 9,
> and the 2nd last no 9 for even and 8 for odd ..
>
> well dont know if it is the same in all other cards too..
>
> regards,
> Diwash
>
Bipin Gautam
Disclaimer: With balance-transfer option around this hack can be
misused to ROB... real CASH in thousands(as balance-transfered for
cash), nevertheless this demonstration is just meant as information AS
lock-picking information (googleing?) is to doing actual burglary!
With liberty comes responsibility....... and while Information is
Innocent and its upto the perceivers how they use/misuse......
...
Migration:
If i remember older NTC recharge cards came as plastic card, which
could have already migrated from this loophole.
While... my cause was not to contribute to global warming, or rely on
a do-not-talk;do-not-know dodo..... defense..... and printing PIN Code
over paper is still a greener choice, NTC, NCELL etc... could also use
a small plastic slip instead (rectangular, opaque) to print the PIN
code over it and slip it in in-between the paper to minimize plastic
use.
Alternatively, the edges of the Hard-paper recharge cards can be
PRODUCED strong "razor thin" on the edges, and gradually thicker on
the centre (like a pyramid top to hold PIN) with a safe margin. I
think, its better to use just fine tearaway paper no plastic
lamination on the top... (with few breakable bands... like alu-plus (o
& x criss-cross game) to conceal the number in inbetween.
Affected: (though the papers are < .4 -.5 mm)
It is difficult to tamper and re-master the water-marked scratch-off
coting (With telecom name printed on it).
[Difficulty]
Simple -- NTC 500-1000 Rs recharge card (because: good hardcover over
pink plastic lamination)
Medium : Other NTC recharge chards of any value, still thick paper...
blade can easily slip through to slice it carefully.
Though, NCELL recharge cards have thinner papers (guess ~1/3 mm?) the
paper are strong, fibrous... so doable.
Thanks,
-bipin
--------ps: This thread closes here---------