This page has been robot translated, sorry for typos if any. Original content here.

Breaking and protection of WebMoney

Contrary to all the assurances of the developers, the WebMoney system is catastrophically unreliable and is literally opened with a fingernail. There are many worms, Trojans and hacker groups specializing in the theft of electronic wallets, theft of which has become widespread. Want to know how to do it and how to protect yourself?


Let's start with what can not be. No "WebMoney generators" exist and cannot exist in principle. All cash is stored on the central server of the operator, and e-wallets represent only the means of access to it. Roughly speaking, from the fact that you will generate a combination of numbers for a code lock, money and valuables will not appear in the safe yet. And although it is possible to pick up a cipher to someone else's safe, the probability of opening it without the owner’s help (hussars! We remember the soldering iron, but we are silent) is so small that it’s not even worth talking about!

But to steal someone else's combination is quite real! This is what the "WebMoney Generators" are doing. They either make a duplicate from the e-wallet and transfer them to the attacker, or they secretly call Keeper and transfer them to their account. Viruses and Trojans work in the same way. Also marked and targeted attacks on a specific victim. Is it possible to protect against them? The WebMoney system, developed by non-specialists, was originally designed without regard to security and, although recently a whole complex of "fire-prevention" measures, retroactively attached, has appeared, the situation remains critical. Users are confused in the security systems, the support service gives rather vague and vague recommendations (upgrade Windows, configure a firewall, etc.), and in the meantime the theft of e-wallets continues.

We do not set ourselves the task of teaching anyone to steal, we just want to show and prove (!) That the WebMoney system is really very unreliable and was not even designed by an ass (the spinal cord adjoins it), but in general it is not known . There will be no vague words (so as not to accuse us of libel), but there will be no specific recommendations. We don’t give ready-made attack programs and don’t say exactly which Baitics should be hacked, but believe me - all the necessary hacker tools can be created from scratch in one night - sacred time for hackers!

But first things first. Let's not rush forward and pop the laser disc into the drive, especially since we still need the latter.

They appear from the darkness, remove all electronic money and go nowhere

Figure 1. They emerge from the dark, remove all electronic money and go nowhere.


You can experiment (for educational purposes) only with your own electronic wallet or with the wallets of persons who have given written permission. Unauthorized interference with other people's systems and wallets is totally unacceptable !

They catch those who emerge from the darkness, and lead to that world, from which there is no return

Figure 2. They catch those who emerge from the darkness, and lead to that world, from which there is no return.

Getting started or classic missionary

The WebMoney system is a kind of analogue of ordinary bank checks, which means that in order to make payments, we must first register on the central server of the operator and open an account, which is already a huge disadvantage, but oh well.

We go to , download the Keeper Classic program, launch it (by the way, I never managed to get to work through the Proxy server, it was a miracle of scientific and engineering thought, I had to raise NAT and map port 2802), fill in the registration data (from flashlight or honestly), we think of any password to our liking, after which the program proceeds to generate a secret key and asks us to pull the mouse and press the keys. This is necessary in order to get really random data, as if the pseudo-random generator based on the timer is not suitable here. Against the background of the general vulnerability of the system, it is simply silly to deflate the words RSA, RC5, MD4, MD5, SSL. However, the psychological calculation of the developers is quite clear to me. If the secret key will be generated in a split second - which user will believe in it?

She does not appear anywhere, does not catch anyone, but simply sits and solders

Figure 3. It does not appear from anywhere, does not catch anyone, but simply sits and solders.

Whatever the case, upon completion of registration, we are assigned a unique 12-digit WMID (Web Money ID), and a pair of keys is generated. The public key is transferred to the central server of the WebMoney operator, and the secret is stored in a file with the * .kwm (Key of Web Money) extension, which can be located on a hard disk, removable media or smart card. In short, ordinary asymmetric cryptography such as PGP.

Another file is created * .pwm, storing information about our wallets (current balance, history of operations, etc.). In principle, it is optional, because all information is located on the central server of the operator. Keeper can work without a * .pwm file, automatically uploading data from the network, though only in the last three days. As a matter of fact, the * .kwm file is also optional and can be restored. To do this, you need to know the password, have access to the mailbox specified during registration, as well as a notarized statement that you are not eligible (more on this can be found here: ). Theoretically, a hacker can hack our money only on the basis of a password, but in practice this is too troublesome and unsafe.

