This page has been robot translated, sorry for typos if any. Original content here.

Hacking and protection WebMoney

Despite all the assurances of the developers, the WebMoney system is catastrophically unreliable and is opened literally with a fingernail. There are many worms, trojans and hacker groups specializing in the theft of electronic wallets, thefts of which have become widespread. Want to know how to do this and how to protect yourself?

Introduction

Let's start with what cannot be. No "WebMoney generators" exist and cannot exist in principle. All cash is stored on the central server of the operator, and electronic wallets are only a means of access to it. Roughly speaking, from the fact that you will generate a combination of numbers for a combination lock, money and jewelry will not appear in the safe yet. And although it is possible to choose a code for someone else’s safe, the probability of opening it without the owner’s help (hussars! We remember, but are silent about the soldering iron) is so small that you don’t even need to talk about it!

But to steal someone else's combination is quite real! This is what the "WebMoney generators" are doing. They either make a duplicate from the electronic wallet and transfer them to the attacker, or they secretly call Keeper and transfer to their account. Similarly, viruses and trojans work. Targeted attacks on a specific victim are also noted. Can you protect yourself from them? The WebMoney system, developed by non-specialists, was originally designed without regard to security, and although a whole series of “fire-fighting” measures have been recently added, retrospectively stuck, the situation remains critical. Users get confused in security systems, the support service gives rather vague and vague recommendations (update Windows, configure a firewall, etc.), and in the meantime, e-wallet thefts continue.

We do not set ourselves the task of teaching anyone to steal, we just want to show and prove (!) That the WebMoney system is really very unreliable and was not even designed by an ass (the spinal cord adjoins it nevertheless), but in general it’s not known what . There will be no vague words (lest we be accused of slander), but there will be no concrete recommendations. We do not give ready-made attacking programs and do not say which bytes you need to hack, but believe me - all the necessary hacker tools can be created from scratch in one night - holy time for hackers!

But first things first. Let's not rush ahead and pop the laser disk into the drive, especially since we still need the latter.

They emerge from the darkness, withdraw all electronic money and go nowhere

Figure 1. They appear from the darkness, withdraw all electronic money and go nowhere.

WHAT IS POSSIBLE AND WHAT IS IMPOSSIBLE (DISCLAIMER)

You can experiment (for educational purposes) only with your own electronic wallet or with the wallets of those who have given written permission. Unauthorized interference in other people's systems and wallets is strictly unacceptable !

They catch those who appear from the darkness, and lead into a world where there is no return

Figure 2. They catch those who appear from the darkness, and lead into that world from which there is no return.

Beginning of beginnings or classic missionary

The WebMoney system is a kind of analogue of ordinary bank checks, which means that to make payments we must first register on the operator’s central server and open an account, which is already a huge drawback, okay.

We go to www.webmoney.ru , download the Keeper Classic program, launch it (by the way, I still couldn’t get to work through a proxy server, I had to raise NAT and map 2802), fill in the registration data (from lantern or honestly), we invent any password to our liking, after which the program proceeds to generate a secret key and asks us to twitch the mouse and press the keys. This is necessary in order to get really random data, as if the pseudo-random timer-based generator is not suitable here. Amid the general insecurity of the system, flaunting with the words RSA, RC5, MD4, MD5, SSL is simply stupid. However, the psychological calculation of the developers is quite understandable to me. If the secret key will be generated in a split second - which user will believe in it?

She doesn’t appear anywhere, catches anyone, but just sits and solders

Figure 3. She does not appear from anywhere, does not catch anyone, but simply sits and solders.

Anyway, upon completion of registration, we are assigned a unique 12-digit WMID (Web Money ID), and a key pair is generated. The public key is transferred to the central server of the WebMoney operator, and the secret key is saved in a file with the * .kwm extension (Key of Web Money), which can be located on the hard drive, removable media or smart card. In short, ordinary asymmetric cryptography like PGP.

Another * .pwm file is created that stores information about our wallets (current balance, transaction history, etc.). In principle, it is optional, because all the information is located on the central server of the operator. Keeper can work without a * .pwm file, automatically loading data from the network, though only in the last three days. As a matter of fact, a * .kwm file is also optional and can be restored. To do this, you need to know the password, have access to the mailbox specified during registration, as well as a notarized statement that you did not moose (more about this can be found here: http://www.owebmoney.ru/returnkey.shtml ). Purely theoretically, a hacker can hack our money only on the basis of a password, but in practice this is too troublesome and unsafe.

