No.104602
Hello 8chan and /b/, I have some info, and some questions. I recently stumbled across a copy of some rather interesting software which I can't seem to really find anything out about. I was hoping that maybe a collective group of minds could find a use for this.
The software I have is called APTRA Interactive Teller software made by a company called NCR. It appears to be some kind of an IDE or OS for ATM's. It is marked as being released s of October 2014 so it is relatively recent. I have the original documentation, installation manuals, certification, product keys, a number of something called Global XFS Licences, a number of package updates for this software like an EDGE bundle/US Currency templates/APTRA Image Extensions, along with all the manufacturer packaging and shit. It appears to have networking flexibility to work with existing ATM's running other firmware/OS's as well. It looks really intriguing but I really have no information about this software; The information it comes with only tells me how to install it, not what it does or how to use it. I don't exactly have a spare ATM lying around to install and test it on so currently I am looking into the right setup to get a VM to run it.
These are the questions I have; What is the current-day state of ATM hacking/fraud? Any ideas what can be done with this software? Reverse engineering to make an ATM virus, remote ATM hack/lock trigger/PINlog, ANYthing useful? Does this software possibly hold any value if sold on the black market?
Thanks and I appreciate any help/response. Once I recieve enough valid information on this software I may decide to release it to the public if it is useful.
Feel free to email me if you prefer not to post here; Ericveil@mail2tor.com
No.104641
next time please delete exif
No.104642
>>104602
Where the fuck did you get that?
No.104643
>Runs WindowsCE.
The boot up looks like this:
MK.exe–FILESYS.exe–registry
||
HKLM\init
What you do is extract the DVD image from your disc and re-compile the image with "explorer.exe" patched to the the "HKLM" file. Then in the bootloader FILESYS.EXE find the executable after "CreateProcess()" and rewrite the string with explorer.exe
You might need a copy of JTAG
No.104644
>>104642
Do you sincerely think you will get an answer to that question?
No.104645
>>104644
dubs speaks truth,
So what is the goal here?
You can do a few things from
explorer.exe
No.104648
>>104602
Holy shit op, you struck fucking gold m8
No.104675
Came here for dl link.
Where is it?
Or is OP just another faggot looking for knowledge without giving anything back?
No.104679
>>104644
Something vauge maybe.
No.104693
>>104602
The disk says windows 7 professional, why don't you run a VM with W7 and boot the disk?
Also, maybe use wireshark or something to monitor network traffic and see if the software connects to anything interesting?
No.104874
I've tried running it on a VM but it didn't go very far before setting itself into an eternal loop. If I can get it running that would be exactly my plan, to see if there are any hardcoded connections that can be extracted and tested for vulnerability.
For obvious reasons I cannot/will not discuss my source. But I can obtain 'legitimate' copies of this software if anyone is truly interested. It is 19 CD's in total, includes a wide range of extension software as said in OP plus update packages and what appear to be a set of licenses. As I said email me.
Judging by responses the potential is there so I will keep trying. Once I know exactly what I have, I will consider releasing it on a more public basis, hopefully by torrent or a file drop.
No.105163
emailed op almost 5 days ago and no response so op is and always will be a faggot
No.105219
Well forgive me I don't check that email often.
I've got it fully installed, and functional for the most part. I've applied as many of the update packages as I can, though there are some I've frankly no idea what to do with. I think I may have also found "The interesting stuff" as the folder I've included as pic seems to contain all the hardware interaction stuffs for releasing/loading cash, etc. For those of you who emailed me give me an hour or so to find an anonymous file dropper that will let me upload a file big enough, and I will include what you see there.
No.105269
>>105219
This looks like a goldmine OP. You know what a good number of anon's could do with something like this? Pic related.
No.105360
>>105219
From the file names you've got there, looks like it's the software for one of those self checkouts like at Walmart and Kroger
No.105379
> I have the original documentation, installation manuals, certification, product keys, a number of something called Global XFS Licences, a number of package updates for this software like an EDGE bundle/US Currency templates/APTRA Image Extensions, along with all the manufacturer packaging and shit.
Well quit dicking around and post it faggot.
No.105385
File: 1450750571678.png (177.34 KB, 500x401, 500:401, tumblr_inline_njmpjcENWf1r….png)
No.105386
>>104602
Looking further in, you might not have stumbled upon anything. Looks like just a cashier computer system to me.
No.105446
No.105447
>>105386
And it also produces ATMs and their software.
No.105459
APTRA is ATM shit
post a fucking image of the DVD already faggot
No.105784
>>105459
bump fucking jew shit
dump your shit on mega, will make some poc exploits
No.105813
>>104602
You could sell copies of the contents of the disk for slightly less risk factor. Too bad the more you distribute it you lessen the value of it.
No.105919
My hope was to sell either a set of the original installation media itself or a copy of the working system. That way I get some kind of commitment from whoever gets a copy. I just feel it's better that way.
That said, no offers yet.
Here is a set of files I dumped off. They are mainly install logs and original APTRA Docs but there are some other interesting things in there as well.
>pic related, kind of
No.105920
No.106101
>>105920
jesus yes.
thx for that, but maybe do some kind of a hash list next time, idk.
also:
NetRange: 149.25.0.0 - 149.25.255.255
Organization: NCR Corporation (NCR)
would you also be so kind, and include a registry dump? and maybe the executables, if you have the time for it.
No.106102
>>106101
also found this in PinPad.log
PinPad.bat Error Occurred
Configuring EPP 1DES …
Configuring Single DES - Secure Key Entry …
Copied EncryptionKeys.xml (SECURE) …
Updated DD with encryptionkeymode (SECURE) …
NEAT SHIT
No.106103
>>106102
again, shit of interest
> Next: C:\Install\Activate.bat [>VDDEcho.log]
look into the uilog.txt file. it seems that there's much interesting shit in C:\Install\
> User Account=SSTAdmin1 [>Activity.log]
> System Software info.txt
all that listed shit, dude
Thank you OP, my penis is now fully expanded.
requesting C:\Install\ (maybe)
and ofc registry dump
if this gets rm'd or so, look in your email shit.
also, if someone finds neat shit in the files, please include filename and maybe cursor location
No.106112
Sorry, hash list? Hashes of what?
I've debated registry dumps and etc. I would like to keep the inner contents as exclusive as possible for now in case of sale/trade.
No.106193
>>106102
>copied encryption keys
well i dont know much but that means something important
No.106397
>>104602
Good thread goys. Not much of a reverse engineer/software analyst but this seems to have potential.
No.106425
>>106397
but he wont sack up and release it so who cares I guess
No.106426
>>106397
but he wont sack up and release it so who cares I guess
No.106615
it'd be nice if he posted the actual nice shit
No.106692
No.106743
>>104602
How much would you ask for those things?
No.106761
No.106777
I wouldn't ask much, considering it is black market software. Although with the setup I have someone could potentially buy this and use it to "refurbish" old ATMs and sit to make much more profit than I, obviously, but I'm willing to take that loss.
As I said, offer me. ~$100USD or 0.250 BTC is the smallest amount I would even consider, so there is a guideline for you.
No.106893
>>106777
I'll give you 20$
No.106894
>>106893
And if a couple other anons were willing to pay we could crowdfund it or something, and then post all the relevant data here
No.106911
ya this is cool and all and it would be great to see but i dont want to get v8'd for money for black market software. post it for free and hope for btc donations but fuck that.
No.106917
Pff, donations. That's pretty laughable. It's pretty safe to say that if I don't get anything from you up front I won't get anything at all. I would rather try my own hand at exploiting the system and keep all knowledge of said exploitations private.
Call it selfish if you will, but remind me again, who are you and why exactly do I want to give you hundreds of dollars in commercial software for free?
If you're trying to tell me that it doesn't have value.. To each their own I guess.
No.106925
im drunk
can someone explain what is going on?
someone hacking ATMs?
nigga, how to do that even?
gimme a source of books to learn how to hax and reverse engineer shit, im gonna learn after I stop being drunk
No.106932
>>106917
Why do you expect anyone to trust that you would honor the deal? You haven't even given convincing proof you have the software, just a image of a disc that isn't even timestamped, and ATM/POS software almost certainly has licensing protections and security measures much more difficult than any DRM. You have done nothing to crack it, and given no proof that you have cracked it. Putting money up front in an anonymous deal on the internet is beyond retarded, so you wont have any buyers.
>It's pretty safe to say that if I don't get anything from you up front I won't get anything at all. I would rather try my own hand at exploiting the system and keep all knowledge of said exploitations private.
Then do it faggot, no one is going to buy it with money up front, and it really isn't worth much if the software isn't cracked yet.
No.107067
>>106932
>haven't even given convincing proof you have the software
You mean aside from posting a log of the filesystem of an installation of said software as well as multiple sets of files from said filesystem? Please.
Unless you plan to try and use this software to refurbish actual ATM's which will be in use, I don't know why you would waste your time cracking this. It's not even necessary.
No.107215
No.107235
>>105219
>>104602
l'm an IT tech for a small business chain and NCR is the developer of the software we use, as well as the hardware and touch screen monitors that are used for cash registers.
What it looks like you have is the OS disk for self-checkout terminals. One thing that stuck out at me was the "CoinDispenser.dll" in >>105219 That's for pic related.
Most of the other files are self explanatory as to what they do. The ones that might be a bit deceiving is the "depositroy.dll" files. This is not for bank deposits, but rather when you deposit money in the self checkout machine to pay. The next, "DocumentPrinter" is for printing your receipts.
No.107271
>>107235
aka, it's not atm machines, and also completely useless?
No.107283
Do a simple Google on NCR APTRA or NCR EGDE and you will clearly see it is ATM software.
However self-checkout terminals would be amusing to hack as well… The possibilities for free shit is endless.
No.109903
No.109904
Make an .ISO rip of the disc and send the link for the DL.