The secret information that regulates access to the wallet is only one kwm-key. WMID everywhere is published openly and this is normal. Knowing the WMID, you can find out the registration data of the user, which he marked "open", but you can not determine the number of his wallet (wallet).

The purse number is conditionally secret information. Knowing the purse number, we cannot get money from it, but we can invoice by filling out the "purchase description" field as plausibly as possible. The method is of course, foolish, but there is some chance that it will pass. Users who regularly pay a large number of small bills gradually get used to not paying attention to them and check the column “from whom” only when in doubt. Of course, there is no buzz in this way of hacking, besides, the attacker can be very robust and go to the company of his uncle, who will tear his ass, so he did not find any noticeable popularity.

Expose the victim to the left, but a plausible account

Figure 4. Expose the victim to the left, but a plausible bill - what if he pays?

But the theft of kwm files is thriving. By default, keys are stored in keys.kwm, but, in principle, the file name can be any, as, indeed, the extension. Most hackers and trojans perform a blunt search using the * .kwm mask, so renaming the key file in dontreadme.txt increases our security to some extent, however, advanced hackers can get into the registry where Keeper stores its settings and tweak the path to the file. You can also search for its contents by scanning all files (although it will take a lot of time and will cause suspicious disk activity). Gourmets will most likely intercept the call to the CreateFile API function, which shows what files Keeper opens. And even if the format of the registry settings in future versions is changed, the CreateFile option will continue to work (hint: if the developers were not idiots, they would create several files with keys - one authentic, all the rest - watchdog sensors, when accessing the signal alarms).

Hide the kwm file away from hackers

Figure 5. Hide the kwm file away from hackers.

By default, the key file size is 1.2 MB (exactly, on a floppy disk), but if you wish, you can increase it up to 100 MB. This makes it difficult to steal a key with transmission over the Internet, and, in general, does not create any insurmountable inconvenience. 100 MB is half a mini CD-R, one Zip-100M or two CD-Rs in a business card format. Of course, the speed of the system will fall to some extent (you will not read a huge file right away), but the security is worth it. Or not worth it? On the local network, dragging 100 MB is not a problem, on a DSL modem or cable Internet - too. And even a disgraceful by today's standards a modem on the 33600 will transmit this file in ~ 70 hours. Not so much, if you remember that almost none of the users will regenerate the keys every day. Cutting the file into small pieces, transmitted in the background, dragging it in two or three weeks is quite realistic, although it will be the most dull and unpromising way.

If a hacker has infiltrated someone else’s system (and it’s possible to penetrate into it in different ways), he shouldn’t have anything to load the file into memory, open the wallet, transfer money to his account and bang the hard drive so that the victim cannot enter the Internet and complain who . By the way, about the "complain". There are not so many options, and there is no help waiting. Well, except from the Lord God (if you’re real god, return my money, you sic fuck) yes to the brothers. If we still have access to WMID (what a stupid hacker got caught!), You can determine the WMID to which the money was transferred, go to the Arbitration Service website ( ), pay the arbitration fee (and for this you need to have WebMoney, which the attacker sniffed cleanly at us) and block the hacker wallet. Only if the hacker is not an elk, the money in a matter of minutes will be transferred to e-gold or otherwise removed from the system, so that there will not be any on their wallet and there will be nothing to block. By the way, wallets with a primary or personal certificate are blocked only by the decision of the arbitration commission, that is, it is enough to take a certificate and ... But you should not say that the certificate holders are not involved in the theft because they report their passport data. Agashazblin! Taki your? All those who are not lazy are now engaged in issuing certificates and hoping that all of them are honest, conscientious and incorruptible people, simply naive, especially when it comes to money, even electronic. A person who intends to kidnap $ 100,000 (and why not), will receive without problems not only a fig certificate, but also a fake passport to the bargain. Well, who then search for this certificate? Even if the Ministry of Internal Affairs officers forge passports on the stream, which was often mentioned by TV (and this is already a crime), then what about “certificates”, which have no legal status at all ?!