The secret information governing access to the wallet is just a kwm key. WMID is published openly everywhere and this is normal. Knowing the WMID, you can find out the registration data of the user that he marked "open", but you can not determine the number of his wallet (s).

Wallet number - this is a secret information. Knowing the wallet number, we cannot get money from it, but we can invoice by filling out the "purchase description" field as plausibly as possible. The method is, of course, stupid, but there is some chance that it will pass. Users who regularly pay a large number of small bills are gradually getting used to not paying attention to them and checking the column "from whom" only when in doubt. Of course, there is no buzz in this method of hacking, moreover, an attacker can be very good at getting burned and go to the company of uncles who will tear his ass, so he never found any noticeable popularity.

We expose the victim to a left but plausible account

Figure 4. We expose the victim to a left but plausible bill - what if he pays?

But the theft of kwm files is booming. By default, keys are stored in keys.kwm, but, in principle, the file name can be anything, as well as the extension. Most hackers and trojans perform a stupid search using the * .kwm mask, so renaming the key file in dontreadme.txt to some extent increases our security, but advanced hackers can get into the registry, where Keeper stores its settings and spy on the file path. You can also search by its contents, scanning all files (though this will take a lot of time and cause suspicious disk activity). Food lovers will surely catch the CreateFile API call showing which files Keeper opens. And even if the format of the registry settings is changed in future versions, the CreateFile option will continue to work (hint: if the developers were not idiots, they would create several files with keys - one genuine, all the rest - watchdogs, when accessed by a signal anxiety).

Hide the kwm file away from hackers

Figure 5. Hide the kwm file away from hackers.

By default, the size of the key file is 1.2 MB (exactly, on a floppy disk), but if desired, it can be increased up to 100 MB. This makes it difficult to steal a key with transmission over the Internet, and, in general, does not create any insurmountable inconvenience. 100 MB is half a mini CD-R, one Zip-100M or two CD-Rs in business card format. Of course, the system performance will drop to some extent (you won’t read the huge file right away), but the security is worth it. Or not worth it? Dropping 100 MB on a local network is not a problem; on a DSL modem or cable Internet, too. And even the shameful by today's standards modem at 33600 will transfer this file in ~ 70 hours. Not so much, if you recall that almost none of the users will regenerate the keys every day. Having cut the file into small pieces transmitted in the background, it is quite possible to drag it out in two or three weeks, although this will be the most stupid and unpromising way.

If a hacker has infiltrated a foreign system (and you can infiltrate it in different ways), he doesn’t need to upload a file to his memory, open a wallet, transfer money to his account and crash a hard drive so that the victim cannot enter the Internet and complain who should . By the way, to the account "complain". There are not so many options and there’s no help from where to wait. Well, except from the Lord God (if you're real god, return my money, you sic fuck) yes to the brothers. If we still have access to WMID (what a stupid hacker I got!), You can determine the WMID to which the money was transferred, go to the Arbitration Service website ( http://arbitrage.webmoney.ru/ ), pay the arbitration fee (and To do this, you must have WebMoney, which the attacker has cleaned up with us) and block the hacker's wallet. Only if the hacker is not eligible, the money will be transferred to e-gold in a few minutes or withdrawn from the system in any other way, so that it will not be on his wallet and there will be nothing special to block. By the way, wallets with an initial or personal certificate are blocked only by decision of the arbitration commission, that is, it is enough to take a certificate and ... Just do not say that certificate holders do not steal, as they communicate their passport data. Agashchazblin! Taki yours? Everyone is not too lazy to issue certificates and to hope that they are all honest, conscientious and incorruptible people, just naive, especially when it comes to money, even electronic. A person who intends to steal $ 100,000 (and why not) will receive without problems not only a fig certificate, but also a fake passport. Well, and then whom to look for on this certificate ?! Even if the Ministry of Internal Affairs officers forged passports on the stream, which TV has repeatedly talked about (and this is already a crime), what can we say about "certificates", which generally have no legal status ?!

