MacTripleDES Encryption used in compromised Point-of-Sale (POS) Devices
-
Hi there, I am new to the programming scene. I am a Digital Forensic Investigator with the Digital Forensic Laboratory at The Directorate For Priority Crime Investigation; within the South African Police Services. I was recently assigned to do research and analysis on compromised Verifone POS-devices. On some of the devices we do manage to extract data, which is encrypted. I investigated some of the tools the criminals use in the process. On the malwr.com site the encryption tool PasswordGenerator.exe was uploaded and can be downloaded from there for analysis. This tool uses MACTripleDES PADRight encryption. Is there maybe anyone that can assist me to create a tool to decrypt the data from the devices. The PWG creates an init.dat file that is uploaded to the POS device which encrypts the data that is captured and then decrypted after being downloaded with The VeriFoneDownloader.exe and then the .vfd-file is decrypted using the VeryFoneViewDataNew.exe. When the correct password is entered and the file decrypted it is saved as a .dfv-file. All the .exe files are uploaded at malwr.com. I will upload an encrypted and decrypted file as well. (201404221348.vfd and 201404221348.dfv) If there is anyone that can assist it would be highly appreciated.
-
Hi there, I am new to the programming scene. I am a Digital Forensic Investigator with the Digital Forensic Laboratory at The Directorate For Priority Crime Investigation; within the South African Police Services. I was recently assigned to do research and analysis on compromised Verifone POS-devices. On some of the devices we do manage to extract data, which is encrypted. I investigated some of the tools the criminals use in the process. On the malwr.com site the encryption tool PasswordGenerator.exe was uploaded and can be downloaded from there for analysis. This tool uses MACTripleDES PADRight encryption. Is there maybe anyone that can assist me to create a tool to decrypt the data from the devices. The PWG creates an init.dat file that is uploaded to the POS device which encrypts the data that is captured and then decrypted after being downloaded with The VeriFoneDownloader.exe and then the .vfd-file is decrypted using the VeryFoneViewDataNew.exe. When the correct password is entered and the file decrypted it is saved as a .dfv-file. All the .exe files are uploaded at malwr.com. I will upload an encrypted and decrypted file as well. (201404221348.vfd and 201404221348.dfv) If there is anyone that can assist it would be highly appreciated.
Sure, just give me your bank account details so I can transfer the necessary funds. :)
The difficult we do right away... ...the impossible takes slightly longer.
-
Hi there, I am new to the programming scene. I am a Digital Forensic Investigator with the Digital Forensic Laboratory at The Directorate For Priority Crime Investigation; within the South African Police Services. I was recently assigned to do research and analysis on compromised Verifone POS-devices. On some of the devices we do manage to extract data, which is encrypted. I investigated some of the tools the criminals use in the process. On the malwr.com site the encryption tool PasswordGenerator.exe was uploaded and can be downloaded from there for analysis. This tool uses MACTripleDES PADRight encryption. Is there maybe anyone that can assist me to create a tool to decrypt the data from the devices. The PWG creates an init.dat file that is uploaded to the POS device which encrypts the data that is captured and then decrypted after being downloaded with The VeriFoneDownloader.exe and then the .vfd-file is decrypted using the VeryFoneViewDataNew.exe. When the correct password is entered and the file decrypted it is saved as a .dfv-file. All the .exe files are uploaded at malwr.com. I will upload an encrypted and decrypted file as well. (201404221348.vfd and 201404221348.dfv) If there is anyone that can assist it would be highly appreciated.
-
Hi there, I am new to the programming scene. I am a Digital Forensic Investigator with the Digital Forensic Laboratory at The Directorate For Priority Crime Investigation; within the South African Police Services. I was recently assigned to do research and analysis on compromised Verifone POS-devices. On some of the devices we do manage to extract data, which is encrypted. I investigated some of the tools the criminals use in the process. On the malwr.com site the encryption tool PasswordGenerator.exe was uploaded and can be downloaded from there for analysis. This tool uses MACTripleDES PADRight encryption. Is there maybe anyone that can assist me to create a tool to decrypt the data from the devices. The PWG creates an init.dat file that is uploaded to the POS device which encrypts the data that is captured and then decrypted after being downloaded with The VeriFoneDownloader.exe and then the .vfd-file is decrypted using the VeryFoneViewDataNew.exe. When the correct password is entered and the file decrypted it is saved as a .dfv-file. All the .exe files are uploaded at malwr.com. I will upload an encrypted and decrypted file as well. (201404221348.vfd and 201404221348.dfv) If there is anyone that can assist it would be highly appreciated.