However, the situation with the transfer of stolen money through a few wallets was nevertheless considered by the developers, and they carefully worked on the ... intruders! Judge for yourself. The victim after filing the already mentioned claim should contact the Administrator of the Arbitration Service (WMID 937717494180,, and ask him to trace the entire chain. The whole "charm" is that the Administrator works only from Monday to Friday from 10 to 18 hours in Moscow. We, they say, are not a rescue service and want to sleep too. Very good payment system, I tell you !!! Given that the withdrawal of money from the system is carried out almost instantly and the bill goes on for minutes, the administrator, you see, wants bainki. I did not understand, is this a student hostel or a payment system ?! What did it cost at millions of turns (about which the advertisement does not cease to mention) to hire several people for round-the-clock support ?! After all, in this case we are talking about money! Naturally, it is safest for hackers to commit thefts either at midnight or on weekends. But it's okay, let's leave empty words and get to know Keeper closer.

Keeper outside and inside

Here, some admire how the developer managed to squeeze so much into Keeper'a volume (" I don’t know about you, but I sincerely bow to those who managed to put such a" tasty "stuffing into 2 megabytes of the Keeper Classic distribution package and also pack nicely this is an outside case ", ). And what do they, in fact, fit into it? Of course, in our age, when "Hello, World!" hardly intervenes on the laser disk, programs occupying "only" a few megabytes are already causing respect ...

The main volume (~ 2.2 MB) is occupied by WMClient.dll which, in fact, Keeper itself is. This is a DCOM object written in Microsoft Visual .NET with compilation into machine code, unpackaged and in no way, I repeat, without interfering with my analysis. There is no encrypted, no p-code, no anti-debugging techniques, no opposition to the disassembler, dumper, API spy. Nothing! Take it and analyze! In any case, version (the latest one at the time of this writing) behaves just like that. If the developers were even a little smarter, they would either use Microsoft Visual C ++ 6 (the famous "six") plus any high-quality protector (for example, ExeCryptor), or compile the NET application into p-code, which is much more difficult to disassemble.

WebMoney.exe (~ 180 Kbytes) is only a start-up and there is nothing interesting in it, nevertheless, it’s worth it to disassemble it. At least then, to laugh at the developers and assess their qualifications.

Keeper Classic in disassembler

Figure 6. Keeper Classic in disassembler.

So, we will assume that a hacker code is executed on the computer with the installed Keeper that executes with user privileges (we agree that we were not given administrative rights and, although we didn’t raise our privileges from a user to a system in W2K / XP, in general, no problem, not to mention 9x, where no division of privileges has happened, we will operate in Spartan conditions, close to combat). What we can do? We have two ways. Pre-disassemble Keeper, restore the exchange protocol with the server, wait for the media with the secret key to be inserted and ... further fantasize yourself. Personally, I poking around in Keeper'e laziness. Disassembling is a painstaking business and it may take more than one week to restore the exchange protocol. Using sniffers significantly reduces this period, but still “broke”. It is much easier and more efficient to steal money with the hands of Keeper himself. We install a spy intercepting keyboard input, wait for WMID input or define it in other ways, because WMID is not a secret for anyone (the first method is mainly used by viruses, the second is good for targeted attacks), then at one "wonderful" moment ( after 18 hours or a day off) disable display on the screen, launch WebMoney.exe and by emulating keyboard and mouse input everything we wanted. For example, we replenish the wallet of the victim. Why not?! We're breaking our own wallet, right? Here we fill it up! We are not gangsters, but honest hackers!

The input emulation technique is described in detail in the Notes of the Mysh'ha, the electronic version of which can be chewed free of charge from my my ftp server (just remind you that it is not available all the time), also in the 67th issue of Hacker an article was published “Breaking WebMoney” in which all this is described. So let's not breed demagoguery and chew rubber a hundred times. We mention only the general mechanism. First we find the Keeper window by calling the FindWindow or EnumWindows function and defining its handle. Then, using EnumWindows, we enumerate the child windows belonging to the controls (buttons, edit lines, etc.). By sending various messages to controls (this can be done using the SendMessage function), we can easily take them under our control. Disabling output to the screen is either intercepted by GDI services (difficult to implement, but acts with a bang), or by placing a distracting window on top of Keeper, for example, a browser window with a pornographic picture. Yes, a lot of things you can come up with!