However, the situation with the transfer of stolen money through several wallets was nevertheless considered by the developers, and they carefully worked out about ... intruders! Judge for yourself. After submitting the aforementioned claim, the victim should contact the Administrator of the Arbitration Service (WMID 937717494180, arbitrage@webmoney.ru) and ask him to trace the entire chain. The whole "charm" is that the Administrator works only from Monday to Friday from 10 to 18 hours in Moscow. We are supposedly not a rescue service, and we also want to sleep. Very good payment system, I tell you !!! Despite the fact that the withdrawal of money from the system is carried out almost instantly and the account goes for minutes, the administrator, you see, wants to buy. I do not understand, is it a student hostel or a payment system ?! What was it worth at a millionth turnovers (which the advertisement never ceases to mention) to hire several people for round-the-clock support ?! Indeed, in this case we are talking about money! Naturally, it is safest for hackers to steal either at midnight or at the weekend. But that’s all right, let’s leave empty words and get to know Keeper better.

Keeper inside and out

Here some admire how the developer managed to squeeze so much into Keeper’s volume (“ I don’t know about you, but I sincerely bow to those who managed to put such a“ tasty ”filling into 2 megabytes of the Keeper Classic distribution, and even pack it beautifully this is the case outside ", http://www.owebmoney.ru/clashistory.shtml ). And what, in fact, did they put in it? Of course, in our age, when "Hello, World!" hardly intervenes on the laser disc, programs occupying "just" a few megabytes already respect ...

The main volume (~ 2.2 MB) is occupied by WMClient.dll which, in fact, Keeper itself is. This is a DCOM object written in Microsoft Visual .NET with compilation into machine code, not packaged in any way and, I repeat, does not interfere with my analysis. There is no encrypted code, no p-code, no anti-debugging techniques, no counteraction to the disassembler, dumper, API spy. Nothing! Take-and-analyze! In any case, version 2.4.0.3 (the latest at the time of this writing) behaves just like that. If the developers were even a little smarter, they would either use Microsoft Visual C ++ 6 (the famous “six”) plus any high-quality protector (for example, ExeCryptor), or compile the NET application into p-code, which is much more difficult to disassemble.

WebMoney.exe (~ 180 Kbytes) is just a launcher and there is nothing interesting in it, nevertheless it is worth disassembling it. At least then, to laugh at the developers and evaluate their qualifications.

Keeper Classic in the disassembler

Figure 6. Keeper Classic in the disassembler.

So, we will assume that hacker code executing with user privileges is installed on the computer with Keeper installed (we will agree that we have not been given administrator rights and, although increasing our privileges from the user to system in W2K / XP, in general, not a problem, not to mention 9x, where there was no separation of privileges spawning, we will act in Spartan conditions, close to fighting). What we can do? We have two ways. Pre-disassemble Keeper, restore the communication protocol with the server, wait for the media to be inserted on which the secret key lies and ... then fantasize yourself. Personally, I poke around in Keeper's laziness. Disassembling is a painstaking task and it can take more than a week to restore the exchange protocol. The use of sniffers significantly reduces this period, but it’s still “broken”. It is much easier and more efficient to steal money with the hands of Keeper himself. We install a spy that intercepts keyboard input, wait for WMID to be entered, or determine it in other ways, because WMID is not a secret for anyone (the first method is mainly used by viruses, the second is good for targeted attack), then at one “fine” moment ( after 18 hours or on a day off) turn off the screen output, run WebMoney.exe and by emulating keyboard and mouse input everything we wanted. For example, we replenish the victim’s wallet. Why not?! We're breaking our own wallet, right? Here we replenish it! We are not gangsters, but honest hackers!

The technique of emulating input is described in detail in Notes of Mysh, the electronic version of which can be chewed for free from my mouse ftp server ftp://nezumi.org.ru/ (I just remind you that it is not available all the time), to in addition, an article "Breaking WebMoney" was published in Hacker's 67 issue, which describes all this. So we will not breed demagoguery and chew rubber a hundred times. We note only the general mechanism. First, we find the Keeper window by calling the FindWindow or EnumWindows function and define its handle. Then, using EnumWindows, we list the child windows that belong to the controls (buttons, edit lines, etc.). By sending control messages a variety of messages (this can be done using the SendMessage function), we can easily take control of them. Disabling output to the screen is carried out either by intercepting GDI services (it is difficult to implement, but it works with a bang), or by placing a distracting window on top of Keeper, for example, a browser window with a pornographic picture. Yes, you can come up with a lot of things!

The problem is that, starting from some time, dull emulation has ceased to work. Keeper acquired the so-called "flying numbers." Like those used to prevent automatic registration on many sites. Before making any payment, you must enter three graphic numbers that randomly appear on the screen. The idea, of course, is interesting, but it is obviously borrowed out of place. Severe childhood, bad education, deep hangover. And the head is bo-bo. However, the head has nothing to do with it. All the same, she has no one to think about. The security techniques of the developers were clearly not taught. Sketchy knowledge in the style of "crammed here, and then the girl danced, and then they moved me with a brick" and the rod from all sides.

Keeper's defense

Figure 7. Keeper’s protection with flying numbers.

Why do flying numbers act on Web servers (where they first appeared)? Yes, and only because , firstly, the security code is outside the reach of the hacker, and, secondly, because the protection is aimed exclusively at robots, but not humans. To protect mail.ru from spammers and vandals, such a measure is more than enough, but not for Keeper! Firstly, in the current versions of Keeper, flying numbers are easily recognized by the forgiving OCR, which can fit a hundred kilobytes (when using ready-made libraries), and secondly, the hacker code doesn’t need to grab a piece of the screen and send it to the hacker on duty in order to he recognized them independently, thirdly, this protection is disabled by a bit hack, i.e. by editing Keeper’s machine code, fourthly, flying numbers can be cut out through the registry (if you try to disable them using Keeper’s own tools, he will ask for confirmation of the legitimacy of this operation), fifthly, even if the protection is tightened, hackers will have to decrypt the exchange protocol and create their own clients without any digits there, sixth ... In short, there are a lot of ways to hack and there is no benefit from this protection, not to mention the fact that many users are still sitting on older versions without flying numbers or disable them as unnecessary.

And here is another widely advertised feature - confirmation of authorization by e-mail. To an inexperienced look, everything looks iron - before you can do anything with our account, you must enter the code that will come by e-mail. If the hacker breaks the * .kwm file, he will remain with his nose, and we with money. After all, he will not get access to our mailbox. The logic is iron, but wrong. Mailboxes break down is not so difficult (specific hacking techniques are given in many books and articles, so I won’t repeat it), besides, as soon as the hacker removed the * .kwm file, he will also remove the password by e-mail. The exception is, perhaps, only the theft of smart cards and removable media with keys, but ... such theft, as a rule, is carried out either by close people who can also have e-mail, or by robbers who gain physical access to removable media stored usually in close proximity to a computer. Well, what should they steal also the password for the box?

Okay, what about blocking all IP addresses except yours? To begin with, on local networks, capturing someone else’s address is not an insurmountable problem. The one who sits on Dial-Up, as a rule, receives dynamic IP addresses allocated from the general pool. To register them - you get a little sick, and any client of the same provider will be authorized without problems. But it is not important. No hacker needs to keep the fucking wallet of anyone else. It will simply withdraw money with the hands of Keeper running on the victim’s computer, which probably has the correct IP and no “blocking” will stop it!

The protective measures proposed by the developers can be listed for a very long time. Almost all of them are focused on the theft of a * .kwm file with its subsequent transmission over the network. For some reason, developers think that this is the only way to hack, although this is far from the case. They also advise you to "configure" the firewall correctly to prevent information leakage and regularly patch the system so that neither hackers nor worms penetrate. Well, at the expense of firewalls, they clearly got excited. It’s enough to go to the popular site http://www.firewallleaktester.com/ to make sure that there are attacks that penetrate all personal firewalls. I also wrote about this in "Notes of a computer virus researcher," fragments of which can be downloaded from ftp://nezumi.org.ru/ , and there is a ready-made demo code.

Now we will deal with the updates. Many sites accepting payments through WebMoney only work with IE, because they use ActiveX. Although plug-ins have been released for alternative browsers such as Opera and Fox, they work somehow and in reality you have to use IE, the number of holes in which is worth the Guinness Book of Records. That is, the creators of WebMoney themselves put us on a leaky browser, and at the same time they carefully recommend - do not forget to update in time, they say. Or maybe I also have to change the floor ?! So the problem is not with the users. The problem is in the brains of the developer (more precisely, in their complete absence). The problem is the concept of the whole system. The problem is the fundamental vulnerability of the money transfer protocol and Keeper's insecurity. Heck, how many years have existed algorithms for generating "one-time" keys, in which there is simply nothing to steal and nothing. But why do I know about them - far from cryptography and financial fraud of the mouse - but the developers of the payment system do not know ?! It was unclear to anyone ...

