Girotel for linux project page
girotel online using perl
see this page for some information on how to access
the new girotel online
service of the postbank using a small perl module.
Here I describe how to decode protocols used by sites which
hide all communications using SSL
protocol information
By running girotel for dos using dos emu 0.99.11 with
this patch, or girotel for windows
using wine 990314 with this patch
I can log the communication between the girotel client and server.
I process it with this C program, to
get output looking like this.
In this example some information is modified to prevent abuse.
So some fields in it may be inconsistent.
The wine patch contains the patch by Rein kLazes.
Both patches add a serial port logging module.
The wine patch also includes a patch to correct the unget handling.
A summary of the protocol as far as I have decoded it by now can be found
here.
the authentication protocol
Some work still needs to be done here.
Girotel has five locations where it uses some kind of authentication
protocl:
- the initial logon, where your girotel number and girotel code are
transmitted in plaintext.
- the authentication using your GIN number
- when changing your GIN number
- when authorising a batch of transactions with a TAN number
- when invalidating your list of TAN numbers
From the debugging remarks left in the DLL I assume it uses DES
for some of these protocols.
I don not yet know how exactly this is done.
looking at a disassembly of gtwin.exe I concluded that a debug
flag is present in some of the objects that are being operated upon.
links to other sites
de postbank
girotel onder linux