The problem is that, starting from a certain time, the dull emulation is no longer valid. Keeper got the so-called "flying numbers". Like those that are used to prevent automatic registration on many sites. Before you make a payment, you must enter three graphic numbers that randomly appear on the screen. The idea, of course, is interesting, but it was borrowed obviously out of place. Severe childhood, horseradish education, deep hangover. And the head is bo-bo. However, the head has nothing to do with it. She still has no one to think about. The developers' safety techniques were clearly not taught. Fragmentary knowledge in the style of "here crammed, and here the girl was dancing, and here I was moved by a brick" and so the rod from all sides.

Keeper protection

Figure 7. Keeper's protection by flying numbers.

Why are flying numbers acting on Web servers (where they first appeared)? Yes, and only because , firstly, the security code is beyond the reach of the hacker, and, secondly, because the protection is aimed solely at robots, but not humans. For the protection of from spammers and vandals, such a measure is more than enough, but not for Keeper! Firstly, in the current versions of Keeper, flying numbers are easily recognized by a simple OCR that easily fits into a hundred kilobytes (using ready-made libraries), and secondly, the hacker code does not cost anything to capture a piece of the screen and send it to the monitor on duty at the monitor he recognized them himself, thirdly, this protection is disabled by bit-hack, i.e. by editing Keeper’s machine code, fourthly, flying numbers can be cut down through the registry (if you try to turn them off with Keeper’s means, he will ask for confirmation of the legitimacy of this operation), fifthly, even if the protection is tightened, hackers will decipher the protocol of the exchange and the creation of their own customers without any numbers there, in the sixth ... In short, there are very many ways to hack, and there is no benefit from this protection, not to mention the fact that many users still sit on old versions without flying numbers or disable them as unnecessary.

And here is another widely advertised feature - confirmation of authorization by e-mail. Everything looks iron on an innocent look - before you can do anything with our account, you need to enter a code that comes by e-mail. If the hacker will stop the * .kwm file, he will remain with the nose, and we - with the money. After all, he will not receive access to our mailbox. The logic is iron, but wrong. Mailboxes break is not so difficult (specific hacking techniques are given in many books and articles, so I will not repeat), moreover, since the hacker dragged off the * .kwm file, he would drag off the password to the e-mail. The exception is, perhaps, only the theft of smart cards and removable media with keys, but ... such theft is usually carried out either by close people who can have an e-mail, or by robbers who have received physical access to the removable media stored usually in close proximity to the computer. Well, that they should steal more and the password on the box?

Okay, what about blocking all IP addresses except yours? To begin with, in local networks, capturing someone else's address is not an insurmountable problem. Those who sit on Dial-Up usually receive dynamic IP addresses allocated from the common pool. To register them - you will get bored, and any client of the same provider will be authorized without any problems. But it is not important. No hacker to keep someone else's wallet fuck is not necessary. He will simply withdraw money with Keeper’s hands running on the victim’s computer, which probably has the correct IP and no “blocking” stops him!

The protective measures offered by developers can be listed for a very long time. Almost all of them are focused on the theft of a * .kwm file and then transmitting it over the network. For some reason, the developers think that this is the only way of hacking, although this is far from the case. They also advise you to configure the firewall correctly to prevent information leakage and regularly patch the system so that neither hackers nor worms will penetrate. Well, at the expense of firewalls, they obviously got excited. Enough to go to the popular site , to make sure that there are attacks that penetrate all personal firewalls. I also wrote about this in the "Notes of a Computer Virus Investigator", fragments of which can be downloaded from , and there is also a ready demo code.

Now let's deal with updates. Many sites that accept payment via WebMoney only work with IE, because they use ActiveX. And although plug-ins are released for alternative browsers like Opera and Fox, they work somehow and in reality IE has to be used, the number of holes in which is worthy of the Guinness book of records. That is, the creators of WebMoney themselves sit us on a leaky browser, and at the same time still carefully recommend - do not forget to be updated in time, they say. Or maybe I still change the floor? So, the problem is not in users. The problem is in the brains of the developer (more precisely, in their absence). The problem is in the concept of the whole system. The problem is in the fundamental vulnerability of the money transfer protocol and Keeper's vulnerability. Damn, how many years already have algorithms for generating "one-time" keys, in which there is simply nothing to steal and nothing to steal. But why do I know about them - quite far from cryptography and financial frauds of mice - but the developers of the payment system do not know? We understand it incomprehensibly ...

Keeper light or fight with certificates

The insecurity of the classic Keeper is a generally accepted fact, but Light is still considered quite secure: " In Keeper Classic, the key file can be dragged, the email can be cracked, etc. The keys stored on removable media can be copied to the hard drive the moment when a floppy disk or CD is inserted. That is, it is theoretically possible to get to the money, although with all precautions, it is extremely difficult. But Light with a non-exported certificate gives a 100% guarantee of security "( cafe / index.php? showtopic = 108 ).

It sounds tempting, but how do things stand in practice? Let's try to figure it out. Let's start with the question - how does Keeper Light work? Very simple. The secret key is now stored not in a * .kwm file, but in a special certificate, and all control goes via a web interface using special cryptographic protocols.

Where does the browser store certificates? Depends on the browser itself. For example, Mozilla is in the "./mozilla/defaul/<blahblahblah>/cert8.db" directory, but IE, running under Windows XP Professional, uses a rather clever system. Certificates with public keys are stored in a personal (personal) repository located in the Documents-n-Settings \ <username> \ Application-Data \ Microsoft \ SystemCertificates \ My \ Certificates directory, which is free for anyone to access (because this is public information!) . User certificates are located in his profile. Private keys are stored in the Documents-n- Settings \ <username> \ Application Data \ Microsoft \ Crypto \ RSA directory. All files located here are automatically encrypted with a random symmetric key — the user's master key, 64 characters long. The primary key is generated using the Triple DES algorithm based on the user password with which it enters the system.

What does all this theoretical bodyaga mean in practical terms? And the fact that stealing a certificate with a private key from under Windows XP will fail! That is, it will be possible to steal something, but there will be zero sense from this, since it simply will not work on someone else's computer! (That's why it is a closed certificate!). True, it can be exported, even without any special privileges. Gut the Certificate Manager program if you don’t know how. In fact, to transfer certificates from computer to computer, Keeper Light uses an exported certificate that is stored in files with the .pfx extension. They can be found both on external media and on hard drives. Here only there is one "but." The exported certificate is closed by the password assigned by the user, and in order to import it into your system, you must either throw a keylogger or try to open the password by brute force. But the first is too noticeable, the second - for a long time, so the theft of certificates is not widespread.

Password request when importing certificate

Figure 8. Requesting a password when importing a certificate.

Does this mean that Keeper Light is protected? No and no again!!! If Keeper Classic can be protected at least theoretically (install a driver that provides direct keyboard input, cuts emulators and monitors the integrity of Keeper and yourself), then Keeper Light works through a browser whose integrity cannot be controlled in principle!

The first thing that comes to mind is the already mentioned emulation. We say "start", in one way or another, hide the browser window (you just need to get its handle and you can draw on top of it), and we emulate the keystroke sequence to replenish the electronic wallet. Acts iron and inevitable. The only drawback is that each type (and, possibly, version) of a browser requires its own approach, but you can only stop on IE 5/6, as the most popular one.

With other browsers even easier. We take the source of the Fox and create a hacker mini-browser based on them, which displays nothing on the screen, but only works with wallets. True, there are not so many Fox fans among WebMoney users, but it is still better than nothing at all. By the way, let followers of IE do not feel safe. W2K source codes were stolen a long time ago and it’s quite realistic to create your own IE clone based on them, not to mention that IE is just a set of DCOM objects and even a beginner can build a browser based on them.

Keeper light

Figure 9. Keeper Light is just a WEB-interface that allows you to work with the wallet through any browser.

But what if you import the certificate before each opening of the wallet, and then remove it from the store? Indeed, this will increase security to some extent, but the hacker program can either wait for the “WebMoney Keeper :: Light Edition” window to appear, indicating that the user is logged in, or spy on the keys by passing the secret password along with the certificate over the network. So, electronic money is still in a delicate situation!

Cell phone authorization is reliable?