Keeper light or certificate fight

Classic Keeper’s insecurity is a generally accepted fact, but Light is still considered quite secure: “ In Keeper Classic, the key file can be dragged in parts, email can be hacked, etc. The keys stored on removable media can be transferred to the hard drive in the moment the floppy disk or CD is inserted. That is, it is theoretically possible to get to the money, although it is extremely difficult to follow the precautions. But Light with a non-exported certificate gives a 100% security guarantee "( http://owebmoney.ru/ cafe / index.php? showtopic = 108 ).

It sounds tempting, but how is this in practice? Let's try to figure it out. Let's start with the question - how does Keeper Light still work? Very simple. The secret key is now stored not in the * .kwm file, but in a special certificate, and all control is via the Web interface using special cryptographic protocols.

Where does the browser store certificates? Depends on the browser itself. For example, Mozilla is in the "./mozilla/defaul/ <blahblahblah> /cert8.db" directory, but IE running Windows XP Professional uses a rather sophisticated system. Certificates with public keys are stored in a personal repository located in the Documents-n-Settings \ <username> \ Application-Data \ Microsoft \ SystemCertificates \ My \ Certificates directory, which is free for everyone to access (it's open information!) . User certificates are located in his profile. Private keys are stored in the Documents-n- Settings \ <username> \ Application Data \ Microsoft \ Crypto \ RSA directory. All files located here are automatically encrypted with a random symmetric key - the user's main key (user's master key), length of 64 characters. The primary key is generated using the Triple DES algorithm based on the user password with which it enters the system.

What does all this theoretical tramp in practical terms mean? And the fact that stealing a certificate with a private key from under Windows XP will fail! That is, it will be possible to sneak, but there will be no sense in this, since it simply won’t work on someone else’s computer! (That's why he is a closed certificate!). True, it can be exported without even having any special privileges. Gut the Certificate Manager program if you don’t know how. In fact, to transfer certificates from computer to computer, Keeper Light uses an exported certificate, which is stored in files with the .pfx extension. They can be found both on external media and on hard drives. But there is one “but” here. The exported certificate is closed with a password assigned by the user, and in order to import it into your system, you must either drop the keylogger or try to open the password by brute force. But the first is too noticeable, the second is long, so the theft of certificates is not widespread.

Password request when importing certificate

Figure 8. Password request when importing a certificate.

Does this mean that Keeper Light is protected? No and no again!!! If Keeper Classic can be protected at least theoretically (install a driver that provides direct keyboard input, cuts off emulators and monitors the integrity of Keeper and himself), then Keeper Light works through a browser whose integrity cannot be controlled in principle!

The first thing that comes to mind is the already mentioned emulation. We say "start https://light.webmoney.ru", in one way or another, hide the browser window (just get its handle and you can draw on top of it, whatever) and emulate the sequence of keystrokes to replenish the electronic wallet. It acts ironly and inevitably. The only negative - each type (and, possibly, version) of the browser requires its own approach, but you can stop only on IE 5/6, as the most popular one.

With other browsers even easier. We take the sources of Fox and create a hacker mini-browser based on them, which displays nothing on the screen, but works with wallets only like that. True, there are not so many Fox fans among WebMoney users, but this is still better than nothing at all. By the way, let the adherents of IE do not feel safe. W2K sources have been stolen for a long time and it’s quite possible to create your own IE clone based on them, not to mention that IE is just a set of DCOM objects and even a beginner can assemble their browser based on them.

Keeper light

Figure 9. Keeper Light is just a WEB interface that allows you to work with your wallet through any browser.

But what if you import a certificate before each wallet is opened, and then delete it from the store? Indeed, this will increase security to some extent, but a hacker program can either wait for the WebMoney Keeper :: Light Edition window to appear, indicating that the user is logged in, or spy on the keys, transmitting the secret password along with the certificate over the network. So, electronic money still remains in a delicate situation!

Is Cell Phone Authorization Reliable?

The latest fashion was the system of authorization using a cell phone. When registering with the ENUM service ( http://enum.ru/ ), a special Java application (also called a midlet) that calls itself Enum Client is installed on our mobile phone. It takes five-digit numbers (for example, 09652) and generates an answer based on them, moreover, the generation algorithm is unique for each user. If there is no cell phone, Pocket PC or any other device with Java support (for example, a desktop PC, is suitable, only it will make little sense).

The sequence of operations when activating a payment through a cell phone or PDA

Figure 10. The sequence of operations when activating a payment through a cell phone or PDA.

The ENUM service allows you to make purchases through the Merchant service ( https://merchant.webmoney.ru /) without resorting to Keeper at all - neither classical nor clothed. It is believed that in this case it will not be possible to break into an electronic wallet and steal cash: " Fraudsters and virus writers use the Internet to steal valuable information from our computers. But whatever protection we invent - firewalls, antiviruses, anti-keyloggers, anti-trojans, certificates - there are always the theoretical likelihood of it being bypassed and stolen passwords (or Keeper keys, for example) from a computer, because both hackers and security tools use the SAME channel - the Internet. And the problem with the Internet is that there is no other alternative a good channel for storing and transmitting information. So, ENUM solves this problem. It provides us with the same other channel. A hacker can get into your computer, "hook" a Trojan virus, but it cannot get into your mobile phone. what unique for each user Enum Client algorithm from one number gets another is also impossible "( http://owebmoney.ru/enum.shtml ).

ENUM system logo

Figure 11. Logo of the ENUM system.

Merchant Service

Figure 12. Merchant service.

Is this really so? As the saying goes, "if you can’t, but really want to, then you can still." An additional “communication channel” actually enhances security many times, but talking about the fundamental impossibility of hacking is premature. To begin with, the number generation algorithm for all users is still the same (disassemble the MIDlet if you do not believe it), only the generation key is different and it is quite possible to select it. It is enough to intercept one single response for a given combination of numbers. Key recovery will not take much time and the Trojan can do it. Hopefully no need to explain how to read the combination of numbers from the edit window.

In addition, cell phones contain a bunch of holes. IR protocols and Blue Tooth are literally teeming with them. The Hacker magazine has repeatedly written about this. If the victim has a cell phone or PDA, then perhaps she also has a Blue Tooth or IR adapter that keeps it constantly on. An attacker can send any AT-commands to the phone, execute midlets or read their contents. What ?! You can joke and write a virus that steals electronic wallets and transfers them through a cell phone! Bypassing all firewalls! Here you have an additional communication channel!

However, all this is the nit-picking of an old mouse hacker. The mood is just bad. It is raining, and only Sirenia saves from depression (I recommend a very powerful Gothic group from faraway Norway). If you face the truth soberly (in such red mousy’s eyes - small, like beads), you must admit that hacking ENUM is very difficult, so there is still some sense in it. But this does not mean that you can start an electronic wallet and boldly put $ 100,000 on it. Then definitely hack!

Payment activationPayment activationPayment activation

Figure 13. Activation of payment by cell phone through the ENUM system.

How to break exchangers

Hacking exchangers is not part of our plans (not everyone has their own exchanger, but breaking others is illegal), so we’ll only mention the main points. From a hacker point of view, the exchanger represents a site, usually managed by PHP and running under Linux / BSD / NT.

It is through errors in PHP scripts that they are most often broken. Also, some Web-programmers leave the back door in case they suddenly want to eat, but there will be nothing to eat. Less often break the axis. Of course, NT and all its derivative systems (including the vaunted Windows 2003 Server) have the largest number of holes. Linux and BSD are a little more difficult to break, but ... if you take a security scanner (for example, X-Spider), you will find that many of them have clumsy SendMail or rusted Apache. Buffer overflow, shell-code sending and server in our hands!

Hacker workplace

Figure 14. Hacker workplace.

Conclusion

Hacking WebMoney is not a myth, but a harsh reality and you cannot be 100% secure, even if you are a security expert. There is always a risk of catching the virus through a still unknown hole in the operating system or browser, and if reservations save from the loss of operational data on the hard drive, physically disconnecting the Intranet from the Network from disclosing confidential data, then nothing can save from the theft of electronic money!

Sireina

Figure 15. Sireina - Gothic hacker music that sausages the mouse.