Carding Tutorial for Beginners 2022
Guide to the Guide
What is in the guide:
1) Learn to work with the CC (Credit Card).
2) You will be able to find correct and good BINs.
3) System setup.
4) Make yourself the safest car. I'll show you how to protect yourself from hacking.
5) You will be able to create your own VPN.
6) Learn to bypass protection (AntiFraud).
7) Find good and profitable online stores.
8) Working with E-Gift.
9) Enroll. (Online banking)
10) Logs. Brute accounts.
11) Working with PayPal.
12) Working with BA.
13) Air tickets and hotels.
14) Lots of very useful tips.
15) All the necessary and not very contacts in order to start working, even today.
16) And much, much, much more ...
WHEN I WRITE LECTURES - THIS MEANS LESSONS (I JUST STUDED IN THE PAST, OLD MAN)
I will immediately make a note that I decided to make this guide for everyone, which means as much as possible for everyone to understand ... The guide itself is divided into lessons, and before some lessons there will be a list of terms that you need to know and keep in mind. Sometimes terms are intertwined and one term can have two different meanings. I will also warn you about this so that there is no confusion.
Also, do not forget to write to me if you have any questions. Feedback is very important, as it is impossible to write and tell about everything.
In order not to constantly scroll and not kill the mouse wheel, just enter the lesson you need in the search (For example, Lesson 5.2), then you will immediately go to it without wasting your precious time.
Lessons:
Introduction to C (Carding) - Lesson 1. Types of cards (CC) - Lesson 1.1.
Encryption. Safety. Anonymity. Lesson 2.
Introduction to security. OS selection. Lesson 3.
Virtual machine for searching in the shadow internet. Lesson 3.1.
Pure IP - Lesson 4.
Driving Tools - Lesson 5.
Connecting to DS - Lesson 5.1.
Setting up LS (Linken Sphere) - Lesson 5.2.
Creating a Personal VPN - Lesson 5.3.
How to clean the logs on the server - Lesson 5.4.
VPN + TOR + VPN Bundle - Lesson 5.5.
AntiFraud (AF) - Lesson 6.
How AntiFraud Works - Lesson 6.1.
The basic concept of driving - Lesson 7.
Shops CC (Credit Card) - Lesson 8.
Warming up the store - Lesson 8.1.
Intermediaries - Lesson 9.
How to drive into Skype? Driving first - Lesson 9.1.
How to drive into a good store? - Lesson 9.2.
3DSecure - Lesson 10.
Drops and interception services (PickUp) - Lesson 11.
Redirecting a parcel (Rerout) - Lesson 12.
Working in Europe and Asia (Features) - Lesson 13.
Searching for online stores - Lesson 14.
Parsing links - Lesson 14.1.
E-Gift - Lesson 15.
Enroll - Lesson 16.
Logs. Brute Accounts - Lesson 17.
What does the store see? - Lesson 18.
Setting up Android on the example of Nox - Lesson 18.1.
Configuring WebRTC - Lesson 18.2.
Working with PP - Lesson 19.
Deposit and payment methods using PP - Lesson 20.
Draining money from PP - Lesson 21.
Bank accounts. BA - Lesson 22.
Ways of bays in BA - Lesson 23.
Self-registers BA - Lesson 24.
Documents and their forgery - Lesson 25.
Booking hotels. Air Tickets - Lesson 26.
Refund Scheme - Lesson 27.
A small reminder in case you are caught.
Terms
I will also add that I decided not to constantly use the usual terms that are generally accepted in our community, so to speak, which are more trivial, so there will only be official terms that are easier to understand.
(For example, SS can be called cardboard, and potatoes, and a map, and a cartographer, and a boat, and anything else. It is for this reason that all terms will be written so that any person can understand)
Why did I do this? Because sometimes the entire text is a continuous collection of terms. For ease of understanding, I have "simplified" them. In general, you will see for yourself. For the terms, of course, I will also give the generally accepted options that are used on the forums and so on.
С - Carding, carding, carzh.
CC - Credit Card, card. In general, it doesn't have to be a credit card. In fact, this is generally any card.
BINChecker - Checker, checks and punches BIN.
BIN - the first 6-7 digits of the SS.
CheckerCC - checks the CC for Valid.
Valid - validity. Working SS or not.
KX (Card Holder, CH) - Holder and owner of the CC.
Introduction to C (Carding). Lesson 1.
torproject.org/download/download-easy.html.en - TOR browser can be downloaded only from this link. TOR allows you to remain anonymous online, which means that you can search DarkNet through the TOR browser. TOR can be bet on your main system. As for the virtual machine, we will discuss it in the corresponding lesson. Now a small digression, I'll tell you for the guide.
The main direction in the guide is Carding, there are many methods of working in Carding, someone just hits with a CC (Credit Card), someone makes Enrolls, someone makes Gifts, PayPal, bank accounts. In short, there are many not very clear words for many of you, all this is included here, the choice will be yours. From experience I can say that almost everyone chooses one direction for themselves and works with it. That is, whoever works, for example, with bank accounts, rarely drives in cards (Credit Card).
On the topics above - we will cover everything, the task is to help you find your topic. We try to work organizationally, in the process of work always pay attention to your failures and, preferably, record them. For example, you drive in a card, and you get an error, take a screenshot, show me on Telegram and analyze the problem, so it will be much easier to understand what the problem is and help you. Don't be shy about stupid questions. The main point, not even in the manual, the manual is the material, the template according to which you can work, and most importantly with us, that you can always contact me individually, sort out your problem. But guidance and lessons are also very important, especially at the beginning. This is your base.
Useful services during training:
1) Screenshot service - prnt.sc
Download the program and easily take pictures using the "PrtSc" button on the keyboard.
2) Service of anonymous notes - privnote.com Have
created a note, handed it over and after reading it will be destroyed. Plus there is a "parameters" button with additional settings.
I will say for Jabber. Create yourself a fallback Jabber.
How to do this is written here: xakep.ru/2017/07/21/jabber-otr-howto/
And here is just quite useful and interesting information: cryptoworld.su/safe-comunications-tell-snouden/
Jabber can be kept where it is convenient for you, and it is more convenient on the main system. Delete Jabber on ".ru" servers immediately, if there are any. This is a trash heap. Ideally, the server should be located in a country where no logs are kept. That is, the country should not be in the Eyes 14. And yes, it should not be the country where you are at the moment.
Also, as far as working in Carding is concerned, take it as a hobby, an additional direction for earning money, you do not need to give up everything and focus only on it, develop also outside of online. It is enough to devote time in the evening in order to have a stable good income. And this applies to any activity, always develop yourself in several directions. I will also add for the VPN. So, we will make our VPN our own, you don't need to buy it either, it will work both on the phone and on the computer.
Okay, let's start with basic concepts in Carding. Where does Carding begin with? That's right - security. True, but the first thing that usually comes to mind when the word "Carding"
is a credit card. Let's start with her. And we will also devote several separate lessons to safety. Credit Card - Credit Card. Credit Card - CC. Further it is designated - SS. It is more correct, of course, to say a bank card, but everyone calls it CC, it is not so much a credit card or a debit card. Everyone knows what CC is, but if you go deeper, then definitely not everyone. I will clarify, just in case, that we are working with card data, without a material card, since we have Online Carding. Let's consider the CC using our example. Cardholder Jonh Doe has no idea what an honor he is:
Code:
4037840052172271 | 2024 | 11 | 475 | Jonh | Doe | 2970 Park View Drive | [email protected] | United States | U.s. Bank National Association Nd | IN | Columbus | 47201
Let's do the analysis. Let's start with the card number - 4037840052172291. What is the basis in the card number? That's right - BIN. Let me explain. The card number contains numbers, which contain information about what the card is, the first 6 digits. It is called BIN / BIN. These are the first 6 digits of any card. Although, cards are already beginning to appear, where the BIN is in 7 digits. BIN - bank identification number. Now let's learn how to pull information from BIN'a. You can go to Google and type in a simple query “BIN Checker”. And before us will be a list of sites. The very first one is bincodes.com/bin-checker/ Not a bad BINChecker, beautiful, but ... from experience it is far from the most accurate, and the most accurate Google does not give us on the first pages, BINChecker is bins.su. BINChecker has changed the domain, apparently indexing has not yet reached it in full. We go to it and enter the BIN from our CC example in the BINS field.
The card number is 4037840052172291, which means BIN is 403784. Click FIND. We receive information:
403784 US VISA CREDIT PLATINUM US BANK NATIONAL ASSOCIATION ND
This information is included in our BIN, if you have a personal bank card, everything is the same there, you can punch BIN and see what kind of card you have. Once again, I will indicate that there is different information on different BINCheckers, therefore, if we are interested in accurate data, it is better to double-check it on several services. In practice, the most accurate, as already said, is bins.su. Each bank has its own list of BINs under which they issue cards, that is, there are many cards under one BIN. For example, under BIN 403784 there is also SS, only the rest of the numbers differ, it is clear why.
bincodes.com/bin-search, using this link you can select the country, type of card, bank and see which BINs which bank has. We save the link to a notepad or bookmarks, like all other useful services, in the process of working it is a good tool. In our business, there are such concepts as good and bad BINs. Bad BINs - BINs of the old release, which were often used by our colleagues, good BINs, on the contrary. That is, if the BIN is "dirty" (often used for Carding purposes), then banks do not particularly like to skip transactions with such BINs at the slightest suspicion of fraud (on Fraud).
BINCheckers:
bins.su - Nice and user-friendly.
binlist.net
bindb.com/bin-database.html - Authoritative.
bincodes.com/bin-checker/ - Alternative.
bincodes.com/bin-creditcard-generator/ (or namso-gen.com) - there is also a CC generator.
Advice. Check BIN on all resources.
Fraud is a type of fraud in the field of information technology, in particular, unauthorized actions and unauthorized use of resources and services in communication networks.
Good BINs are very important in Carding. In terms of working with the SS, this is generally almost half the success. Basically, these are BINs of NOT the best banks, if we speak for the United States.
this is a list of the largest, and therefore the best banks in the United States. All these points, including for BINs, will emerge in even more detail below, as we go deeper. Now general information for understanding the process, the concepts from which we will start. (In general, the better the bank, the more difficult it is to drive it CC. Ideally, these should be fairly small and local banks, which have few branches. In general, do not take large banks, if possible)
Back to our CC:
2024 | 11 | - card expiry date. November 2024. That is, the date after which the card will no longer be active. Expiration Date if in English. To clarify, the expiration date is calculated on the last day of the month, and not on the first.
475 - CVV code. I'll clarify that CVV and CVV2 are one and the same if you come across different spellings. CVV - code for card authentication. The Master Card has a code called CVC or CVC2. VISA and Master have this 3-digit code. American Express has this four-digit code. CVV - Card Verification Value. And don't confuse CVV with PIN. If the card does not have a CVV code, then it means that you cannot pay with it on the Internet.
Jonh | Doe - name and surname of the cardholder. Jonh Doe. Card holder - Card Holder - CH, KX.
2970 Park View Drive | United States | | IN | Columbus | 47201 is the Billing address to which the card is registered, usually KX's residence address. 2970 Park View Drive - street with house number, United States - USA, IN - Indiana, Columbus - City, 47201 - ZIP number. ZIP - in our opinion this is the index. You can google "47201 ZIP Code" and check that it corresponds to the state, city and the data on the map is correct. If, when driving, you receive an error that the ZIP from the card is not correct, how can this be fixed? That is, the ZIP in the map data is left. Yes, find the ZIP at the address on the map. Drive in the address and see its ZIP.
In the CC data, you can also find Email KX - [email protected]... There may also be KX's phone number. Sometimes there is no phone number, like Email - yes / no. Depends on how the data was merged. If we do not need an Email from a card in 90%, then a phone number is usually needed. In stores where CC is sold, indicate what data is (with / without phone, and so on).
We'll find out why we need a phone on the map. Map data, as in our example, is mined by hacking stores and leaking the database, Fishing. That is, a person makes a purchase in an online store, drives in the card data, and it is drained and the base is put up for sale. Let's digress a little from the conference, watch part of the series, for a better understanding of how it works.
Let's go back to the card number:
4037840052172271
By this number, you can immediately understand by eye that our card is VISA. Yes, by the first digit. VISA cards start with the number 4. Master Card - 5. American Express - 3. Maestro are debit cards from Master Card. After the BIN numbers, we have numbers, not counting the last one, where the data is encrypted, about whether a debit card or a credit card, the card's currency and the region of issue. The last digit of the card is a check number, a special algorithm is used to check the correspondence of this number and the card number, that is, the last number is formed through mathematical operations with the rest of the digits. Bank cards can also be debit and credit, as we already understood. Debit cards have their own stable balance. Credit cards can go negative, that is, credit money.
403784 US VISA CREDIT PLATINUM US BANK NATIONAL ASSOCIATION ND
When we punch BIN. Level is the status of the card. We have Level - PLATINUM. For example, a student and a businessman will have cards of different status. That is, different limits, percentages, opportunities and similar things. For a higher status of the card, the client pays more for its service. International bank cards are used in international
payment systems . The most popular payment systems are Visa, MasterCard, Diners Club, American Express, JCB and China Unionpay.
The most widely available cards in the world are Visa Electron, Cirrus / Maestro. In most cases, they are debit cards and, as a rule, do not allow electronic payments over the Internet. This increases the safety of their use. These cards are the cheapest in terms of issuance and maintenance costs. The most popular in the world are Visa Classic and MasterCard Standard cards. They are both debit and credit, and also allow you to pay via the Internet.
Cards of the Gold / Platinum series are prestigious cards that emphasize the solidity of its owner. Used as an element of the image. Technically, Visa Classic - Visa Gold, MasterCard Standard - MasterCard Gold cards differ in design, cost of issue and service and, depending on the card issuing bank, different sets of services (for example, the provision of medical insurance, or a "concierge" service that allows you to book tickets on transport and to the theater, hotels and carry out a number of other assignments).
For Gold and Platinum cardholders, some shops and other organizations provide discounts and other benefits (for example, the opportunity to use a business class lounge at the airport regardless of the ticket category, special conditions for renting a car).
In addition, in connection with the proliferation of Gold and Platinum cards, international payment systems are introducing new formats for exclusive cards, indicating the extremely high status of their holder.
Also, there are titanium (Titanium) cards - the most prestigious cards that provide their owners with exclusive privileges around the world. The first such card was issued by American Express - the Centurion card.
Now about the money on the card, the balance of the card. It is impossible to find out the balance by buying simply the CC data. The balance can be found out, perhaps by making access to an online bank, like we have Sberbank Online. And then, only after the card was bought, and then additional information about KH was broken through. But this moment does not greatly interfere with our work, in the USA and Europe money is mainly stored on cards, there is usually a balance there. Also, there is the concept of "card validity", which means whether the card is alive / active. There is an option, we bought a card, we drive in, but it did not enter, usually the error is Card Decline. One of the options is that our map was originally dead, that is, not Valid, not working. Different stores and sellers who sell cards have different rules for returning such material (not Valid). To check for Valid cards, there are special Checkers CC, They work according to the principle - we enter the card into CheckerCC, a small card is inserted (Small debiting of funds), that is, it is checked and the result is given to us - Valid / not Valid. The disadvantage of such CC Checkers is that he can kill the card immediately after checking, even if he shows that the card is Valid.
CheckerCC works like this - we entered the card data into it, we check. CheckerCC debits a small amount from the card and returns them back to the card. If the money is debited, it indicates that the card is active (Valid). If not, not Valid. And why are CC Checkers making a refund of the funds debited to the card? So that it is not blocked (CheckerCC). Many cards pass through such Checkers CC, and banks know the codes on which CheckerCC is based. That is, it may be that they checked the card, Valid showed, but after that the bank is already blocking it.
This problem is not on all CC Checkers, the more private CheckerCC, the better. You can also check the card yourself by driving in some trifle. For example, driving into a donation. $ 1 - $ 5. If the transaction is successful, then the card is Valid. Donations to children, websites and so on. Also, the card can be blocked if it is driven into everything, that is, due to the large number of transactions, in a short period of time, the bank can block it, therefore, as a rule, one CC is one / two drives.
It is better to do it like this, hammered in - we got the result from the map and after that we can try again when we no longer risk anything. The problem of Valid material is a sore subject now, but there is a way out of all this.
FAQ:
A: How to select the correct BINs?
B: BINs you will intuitively learn to whip up in the process. It comes with experience. Over time, you will accumulate your own personal piggy bank of good BINs. The problem is that not only you know about these BINs, so they are quickly sold out (CC with good BINs). The solution is simple - to constantly monitor the stores selling CC, as well as to have several of these stores. For example, I hired a separate person who is looking for BINs and good CCs for me, immediately buys them up, and then I hit.
A: How acute is the problem with Valid material?
B: Sharp, but not critical.
A: Is there some kind of gradation of cards at face value on the card, how much can you expect when buying this or that card?
B: By status, yes.
A: What is VCC and what are its features in our business?
B: Virtual Credit Card - Virtual card, we'll get to know each other.
Try to capture the essence of each topic. Then you will have a complete picture. Structure is important.
Types of cards (SS). Lesson 1.1 (For general information)
So, let's start with the types of American Exspress cards: The
reputation of the American giant of financial transactions today is impeccable and carefully maintained at the highest level. American Express focuses on the quality of service and service and builds its relationships with customers based on years of experience and tradition. The company offers personal and corporate credit cards.
Holders of corporate cards (Corporate Cards) are employees of large world corporations.
There are four types of personal cards: Personal Card (the so-called
“Green”), Gold Card, Platinum Card and Centurion Card (in ascending order of priority). All of them differ only in class, as traditional benefits are relying on every AmEx customer.
Next, there are VISA cards:
Visa Electron - the simplest type of cards. It has no convex elements, which limits the possibility of using this type of cards in terminals based on taking an impression from a card (Mechanical copying without connecting to a database). As a rule, there are minimum transaction limits and minimum guarantees.
Visa Virtual Card is a card for making payments over the Internet. Sometimes "Issued" without physical card issuance. In fact, this is the provision to the owner of only card details (Number, CVV2, date of validity), which can be used to pay via the Internet. The issue of the card is reduced in price, but the security is reduced. Usually they are prepaid at the time of issue and do not provide for the possibility of replenishment. They can be anonymous, which sometimes causes difficulties in processing in payment systems with mandatory verification of the owner's name.
Visa Classic is a card with a standard set of functions. This includes payments at most merchants that accept cards, booking various goods and services on the Internet, insurance of money in the account, and so on.
Visa Gold is a card that has additional guarantees of the holder's solvency, higher payment and credit limits compared to Classic, as well as a number of additional services, including express cash withdrawal and emergency card replacement in case of loss or theft of the card away from the issuing bank , additional discounts and privileges in areas such as travel, car rental, purchase of exclusive goods and services. As a rule, along with mandatory privileges from the payment system, card issuing banks offer their own additional services for Gold and higher cardholders.
Visa Platinum is an elite card that usually provides the holder with the opportunity to
receive additional services, discounts, and insurance in amounts exceeding the privileges for Gold card holders.
Visa Signature is a card product for especially wealthy clients, the distinctive features of which are maximum purchasing power, increased limits on various groups of card transactions, exclusive services in the field of leisure, shopping and travel, as well as a concierge service and special features on a personal page on the Internet. ...
Visa Infite is positioned as the most prestigious card for clients with the highest paying capacity. In some cases, the credit limit for such a card is unlimited.
Visa Black Card is an elite image product. The material for the manufacture is not ordinary plastic, but a patented special carbon fiber. It is positioned as a symbol of the holder's belonging to the top of society. Due to increased requirements, in the United States, no more than 1% of residents can become owners of this card. The owner will be able to stay in VIP lounges of international airports, use the services of a concierge service, travel insurance, cover for damage in case of a car accident, and reimbursement of costs in case of cancellation of trips.
Visa Business Credit and Visa Business Debit are cards for representatives of legal entities designed for payments in the interests of business. These cards are positioned as a product for small businesses.
Visa Business Electron Card - cards are positioned by the payment system as a product for small businesses in countries with emerging economies.
Visa Corporate - business segment cards designed for medium and large businesses.
Visa Fleet - business segment cards targeted at companies that use vehicles in their core business. This type of card helps companies track the operating costs of their fleet, as well as receive additional discounts on fuel and service.
Visa Debit is a card for everyday expenses. Its peculiarity is that funds are debited from the client's deposit account, as if he were withdrawing cash from the account or writing checks to pay for purchased goods or services.
Visa Prepaid Card is a card, the balance of which is replenished when issued at the bank, and further operations are carried out within the limits of the available balance of funds. A variation of this type of card is a Gift Card. A variation of this type of cards can also be considered cards of instant issuance - Visa Instant Issue - pre-personalized, but not personalized (without specifying the name of the holder). A feature of this type of cards is the quick issue of the card, as a rule, within 15-20 minutes from the moment the client contacts the bank.
Visa TravelMoney is a card designed primarily for the safe transportation of funds, for example, while traveling, being a more technologically advanced analogue of traveler's checks. As a rule, with this type of cards, only cash withdrawals from ATMs are possible, however, some banks also allow purchases with TravelMoney cards.
Visa Mini Card is a reduced format card, often issued with a hole, implying use as a key fob and not only. It should be noted that proximity to metal keys is highly undesirable and can adversely affect both the information recorded on the magnetic stripe and lead to increased mechanical wear of the card. Due to the non-standard format, this type of cards cannot be used in ATMs, terminals with contact chips (Contactless protocol is supported - if the card is equipped with such a chip), and it will also not be possible to use the card in imprinters. Thus, this product is only suitable for paying for purchases or receiving cash at points equipped with an electronic terminal capable of operating on a magnetic stripe or contactless chip. For this reason, this type of card is usually
Visa Buxx - the target audience of this card are teenagers who do not yet have an independent income. Parents have the opportunity to credit "non-cash pocket money" to the card and monitor account movements.
Visa Horizon is a debit card that stores funds on the chip itself, pre-authorizing them from a bank account. When using it, there is no need to establish real-time communication with the issuing bank to obtain authorization. All information about the available balance is located on the card itself in the memory of the built-in chip and is available for reading by the terminal at the point of sale. The cardholder, if necessary, can replenish the balance on the card from his bank account either through an ATM, or through one of the terminals in the trading network or bank branches. Visa Horizon is ideal for situations where there are connectivity issues or none at all. Since there is no risk of insolvency or cost overruns due to pre-authorization for this product, then Visa Horizon is ideal for issuing to customers who do not have a banking or credit history. Unlike a card with an electronic wallet, in which the balance on the card is prepaid and if the card is lost, the client loses unspent funds from the card, Visa Horizon allows you to recover the funds remaining on the client's bank account at the time of the card loss.
Visa Cash or, as it is commonly called, "electronic wallet", is a prepaid card and combines the convenience of payment cards with the security and functionality of an embedded chip. Visa Cash allows you to easily and quickly pay for minor expenses, so it can mainly be used to buy inexpensive items such as newspapers, movie tickets, to pay for short phone calls, and so on. The Visa Cash card can be either rechargeable or disposable. The decision on this is made by the issuing bank, which issued the card, and agreed with the client.
Visa Payroll is a common type of card that immediately upon purchase provides insurance for the personal property of a person purchased with this Visa card. The total amount of insurance cannot exceed 50 thousand dollars per person. At the moment, these cards are only issued in the United States.