The latest issue of fashion was the authorization system using a cell phone. When registering with the ENUM service ( ), we are assigned a special Java application (also called a midlet) on our mobile phone, which calls itself Enum Client. It accepts five-digit numbers (for example, 09652) and generates a response based on them, and the generation algorithm is unique for each user. If there is no cell phone, a Pocket PC or any other Java-enabled device (for example, a desktop PC, only a little sense of it) will do.

The sequence of operations when you activate a payment through a cell phone or PDA

Figure 10. The sequence of operations when you activate a payment through a cell phone or PDA.

The ENUM service allows you to make purchases through the Merchant service ( ) without resorting to Keeper at all - neither classical nor clothed. It is believed that hacking an e-wallet and stealing cash in this case will not succeed: “ Scammers and virus writers use the Internet to steal valuable information from our computers. But no matter what protection we invent, firewalls, antiviruses, anti-keyloggers, anti-trojan, certificates — there is always the theoretical probability of its circumvention and theft of passwords (or Keeper’s keys, for example) from a computer, because both hackers and security tools use the ONE AND SAME channel, the Internet, and the problem of the Internet is that there is no other, alternative It’s an enum that solves this problem. It provides us with the very other channel. A hacker can get onto your computer, “hook” a Trojan virus, but it won’t be able to get into your mobile phone. it’s also impossible to get the Enum Client algorithm from one number unique to each user "( ).

ENUM system logo

Figure 11. ENUM system logo.

Merchant Service

Figure 12. Merchant service.

Is it really so? As the saying goes, "if you can not, but really want to, then you can still." The additional “communication channel” really enhances security many times, but it’s premature to talk about the impossibility of breaking in principle. Let's start with the fact that the algorithm for generating numbers for all users is still the same (disassemble the MIDlet if you do not believe), only the generation key is different and it is quite possible to pick it up. It is enough to intercept a single response for a given combination of numbers. Recovering the key does not take long and the Trojan program is quite capable. I hope no need to explain how to read a combination of numbers from the edit window.

In addition, cell phones contain a bunch of holes. IR protocols and Blue Tooth are literally teeming with them. Magazine "Hacker" repeatedly wrote about this. If the victim has a cell phone or PDA, then perhaps it also has a Blue Tooth or IR adapter, which keeps it constantly on. An attacker can send any AT commands to the phone, run midlets, or read their contents. And what? You can pin and write a virus that steals e-wallets and transmits them via cell phone! Bypassing all firewalls! Here you have an additional communication channel!

However, all this nagging old mysh'hastnogo hacker. The mood is just bad. It is raining, and only Sirenia saves from depression (a very powerful gothic band from faraway Norway - I recommend it). If you look soberly in your eyes (such red eyes are small, like beads), you must admit that ENUM is very difficult to hack, so there is a certain point in it. But this does not mean that you can start an e-wallet and safely put $ 100,000 on it. Then just hacked!

Payment activationPayment activationPayment activation

Figure 13. Activation of payment by cell phone through the ENUM system.

How to break exchangers

Hacking exchangers is not included in our plans (not everyone has his own exchanger, and it is illegal to break others), therefore, we only note the main points. From a hacker's point of view, the exchanger is a site, usually managed by PHP and working under Linux / BSD / NT.

Here, through errors in PHP scripts, they are most often broken. Also, some Web-programmers leave the "back door" in case they suddenly want to eat, but there is nothing to eat. Rarely break the axis. The greatest number of holes, naturally, has NT and all systems derived from it (including the praised Windows 2003 Server). Linux and BSD are a bit more difficult to break, but ... if you take a security scanner (for example, X-Spider), you may find that many of them have a clumsy SendMail or a rusted Apache. Buffer overflow, shell code sending and server in our hands!

Hacker's Workplace

Figure 14. The workplace of the hacker.


Hacking WebMoney is not a myth, but a harsh reality and you cannot be 100% secure even if you are a security expert. There is always the risk of catching a virus through an unknown hole in the operating system or browser, and if a backup saves the loss of operational data on the hard drive, physical confusion of the Intranet from the Network prevents it from disclosing confidential data, then nothing steals from electronic money!


Figure 15. Sireina - gothic hacker music that sausage mysh'a.