SMS notification in Sberbank online: how to connect


The Sberbank Online mobile application allows you to access your financial assets located in Sberbank using a mobile device. The beauty of the application from Sberbank is that you don’t have to sit at the computer to transfer money to your account or pay for a service, because all basic operations with your cards, deposits, and loans are available directly from the screen of your mobile gadget. Using the application from Sberbank is absolutely free and is available for users of devices based on iOS, Android and Windows Phone operating systems. You can access the online bank from your smartphone around the clock: you need a phone and mobile Internet or Wi-Fi.

To start using the Sberbank application right now, you need to follow 2 simple steps:

  1. Download the app to your device (depending on your operating system version and device type)
  2. Log in to the system (You must have ]Sberbank Online[/anchor] connected, if it is not connected, connect it: you will need a card number and mobile phone)

To enter the Sberbank Online mobile application, use the login and password that you use to enter the bank’s personal account of the same name. If you do not have these login details, then first register in the Sberbank Online system in any way convenient for you, and then we start using the application.

The Sberbank Online mobile application allows you to perform the following banking operations:

  • History of account transactions (statements for any period of receipts and expenses for cards, accounts, deposits and other banking services are available)
  • Money transfers (you can transfer funds either to a Sberbank client card by phone number or card number, as well as to a card of any other bank using a bank card number in 16-digit format)
  • Payment for services (Mobile communications, Internet, TV, housing and communal services, traffic police fines, taxes, duties and much more. No commission is charged for most services, payment for other services is carried out with a commission that is less than in a bank branch or in a payment terminal of a third-party financial organization )
  • Creating payment templates (we recommend using templates for quick payment for services that you pay regularly. The recipient’s details are saved, you only need to enter the payment amount each time)
  • Transfer of funds to an electronic wallet (Qiwi-wallet, Yandex.Money, WebMoney)
  • Viewing the balance of bonus points in the “Thank you” loyalty program from Sberbank
  • Additional operations on the card (viewing available funds, extracting the latest transactions, connecting to any card)
  • Blocking/unblocking the card (in case of its theft or loss)
  • Issue of a new card (reissue or application for a bank card of a different series)
  • Opening deposits in a bank with an increased rate (compared to the interest rate at a bank branch)
  • Payment and early repayment of the loan (both making the next payment and early repayment are available)
  • Opening an account (both in rubles and foreign currency)
  • Connecting mobile contactless payments (Apple Pay, Samsung Pay, Android Pay)
  • Find nearby branches and ATMs (based on your current location)
  • Personal offers from the bank on loan products
  • Dialogues (a special section where your short messages are displayed when transferring money to another Sberbank client)
  • Current exchange rates
  • Cost of selling and purchasing precious metals (Gold, Silver, Platinum, Palladium)
  • Application for opening an impersonal metal account

Attention! A prerequisite for using the Sberbank Online mobile application is the presence of an active Mobile Bank service.

CHAPTER 1. Unexpected guests

It all started that fateful morning when the Project Manager announced that the project timeline had to be quickly and decisively reduced by a month. More precisely, the project should be ready in 4 days. No, our PO is not an animal, and does not look at all like an owl (except maybe a little like a raven), it just happened that way. Well, if it’s necessary, it’s necessary, especially since the team (and I am the leading developer of team “C”) was promised something tasty. The clock and calendar showed Thursday, 11:00, the project should be ready by Monday. For starters, what do we actually do? We deal with the automation of cinemas - automatic and remote control of equipment, automation of film screenings, monitoring, video panels, and now also ticket and bar sales terminals. This article is specifically devoted to the last point. The project itself, which had to be completed before Monday, is a kind of layer between the main Scala server and the VeriFone VX 820 hardware payment terminal (in fact, there are more terminals, but for example we’ll take only that). It is clear that no one will simply allow us to carry out transactions through it, so we use the utilities and libraries of Sberbank/Arcus and UCS. Thus, the final scheme of work should be as follows:

Externally it looks like this:

Also, this subsystem should be used on standard cash registers that everyone has seen in any movie theater at the cashier’s office.

According to the internal tradition, we name each project of our team with a name from Old Norse mythology, for this subsystem the name Gefjon was chosen - The name of the goddess of fertility and abundance (not a bad name for a payment server, isn’t it? Well, the legend of the bulls cutting off the island fits perfectly with the current architecture, cutting off work with equipment from the high-level language).

The format of incoming and outgoing messages is an HTTP server with a JSON load. This is the optimal compromise between Scala, which finds it difficult to stoop to extracting binary data from socket streams, and C, which finds it difficult to rise to the level of passing objects over the network. There are not many possible operations that need to be handled: payment, cancellation, return, different types of reports, opening the service menu and ping. It looks nothing complicated. Since there are three banking systems (and later additions to the family are expected), it was decided to divide the project into components:

The blocks that we needed to make are colored green, and the blocks that cannot be changed and are provided by the bank are blue.

Since the main problems arose only with software from Sberbank, the article as a whole will be devoted to the pitfalls that we counted with our rook.

CHAPTER 2. Roast lamb

(photo: heaclub.ru)
... looks something like this. The code of the prototype, which was written a few months ago in order to make it clear to all higher-ups that we can work with banking applications, looked approximately the same.

char buf[BUF_KB * 2]; char * NULL; char * grep; #ifdef _WIN32_WINNT char * ptr; NULL = "null"; grep = "findstr"; #else NULL = "/dev/NULL"; grep = "grep"; #endif sprintf(buf, "%s %"PRIi32″= %sops.ini >%s 2>%s || " "echo %"PRIi32″=9.6,PINPAD_TEST >> %sops.ini", grep, TERM_ARCUS_TEST_PINPAD, TERM_PATH, NULL, NULL, TERM_ARCUS_TEST_PINPAD, TERM_PATH); #ifdef _WIN32_WINNT ptr = buf; while (*ptr) { if (*ptr == '/') *ptr = '\\'; ptr++; } #endif It’s clear that this was not suitable for the Production version, so it was necessary to essentially write everything again.

Each bank that provides libraries for working with the terminal usually provides two connection options: through library functions (.so/.dll) or through a ready-made utility, which just needs to be passed two values ​​- the transaction type and the amount (when necessary). In theory, nothing complicated, just something

char buffer[100]; sprintf(buffer, "%d %d", atoi(argv[1]), atoi(argv[2])); system(buffer); The result of the operation will be placed in file “e”, and the slip check will be placed in file “p”. Let's just send these files to stdout with conversion to JSON so that the HTTP server will just send them up as a payload without thinking about what's in there.

But this article would not have been published if everything was so simple.

Create a personal account in Sberbank Online at a bank branch

The most reliable option for connecting to the Sberbank personal account service online when visiting any bank branch in person. This is necessary if: you are unable to create a personal account yourself using any of the above methods. Then you need to at least get advice from a bank employee. He will look at your tariff; perhaps it does not support the Sberbank Online service.

If you cannot register with Sberbank Online, pay attention to your tariff plan. For example, this service is disabled on specialized cards for pensioners. This is done to prevent your money from being stolen through your personal account. In this case, you can connect Sberbank online by visiting Sberbank in person and signing up for the required tariff plan.

You need to take the following documents with you:

  • Passport.
  • A card with a connected Sberbank online service.
  • Don't forget your card PIN, you may have to use an ATM.

CHAPTER 4. Over the mountain and under the mountain

The initial implementation was a simple application call - the HTTP server called the required wrapper with unified parameters (for example, X-report is 4), and a utility, for example gfj_pilot, launched sb_pilot with the parameter that was required for this operation (for example, X-report is 9) .
Then the wrapper utility read the result of the operation from the e-file (for example, 2000 - “payment refused, repeat the operation”) and converted it into a universal error (for example, 3 - “Error reading or processing the card/account, repeat the operation”). After this, the “p” file was converted to base64 to avoid breaking the formatting and sent along with the result to stdout as JSON. All this worked great until one day we were informed that...

...this doesn't work on Windows.

Well, more precisely, Windows itself has no problems (except for the fact that the slip is generated in Cp-1251 encoding, and the console works in CP866). The "e" file was simply not generated. Launched the banking utility directly:

C:\banks\sber\sb_pilot>dir The volume in device C does not have a label. Volume serial number: B401-6B9D Folder contents C:\banks\sber\sb_pilot 02/04/2019 12:28

    .
    02/04/2019 12:28 .. 01/31/2019 17:12 10 832 F12X24.BIN 01/31/2019 17:12 128 000 gate.dll 01/31/2019 17:12 72 192 loadparm.exe 01/31/2019 1 7:12 36 204 OPT0 .R 01/31/2019 17:12 20 716 OPT1.R 01/31/2019 17:12 1 806 OPT3.R 01/31/2019 17:12 388 608 pilot_nt.dll 01/31/2019 23:06 463 pinpad.ini 01/31/2 019 17: 12 91 136 posScheduler.exe 01/31/2019 17:12 418 printers.ini 02/01/2019 16:51 91 646 sbkernel1902.log 01/31/2019 17:12 653 312 sbrf.dll 01/31/2019 17 :12 840 192 SBRFCOM.dll 01/31 .2019 17:12 3 142 656 sb_kernel.dll 02/01/2019 16:51 9 SESS.D 02/01/2019 16:51 715 SPLC.D 01/31/2019 17:12 72 192 upwin.exe 20 files 5 659 718 bytes 2 folders 37 567 004 672 bytes free # Send payment command (1) for 10 rubles (1000 kopecks) C:\banks\sber\sb_pilot>loadparm.exe 1 1000 C:\banks\sber\sb_pilot>dir Volume in device C does not have tags. Volume serial number: B401-6B9D Folder contents C:\banks\sber\sb_pilot 02/04/2019 12:28 . 02/04/2019 12:28 .. 02/04/2019 12:28 216 commerr.log 01/31/2019 17:12 10 832 F12X24.BIN 01/31/2019 17:12 128 000 gate.dll 01/31/2019 17:1 2 72 192 loadparm. exe 01/31/2019 17:12 36,204 OPT0.R 01/31/2019 17:12 20,716 OPT1.R 01/31/2019 17:12 1,806 OPT3.R 02/01/2019 18:51 1,349 p 01/31/2019 17:12 388 608 pilot_nt.dll 01/31/2019 23:06 463 pinpad.ini 01/31/2019 17:12 91 136 posScheduler.exe 01/31/2019 17:12 418 printers.ini 02/04/2019 12:28 92 218 sbkernel190 2.log 01/31/2019 17 :12 653 312 sbrf.dll 01/31/2019 17:12 840 192 SBRFCOM.dll 01/31/2019 17:12 3 142 656 sb_kernel.dll 02/01/2019 16:51 9 SESS.D 02/01/2019 16 :51 715 SPLC.D 01/31/2019 17:12 72,192 upwin.exe 19 files 5,659,029 bytes 2 folders 37,567,008,768 bytes free C:\banks\sber\sb_pilot> Indeed, there is no “e” file. Stone towards Sberbank #1. We write a letter to Sberbank (later we received an answer that this is how it should be), and since there is no time for correspondence and we need to start right now, we are looking for workarounds to get results. 04.02 12:28:55 SBKRNL: Failed to open device \\.\COM1, err 2 04.02 12:28:56 SBKRNL: Failed to open device \\.\COM1, err 2 04.02 12:28:56 SBKRNL: Result = 0 02/04 12:28:56 GATE: unlock:'00000054′ 02/04 12:28:56 GATE: lock:'00000054′ 'UPOSWINMUTEX2′ 02/04 12:28:56 GATE: unlock:'00000054' 02/04 12:28:56 LOA DPARM : Unloading GATE.DLL… 02/04 12:28:56 GATE: SB_KERNEL.DLL is unloaded 02/04 12:28:56 LOADPARM: GATE.DLL unloaded Yeah, the result can be obtained from the sbkernelYYMM.log log. Inconvenient, plus there is no card hash to later attach a “Thank you” from Sberbank. No good. You will have to connect to the pilot_nt.dll library and import functions from it. Everything would be fine, but... Stone in the direction of Sberbank #2: there is no such library for Linux, you will have to create two different applications for different platforms - for Linux, call the sb_pilot utility (analogous to loadparm.exe, by the way stone #3 for the different name of the utility for different platforms ), under Windows, connect to the pilot_nt.dll library.

CHAPTER 5. Riddles in the dark

It's 19:00.
Sberbank is a large company; most software solutions are produced in accordance with GOST standards and formal documents. We climb into the catalog that Sberbank supplies along with libraries:

Sberbank$ ls -l Docs total 30160 drwx—— 2 alex alex 4096 Jan 17 19:31 FAQ -rw-rw-r— 1 alex alex 3398465 May 9 2020 Basic UPOS setup for an autonomous solution (AP).docx -rw-rw -r— 1 alex alex 1182078 May 9 2020 Basic setup of UPOS for IKR.docx -rw-rw-r— 1 alex alex 853504 May 9 2020 Versions and changes.doc drwx—— 3 alex alex 4096 Jan 31 17:11 For developers Cash register software -rw-rw-r— 1 alex alex 5280787 May 9 2020 Loading software into POS terminals.docx -rw-rw-r— 1 alex alex 1149640 May 9 2020 Error codes.docx drwx—— 2 alex alex 4096 May 28 2020 Setting up UPOS drwx—— 2 alex alex 4096 May 28 2020 Setting up cash register programs -rw-rw-r— 1 alex alex 3451601 May 9 2020 Defining an autonomous solution (AP) circuit.docx -rw-rw-r— 1 alex alex 1956196 May 9 2018 Definition of the IKR scheme.docx -rw-rw-r— 1 alex alex 1043161 May 9 2020 Memo on setting up the function PAYMENT for air tickets (Aeroflot)_(IKR).docx -rw-rw-r— 1 alex alex 4348157 May 9 2018 POS terminal parameters.docx -rw-rw-r— 1 alex alex 3970267 May 9 2018 Connecting individual functions.docx drwx—— 3 alex alex 4096 May 28 2020 User manuals -rw-rw-r— 1 alex alex 2644702 May 9, 2020 Guide to setting up POS terminals.docx drwx—— 2 alex alex 4096 May 28, 2020 Accompanying documentation -rw-rw-r— 1 alex alex 1558211 May 9, 2020 Outline of document content.png A lot of good stuff, but we are only interested in the catalog for developers: Sberbank$ ls -l Docs/For\ developers\ software\ cash register/ total 8704 -rw-rw-r— 1 alex alex 47105 May 9 2020 1C.docx -rw-rw-r— 1 alex alex 1824 May 9 2020 cardtype.h -rw-rw-r— 1 alex alex 2590378 May 9 2020 cr_ttk_protocol_ru.rtf -rw-rw-r— 1 alex alex 208 May 9 2020 deprtmnt.h -rw-rw-r— 1 alex alex 16681 May 9 2018 errors.h drwx—— 6 alex alex 4096 May 28 2020 examples -rw-rw-r— 1 alex alex 58575 May 9 2020 gate.h -rw-rw-r— 1 alex alex 4218 May 9 2020 paramsln.h -rw-rw-r— 1 alex alex 61693 May 9 2018 pilot_nt.h -rw-rw-r— 1 alex alex 28160 May 9 2018 ReadTrack2.doc -rw-rw-r— 1 alex alex 7417 May 9 2020 sbkernel. h -rw-rw-r— 1 alex alex 144896 May 9 2020 sb_pilot.doc -rw-rw-r— 1 alex alex 3525323 May 9 2020 Integration with cash register via ole object sbrf.dll.rtf -rw-rw-r — 1 alex alex 46683 May 9 2020 Integration with cash register via the library gate.dll.chi -rw-rw-r— 1 alex alex 255414 May 9 2020 Integration with cash register via the library gate.dll.chm -rw-rw-r— 1 alex alex 814653 May 9 2020 Integration with cash register machines via the gate.dll.pdf library -rw-rw-r— 1 alex alex 41618 May 9 2020 Integration with cash register machines via the pilot_nt.chi library -rw-rw-r— 1 alex alex 241716 May 9 2020 Integration with KKM through the library pilot_nt.chm -rw-rw-r— 1 alex alex 968753 May 9 2020 Integration with KKM through the library pilot_nt.pdf -rw-rw-r— 1 alex alex 81 May 9 2020 Subtypes of pinpads.txt There is a lot of waste paper, just in case, we will re-read pilot_nt again, from which we learn the following:

Table 1. Supported OS by sb_pilot.

OSBit depthModule name
Windows32sb_pilot.exe
Linux32sb_pilot
DOS16sb_pilot.exe

It turns out that the utility for Windows should still be called sb_pilot. Well, a stone to Sberbank #4 for not complying with its own documentation.

Transferring the results of the program.
At the end of the program, two text files are generated - an exchange file and a receipt file.

The first one is named e and is intended to pass the parameters of the completed operation to the calling program. The first line in this file contains the operation result code, and separated by commas - an explanatory text message. Code 0 means successful payment; any other value means refusal or impossibility of making the payment.

We lazily throw another stone and start studying the documentation for connecting the library directly.

Order of calling library functions
When paying (returning) a purchase using a bank card, the cash register program must call the card_authorize() function from the Sberbank library, filling in the TType and Amount fields and specifying zero values ​​in the remaining fields. Once the function has completed, it is necessary to analyze the RCode field. If it contains the value “0” or “00”, the authorization is considered successful, otherwise it is rejected. In addition, you need to check the value of the Check field.

If it is not NULL, it must be sent to print (in non-fiscal mode) and then deleted by calling the GlobalFree() function. When closing a shift, the cash register program must call the close_day() function from the Sberbank library, filling in the TType = 7 field and specifying zero values ​​in the remaining fields. At the end of the function, you need to check the value of the Check field.

If the Check field is not NULL, it must be sent to print (in non-fiscal mode) and then deleted by calling the GlobaFree() function.

It sounds easy, even the header file is provided.
Well, we connect it, compile and... $ cat main.c && i686-w64-mingw32-gcc main.c -o main.a #include "pilot_nt.h" int main(void) { return 0; } In file included from main.c:1:0: pilot_nt.h:525:3: error: unknown type name 'auth_answer' auth_answer ans; /**< [in, out] . . ::auth_answer */ ^ pilot_nt.h:544:3: error: unknown type name 'auth_answer' auth_answer ans; /**< [in, out] . . ::auth_answer */ ^ pilot_nt.h:567:3: error: unknown type name 'auth_answer' auth_answer ans; /**< [in, out] . . ::auth_answer */ ^ pilot_nt.h:590:3: error: unknown type name 'auth_answer' auth_answer ans; /**< [in, out] . . ::auth_answer */ ^ pilot_nt.h:627:3: error: unknown type name 'auth_answer' auth_answer ans; /**< [in, out] . . ::auth_answer */ ^ pilot_nt.h:668:3: error: unknown type name 'auth_answer' auth_answer ans; /**< [in, out] . . ::auth_answer */ Ummm... What? Open pilot_nt.h: #ifdef __cplusplus extern “C”{ #endif <…> /** * Basic parameters of the operation * The structure used to describe the operation and obtain the results of the operation. */ struct auth_answer{ int TType; /**< [in] transaction type. see ::OpetationTypes */ unsigned long Amount; /**< [in] amount in kopecks */ char RCode[3]; /**< [out] authorization result code */ char AMessage[16]; /**< [out] authorization result text */ int CType; /**< [in,out] card type */ char* Check; /**< [out] check image, must be released by GlobalFree in the calling program */ }; <…> struct auth_answer7{ auth_answer auth_answ; /**< [in, out] Basic parameters of the operation. See ::auth_answer */ <—- THIS char AuthCode[MAX_AUTHCODE]; /**< [out] Authorization code. 7 bytes. */ char CardID [CARD_ID_LEN]; /**< [out] Card ID. 25 bytes. */ int SberOwnCard; /**< [out] Flag of whether the card belongs to Sberbank */ }; Immediately, without looking at the stone for comments in Russian in CP1251 encoding. Well, the most serious stone: dear C++ developers. If you write extern “C”, this means that the code inside the block must be compiled by a C compiler. If you have NOT made a `typedef` of a structure, then each time it is mentioned as a type indication, you must write the `struct` keyword.

We patch the file for developers, substituting the word `struct` wherever necessary. We link to the `pilot_nt.dll` library. Victory, right? Let's launch our application.

CHAPTER 6. Out of the frying pan and into the fire

Well, you understand, right? The application just crashes. Immediately, before main. Let's meditate, add the NIH analogue of the errno function for Windows: GetLastError (stone #3 towards Microsoft, the first two are for encodings). C:\banks\sber\WIN>sb_pilot.exe 1 1000 E: !g_sblibrary (0xc0000096) 0xc0000096? Shouldn't GetLastError return an adequate error code?

For a complete list of error codes provided by the operating system, see System Error Codes.

Yeah, open the article at the link:

The following topics provide lists of system error codes. These values ​​are defined in the WinError.h header file.

  • System Error Codes (0-499) (0x0-0x1f3)
  • System Error Codes (500-999) (0x1f4-0x3e7)
  • System Error Codes (1000-1299) (0x3e8-0x513)
  • System Error Codes (1300-1699) (0x514-0x6a3)
  • System Error Codes (1700-3999) (0x6a4-0xf9f)
  • System Error Codes (4000-5999) (0xfa0-0x176f)
  • System Error Codes (6000-8199) (0x1770-0x2007)
  • System Error Codes (8200-8999) (0x2008-0x2327)
  • System Error Codes (9000-11999) (0x2328-0x2edf)
  • System Error Codes (12000-15999) (0x2ee0-0x3e7f)

Great, we got an undocumented error, throw a stone and open the all-knowing Google:

  • forum.vingrad.ru/forum/topic-346194/kw-dll-loadlibrary-%D0%BE%D1%82%D0%BB%D0%B0%D0%B4%D0%BA%D0%B0.html
  • bbs.csdn.net/topics/80078275
  • forums.codeguru.com/showthread.php?179566-0xC0000096-Privileged-Instruction
  • www.unknowncheats.me/forum/general-programming-and-reversing/97763-privileged-instruction-error.html
  • cboard.cprogramming.com/windows-programming/146130-prallel-port-programming.html
  • computer-programming-forum.com/82-mfc/dc2481c0ecead2f2.htm

The essence of the error comes down to the fact that some subroutine uses one of the instructions

  • _inp()
  • _inpw()
  • _inpd()
  • _outp()
  • _outpw()
  • _outpd()

The use of which is prohibited under NT kernels, since they try to work directly with the parallel port.
Apparently this code is called in the library initializer, i.e. At startup, the library wants to poll the ports for the presence of devices, but the NT kernel requires work through the driver. A hopeless situation?

CHAPTER 8. Spiders and flies

22:00.
Just in case, the idea arises to check that this is not due to the fact that we are using cross-compilation with Linux using mingw. At the same time, we understand that Sberbank only supplies a 32-bit application, so linking with a 64-bit application will not work, oh well, but we will still throw stones at Sberbank for the 32-only version in 2019. Given

: installed in virtualbox windows 7;
Required
: Install Visual Studio and copy MVP.

We go to the Microsoft website, download Visual Studio 2020. We take a community license, since we take it for testing; for a business, a license will be purchased if it takes off. Download a few hundred megabytes and...

We see that our OS version (Windows 7) is not supported.

Ok, let's go to all sorts of obscene sites, look for Visual Studio 2008, download a few hundred megabytes again and...

We get the iso file.

Okay, let's try to install Daemon Tools 10 (since that's the version that the site offers) to insert this virtual disk.

Launch the downloaded binary. Misfire, .NET Framework 4.5 is required, download and install. We launch the downloaded binary, the installation has begun, the bootloader says that it needs 4.5.2, download it, install it. We launch the downloaded binary, the installation has begun, the bootloader says that it will not go anywhere until we install the security update KB3033929, download, install.

And we receive a slap in the face from Microsoft in the form of a message:

We furiously throw a very sharp stone towards Microsoft, download old Daemon Tools from torrents, successfully unpack Visual Studio, install, finally (00:00) compile MVP, we get the same error. Well, it was a good version, but it didn’t work out.

How to install Bluestacks on your computer

  1. Download the Bluestacks file from this link by clicking on it;
  2. Launch the file by hovering over it and double-clicking;
  3. To the question “Allow Bluestacks install to make changes on this computer?”, click “Yes”;
  4. Click on the “Continue” button in the lower right corner of the window;
  5. Click the “Next” button in the next window;
  6. In the last window, select the “Install” button;
  7. If all steps are completed correctly, a blue window will appear. In it you can observe the process of installing the program in the form of a horizontal scale;
  8. Wait for the installation to complete;
  9. Sign in to your Google account;
  10. The program is ready for use, let's move on to the next step of installing the Sberbank Online application

CHAPTER 11. On the threshold

We write to the second programmer, who at this moment urgently finishes the server and the registration procedure.
He remembers that there is a Git repository that connects this library on NT and works with it. Looking suspiciously at the repository, we download it, compile it and run it. Works.

We look at the code even more suspiciously. The code is identical, except that it is written in C++ and not C. We understand that the language has nothing to do with it. Let's look at the Sberbank libraries that the code pulls behind it. We see the last commit.

And here another surprise awaits us.

It turns out that versions of the Sberbank library may be different. The latest commit increases the version from 23 to 27. We copy the version from Git to our test computer - IT WORKS!

We check all the archives that Sberbank sent, compare the versions and build a table:

VersionWorks
26.0.15 — MainNo
27.4.12 — From the repositoryYes
23.0.13 — From the repositoryYes
29.0.9 — The latest from SBYes
23.0.13 — With a patch for the “Crypter” systemYes

Great, now we'll live. On those systems where it is 26, update to 29 or 27 and everything will take off. We throw stone #9 towards Sberbank for breaking the behavior on NT systems.

Registration in your personal account Sberbank Online

The most convenient way to register with Sberbank online is through their official website. The advantage of this method is that you do not need to go anywhere, everything is done via the Internet. To start registering, simply follow the link: registration in Sberbank Online. If you have any difficulties during the registration process, you can read our instructions.

Instructions for registering in your Sberbank Online personal account . You have followed the above registration link and you will see a registration window. You will need to enter your current card number. Then click continue.

If the card number is entered correctly, we are taken to the SMS confirmation page. Here you will have to wait until a one-time password is sent to your mobile phone number to access your personal account.

The received password must be entered into the “SMS password” window, then click “continue”. This is a standard procedure for confirming a mobile phone number; many banks use it. Therefore, you will have to do this; you won’t be able to register with Sberbank online without SMS confirmation.

All you have to do is come up with a login and password; they will be used every time you log into Sberbank Online. Therefore, I recommend that you remember or write down this information in a safe place. Of course, there are cases when people forget their password from Sberbank online, and for this there is an access recovery function, but I still recommend writing down the password so as not to waste extra time on restoring it.

CHAPTER 12. What awaited them inside

Missing "e" file?
No problem, we take the patched headers, dynamically link to the library to correctly return the error, write code that simply writes the return code from the function to the file “e”, call the binary sb_pilot.exe and... It works.

But on the version for the Crypter system, a “p” file is not created.

We look sadly at the blood dripping down our knuckles and at the dent in the wall.

To begin with, what is the “Crypter” system?

Cryptera is a Danish company that produces encryption equipment/security equipment/keys, etc. I think you have all seen one of their products:

So Sberbank uses their crypto module for pinpads and releases a special “patched” library, in which, as we already understood, the “p” file is not created. We write to Sberbank about this and in a few days we will receive an answer that “under the original system the file “p” will be created, but under the patched one on Cryptera it will not.” We will give them stone #10 in a few days, because they need to work now.

Fortunately or unfortunately, the functions we use to carry out operations return the already mentioned structure:

struct auth_answer{ int TType; /**< [in] transaction type. see ::OpetationTypes */ unsigned long Amount; /**< [in] amount in kopecks */ char RCode[3]; /**< [out] authorization result code */ char AMessage[16]; /**< [out] authorization result text */ int CType; /**< [in,out] card type */ char* Check; /**< [out] check image, must be released by GlobalFree in the calling program */ }; Oh, great, we already have the check, we can save it to a file ourselves or directly output it to JSON... printf(“%s\n”, answer.Check); And we get the application crash due to accessing an invalid pointer.

Sberbank Online: login to your personal account

Login to your Sberbank personal account is at: https://online.sberbank.ru , you can also go to the official website of Sberbank and click on the “Sberbank Online” button in the upper right corner. To enter your personal account, you must specify the login and password received during registration.

An electronic personal account was developed for Sberbank clients, which was called Sberbank Online . Thanks to this service, you can make instant payments and transfers from card to card. Access to your Sberbank online personal account is provided only via the Internet. This kind of service will be convenient when you urgently need to transfer money, or pay for the Internet without leaving your home. You can log into your personal account from the official website using your username and password. In addition, Sberbank has developed a special mobile application that runs on IOS and Android. Thanks to the mobile application, you can use your account from any place convenient for you, the main thing is that the mobile Internet works there.

Main features:

  1. Checking receipts and debits of funds.
  2. Payment for housing and communal services and similar services.
  3. Money transfers from bank to bank.
  4. Internet bank for business.
  5. And much more: payment for mobile communications, the Internet, purchases in online stores.

You can get into your Sberbank personal account online by clicking on the login button. After this, an SMS message with confirmation and a one-time password will be sent to your mobile phone number. Enter it in the appropriate box. If you have forgotten your login or password, you can recover them.

CHAPTER 17. The storm broke out

People begin to return to the office, nodding their heads sympathetically.
PO doesn't look very happy about the latest news. One detail comes to mind here. When we displayed the fields of structure #14 to see their values, one byte of each line was cut off. On the one hand this, on the other

Attention! In the auth_answer14 structure, the product name is one character shorter than in gate.dll TGoodsData. Let's fix this error as a standard

Maybe this is still connected with...
A terrible guess strikes the brain like lightning. Let's declare the structure as

typedef struct __attribute__((packed)) { int TType; /**< [in] transaction type. see ::OpetationTypes */ unsigned long Amount; /**< [in] amount in kopecks */ char RCode[3]; /**< [out] authorization result code */ char AMessage[16]; /**< [out] authorization result text */ int CType; /**< [in,out] card type */ char* Check; /**< [out] check image, must be released by GlobalFree in the calling program */ }; AND…

Nothing changes.

Still the same Size = 0, Still the same Lock = NULL.

Pain.

Decay.

You involuntarily look for a comfortable beam on the ceiling, one that can withstand your weight. After so many non-stop hours of coding and studying documentation, orderly rows of bytes float before my eyes. What if we print the bytes that are returned at all?

u32 i; for (i = 0; i < sizeof(answ); i++) { printf("%02x ", *((u8 *)&answ + i)); } printf("\n"); C:\banks\sber\sb_pilot>sb_pilot.exe 1 1000 01 00 00 00 e8 03 00 00 30 00 00 ce e4 ee e1 f0 e5 ed ee 00 00 00 00 00 00 00 00 02 00 00 00 f8 6c 7a 00 00 `30 00 00 ce` - which means that Sberbank still uses Packed structures. But there’s not a word about it in the headlines. That’s why the examples don’t work, and that’s why it’s impossible to get a pointer to the text at the end - after all, it’s broken due to a shift of 1 byte. A huge and prickly stone towards Sberbank!

And then one small nuance caught my eye. 4 + 4 + 3 + 16 + 4 + 4 = 35. And here there are 36 bytes, Obelix.

Since there are 36 bytes here, it means the compiler is still aligning the structure. This means there is still an extra byte inserted between RCode and AMessage. But why? After all, we specified `__packed__`!

Download the Sberbank Online mobile application

If you have a modern smartphone, such as an iPhone or its equivalent on Android OS, you can download a mobile application through which you can both register and log into Sberbank online. Using Sberbank online via a smartphone is very convenient: payments are made from anywhere you can connect to your mobile Internet.

Login to your Sberbank personal account through the mobile application . Step one, you need to download the application on your smartphone. Depending on what operating system you have, open the App Store or Google Play. Enter “Sberbank online” in the search and click download. Then open the application. If you do not have a username and password, you will have to register. But if you have already registered with Sberbank online, then you can log in or recover your forgotten password if you have forgotten it.

Instructions:

  1. After you have downloaded the application and launched it, the “Login to Sberbank Online” button will appear. Let's press it.
  2. Enter your login or ID. If you have not registered with Sberbank Online, then you will have to register to receive a login. Click the appropriate button.
  3. So, you have entered your login and moved on to the next step - entering your card number.
  4. After entering the card number, an SMS message with a registration confirmation code will be sent to your mobile phone. Please note that the confirmation code will be sent to the phone number to which the Sberbank card was registered.
  5. Now you can use Sberbank Online on your mobile. It is worth noting that in phones with the Touch ID function, you can use not only a password to access the online bank, but also a fingerprint.

The instructions are described step by step, with an example in the pictures above. The pictures should be viewed from left to right. If you have difficulties registering with Sberbank online, you can try registering through a terminal or ATM, this is described below.

What errors can there be:

  1. Your tariff does not support online payments.
  2. If you do not receive an SMS with the code, either an error was made when entering it, or the card is registered to a different phone number. Contact a bank branch or hotline.

CHAPTER 18. The way back

The reasons why leveling is still enabled appeared in 2012: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991.
The bug was fixed only in GCC 8 (a stone for 6 years of bugs!), which is not yet possible to update to. Fortunately, there is a workaround: -mno-ms-bitfields We will not now analyze the mechanism of how this flag works, we will simply pass it to the compiler: Slip! Dear! I missed you, I won’t even swear over the krakozyabr, I’ve already thrown a stone for that.

And finally, let's feed Microsoft a stone because GlobalSize/Lock produces zeros for invalid pointers.

CHAPTER 19. The last chapter

To minimize the number of ifdefs for the sb_pilot layer, we wrote a separate application that completely simulates the Linux version of sb_pilot. Thus, leaving the code of layer #1 the same, leaving only one condition: #if defined(BXI_OS_GLX) #define GFJ_PILOT_EXECUTABLE "./sb_pilot" #elif defined(BXI_OS_WIN) #define GFJ_PILOT_EXECUTABLE "./sb_pilot.exe" #endif

Results of the battle:

  • Sberbank: 12 stones
  • Microsoft: 7 stones
  • GCC: 1 stone

Memory achievement for our team board:

Drawing conclusions

Most Russians have already appreciated this program on their mobile gadgets. It's time to use Sberbank Online on your PC. Although this solution kills the main promise of the program, which was its mobility, you get a convenient assistant in financial matters, distinguished by its organic design and clear interface.

Without any problems, make transfers to cards of other banks, pay housing and communal services on time, repay loans - and all this through one application that will not take up much space on your hard drive.

Rating
( 2 ratings, average 4 out of 5 )
Did you like the article? Share with friends:
For any suggestions regarding the site: [email protected]
Для любых предложений по сайту: [email protected]