Visa Check, Visa Gold Check and Visa Business Check are cards created for cooperation with airline mileage programs. This mainly concerns the NWA WorldPerks system.
Visa Platinum Check is similar to the previous three cards, but cannot be combined with the WorldPerks program, although it provides more opportunities for holders than Visa Check or Visa Gold Check.
Visa Purchasing - the card has been offered by banks since 1994 and is designed to account for the costs of office needs. The card can be used by both medium and large companies and is issued, as a rule, to people who are responsible for economic activities in these companies. Its use allows companies in both the private and the public sector to do without the labor and paper-intensive process of processing small purchases of goods and services. The card is directly intended for the purchase of goods and payment for services in the amount within 5 thousand US dollars. For these cards, banks are subject to requirements for a special reporting form for invoicing. Thanks to this form, the company can significantly save on administrative costs associated with the purchase of goods, as well as receive information,
Visa Commercial - Creates an easy consolidation of expenditure data from all departments, divisions and subsidiaries of the company, which provides an integrated view of all expenses for events, procurement, and travel expenses.
Please note that not all map types are available in some countries or regions. This may be due to the peculiarities of the legislation of a particular country, as well as regional restrictions of the payment system itself.
Next, consider cards of the Master Card type (Basic):
MasterCard Maestro are the most affordable bank cards due to their low cost and initial payment. By purchasing it, you become the owner of a full-fledged international card that is widely used in the world.
MasterCard Standard - the presence of such cards emphasizes that you are an accomplished person who successfully conducts business. When traveling abroad and having one of these cards with you, you will have no problem booking a hotel room or renting a car.
MasterCard Gold - these cards inspire more respect for the owner of this card. They unequivocally say that his authority and weight in society is higher than usual, that a person has achieved serious results in his life. This gives the holder of "gold" cards the right to discounts when ordering expensive hotel rooms and when shopping in prestigious stores.
MasterCard Platinum - special premium class bank cards. They give limitless possibilities, complete freedom and exclusivity. The platinum card holder is provided with the VIP status anywhere, anywhere in the world. This guarantees both high quality service and substantial discounts.
In addition to the existing cards, customers are offered to acquire an American Discover (starts with the number 6).
Discover, on the contrary, is kind of popular, and initially focused on credit programs. The main feature of the system is bonuses. When buying goods and services using borrowed funds from the card, some part of the amount (very insignificant) is returned to the client, while the more you spend, the greater the percentage of return.
It's not profitable to use Discover cards! There are several reasons for this. Firstly, it is completely unclear where it will be possible to pay with them, since this payment system is not accepted everywhere. And if they do, then there, no doubt, the prices will be somewhat overpriced. Secondly, the problem with ATMs - it will only be possible to put it in the ATM of the issuing bank. With the appropriate level of commission. Thirdly, you can't go to Europe and Asia with this "plastic" either - the logo with an orange "orange" in the center is extremely rare to see in the Old World. Those who often travel to the USA or Canada can always pay with their usual Visa.
However, some proponents have called it the best credit card for people concerned about online fraud and privacy.
Encryption. Safety. Anonymity. Lesson 2.
Let's talk about encryption. I must say right away that this is a rather difficult topic, and it is not 100% mandatory either. Rather, this information is needed by those who have already really achieved something (in our business) and want to seriously take up their security and anonymity. This lesson describes what security is, how it is achieved, and so on. If it seems to you that this is too difficult for you or not necessary, then you can safely proceed to the next lesson.
Again, this information is not 100% mandatory, but very useful for general understanding.
So, we will discuss and analyze the fundamental foundations of encryption, we will study symmetric and asymmetric encryption, we will also slightly touch on such concepts as: hashes, SSL, TLS, certificates, data interception using the SSLStrip utility and weaknesses associated with encryption. This is the fundamental knowledge required to select the appropriate security controls to mitigate risks.
In general, encryption has two parts - encryption and decryption. With the help of encryption, three states of information security are provided:
1. Confidentiality - encryption is used to hide information from unauthorized users during transmission or storage.
2. Integrity - encryption is used to prevent information being changed during transmission or storage.
3. Identifiability - encryption is used to authenticate the source of information and prevent the sender of information from refusing from the fact that the data was sent to them.
In order to read the encrypted information, the receiving party needs a key and a decryptor (a device that implements the decryption algorithm).
The idea of encryption is that an attacker, intercepting encrypted data and not having a key to it, can neither read nor change the transmitted information. Let's imagine a closed door with a lock in order to find out what is on the other side of the door, we need to open it with the key from this lock. So it is in the case of data encryption. Only instead of a lock, we have a data encryption algorithm, and instead of a key, a secret key (Password) for decrypting data.
The main purpose of encryption is used to store important information in encrypted form. In general, encryption is used to store important information in unreliable sources and transmit it over insecure communication channels.
Such data transfer represents two mutually inverse processes:
1. Before data is sent over a communication line or before being stored, it is encrypted.
2. To restore the original data from encrypted data, the decryption procedure is applied to them.
Encryption was originally used only for the transmission of confidential information. However, later they began to encrypt information with the aim of storing it in unreliable sources. Encryption of information for the purpose of storing it is still used now, this avoids the need for physical secure storage (USB, SSD-disks).
What are the encryption methods:
1. Symmetric encryption - uses the same key for both encryption and decryption.
2. Asymmetric encryption - uses two different keys: one for encryption (also called public), the other for decryption (called private), or vice versa.
These methods solve specific problems and have both advantages and disadvantages. The specific choice of the applied method depends on the purposes for which the information is encrypted. In order to make the right choice in the encryption approach, which encryption method to use where, and to answer other related questions, you will need to understand what encryption is, as I said earlier.
For example:
• The sender sends an encrypted message: "Hello, Anton"
• Attackers intercept this message, but since they do not have a decryption key, they only see the character set: "% # & $!"
• The recipient, having the decryption key, can easily read the message sent by the sender in encrypted form, and he already sees the sender's text in its original form: "Hello, Anton"
It will not be an exaggeration to say that encryption is the best tool there is in our arsenal to protect you from hackers and surveillance.
Encryption is a method of converting human-readable data, called plain text, into a form that cannot be read by a human, and this is called cipher text. This allows you to store or transmit data in an unreadable form, due to which it remains confidential and private.
Decryption is a method of converting ciphertext back into human-readable text. If you do a simple Google search, you will see HTTPS and a green padlock icon, which means that all the content of the web pages is not readable by people who are monitoring data transmission over the network.
There are two main components of encryption:
1. The encryption algorithm is publicly known and has been studied by many, many people in an attempt to determine if the algorithm is strong.
2. Secret key - you can imagine that the secret key is a password and it must be kept secret.
The algorithm can be thought of as a lock, and the secret key is the key to that lock. In symmetric cryptosystems, the same key is used for encryption and decryption.
Let's take an example. I want to send some file to Anton, but I don't want any third parties to be able to view it. For clarity and ease of use, I decided to encrypt this file with the 7-Zip program. The same structure is used to encrypt sectors / disks in VeraCrypt, TrueCrypt.
Definitions:
1. An encryption algorithm is the mathematical process of converting information into a string of data that looks like a random set of characters and letters.
2. The hash function is the transformation of the input data into the output bit string. The function of the function is to maintain integrity and to detect unintended modifications.
At the output, we get an encrypted archive, which, in order to unpack and obtain information that is inside, you must enter the decryption key, in simple terms - a password. Let's say that I used a symmetric block cipher algorithm - Advanced Encryption Standard (AES) for encryption. This algorithm uses only one key, the key is created using our password. Also, you can choose what block size will be used 128/256/512/1024 bits.
Imagine a door and many locks on it. It will take you a long time to open or close this door. Also with algorithms, the higher the bitrate, the stronger the algorithm, but the slower it encrypts and decrypts, you can consider this the strength of the algorithm.
256/512 bits is also the amount of key space, that is, a number that indicates the total number of possible different keys that you can get using this encryption algorithm.
To break a symmetric cipher, you need to sort out 2 ^ N combinations, where N is the key length. To break symmetric encryption with a key length of 256 bits, you can create the following number of combinations, that is, possible keys: 2 ^ 256 = 1.1579209e + 77 or if you expand 1.1579209e * 10 ^ 7, then the calculation results in the following number of possible variations (This is 78- bit number):
Code:
2^256 = 115792089237316195423570985008687907853269984665640564039457584007913129639936
If anything, you can check this number yourself here - kalkulyatoronlajn.ru
Thus, for everyone who doubts the safety of the chances of a collision 2 ^ 256, there is a number: where is the probability that a collision will have one of more than 1.1579209e * 10 ^ 7 = 78-bit number (The number above). Simply put, this hit or collision itself is almost impossible.
All this means that the key is extremely difficult to find, even with the help of very powerful computers, but provided that you used a long and random password when generating the key. Let's talk about the password separately, which one to use, and so on. Together with programs and why.
People and governments are constantly trying to break encryption algorithms. I will give you a list of algorithms which are good and which are not, which of them lend themselves to hacking, and which are currently impossible to hack.
Symmetric encryption algorithms:
1. Data Encryption Standard (DES) is a symmetric encryption algorithm developed by IBM and approved by the US government in 1977 as an official standard (FIPS 46-3). The block size for DES is 64 bits.
2. Triple-DES (3DES) is a symmetric block cipher, created in 1978 on the basis of the DES algorithm in order to eliminate the main disadvantage of the last small key length (56 bits), which can be broken by brute-force attack.
3. Blowfish is a cryptographic algorithm that implements block symmetric encryption with variable key length.
4. RC4 is a stream cipher widely used in various information security systems in computer networks (for example, in SSL and TLS protocols, WEP and WPA wireless security algorithms).
5. RC5 is a block cipher developed by Ron Rivest of RSA Security Inc. with variable number of rounds, block length and key length. This expands the scope and simplifies the transition to a stronger version of the algorithm.
6. RC6 is a symmetric block cryptographic algorithm derived from the RC5 algorithm.
7. Advanced Encryption Standard (AES) is a symmetric block encryption algorithm (Block size 128 bits, key 128/192/256 bits), adopted as an encryption standard by the US government based on the results of the AES competition. This algorithm has been well analyzed and is now widely used, as was the case with its predecessor DES.
Symmetric algorithms are used in most encryption systems that you use on a daily basis: HTTPS, Full disk encryption (TrueCrypt, VeraCrypt and others), File encryption (7-Zip, WinZip and others), TOR, VPN. Symmetric encryption is used almost everywhere.
The Advanced Encryption Standard (AES) is the generally accepted standard for symmetric encryption. For maximum security, use AES-256 whenever possible. AES is fast and today it is impossible to crack it (Provided that you have a strong password, we will discuss this below).
Asymmetric encryption. Very smart people have invented this public and private key encryption and algorithms based on the complexity of certain mathematical problems. I will not go into the mathematical details, because understanding them is not necessary for your defense. To make the right choice of security tools, you just need to have a basic understanding of algorithms and the strength of algorithms, as well as the cryptographic systems that you intend to use.
As we know, in the symmetric encryption method, one secret key is used, while in asymmetric encryption methods (Or public key cryptography), one key (Public) is used to encrypt information, and another (Secret) is used to decrypt the information. These keys are different and cannot be derived from one another.
Let's consolidate the material:
Symmetric encryption method - one key, uses the same key for both encryption and decryption.
Asymmetric encryption method - two keys: public (Public) and private (Private).
So let's say we have a file for Anton that was encrypted with 7-Zip using the AES-256 encryption algorithm and a strong password, but how do we deliver the password to Anton so that he can decrypt the file?
The best way to convey something and be sure of the delivery of information to the specified addressee is in person. But this is not a very good idea, since we may simply not know where the addressee is, or he may be so far away that it becomes problematic to deliver something "in person", or maybe we just need anonymity.
