Wednesday, March 27, 2013

de-obfuscated again – "Berliner Sparkasse" web banking access reverse-engineered

A couple of weeks after "Berliner Sparkasse" renovated their online banking portal, I managed to amend my automated account statement download to work with their portal again. Actually it is not just amending, I rather had to write it again. Alright, I actually gained some experience in that area through the years, but it still is rather a hard and frustrating business.

Their portal uses obfuscated HTML, so it's not a trivial job, and you never really know in advance, whether you invest your time properly and successfully in that reverse engineering job. (At some stage I sometimes think, I will give up.) To put things right: this is not a job I am getting paid for, it just eases my task of regular and frequent downloading the statements of all bank accounts belonging to "family and company".

I would be terribly honoured to get invited to present my page scraping and de-obfuscation approach at some workshop or conference. If  the circumstances of the invitation would allow me to not loose money by missing on my bread-and-butter job, that would be so welcome!! If de-obfuscation and page scraping would even become my special niche to make a little money on, maybe fund my sons' education and maybe even avoid the hardnesses of expected old-age poverty – oh, paradise!!!

No, actually I don't really want to help the "obfuscation community" to improve their obfuscation frameworks, but then … – you should understand: on my side this is a one-man-show, they get backed by the financial industry and whoever.

No comments: