[Snort-devel] [SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha

Josh Rosenbaum (jrosenba) jrosenba at ...3461...
Fri Mar 28 10:55:52 EDT 2014


Hi Bill,

Thank you for the patch.  I have created an internal bug to track this issue.

Josh


From: Bill Parker <wp02855 at ...2499...<mailto:wp02855 at ...2499...>>
Date: Thursday, March 27, 2014 at 4:20 PM
To: "snort-devel at lists.sourceforge.net<mailto:snort-devel at ...362....net>" <snort-devel at lists.sourceforge.net<mailto:snort-devel at ...2763...rge.net>>
Subject: [Snort-devel] [SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha

Hi All,

   This patch file modifies file 'sdf_credit_card.c' in directory
'/src/dynamic-preprocessors/sdf' and gives snort-2.9.7.0-alpha the
ability to alert on the following credit/debit cards issuers:

Diner's Club (Int'l, Carte Blanche, US and Canada)
Dankort Credit Card (Germany)
Laser Debit Card (Ireland and U.K./European Union)
Solo Credit Card (Ireland and U.K./European Union)
Discover Card (3 additional formats)
Japan Credit Bureau Card
Enroute Credit/Debit Card
Instapay Credit Card

All of these formats are 13 to 16 digits long, use the Luhn
Algorithm.  The patch file is below:

diff -u sdf_credit_card.c.orig sdf_credit_card.c
--- sdf_credit_card.c.orig      2014-03-27 10:28:45.875430362 -0700
+++ sdf_credit_card.c   2014-03-27 12:18:31.602442400 -0700
@@ -33,12 +33,72 @@
 /* Check the Issuer Identification Number of a CC#. */
 static inline int CheckIssuers(char *cardnum, uint32_t buflen)
 {
+    /* This code adds additional credit/debit card tracking capabilities to    */
+    /* snort-2.9.7.0-alpha by adding the following checks:                     */
+    /*                                                                         */
+    /* Card            Debit   Credit      Luhn        Digits  Format          */
+    /* Name            Card    Card        Algorithm   Used    1st n digits    */
+    /*                                                                         */
+    /* AMEX            NO      YES         YES         15      34xx or 37xx    */
+    /* VISA Electron   YES     NO          YES         16      4026, 417500    */
+    /*                                                         4844, 4508      */
+    /*                                                         4913, 4917      */
+    /* VISA            NO      YES         YES         16      4xxx            */
+    /* Diner's Club                                                            */
+    /* International   NO      YES         YES         14      36xx or 38xx    */
+    /* Diner's Club                                                            */
+    /* Carte Blanche   NO      YES         YES         14      350x to 355x    */
+    /* Diner's Club                                                            */
+    /* US and Canada   NO      YES         YES         16      54xx or 55xx    */
+    /* Discover        NO      YES         YES         16      6011,           */
+    /*                                                         6221-6229,      */
+    /*                                                         644x-649x, 65xx */
+    /* Japan Credit                                                            */
+    /* Bureau          NO      YES         YES         15      1800 or 2131    */
+    /* Instapay        NO      YES         YES         16      637x to 639x    */
+    /* Mastercard      NO      YES         YES         16      51xx to 55xx    */
+    /* Enroute         YES     YES         YES         15      2014 or 2049    */
+    /* Laser           YES     NO          YES         16      6304, 6706      */
+    /*                                                         6771            */
+    /* Solo            NO      YES         YES         16      6334 or 6767    */
+    /* Dankort         NO      YES         YES         16      5109            */
+
+    /* There are some things which should be added to the credit card          */
+    /* routines:                                                               */
+    /*                                                                         */
+    /* The existing code in 2.9.7.0-alpha and previous versions only handle    */
+    /* major credit card companies, and a maximum of 16 digits for credit card */
+    /* numbers.  There are some credit and debit cards which have upwards of   */
+    /* 19 digits and use the Luhn algorithm, notably Laser and Solo (which are */
+    /* used in the U.K. and Ireland, along with the European Union             */
+
+    int val;
+
     if (cardnum == NULL || buflen < ISSUER_SIZE)
         return 0;

     /* Visa */
+    if (cardnum[0] == '4' && cardnum[1] == '0' && cardnum[2] == '2' && cardnum[3] == '6')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are 4026    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '1' && cardnum[2] == '7' &&
+       cardnum[3] == '5' && cardnum[4] == '0' && cardnum[5] == '0')
+       return 1;   /* valid, Visa Electron Debit Card, 1st six digits arr 417500   */
+
+    if (cardnum[0] == '4' && cardnum[1] == '8' && cardnum[2] == '4' && cardnum[3] == '4')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are 4844    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '5' && cardnum[2] == '0' && cardnum[3] == '8')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are 4508    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' && cardnum[3] == '3')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are 4913    */
+
+    if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' && cardnum[3] == '7')
+       return 1;   /* valid, Visa Electron Debit Card, 1st four digits are 4917    */
+
     if (cardnum[0] == '4')
-        return 1;
+       return 1;   /* valid, Visa Credit Card, 1st digit is 4  */

     /* Mastercard */
     if ((cardnum[0] == '5') &&
@@ -51,9 +111,88 @@
         (cardnum[1] == '4' || cardnum[1] == '7'))
         return 1;

+    /* Diner's Club */
+    if (cardnum[0] == '3' && (cardnum[1] == '6' || cardnum[1] == '8'))
+       return 1;   /* valid, Diner's Club International, 1st 2 digits 36 or 38 */
+
+    if (cardnum[0] == '3' && cardnum[1] == '0')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 0 && val <= 5)
+           return 1;   /* valid, Diner's Club Carte Blanche, 1st 2 digits 30, 3rd digit 0 to 5 */
+    }
+
+    if (cardnum[0] == '5' && (cardnum[1] == '4' || cardnum[1] == '5'))
+       return 1;   /* valid, Diner's Club (US and Canada), 1st 2 digits 54 or 55   */
+
     /* Discover */
     if (cardnum[0] == '6' && cardnum[1] == '0' && cardnum[2] == '1' && cardnum[3] == '1')
-        return 1;
+        return 1; /* valid, discover card, 1st 4 digits 6011   */
+
+    if (cardnum[0] == '6' && cardnum[1] == '2' && cardnum[2] == '2')
+    {
+       val = cardnum[3] - '0';
+       if (val >= 1 && val <= 9)
+           return 1;   /* valid, discover card, 1st 3 digits 622, 4th digit 1 to 9 */
+    }
+
+    if (cardnum[0] == '6' && cardnum[1] == '4')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 4 && val <= 9)
+           return 1;   /* valid, discover card, 1st 2 digits 64, 3rd digit 4 to 9  */
+    }
+
+    if (cardnum[0] == '6' && cardnum[1] == '5')
+       return 1;       /* valid, discover card, 1st two digits are 65    */
+
+    if (cardnum[0] == '5' && cardnum[1] == '0' && cardnum[2] == '1' && cardnum[3] == '9')
+       return 1;   /* valid, Dankort Card, 1st four digits are 5109    */
+
+    /* JCB - Japan Credit Bureau    */
+    if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '3' && cardnum[3] == '1')
+       return 1;   /* valid, 1st four digits are 2131  */
+
+    if (cardnum[0] == '1' && cardnum[1] == '8' && cardnum[2] == '0' && cardnum[3] == '0')
+       return 1;   /* valid, 1st four digits are 1800  */
+
+    if (cardnum[0] == '3' && cardnum[1] == '5')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 2 && val <= 8)
+           return 1;   /* valid, 1st two digits are 35, 3rd digit is 2 thru 8 */
+    }
+
+    /* Enroute Credit/Debit Card    */
+    if (cardnum[0] == '2' && cardnum[1] == '0' && cardnum[2] == '1' && cardnum[3] == '9')
+       return 1;   /* valid, 1st four digits are 2019  */
+
+    if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '4' && cardnum[3] == '9')
+       return 1;   /* valid, 1st four digits are 2149  */
+
+    /* Instapay Credit Card */
+    if (cardnum[0] == '6' && cardnum[1] == '3')
+    {
+       val = cardnum[2] - '0';
+       if (val >= 7 && val <= 9)
+           return 1;   /* valid, 1st two digits are 63, 3rd digit is 7 thru 9  */
+    }
+
+    /* Laser Debit Card or Solo Card (Ireland) */
+    if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '0' && cardnum[3] == '4')
+       return 1;   /* valid, Laser Debit Card, 1st four digits are 6304    */
+
+    if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '0' && cardnum[3] == '6')
+       return 1;   /* valid, Laser Debit Card, 1st four digits are 6706    */
+
+    if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '7' && cardnum[3] == '1')
+       return 1;   /* valid, Laser Debit Card, 1st four digits are 6771    */
+
+    if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '3' && cardnum[3] == '4')
+       return 1;   /* valid, Solo Credit Card, 1st four digits are 6334    */
+
+    if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '6' && cardnum[3] == '7')
+       return 1;   /* valid, Solo Credit Card, 1st four digits are 6767    */

     return 0;
 }

 This patch file compiles cleanly via 'make' in snort-2.9.7.0-alpha.

 I am attaching the patch file to this email.

 Bill Parker (wp02855 at gmail dot com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140328/1fe287ac/attachment.html>


More information about the Snort-devel mailing list