Asymmetric algorithms (using public and private keys):
1. RSA (Rivest-Shamir-Adleman) is a public key cryptographic algorithm. This algorithm is very popular, one of the most common asymmetric algorithms you'll see, and I'll show you where to look for them and how to use them. The cryptographic strength of this algorithm is based on the complexity of factorizing or decomposing large numbers into the product of prime factors.
2. ECC (Elliptic curve cryptosystem) is a widespread and gaining popularity algorithm. This cryptographic system is based on elliptic curves, or ECC. The robustness of this algorithm relies on the problem of computing discrete logarithms on elliptic curves.
3. DH (Diffie-Hellman) - Its durability is based on the problem of discrete logarithm in a finite field. Diffie-Hellman is becoming more and more popular because it has a property called Forward Secrecy, which we will discuss later.
4. ElGamal - ElGamal scheme, and the cryptographic strength of this algorithm is also based on the complexity of the problem of discrete logarithm in a finite field.
Cryptographic strength (The ability of a cryptographic algorithm to resist cryptanalysis) - This algorithm is based on the complexity of factorizing or decomposing large numbers of a product of prime factors.
These asymmetric algorithms help to solve the problem of exchange or agreement of keys, and also allow the creation of so-called electronic digital signatures. So we can potentially use public and private keys to send Anton our private key in a secure manner, without the possibility of intercepting its contents.
Again, public and private key algorithms use two keys, not one as in symmetric encryption. The difference is that in asymmetric encryption there is a public key that is created to be known to any person, that is, it is a public key, and there is a private key that must always be kept secret and kept private. These keys are mathematically related and both are generated at the same time. They must be generated at the same time because they are mathematically related to each other. Any website using HTTPS has a public and private key that is used to exchange a symmetric session key in order to send you encrypted data.
It looks a bit like a Zip file. They use these public / private keys and then they need to send another key, such as the key we use for the Zip file, in order to do the encryption (End-to-end. Let's break it down further).
Remember:
If you encrypt with a private key, you need a public key to decrypt. If you encrypt with a public key, you need a private key to decrypt.
In asymmetric encryption, if a message is encrypted with one key, then a second key is needed to decrypt that message. If you encrypt with a private key, then you need a public key to decrypt. If you encrypt with a public key, then you need a private key to decrypt. It is not possible to encrypt and decrypt with the same key, and this is extremely important. For encryption or decryption, you always need interconnected keys.
So, back to our question. What are all the same ways to deliver a password?
Method one
In the first method, the sender encrypts using the open (Public) key of the recipient - Anton. This means that you need anonymity and confidentiality,
so that no one can read the message except the recipient. Let's say you encrypt a file using the recipient's public key. The message can only be decrypted by a person with a suitable private key, that is, Anton's private key. Since we know that these keys are interconnected, we encrypt with some, decrypt with the other, and nothing else.
The recipient (Anton) cannot identify the sender of this message. Since the public (Public) key is public, it is usually laid out in the public domain, and anyone can use Anton's public (Public) key for encryption. When the sender encrypts using the recipient's public key, the message is confidential and it can only be read by the recipient who has the private key to decrypt the message, but as I said earlier, there is no possibility of identifying the sender, provided, of course, if you do not send any or data for your subsequent identification
Method two
All of the above results in the second way of using public (Public) and private (Private) keys. If you encrypt with your own private key, then that means you are interested in authentication. In this case, it is important for you that the recipient knows that it was you who sent the encrypted message. To do this, you encrypt the password (File) with your private key. This gives the recipient confidence that the only person who could encrypt this data is the person who owns that private key, your private key.
For example, you are the creator of some kind of software, but the government is not good at it and in every possible way obstructs your activities.
Let's simulate the following situation:
Let's say I want to download this software, here is the hash of this file, however, if the website is compromised, it means that attackers could spoof this file for downloading and add a virus or something to it to spy on me and they could also change the checksum.
So this hash doesn't mean anything. It will not help detect deliberate modification of the file. We need something else to make sure this site is in fact the official site of the software.
And this is where we come to certificates, digital signatures and other means. All these documents are obtained as a result of cryptographic transformation of information using a private signature key and allowing you to check the absence of distortion of information in an electronic document from the moment the signature is formed (Integrity), the signature belongs to the certificate owner (Authorship), and in case of successful verification, confirm the fact of signing the electronic document (non-repudiation).
Encrypting data with the sender's private key is called the open message format because anyone with a copy of the corresponding public (Public) key can decrypt the message. You can think of it as if you officially put something on the internet for public access, and since
you encrypted it with your private key, anyone can verify that it was you who left this message. Confidentiality or anonymity in this case is not ensured, but authentication of the sender, that is, you, is provided.
Further. When various encryption technologies are used in combination, such as the ones we talked about earlier, since they can all be used in combination and cannot be used in isolation, they are called a cryptographic system, and cryptosystems can provide you with a variety of security features.
A cryptographic system can provide you with a variety of security features. Among these means:
1. Confidentiality - the need to prevent leakage (Disclosure) of any information.
2. Authentication is an authentication procedure, that is, we know that Anton is really Anton and no one else.
3. Avoiding rejection - which means that if you sent an encrypted message, then later you can not begin to deny this fact.
4. Credibility - authenticity that the message has not been modified in any way.
Examples of cryptosystems are any things that use encryption technology, they are: PGP, BitLocker, TrueCrypt, VeraCrypt, TLS, even BitTorrent, and even 7-Zip.
For example, so that we can send our file to Anton, we can use Anton's public key to encrypt files or to transfer anything encrypted. But first, of course, we need Anton's public key, we just need to get it once in some secure way, and after that we can always send encrypted messages that are only available for reading to Anton.
PGP - This is a system that we can use for these purposes, it uses technology to encrypt messages, files and other information presented in electronic form.
PGP (Pretty Good Privacy) is a computer program, also a library of functions that allows you to perform encryption and digital signatures of messages, files and other information presented in electronic form, including transparent data encryption on storage devices, such as a hard disk. For these purposes, we can use Jabber + PGP.
More on this below. But let's get back to encryption. When it comes to public / private key cryptography or asymmetric encryption, there are both strengths and weaknesses.
Asymmetric encryption - public and private keys:
1. Better key distribution, since Anton can put his public key directly into his signature and anyone will be able to send it to her
encrypted messages or data that only he can read.
2. Scalability - if you are using symmetric keys and want to send your file to Anton and, say, ten other people, you will have to share your password 10 times. It is not scalable at all. Asymmetric algorithms have better scalability than symmetric systems.
3. Authentication, rejection prevention - this means if you sent an encrypted message, then later you can not begin to deny this fact. Since it was encrypted with your private private key, your private key.
4. Slow - If you look at the message length in bits after asymmetric algorithms work, you will notice that it is much larger than that of encryption algorithms with symmetric keys, and this is an indication of how much slower they are.
5. Mathematical-intensive - The longer the length in bits, the greater the number of mathematical operations, and, therefore, the greater the load on the system.
Symmetric encryption - private key:
1. Fast - if you look at the message length in bits after symmetric algorithms work, you will notice that it is much less than that of asymmetric key encryption algorithms, and this is an indication of how much faster they are.
2. Reliable - Look at the above about AES-256, where it was calculated with the number 2 ^ 256 and see for yourself, but there are 384/512/1024 and more.
In order to secure the material, let's go back to the analogy with the number of locks on the door. With public and private keys, there are many, many locks on the door, so encryption and decryption takes much longer. For a central processor, this is a large amount of mathematical operations, which is why there are hybrid systems, or hybrid cryptographic systems. Public and private keys are used to exchange negotiation keys, and we use symmetric algorithms such as AES to encrypt data, thereby maximizing the benefits. HTTPS, using the TLS and SSL protocols, is an example of a similar type of hybrid system as is PGP.
FAQ:
A: 1. Are the methods of steganography somehow applied in your work? 2. Asymmetric encryption for example works like this - we encrypt with public AES, decrypt with a conditional password: qwerty?
B: 1. Of course apply, everything depends on you. 2. We create a mutual pair - private and public. You encrypt with some, decrypt with others. Private also with a password phase is symmetrical.
1622751924496.png
1622751942498.jpeg
A: What method can be used to transfer the code to Anton? (Example)
B: Depends on the situation, in general, it's easy to verify it through OTR by fingerprint. And only later, when it was verified by OTR, you can throw it right there, or by another encrypted source that you trust and are sure that Anton is really Anton.
A: Is it possible to modify a file without changing its checksum?
B: In fact, it is possible, but not cost-effective, since basically the entire hash of the file depends on the weight of the file, for example, the weight of the file is 1,454,458 bytes, and the file that was changed is 1,594,137 bytes and their hash will differ and here it is necessary to fit perfectly and it all depends on the type of encryption else. In fact, no. Since you have to remove something from it and replace it with something to fill the space. I think the gist is clear to keep and so on.
Let's now talk in more detail about what encryption consists of.
Hashing is the transformation of an array of input data of arbitrary length into a (Output) bit string of a fixed length, performed by a specific algorithm. The function that implements the algorithm and performs the transformation is called
"Hash function" or "Convolution function". The original data is called the input array, "Key" or "Message". The transformation result (Output data) is called "Hash", "Hash-code", "Hash-sum", "Message summary".
The hash function accepts input of any size. It can be E-mail, file,
word. And the data is converted using a hash function, for example, into the following form:
Code:
732b01dfbfc088bf6e958b0d2d6f1482a3c35c7437b798fdeb6e77c78d84ccb1
An important feature of the hash function is that you cannot convert from the hash back to the original input. It is a one-way hash function and does not require keys.
There are many examples of hash functions: MD2, MD4, MD5, HAVAL, SHA, SHA-1, SHA-256, SHA-384, SHA-512, Tiger, and so on. Nowadays, if you are looking for a cryptographic system, you should use SHA-256 or higher, I mean SHA-384 and SHA-512 and so on.
To make it easier to deal with the material, let's move away from the dry text and simulate the situation. Let's say you need to download the Windows 7 Home Premium operating system for yourself.
We know that this operating system comes from Microsoft developer, then we go to the search and make the following search query:
Code:
site:microsoft.com Windows 7 Home Premium hash
Site operator: This operator restricts the search to a specific domain or site. That is, if we make a request: site: microsoft.com Windows 7 Home Premium hash, then the results will be obtained from pages containing the words "Windows", "7", "Home", "Premium" and "hash" on the site " microsoft.com ”and not elsewhere on the Internet.
This information is also key for searching online stores using operators in search engines. In this way, you can easily find the hash of the Windows 7 Home Premium 64bit operating system on the official Microsoft website: SHA1 Hash value:
6C9058389C1E2E5122B7C933275F963EDF1C07B9
1622752029979.png
In general, I would recommend finding hash sums and performing searches starting from 256 and higher, but on the official site there was only this amount, so I will take what is. Next, we need to find a file that corresponds to a given hash, for this we also use the Google search engine and operators, how to search using operators and what is the link above.
Code:
inurl:download "6C9058389C1E2E5122B7C933275F963EDF1C07B9"
After when you download this file, then using our hash-sum, you can make sure that this file has not changed, that is, it has integrity.
There are tools you can download to do this:
One such tool is Quick Hash (quickhash-gui.org), and I will show you how to check hash sums and ensure the integrity of the information received.
Also, I will attach below, information on other hash-sums of this file:
Code:
MD5: DA319B5826162829C436306BEBEA7F0F
SHA-1: 6C9058389C1E2E5122B7C933275F963EDF1C07B9 SHA-256:
C10A9DA74A34E3AB57446CDDD7A0F825D526DA78D9796D442DB5022C33E3CB7F
SHA-512: E0CB678BF9577C70F33EDDC0221BC44ACD5ABD4938567B92DC31939B814E72D01FAC8 82870AB0834395F1A77C2CD5856FD88D2B05FBE1D1D9CCE9713C1D8AB73
Guide to the Guide
What is in the guide:
1) Learn to work with the CC (Credit Card).
2) You will be able to find correct and good BINs.
3) System setup.
4) Make yourself the safest car. I'll show you how to protect yourself from hacking.
5) You will be able to create your own VPN.
6) Learn to bypass protection (AntiFraud).
7) Find good and profitable online stores.
8) Working with E-Gift.
9) Enroll. (Online banking)
10) Logs. Brute accounts.
11) Working with PayPal.
12) Working with BA.
13) Air tickets and hotels.
14) Lots of very useful tips.
15) All the necessary and not very contacts in order to start working, even today.
16) And much, much, much more ...
WHEN I WRITE LECTURES - THIS MEANS LESSONS (I JUST STUDED IN THE PAST, OLD MAN)
I will immediately make a note that I decided to make this guide for everyone, which means as much as possible for everyone to understand ... The guide itself is divided into lessons, and before some lessons there will be a list of terms that you need to know and keep in mind. Sometimes terms are intertwined and one term can have two different meanings. I will also warn you about this so that there is no confusion.
Also, do not forget to write to me if you have any questions. Feedback is very important, as it is impossible to write and tell about everything.
In order not to constantly scroll and not kill the mouse wheel, just enter the lesson you need in the search (For example, Lesson 5.2), then you will immediately go to it without wasting your precious time.
Lessons:
Introduction to C (Carding) - Lesson 1. Types of cards (CC) - Lesson 1.1.
Encryption. Safety. Anonymity. Lesson 2.
Introduction to security. OS selection. Lesson 3.
Virtual machine for searching in the shadow internet. Lesson 3.1.
Pure IP - Lesson 4.
Driving Tools - Lesson 5.
Connecting to DS - Lesson 5.1.
Setting up LS (Linken Sphere) - Lesson 5.2.
Creating a Personal VPN - Lesson 5.3.
How to clean the logs on the server - Lesson 5.4.
VPN + TOR + VPN Bundle - Lesson 5.5.
AntiFraud (AF) - Lesson 6.
How AntiFraud Works - Lesson 6.1.
The basic concept of driving - Lesson 7.
Shops CC (Credit Card) - Lesson 8.
Warming up the store - Lesson 8.1.
Intermediaries - Lesson 9.
How to drive into Skype? Driving first - Lesson 9.1.
How to drive into a good store? - Lesson 9.2.
3DSecure - Lesson 10.
Drops and interception services (PickUp) - Lesson 11.
Redirecting a parcel (Rerout) - Lesson 12.
Working in Europe and Asia (Features) - Lesson 13.
Searching for online stores - Lesson 14.
Parsing links - Lesson 14.1.
E-Gift - Lesson 15.
Enroll - Lesson 16.
Logs. Brute Accounts - Lesson 17.
What does the store see? - Lesson 18.
Setting up Android on the example of Nox - Lesson 18.1.
Configuring WebRTC - Lesson 18.2.
Working with PP - Lesson 19.
Deposit and payment methods using PP - Lesson 20.
Draining money from PP - Lesson 21.
Bank accounts. BA - Lesson 22.
Ways of bays in BA - Lesson 23.
Self-registers BA - Lesson 24.
Documents and their forgery - Lesson 25.
Booking hotels. Air Tickets - Lesson 26.
Refund Scheme - Lesson 27.
A small reminder in case you are caught.
Terms
I will also add that I decided not to constantly use the usual terms that are generally accepted in our community, so to speak, which are more trivial, so there will only be official terms that are easier to understand.
(For example, SS can be called cardboard, and potatoes, and a map, and a cartographer, and a boat, and anything else. It is for this reason that all terms will be written so that any person can understand)
Why did I do this? Because sometimes the entire text is a continuous collection of terms. For ease of understanding, I have "simplified" them. In general, you will see for yourself. For the terms, of course, I will also give the generally accepted options that are used on the forums and so on.
С - Carding, carding, carzh.
CC - Credit Card, card. In general, it doesn't have to be a credit card. In fact, this is generally any card.
BINChecker - Checker, checks and punches BIN.
BIN - the first 6-7 digits of the SS.
CheckerCC - checks the CC for Valid.
Valid - validity. Working SS or not.
KX (Card Holder, CH) - Holder and owner of the CC.
Introduction to C (Carding). Lesson 1.
torproject.org/download/download-easy.html.en - TOR browser can be downloaded only from this link. TOR allows you to remain anonymous online, which means that you can search DarkNet through the TOR browser. TOR can be bet on your main system. As for the virtual machine, we will discuss it in the corresponding lesson. Now a small digression, I'll tell you for the guide.
The main direction in the guide is Carding, there are many methods of working in Carding, someone just hits with a CC (Credit Card), someone makes Enrolls, someone makes Gifts, PayPal, bank accounts. In short, there are many not very clear words for many of you, all this is included here, the choice will be yours. From experience I can say that almost everyone chooses one direction for themselves and works with it. That is, whoever works, for example, with bank accounts, rarely drives in cards (Credit Card).
On the topics above - we will cover everything, the task is to help you find your topic. We try to work organizationally, in the process of work always pay attention to your failures and, preferably, record them. For example, you drive in a card, and you get an error, take a screenshot, show me on Telegram and analyze the problem, so it will be much easier to understand what the problem is and help you. Don't be shy about stupid questions. The main point, not even in the manual, the manual is the material, the template according to which you can work, and most importantly with us, that you can always contact me individually, sort out your problem. But guidance and lessons are also very important, especially at the beginning. This is your base.
Useful services during training:
1) Screenshot service - prnt.sc
Download the program and easily take pictures using the "PrtSc" button on the keyboard.
2) Service of anonymous notes - privnote.com Have
created a note, handed it over and after reading it will be destroyed. Plus there is a "parameters" button with additional settings.
I will say for Jabber. Create yourself a fallback Jabber.
How to do this is written here: xakep.ru/2017/07/21/jabber-otr-howto/
And here is just quite useful and interesting information: cryptoworld.su/safe-comunications-tell-snouden/
Jabber can be kept where it is convenient for you, and it is more convenient on the main system. Delete Jabber on ".ru" servers immediately, if there are any. This is a trash heap. Ideally, the server should be located in a country where no logs are kept. That is, the country should not be in the Eyes 14. And yes, it should not be the country where you are at the moment.
Also, as far as working in Carding is concerned, take it as a hobby, an additional direction for earning money, you do not need to give up everything and focus only on it, develop also outside of online. It is enough to devote time in the evening in order to have a stable good income. And this applies to any activity, always develop yourself in several directions. I will also add for the VPN. So, we will make our VPN our own, you don't need to buy it either, it will work both on the phone and on the computer.
Okay, let's start with basic concepts in Carding. Where does Carding begin with? That's right - security. True, but the first thing that usually comes to mind when the word "Carding"
is a credit card. Let's start with her. And we will also devote several separate lessons to safety. Credit Card - Credit Card. Credit Card - CC. Further it is designated - SS. It is more correct, of course, to say a bank card, but everyone calls it CC, it is not so much a credit card or a debit card. Everyone knows what CC is, but if you go deeper, then definitely not everyone. I will clarify, just in case, that we are working with card data, without a material card, since we have Online Carding. Let's consider the CC using our example. Cardholder Jonh Doe has no idea what an honor he is:
Code:
4037840052172271 | 2024 | 11 | 475 | Jonh | Doe | 2970 Park View Drive | [email protected] | United States | U.s. Bank National Association Nd | IN | Columbus | 47201
Let's do the analysis. Let's start with the card number - 4037840052172291. What is the basis in the card number? That's right - BIN. Let me explain. The card number contains numbers, which contain information about what the card is, the first 6 digits. It is called BIN / BIN. These are the first 6 digits of any card. Although, cards are already beginning to appear, where the BIN is in 7 digits. BIN - bank identification number. Now let's learn how to pull information from BIN'a. You can go to Google and type in a simple query “BIN Checker”. And before us will be a list of sites. The very first one is bincodes.com/bin-checker/ Not a bad BINChecker, beautiful, but ... from experience it is far from the most accurate, and the most accurate Google does not give us on the first pages, BINChecker is bins.su. BINChecker has changed the domain, apparently indexing has not yet reached it in full. We go to it and enter the BIN from our CC example in the BINS field.
The card number is 4037840052172291, which means BIN is 403784. Click FIND. We receive information:
403784 US VISA CREDIT PLATINUM US BANK NATIONAL ASSOCIATION ND
This information is included in our BIN, if you have a personal bank card, everything is the same there, you can punch BIN and see what kind of card you have. Once again, I will indicate that there is different information on different BINCheckers, therefore, if we are interested in accurate data, it is better to double-check it on several services. In practice, the most accurate, as already said, is bins.su. Each bank has its own list of BINs under which they issue cards, that is, there are many cards under one BIN. For example, under BIN 403784 there is also SS, only the rest of the numbers differ, it is clear why.
bincodes.com/bin-search, using this link you can select the country, type of card, bank and see which BINs which bank has. We save the link to a notepad or bookmarks, like all other useful services, in the process of working it is a good tool. In our business, there are such concepts as good and bad BINs. Bad BINs - BINs of the old release, which were often used by our colleagues, good BINs, on the contrary. That is, if the BIN is "dirty" (often used for Carding purposes), then banks do not particularly like to skip transactions with such BINs at the slightest suspicion of fraud (on Fraud).
BINCheckers:
bins.su - Nice and user-friendly.
binlist.net
bindb.com/bin-database.html - Authoritative.
bincodes.com/bin-checker/ - Alternative.
bincodes.com/bin-creditcard-generator/ (or namso-gen.com) - there is also a CC generator.
Advice. Check BIN on all resources.
Fraud is a type of fraud in the field of information technology, in particular, unauthorized actions and unauthorized use of resources and services in communication networks.
Good BINs are very important in Carding. In terms of working with the SS, this is generally almost half the success. Basically, these are BINs of NOT the best banks, if we speak for the United States.
this is a list of the largest, and therefore the best banks in the United States. All these points, including for BINs, will emerge in even more detail below, as we go deeper. Now general information for understanding the process, the concepts from which we will start. (In general, the better the bank, the more difficult it is to drive it CC. Ideally, these should be fairly small and local banks, which have few branches. In general, do not take large banks, if possible)
Back to our CC:
2024 | 11 | - card expiry date. November 2024. That is, the date after which the card will no longer be active. Expiration Date if in English. To clarify, the expiration date is calculated on the last day of the month, and not on the first.
475 - CVV code. I'll clarify that CVV and CVV2 are one and the same if you come across different spellings. CVV - code for card authentication. The Master Card has a code called CVC or CVC2. VISA and Master have this 3-digit code. American Express has this four-digit code. CVV - Card Verification Value. And don't confuse CVV with PIN. If the card does not have a CVV code, then it means that you cannot pay with it on the Internet.
Jonh | Doe - name and surname of the cardholder. Jonh Doe. Card holder - Card Holder - CH, KX.
2970 Park View Drive | United States | | IN | Columbus | 47201 is the Billing address to which the card is registered, usually KX's residence address. 2970 Park View Drive - street with house number, United States - USA, IN - Indiana, Columbus - City, 47201 - ZIP number. ZIP - in our opinion this is the index. You can google "47201 ZIP Code" and check that it corresponds to the state, city and the data on the map is correct. If, when driving, you receive an error that the ZIP from the card is not correct, how can this be fixed? That is, the ZIP in the map data is left. Yes, find the ZIP at the address on the map. Drive in the address and see its ZIP.
In the CC data, you can also find Email KX - [email protected]... There may also be KX's phone number. Sometimes there is no phone number, like Email - yes / no. Depends on how the data was merged. If we do not need an Email from a card in 90%, then a phone number is usually needed. In stores where CC is sold, indicate what data is (with / without phone, and so on).
We'll find out why we need a phone on the map. Map data, as in our example, is mined by hacking stores and leaking the database, Fishing. That is, a person makes a purchase in an online store, drives in the card data, and it is drained and the base is put up for sale. Let's digress a little from the conference, watch part of the series, for a better understanding of how it works.
Let's go back to the card number:
4037840052172271
By this number, you can immediately understand by eye that our card is VISA. Yes, by the first digit. VISA cards start with the number 4. Master Card - 5. American Express - 3. Maestro are debit cards from Master Card. After the BIN numbers, we have numbers, not counting the last one, where the data is encrypted, about whether a debit card or a credit card, the card's currency and the region of issue. The last digit of the card is a check number, a special algorithm is used to check the correspondence of this number and the card number, that is, the last number is formed through mathematical operations with the rest of the digits. Bank cards can also be debit and credit, as we already understood. Debit cards have their own stable balance. Credit cards can go negative, that is, credit money.
403784 US VISA CREDIT PLATINUM US BANK NATIONAL ASSOCIATION ND
When we punch BIN. Level is the status of the card. We have Level - PLATINUM. For example, a student and a businessman will have cards of different status. That is, different limits, percentages, opportunities and similar things. For a higher status of the card, the client pays more for its service. International bank cards are used in international
payment systems . The most popular payment systems are Visa, MasterCard, Diners Club, American Express, JCB and China Unionpay.
The most widely available cards in the world are Visa Electron, Cirrus / Maestro. In most cases, they are debit cards and, as a rule, do not allow electronic payments over the Internet. This increases the safety of their use. These cards are the cheapest in terms of issuance and maintenance costs. The most popular in the world are Visa Classic and MasterCard Standard cards. They are both debit and credit, and also allow you to pay via the Internet.
Cards of the Gold / Platinum series are prestigious cards that emphasize the solidity of its owner. Used as an element of the image. Technically, Visa Classic - Visa Gold, MasterCard Standard - MasterCard Gold cards differ in design, cost of issue and service and, depending on the card issuing bank, different sets of services (for example, the provision of medical insurance, or a "concierge" service that allows you to book tickets on transport and to the theater, hotels and carry out a number of other assignments).
For Gold and Platinum cardholders, some shops and other organizations provide discounts and other benefits (for example, the opportunity to use a business class lounge at the airport regardless of the ticket category, special conditions for renting a car).
In addition, in connection with the proliferation of Gold and Platinum cards, international payment systems are introducing new formats for exclusive cards, indicating the extremely high status of their holder.
Also, there are titanium (Titanium) cards - the most prestigious cards that provide their owners with exclusive privileges around the world. The first such card was issued by American Express - the Centurion card.
Now about the money on the card, the balance of the card. It is impossible to find out the balance by buying simply the CC data. The balance can be found out, perhaps by making access to an online bank, like we have Sberbank Online. And then, only after the card was bought, and then additional information about KH was broken through. But this moment does not greatly interfere with our work, in the USA and Europe money is mainly stored on cards, there is usually a balance there. Also, there is the concept of "card validity", which means whether the card is alive / active. There is an option, we bought a card, we drive in, but it did not enter, usually the error is Card Decline. One of the options is that our map was originally dead, that is, not Valid, not working. Different stores and sellers who sell cards have different rules for returning such material (not Valid). To check for Valid cards, there are special Checkers CC, They work according to the principle - we enter the card into CheckerCC, a small card is inserted (Small debiting of funds), that is, it is checked and the result is given to us - Valid / not Valid. The disadvantage of such CC Checkers is that he can kill the card immediately after checking, even if he shows that the card is Valid.
CheckerCC works like this - we entered the card data into it, we check. CheckerCC debits a small amount from the card and returns them back to the card. If the money is debited, it indicates that the card is active (Valid). If not, not Valid. And why are CC Checkers making a refund of the funds debited to the card? So that it is not blocked (CheckerCC). Many cards pass through such Checkers CC, and banks know the codes on which CheckerCC is based. That is, it may be that they checked the card, Valid showed, but after that the bank is already blocking it.
This problem is not on all CC Checkers, the more private CheckerCC, the better. You can also check the card yourself by driving in some trifle. For example, driving into a donation. $ 1 - $ 5. If the transaction is successful, then the card is Valid. Donations to children, websites and so on. Also, the card can be blocked if it is driven into everything, that is, due to the large number of transactions, in a short period of time, the bank can block it, therefore, as a rule, one CC is one / two drives.
It is better to do it like this, hammered in - we got the result from the map and after that we can try again when we no longer risk anything. The problem of Valid material is a sore subject now, but there is a way out of all this.
FAQ:
A: How to select the correct BINs?
B: BINs you will intuitively learn to whip up in the process. It comes with experience. Over time, you will accumulate your own personal piggy bank of good BINs. The problem is that not only you know about these BINs, so they are quickly sold out (CC with good BINs). The solution is simple - to constantly monitor the stores selling CC, as well as to have several of these stores. For example, I hired a separate person who is looking for BINs and good CCs for me, immediately buys them up, and then I hit.
A: How acute is the problem with Valid material?
B: Sharp, but not critical.
A: Is there some kind of gradation of cards at face value on the card, how much can you expect when buying this or that card?
B: By status, yes.
A: What is VCC and what are its features in our business?
B: Virtual Credit Card - Virtual card, we'll get to know each other.
Try to capture the essence of each topic. Then you will have a complete picture. Structure is important.
Types of cards (SS). Lesson 1.1 (For general information)
So, let's start with the types of American Exspress cards: The
reputation of the American giant of financial transactions today is impeccable and carefully maintained at the highest level. American Express focuses on the quality of service and service and builds its relationships with customers based on years of experience and tradition. The company offers personal and corporate credit cards.
Holders of corporate cards (Corporate Cards) are employees of large world corporations.
There are four types of personal cards: Personal Card (the so-called
“Green”), Gold Card, Platinum Card and Centurion Card (in ascending order of priority). All of them differ only in class, as traditional benefits are relying on every AmEx customer.
Next, there are VISA cards:
Visa Electron - the simplest type of cards. It has no convex elements, which limits the possibility of using this type of cards in terminals based on taking an impression from a card (Mechanical copying without connecting to a database). As a rule, there are minimum transaction limits and minimum guarantees.
Visa Virtual Card is a card for making payments over the Internet. Sometimes "Issued" without physical card issuance. In fact, this is the provision to the owner of only card details (Number, CVV2, date of validity), which can be used to pay via the Internet. The issue of the card is reduced in price, but the security is reduced. Usually they are prepaid at the time of issue and do not provide for the possibility of replenishment. They can be anonymous, which sometimes causes difficulties in processing in payment systems with mandatory verification of the owner's name.
Visa Classic is a card with a standard set of functions. This includes payments at most merchants that accept cards, booking various goods and services on the Internet, insurance of money in the account, and so on.
Visa Gold is a card that has additional guarantees of the holder's solvency, higher payment and credit limits compared to Classic, as well as a number of additional services, including express cash withdrawal and emergency card replacement in case of loss or theft of the card away from the issuing bank , additional discounts and privileges in areas such as travel, car rental, purchase of exclusive goods and services. As a rule, along with mandatory privileges from the payment system, card issuing banks offer their own additional services for Gold and higher cardholders.
Visa Platinum is an elite card that usually provides the holder with the opportunity to
receive additional services, discounts, and insurance in amounts exceeding the privileges for Gold card holders.
Visa Signature is a card product for especially wealthy clients, the distinctive features of which are maximum purchasing power, increased limits on various groups of card transactions, exclusive services in the field of leisure, shopping and travel, as well as a concierge service and special features on a personal page on the Internet. ...
Visa Infite is positioned as the most prestigious card for clients with the highest paying capacity. In some cases, the credit limit for such a card is unlimited.
Visa Black Card is an elite image product. The material for the manufacture is not ordinary plastic, but a patented special carbon fiber. It is positioned as a symbol of the holder's belonging to the top of society. Due to increased requirements, in the United States, no more than 1% of residents can become owners of this card. The owner will be able to stay in VIP lounges of international airports, use the services of a concierge service, travel insurance, cover for damage in case of a car accident, and reimbursement of costs in case of cancellation of trips.
Visa Business Credit and Visa Business Debit are cards for representatives of legal entities designed for payments in the interests of business. These cards are positioned as a product for small businesses.
Visa Business Electron Card - cards are positioned by the payment system as a product for small businesses in countries with emerging economies.
Visa Corporate - business segment cards designed for medium and large businesses.
Visa Fleet - business segment cards targeted at companies that use vehicles in their core business. This type of card helps companies track the operating costs of their fleet, as well as receive additional discounts on fuel and service.
Visa Debit is a card for everyday expenses. Its peculiarity is that funds are debited from the client's deposit account, as if he were withdrawing cash from the account or writing checks to pay for purchased goods or services.
Visa Prepaid Card is a card, the balance of which is replenished when issued at the bank, and further operations are carried out within the limits of the available balance of funds. A variation of this type of card is a Gift Card. A variation of this type of cards can also be considered cards of instant issuance - Visa Instant Issue - pre-personalized, but not personalized (without specifying the name of the holder). A feature of this type of cards is the quick issue of the card, as a rule, within 15-20 minutes from the moment the client contacts the bank.
Visa TravelMoney is a card designed primarily for the safe transportation of funds, for example, while traveling, being a more technologically advanced analogue of traveler's checks. As a rule, with this type of cards, only cash withdrawals from ATMs are possible, however, some banks also allow purchases with TravelMoney cards.
Visa Mini Card is a reduced format card, often issued with a hole, implying use as a key fob and not only. It should be noted that proximity to metal keys is highly undesirable and can adversely affect both the information recorded on the magnetic stripe and lead to increased mechanical wear of the card. Due to the non-standard format, this type of cards cannot be used in ATMs, terminals with contact chips (Contactless protocol is supported - if the card is equipped with such a chip), and it will also not be possible to use the card in imprinters. Thus, this product is only suitable for paying for purchases or receiving cash at points equipped with an electronic terminal capable of operating on a magnetic stripe or contactless chip. For this reason, this type of card is usually
Visa Buxx - the target audience of this card are teenagers who do not yet have an independent income. Parents have the opportunity to credit "non-cash pocket money" to the card and monitor account movements.
Visa Horizon is a debit card that stores funds on the chip itself, pre-authorizing them from a bank account. When using it, there is no need to establish real-time communication with the issuing bank to obtain authorization. All information about the available balance is located on the card itself in the memory of the built-in chip and is available for reading by the terminal at the point of sale. The cardholder, if necessary, can replenish the balance on the card from his bank account either through an ATM, or through one of the terminals in the trading network or bank branches. Visa Horizon is ideal for situations where there are connectivity issues or none at all. Since there is no risk of insolvency or cost overruns due to pre-authorization for this product, then Visa Horizon is ideal for issuing to customers who do not have a banking or credit history. Unlike a card with an electronic wallet, in which the balance on the card is prepaid and if the card is lost, the client loses unspent funds from the card, Visa Horizon allows you to recover the funds remaining on the client's bank account at the time of the card loss.
Visa Cash or, as it is commonly called, "electronic wallet", is a prepaid card and combines the convenience of payment cards with the security and functionality of an embedded chip. Visa Cash allows you to easily and quickly pay for minor expenses, so it can mainly be used to buy inexpensive items such as newspapers, movie tickets, to pay for short phone calls, and so on. The Visa Cash card can be either rechargeable or disposable. The decision on this is made by the issuing bank, which issued the card, and agreed with the client.
Visa Payroll is a common type of card that immediately upon purchase provides insurance for the personal property of a person purchased with this Visa card. The total amount of insurance cannot exceed 50 thousand dollars per person. At the moment, these cards are only issued in the United States.
Visa Check, Visa Gold Check and Visa Business Check are cards created for cooperation with airline mileage programs. This mainly concerns the NWA WorldPerks system.
Visa Platinum Check is similar to the previous three cards, but cannot be combined with the WorldPerks program, although it provides more opportunities for holders than Visa Check or Visa Gold Check.
Visa Purchasing - the card has been offered by banks since 1994 and is designed to account for the costs of office needs. The card can be used by both medium and large companies and is issued, as a rule, to people who are responsible for economic activities in these companies. Its use allows companies in both the private and the public sector to do without the labor and paper-intensive process of processing small purchases of goods and services. The card is directly intended for the purchase of goods and payment for services in the amount within 5 thousand US dollars. For these cards, banks are subject to requirements for a special reporting form for invoicing. Thanks to this form, the company can significantly save on administrative costs associated with the purchase of goods, as well as receive information,
Visa Commercial - Creates an easy consolidation of expenditure data from all departments, divisions and subsidiaries of the company, which provides an integrated view of all expenses for events, procurement, and travel expenses.
Please note that not all map types are available in some countries or regions. This may be due to the peculiarities of the legislation of a particular country, as well as regional restrictions of the payment system itself.
Next, consider cards of the Master Card type (Basic):
MasterCard Maestro are the most affordable bank cards due to their low cost and initial payment. By purchasing it, you become the owner of a full-fledged international card that is widely used in the world.
MasterCard Standard - the presence of such cards emphasizes that you are an accomplished person who successfully conducts business. When traveling abroad and having one of these cards with you, you will have no problem booking a hotel room or renting a car.
MasterCard Gold - these cards inspire more respect for the owner of this card. They unequivocally say that his authority and weight in society is higher than usual, that a person has achieved serious results in his life. This gives the holder of "gold" cards the right to discounts when ordering expensive hotel rooms and when shopping in prestigious stores.
MasterCard Platinum - special premium class bank cards. They give limitless possibilities, complete freedom and exclusivity. The platinum card holder is provided with the VIP status anywhere, anywhere in the world. This guarantees both high quality service and substantial discounts.
In addition to the existing cards, customers are offered to acquire an American Discover (starts with the number 6).
Discover, on the contrary, is kind of popular, and initially focused on credit programs. The main feature of the system is bonuses. When buying goods and services using borrowed funds from the card, some part of the amount (very insignificant) is returned to the client, while the more you spend, the greater the percentage of return.
It's not profitable to use Discover cards! There are several reasons for this. Firstly, it is completely unclear where it will be possible to pay with them, since this payment system is not accepted everywhere. And if they do, then there, no doubt, the prices will be somewhat overpriced. Secondly, the problem with ATMs - it will only be possible to put it in the ATM of the issuing bank. With the appropriate level of commission. Thirdly, you can't go to Europe and Asia with this "plastic" either - the logo with an orange "orange" in the center is extremely rare to see in the Old World. Those who often travel to the USA or Canada can always pay with their usual Visa.
However, some proponents have called it the best credit card for people concerned about online fraud and privacy.
Encryption. Safety. Anonymity. Lesson 2.
Let's talk about encryption. I must say right away that this is a rather difficult topic, and it is not 100% mandatory either. Rather, this information is needed by those who have already really achieved something (in our business) and want to seriously take up their security and anonymity. This lesson describes what security is, how it is achieved, and so on. If it seems to you that this is too difficult for you or not necessary, then you can safely proceed to the next lesson.
Again, this information is not 100% mandatory, but very useful for general understanding.
So, we will discuss and analyze the fundamental foundations of encryption, we will study symmetric and asymmetric encryption, we will also slightly touch on such concepts as: hashes, SSL, TLS, certificates, data interception using the SSLStrip utility and weaknesses associated with encryption. This is the fundamental knowledge required to select the appropriate security controls to mitigate risks.
In general, encryption has two parts - encryption and decryption. With the help of encryption, three states of information security are provided:
1. Confidentiality - encryption is used to hide information from unauthorized users during transmission or storage.
2. Integrity - encryption is used to prevent information being changed during transmission or storage.
3. Identifiability - encryption is used to authenticate the source of information and prevent the sender of information from refusing from the fact that the data was sent to them.
In order to read the encrypted information, the receiving party needs a key and a decryptor (a device that implements the decryption algorithm).
The idea of encryption is that an attacker, intercepting encrypted data and not having a key to it, can neither read nor change the transmitted information. Let's imagine a closed door with a lock in order to find out what is on the other side of the door, we need to open it with the key from this lock. So it is in the case of data encryption. Only instead of a lock, we have a data encryption algorithm, and instead of a key, a secret key (Password) for decrypting data.
The main purpose of encryption is used to store important information in encrypted form. In general, encryption is used to store important information in unreliable sources and transmit it over insecure communication channels.
Such data transfer represents two mutually inverse processes:
1. Before data is sent over a communication line or before being stored, it is encrypted.
2. To restore the original data from encrypted data, the decryption procedure is applied to them.
Encryption was originally used only for the transmission of confidential information. However, later they began to encrypt information with the aim of storing it in unreliable sources. Encryption of information for the purpose of storing it is still used now, this avoids the need for physical secure storage (USB, SSD-disks).
What are the encryption methods:
1. Symmetric encryption - uses the same key for both encryption and decryption.
2. Asymmetric encryption - uses two different keys: one for encryption (also called public), the other for decryption (called private), or vice versa.
These methods solve specific problems and have both advantages and disadvantages. The specific choice of the applied method depends on the purposes for which the information is encrypted. In order to make the right choice in the encryption approach, which encryption method to use where, and to answer other related questions, you will need to understand what encryption is, as I said earlier.
For example:
• The sender sends an encrypted message: "Hello, Anton"
• Attackers intercept this message, but since they do not have a decryption key, they only see the character set: "% # & $!"
• The recipient, having the decryption key, can easily read the message sent by the sender in encrypted form, and he already sees the sender's text in its original form: "Hello, Anton"
It will not be an exaggeration to say that encryption is the best tool there is in our arsenal to protect you from hackers and surveillance.
Encryption is a method of converting human-readable data, called plain text, into a form that cannot be read by a human, and this is called cipher text. This allows you to store or transmit data in an unreadable form, due to which it remains confidential and private.
Decryption is a method of converting ciphertext back into human-readable text. If you do a simple Google search, you will see HTTPS and a green padlock icon, which means that all the content of the web pages is not readable by people who are monitoring data transmission over the network.
There are two main components of encryption:
1. The encryption algorithm is publicly known and has been studied by many, many people in an attempt to determine if the algorithm is strong.
2. Secret key - you can imagine that the secret key is a password and it must be kept secret.
The algorithm can be thought of as a lock, and the secret key is the key to that lock. In symmetric cryptosystems, the same key is used for encryption and decryption.
Let's take an example. I want to send some file to Anton, but I don't want any third parties to be able to view it. For clarity and ease of use, I decided to encrypt this file with the 7-Zip program. The same structure is used to encrypt sectors / disks in VeraCrypt, TrueCrypt.
Definitions:
1. An encryption algorithm is the mathematical process of converting information into a string of data that looks like a random set of characters and letters.
2. The hash function is the transformation of the input data into the output bit string. The function of the function is to maintain integrity and to detect unintended modifications.
At the output, we get an encrypted archive, which, in order to unpack and obtain information that is inside, you must enter the decryption key, in simple terms - a password. Let's say that I used a symmetric block cipher algorithm - Advanced Encryption Standard (AES) for encryption. This algorithm uses only one key, the key is created using our password. Also, you can choose what block size will be used 128/256/512/1024 bits.
Imagine a door and many locks on it. It will take you a long time to open or close this door. Also with algorithms, the higher the bitrate, the stronger the algorithm, but the slower it encrypts and decrypts, you can consider this the strength of the algorithm.
256/512 bits is also the amount of key space, that is, a number that indicates the total number of possible different keys that you can get using this encryption algorithm.
To break a symmetric cipher, you need to sort out 2 ^ N combinations, where N is the key length. To break symmetric encryption with a key length of 256 bits, you can create the following number of combinations, that is, possible keys: 2 ^ 256 = 1.1579209e + 77 or if you expand 1.1579209e * 10 ^ 7, then the calculation results in the following number of possible variations (This is 78- bit number):
Code:
2^256 = 115792089237316195423570985008687907853269984665640564039457584007913129639936
If anything, you can check this number yourself here - kalkulyatoronlajn.ru
Thus, for everyone who doubts the safety of the chances of a collision 2 ^ 256, there is a number: where is the probability that a collision will have one of more than 1.1579209e * 10 ^ 7 = 78-bit number (The number above). Simply put, this hit or collision itself is almost impossible.
All this means that the key is extremely difficult to find, even with the help of very powerful computers, but provided that you used a long and random password when generating the key. Let's talk about the password separately, which one to use, and so on. Together with programs and why.
People and governments are constantly trying to break encryption algorithms. I will give you a list of algorithms which are good and which are not, which of them lend themselves to hacking, and which are currently impossible to hack.
Symmetric encryption algorithms:
1. Data Encryption Standard (DES) is a symmetric encryption algorithm developed by IBM and approved by the US government in 1977 as an official standard (FIPS 46-3). The block size for DES is 64 bits.
2. Triple-DES (3DES) is a symmetric block cipher, created in 1978 on the basis of the DES algorithm in order to eliminate the main disadvantage of the last small key length (56 bits), which can be broken by brute-force attack.
3. Blowfish is a cryptographic algorithm that implements block symmetric encryption with variable key length.
4. RC4 is a stream cipher widely used in various information security systems in computer networks (for example, in SSL and TLS protocols, WEP and WPA wireless security algorithms).
5. RC5 is a block cipher developed by Ron Rivest of RSA Security Inc. with variable number of rounds, block length and key length. This expands the scope and simplifies the transition to a stronger version of the algorithm.
6. RC6 is a symmetric block cryptographic algorithm derived from the RC5 algorithm.
7. Advanced Encryption Standard (AES) is a symmetric block encryption algorithm (Block size 128 bits, key 128/192/256 bits), adopted as an encryption standard by the US government based on the results of the AES competition. This algorithm has been well analyzed and is now widely used, as was the case with its predecessor DES.
Symmetric algorithms are used in most encryption systems that you use on a daily basis: HTTPS, Full disk encryption (TrueCrypt, VeraCrypt and others), File encryption (7-Zip, WinZip and others), TOR, VPN. Symmetric encryption is used almost everywhere.
The Advanced Encryption Standard (AES) is the generally accepted standard for symmetric encryption. For maximum security, use AES-256 whenever possible. AES is fast and today it is impossible to crack it (Provided that you have a strong password, we will discuss this below).
Asymmetric encryption. Very smart people have invented this public and private key encryption and algorithms based on the complexity of certain mathematical problems. I will not go into the mathematical details, because understanding them is not necessary for your defense. To make the right choice of security tools, you just need to have a basic understanding of algorithms and the strength of algorithms, as well as the cryptographic systems that you intend to use.
As we know, in the symmetric encryption method, one secret key is used, while in asymmetric encryption methods (Or public key cryptography), one key (Public) is used to encrypt information, and another (Secret) is used to decrypt the information. These keys are different and cannot be derived from one another.
Let's consolidate the material:
Symmetric encryption method - one key, uses the same key for both encryption and decryption.
Asymmetric encryption method - two keys: public (Public) and private (Private).
So let's say we have a file for Anton that was encrypted with 7-Zip using the AES-256 encryption algorithm and a strong password, but how do we deliver the password to Anton so that he can decrypt the file?
The best way to convey something and be sure of the delivery of information to the specified addressee is in person. But this is not a very good idea, since we may simply not know where the addressee is, or he may be so far away that it becomes problematic to deliver something "in person", or maybe we just need anonymity.
Asymmetric algorithms (using public and private keys):
1. RSA (Rivest-Shamir-Adleman) is a public key cryptographic algorithm. This algorithm is very popular, one of the most common asymmetric algorithms you'll see, and I'll show you where to look for them and how to use them. The cryptographic strength of this algorithm is based on the complexity of factorizing or decomposing large numbers into the product of prime factors.
2. ECC (Elliptic curve cryptosystem) is a widespread and gaining popularity algorithm. This cryptographic system is based on elliptic curves, or ECC. The robustness of this algorithm relies on the problem of computing discrete logarithms on elliptic curves.
3. DH (Diffie-Hellman) - Its durability is based on the problem of discrete logarithm in a finite field. Diffie-Hellman is becoming more and more popular because it has a property called Forward Secrecy, which we will discuss later.
4. ElGamal - ElGamal scheme, and the cryptographic strength of this algorithm is also based on the complexity of the problem of discrete logarithm in a finite field.
Cryptographic strength (The ability of a cryptographic algorithm to resist cryptanalysis) - This algorithm is based on the complexity of factorizing or decomposing large numbers of a product of prime factors.
These asymmetric algorithms help to solve the problem of exchange or agreement of keys, and also allow the creation of so-called electronic digital signatures. So we can potentially use public and private keys to send Anton our private key in a secure manner, without the possibility of intercepting its contents.
Again, public and private key algorithms use two keys, not one as in symmetric encryption. The difference is that in asymmetric encryption there is a public key that is created to be known to any person, that is, it is a public key, and there is a private key that must always be kept secret and kept private. These keys are mathematically related and both are generated at the same time. They must be generated at the same time because they are mathematically related to each other. Any website using HTTPS has a public and private key that is used to exchange a symmetric session key in order to send you encrypted data.
It looks a bit like a Zip file. They use these public / private keys and then they need to send another key, such as the key we use for the Zip file, in order to do the encryption (End-to-end. Let's break it down further).
Remember:
If you encrypt with a private key, you need a public key to decrypt. If you encrypt with a public key, you need a private key to decrypt.
In asymmetric encryption, if a message is encrypted with one key, then a second key is needed to decrypt that message. If you encrypt with a private key, then you need a public key to decrypt. If you encrypt with a public key, then you need a private key to decrypt. It is not possible to encrypt and decrypt with the same key, and this is extremely important. For encryption or decryption, you always need interconnected keys.
So, back to our question. What are all the same ways to deliver a password?
Method one
In the first method, the sender encrypts using the open (Public) key of the recipient - Anton. This means that you need anonymity and confidentiality,
so that no one can read the message except the recipient. Let's say you encrypt a file using the recipient's public key. The message can only be decrypted by a person with a suitable private key, that is, Anton's private key. Since we know that these keys are interconnected, we encrypt with some, decrypt with the other, and nothing else.
The recipient (Anton) cannot identify the sender of this message. Since the public (Public) key is public, it is usually laid out in the public domain, and anyone can use Anton's public (Public) key for encryption. When the sender encrypts using the recipient's public key, the message is confidential and it can only be read by the recipient who has the private key to decrypt the message, but as I said earlier, there is no possibility of identifying the sender, provided, of course, if you do not send any or data for your subsequent identification
Method two
All of the above results in the second way of using public (Public) and private (Private) keys. If you encrypt with your own private key, then that means you are interested in authentication. In this case, it is important for you that the recipient knows that it was you who sent the encrypted message. To do this, you encrypt the password (File) with your private key. This gives the recipient confidence that the only person who could encrypt this data is the person who owns that private key, your private key.
For example, you are the creator of some kind of software, but the government is not good at it and in every possible way obstructs your activities.
Let's simulate the following situation:
Let's say I want to download this software, here is the hash of this file, however, if the website is compromised, it means that attackers could spoof this file for downloading and add a virus or something to it to spy on me and they could also change the checksum.
So this hash doesn't mean anything. It will not help detect deliberate modification of the file. We need something else to make sure this site is in fact the official site of the software.
And this is where we come to certificates, digital signatures and other means. All these documents are obtained as a result of cryptographic transformation of information using a private signature key and allowing you to check the absence of distortion of information in an electronic document from the moment the signature is formed (Integrity), the signature belongs to the certificate owner (Authorship), and in case of successful verification, confirm the fact of signing the electronic document (non-repudiation).
Encrypting data with the sender's private key is called the open message format because anyone with a copy of the corresponding public (Public) key can decrypt the message. You can think of it as if you officially put something on the internet for public access, and since
you encrypted it with your private key, anyone can verify that it was you who left this message. Confidentiality or anonymity in this case is not ensured, but authentication of the sender, that is, you, is provided.
Further. When various encryption technologies are used in combination, such as the ones we talked about earlier, since they can all be used in combination and cannot be used in isolation, they are called a cryptographic system, and cryptosystems can provide you with a variety of security features.
A cryptographic system can provide you with a variety of security features. Among these means:
1. Confidentiality - the need to prevent leakage (Disclosure) of any information.
2. Authentication is an authentication procedure, that is, we know that Anton is really Anton and no one else.
3. Avoiding rejection - which means that if you sent an encrypted message, then later you can not begin to deny this fact.
4. Credibility - authenticity that the message has not been modified in any way.
Examples of cryptosystems are any things that use encryption technology, they are: PGP, BitLocker, TrueCrypt, VeraCrypt, TLS, even BitTorrent, and even 7-Zip.
For example, so that we can send our file to Anton, we can use Anton's public key to encrypt files or to transfer anything encrypted. But first, of course, we need Anton's public key, we just need to get it once in some secure way, and after that we can always send encrypted messages that are only available for reading to Anton.
PGP - This is a system that we can use for these purposes, it uses technology to encrypt messages, files and other information presented in electronic form.
PGP (Pretty Good Privacy) is a computer program, also a library of functions that allows you to perform encryption and digital signatures of messages, files and other information presented in electronic form, including transparent data encryption on storage devices, such as a hard disk. For these purposes, we can use Jabber + PGP.
More on this below. But let's get back to encryption. When it comes to public / private key cryptography or asymmetric encryption, there are both strengths and weaknesses.
Asymmetric encryption - public and private keys:
1. Better key distribution, since Anton can put his public key directly into his signature and anyone will be able to send it to her
encrypted messages or data that only he can read.
2. Scalability - if you are using symmetric keys and want to send your file to Anton and, say, ten other people, you will have to share your password 10 times. It is not scalable at all. Asymmetric algorithms have better scalability than symmetric systems.
3. Authentication, rejection prevention - this means if you sent an encrypted message, then later you can not begin to deny this fact. Since it was encrypted with your private private key, your private key.
4. Slow - If you look at the message length in bits after asymmetric algorithms work, you will notice that it is much larger than that of encryption algorithms with symmetric keys, and this is an indication of how much slower they are.
5. Mathematical-intensive - The longer the length in bits, the greater the number of mathematical operations, and, therefore, the greater the load on the system.
Symmetric encryption - private key:
1. Fast - if you look at the message length in bits after symmetric algorithms work, you will notice that it is much less than that of asymmetric key encryption algorithms, and this is an indication of how much faster they are.
2. Reliable - Look at the above about AES-256, where it was calculated with the number 2 ^ 256 and see for yourself, but there are 384/512/1024 and more.
In order to secure the material, let's go back to the analogy with the number of locks on the door. With public and private keys, there are many, many locks on the door, so encryption and decryption takes much longer. For a central processor, this is a large amount of mathematical operations, which is why there are hybrid systems, or hybrid cryptographic systems. Public and private keys are used to exchange negotiation keys, and we use symmetric algorithms such as AES to encrypt data, thereby maximizing the benefits. HTTPS, using the TLS and SSL protocols, is an example of a similar type of hybrid system as is PGP.
FAQ:
A: 1. Are the methods of steganography somehow applied in your work? 2. Asymmetric encryption for example works like this - we encrypt with public AES, decrypt with a conditional password: qwerty?
B: 1. Of course apply, everything depends on you. 2. We create a mutual pair - private and public. You encrypt with some, decrypt with others. Private also with a password phase is symmetrical.
1622751924496.png
1622751942498.jpeg
A: What method can be used to transfer the code to Anton? (Example)
B: Depends on the situation, in general, it's easy to verify it through OTR by fingerprint. And only later, when it was verified by OTR, you can throw it right there, or by another encrypted source that you trust and are sure that Anton is really Anton.
A: Is it possible to modify a file without changing its checksum?
B: In fact, it is possible, but not cost-effective, since basically the entire hash of the file depends on the weight of the file, for example, the weight of the file is 1,454,458 bytes, and the file that was changed is 1,594,137 bytes and their hash will differ and here it is necessary to fit perfectly and it all depends on the type of encryption else. In fact, no. Since you have to remove something from it and replace it with something to fill the space. I think the gist is clear to keep and so on.
Let's now talk in more detail about what encryption consists of.
Hashing is the transformation of an array of input data of arbitrary length into a (Output) bit string of a fixed length, performed by a specific algorithm. The function that implements the algorithm and performs the transformation is called
"Hash function" or "Convolution function". The original data is called the input array, "Key" or "Message". The transformation result (Output data) is called "Hash", "Hash-code", "Hash-sum", "Message summary".
The hash function accepts input of any size. It can be E-mail, file,
word. And the data is converted using a hash function, for example, into the following form:
Code:
732b01dfbfc088bf6e958b0d2d6f1482a3c35c7437b798fdeb6e77c78d84ccb1
An important feature of the hash function is that you cannot convert from the hash back to the original input. It is a one-way hash function and does not require keys.
There are many examples of hash functions: MD2, MD4, MD5, HAVAL, SHA, SHA-1, SHA-256, SHA-384, SHA-512, Tiger, and so on. Nowadays, if you are looking for a cryptographic system, you should use SHA-256 or higher, I mean SHA-384 and SHA-512 and so on.
To make it easier to deal with the material, let's move away from the dry text and simulate the situation. Let's say you need to download the Windows 7 Home Premium operating system for yourself.
We know that this operating system comes from Microsoft developer, then we go to the search and make the following search query:
Code:
site:microsoft.com Windows 7 Home Premium hash
Site operator: This operator restricts the search to a specific domain or site. That is, if we make a request: site: microsoft.com Windows 7 Home Premium hash, then the results will be obtained from pages containing the words "Windows", "7", "Home", "Premium" and "hash" on the site " microsoft.com ”and not elsewhere on the Internet.
This information is also key for searching online stores using operators in search engines. In this way, you can easily find the hash of the Windows 7 Home Premium 64bit operating system on the official Microsoft website: SHA1 Hash value:
6C9058389C1E2E5122B7C933275F963EDF1C07B9
1622752029979.png
In general, I would recommend finding hash sums and performing searches starting from 256 and higher, but on the official site there was only this amount, so I will take what is. Next, we need to find a file that corresponds to a given hash, for this we also use the Google search engine and operators, how to search using operators and what is the link above.
Code:
inurl:download "6C9058389C1E2E5122B7C933275F963EDF1C07B9"
After when you download this file, then using our hash-sum, you can make sure that this file has not changed, that is, it has integrity.
There are tools you can download to do this:
One such tool is Quick Hash (quickhash-gui.org), and I will show you how to check hash sums and ensure the integrity of the information received.
Also, I will attach below, information on other hash-sums of this file:
Code:
MD5: DA319B5826162829C436306BEBEA7F0F
SHA-1: 6C9058389C1E2E5122B7C933275F963EDF1C07B9 SHA-256:
C10A9DA74A34E3AB57446CDDD7A0F825D526DA78D9796D442DB5022C33E3CB7F
SHA-512: E0CB678BF9577C70F33EDDC0221BC44ACD5ABD4938567B92DC31939B814E72D01FAC8 82870AB0834395F1A77C2CD5856FD88D2B05FBE1D1D9CCE9713C1D8AB73
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding