About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit- 579

Roy DavisPosted 4 Years Ago
  • The dream for any hacker; dumping all of the money out of an ATM. The goal of the research was to have a fully operational ATM in his office.
  • Purchasing ATMs is surprisingly easy! The author simply looked on eBay to find one for $220. The ATM was bolted to the ground, they had no key and no pin; not a great start! The ATM had been purchased from a place that was shut down and everything sold. The author used a jackhammer in order to remove the ATM from the cement of a building.
  • The ATM uses a cylindrical lock. By using this special tool (unnamed), the lock comes out instantly. However, you can simply buy the key on eBay for the safe as well. We are in the physical ATM now!
  • The PIN number is encrypted at the PINpad level. This means that the computer does not see the PIN ever. The bank communicates over the internet in order to get the actual bank. To see the traffic, the author become a licensed ATM handler, which costed around 5K to do. With the encrypted traffic, the ATM allows you to use your own self-signed certificate.
  • On this ATM, the combination for pulling on the admin panel is enter, cancel, 1,2,3. There are also three default users with default passwords that did not work. After trying and trying, the author could not figured out the password. They ended up doing a factory reset to get the default version of the firmware; but, this required that the vault with the money be open!
  • Well, this is just a sensor, right? The author followed the wire and noticed that it is accessible from the front of the ATM. It turns out that the ATM sensor fails open if removed. Now, the ATM thinks that the vault is open even though it is not! We still want to open the vault though.
  • The author bought the safe that was used for the vault and reverse engineered how it worked. The main thing to note was that the voltage changed depending on the key being pressed. After reversing this process they created a device to sniff the traffic happening on the pinpad. If somebody entered the code, it could be recorded!
  • The ATM has a tiny hole that can be used to power the lock. If this is powered, then it opens the lock for us! Additionally, shorting out two pins to this and applying power will reset the lock to 555555. Once in the vault, thousands of dollars were still in the vault. Time well spent for a hack :)

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed