Snort mailing list archives
[SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha
From: Bill Parker <wp02855 () gmail com>
Date: Thu, 27 Mar 2014 13:20:41 -0700
Hi All, This patch file modifies file 'sdf_credit_card.c' in directory '/src/dynamic-preprocessors/sdf' and gives snort-2.9.7.0-alpha the ability to alert on the following credit/debit cards issuers: Diner's Club (Int'l, Carte Blanche, US and Canada) Dankort Credit Card (Germany) Laser Debit Card (Ireland and U.K./European Union) Solo Credit Card (Ireland and U.K./European Union) Discover Card (3 additional formats) Japan Credit Bureau Card Enroute Credit/Debit Card Instapay Credit Card All of these formats are 13 to 16 digits long, use the Luhn Algorithm. The patch file is below: diff -u sdf_credit_card.c.orig sdf_credit_card.c --- sdf_credit_card.c.orig 2014-03-27 10:28:45.875430362 -0700 +++ sdf_credit_card.c 2014-03-27 12:18:31.602442400 -0700 @@ -33,12 +33,72 @@ /* Check the Issuer Identification Number of a CC#. */ static inline int CheckIssuers(char *cardnum, uint32_t buflen) { + /* This code adds additional credit/debit card tracking capabilities to */ + /* snort-2.9.7.0-alpha by adding the following checks: */ + /* */ + /* Card Debit Credit Luhn Digits Format */ + /* Name Card Card Algorithm Used 1st n digits */ + /* */ + /* AMEX NO YES YES 15 34xx or 37xx */ + /* VISA Electron YES NO YES 16 4026, 417500 */ + /* 4844, 4508 */ + /* 4913, 4917 */ + /* VISA NO YES YES 16 4xxx */ + /* Diner's Club */ + /* International NO YES YES 14 36xx or 38xx */ + /* Diner's Club */ + /* Carte Blanche NO YES YES 14 350x to 355x */ + /* Diner's Club */ + /* US and Canada NO YES YES 16 54xx or 55xx */ + /* Discover NO YES YES 16 6011, */ + /* 6221-6229, */ + /* 644x-649x, 65xx */ + /* Japan Credit */ + /* Bureau NO YES YES 15 1800 or 2131 */ + /* Instapay NO YES YES 16 637x to 639x */ + /* Mastercard NO YES YES 16 51xx to 55xx */ + /* Enroute YES YES YES 15 2014 or 2049 */ + /* Laser YES NO YES 16 6304, 6706 */ + /* 6771 */ + /* Solo NO YES YES 16 6334 or 6767 */ + /* Dankort NO YES YES 16 5109 */ + + /* There are some things which should be added to the credit card */ + /* routines: */ + /* */ + /* The existing code in 2.9.7.0-alpha and previous versions only handle */ + /* major credit card companies, and a maximum of 16 digits for credit card */ + /* numbers. There are some credit and debit cards which have upwards of */ + /* 19 digits and use the Luhn algorithm, notably Laser and Solo (which are */ + /* used in the U.K. and Ireland, along with the European Union */ + + int val; + if (cardnum == NULL || buflen < ISSUER_SIZE) return 0; /* Visa */ + if (cardnum[0] == '4' && cardnum[1] == '0' && cardnum[2] == '2' && cardnum[3] == '6') + return 1; /* valid, Visa Electron Debit Card, 1st four digits are 4026 */ + + if (cardnum[0] == '4' && cardnum[1] == '1' && cardnum[2] == '7' && + cardnum[3] == '5' && cardnum[4] == '0' && cardnum[5] == '0') + return 1; /* valid, Visa Electron Debit Card, 1st six digits arr 417500 */ + + if (cardnum[0] == '4' && cardnum[1] == '8' && cardnum[2] == '4' && cardnum[3] == '4') + return 1; /* valid, Visa Electron Debit Card, 1st four digits are 4844 */ + + if (cardnum[0] == '4' && cardnum[1] == '5' && cardnum[2] == '0' && cardnum[3] == '8') + return 1; /* valid, Visa Electron Debit Card, 1st four digits are 4508 */ + + if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' && cardnum[3] == '3') + return 1; /* valid, Visa Electron Debit Card, 1st four digits are 4913 */ + + if (cardnum[0] == '4' && cardnum[1] == '9' && cardnum[2] == '1' && cardnum[3] == '7') + return 1; /* valid, