[Snort-devel] [SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha

Bill Parker wp02855 at ...2499...
Thu Mar 27 16:20:41 EDT 2014


Hi All,

   This patch file modifies file 'sdf_credit_card.c' in directory
'/src/dynamic-preprocessors/sdf' and gives snort-2.9.7.0-alpha the
ability to alert on the following credit/debit cards issuers:

Diner's Club (Int'l, Carte Blanche, US and Canada)
Dankort Credit Card (Germany)
Laser Debit Card (Ireland and U.K./European Union)
Solo Credit Card (Ireland and U.K./European Union)
Discover Card (3 additional formats)
Japan Credit Bureau Card
Enroute Credit/Debit Card
Instapay Credit Card

All of these formats are 13 to 16 digits long, use the Luhn
Algorithm.  The patch file is below:

diff -u sdf_credit_card.c.orig sdf_credit_card.c
--- sdf_credit_card.c.orig      2014-03-27 10:28:45.875430362 -0700
+++ sdf_credit_card.c   2014-03-27 12:18:31.602442400 -0700
@@ -33,12 +33,72 @@
 /* Check the Issuer Identification Number of a CC#. */
 static inline int CheckIssuers(char *cardnum, uint32_t buflen)
 {
+    /* This code adds additional credit/debit card tracking capabilities
to    */
+    /* snort-2.9.7.0-alpha by adding the following checks:
    */
+    /*
    */
+    /* Card            Debit   Credit      Luhn        Digits  Format
     */
+    /* Name            Card    Card        Algorithm   Used    1st n
digits    */
+    /*
    */
+    /* AMEX            NO      YES         YES         15      34xx or
37xx    */
+    /* VISA Electron   YES     NO          YES         16      4026,
417500    */
+    /*                                                         4844, 4508
     */
+    /*                                                         4913, 4917
     */
+    /* VISA            NO      YES         YES         16      4xxx
     */
+    /* Diner's Club
     */
+    /* International   NO      YES         YES         14      36xx or
38xx    */
+    /* Diner's Club
     */
+    /* Carte Blanche   NO      YES         YES         14      350x to
355x    */
+    /* Diner's Club
     */
+    /* US and Canada   NO      YES         YES         16      54xx or
55xx    */
+    /* Discover        NO      YES         YES         16      6011,
    */
+    /*                                                         6221-6229,
     */
+    /*                                                         644x-649x,
65xx */
+    /* Japan Credit
     */
+    /* Bureau          NO      YES         YES         15      1800 or
2131    */
+    /* Instapay        NO      YES         YES         16      637x to
639x    */
+    /* Mastercard      NO      YES         YES         16      51xx to
55xx    */
+    /* Enroute         YES     YES         YES         15      2014 or
2049    */
+    /* Laser           YES     NO          YES         16      6304, 6706
     */
+    /*                                                         6771
     */
+    /* Solo            NO      YES         YES         16      6334 or
6767    */
+    /* Dankort         NO      YES         YES         16      5109
     */
+
+    /* There are some things which should be added to the credit card
     */
+    /* routines:
    */
+    /*
    */
+    /* The existing code in 2.9.7.0-alpha and previous versions only
handle    */
+    /* major credit card companies, and a maximum of 16 digits for credit
card */
+    /* numbers.  There are some credit and debit cards which have upwards
of   */
+    /* 19 digits and use the Luhn algorithm, notably Laser and Solo (which
are */
+    /* used in the U.K. and Ireland, along with the European Union
    */
+
+    int val;
+
     if (cardnum == NULL || buflen < ISSUER_SIZE)
         return 0;

     /* Visa */
+    if (cardnum[0] == '4' && cardnum[1] == '0' && cardnum[2] == '2' &&
cardnum[3] == '6')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are
4026    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '1' && cardnum[2] == '7' &&
+       cardnum[3] == '5' && cardnum[4] == '0' && cardnum[5] == '0')
+       return 1;   /* valid, Visa Electron Debit Card, 1st six digits arr
417500   */
+
+    if (cardnum[0] == '4' && cardnum[1] == '8' && cardnum[2] == '4' &&
cardnum[3] == '4')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are
4844    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '5' && cardnum[2] == '0' &&
cardnum[3] == '8')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are
4508    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' &&
cardnum[3] == '3')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are
4913    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' &&
cardnum[3] == '7')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are
4917    */
+
     if (cardnum[0] == '4')
-        return 1;
+       return 1;   /* valid, Visa Credit Card, 1st digit is 4  */

     /* Mastercard */
     if ((cardnum[0] == '5') &&
@@ -51,9 +111,88 @@
         (cardnum[1] == '4' || cardnum[1] == '7'))
         return 1;

+    /* Diner's Club */
+    if (cardnum[0] == '3' && (cardnum[1] == '6' || cardnum[1] == '8'))
+       return 1;   /* valid, Diner's Club International, 1st 2 digits 36
or 38 */
+
+    if (cardnum[0] == '3' && cardnum[1] == '0')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 0 && val <= 5)
+           return 1;   /* valid, Diner's Club Carte Blanche, 1st 2 digits
30, 3rd digit 0 to 5 */
+    }
+
+    if (cardnum[0] == '5' && (cardnum[1] == '4' || cardnum[1] == '5'))
+       return 1;   /* valid, Diner's Club (US and Canada), 1st 2 digits 54
or 55   */
+
     /* Discover */
     if (cardnum[0] == '6' && cardnum[1] == '0' && cardnum[2] == '1' &&
cardnum[3] == '1')
-        return 1;
+        return 1; /* valid, discover card, 1st 4 digits 6011   */
+
+    if (cardnum[0] == '6' && cardnum[1] == '2' && cardnum[2] == '2')
+    {
+       val = cardnum[3] - '0';
+       if (val >= 1 && val <= 9)
+           return 1;   /* valid, discover card, 1st 3 digits 622, 4th
digit 1 to 9 */
+    }
+
+    if (cardnum[0] == '6' && cardnum[1] == '4')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 4 && val <= 9)
+           return 1;   /* valid, discover card, 1st 2 digits 64, 3rd digit
4 to 9  */
+    }
+
+    if (cardnum[0] == '6' && cardnum[1] == '5')
+       return 1;       /* valid, discover card, 1st two digits are 65    */
+
+    if (cardnum[0] == '5' && cardnum[1] == '0' && cardnum[2] == '1' &&
cardnum[3] == '9')
+       return 1;   /* valid, Dankort Card, 1st four digits are 5109    */
+
+    /* JCB - Japan Credit Bureau    */
+    if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '3' &&
cardnum[3] == '1')
+       return 1;   /* valid, 1st four digits are 2131  */
+
+    if (cardnum[0] == '1' && cardnum[1] == '8' && cardnum[2] == '0' &&
cardnum[3] == '0')
+       return 1;   /* valid, 1st four digits are 1800  */
+
+    if (cardnum[0] == '3' && cardnum[1] == '5')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 2 && val <= 8)
+           return 1;   /* valid, 1st two digits are 35, 3rd digit is 2
thru 8 */
+    }
+
+    /* Enroute Credit/Debit Card    */
+    if (cardnum[0] == '2' && cardnum[1] == '0' && cardnum[2] == '1' &&
cardnum[3] == '9')
+       return 1;   /* valid, 1st four digits are 2019  */
+
+    if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '4' &&
cardnum[3] == '9')
+       return 1;   /* valid, 1st four digits are 2149  */
+
+    /* Instapay Credit Card */
+    if (cardnum[0] == '6' && cardnum[1] == '3')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 7 && val <= 9)
+           return 1;   /* valid, 1st two digits are 63, 3rd digit is 7
thru 9  */
+    }
+
+    /* Laser Debit Card or Solo Card (Ireland) */
+    if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '0' &&
cardnum[3] == '4')
+       return 1;   /* valid, Laser Debit Card, 1st four digits are 6304
 */
+
+    if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '0' &&
cardnum[3] == '6')
+       return 1;   /* valid, Laser Debit Card, 1st four digits are 6706
 */
+
+    if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '7' &&
cardnum[3] == '1')
+       return 1;   /* valid, Laser Debit Card, 1st four digits are 6771
 */
+
+    if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '3' &&
cardnum[3] == '4')
+       return 1;   /* valid, Solo Credit Card, 1st four digits are 6334
 */
+
+    if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '6' &&
cardnum[3] == '7')
+       return 1;   /* valid, Solo Credit Card, 1st four digits are 6767
 */

     return 0;
 }

 This patch file compiles cleanly via 'make' in snort-2.9.7.0-alpha.

 I am attaching the patch file to this email.

 Bill Parker (wp02855 at gmail dot com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140327/f6424edd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sdf_credit_card.c.patch
Type: application/octet-stream
Size: 6928 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140327/f6424edd/attachment.obj>


More information about the Snort-devel mailing list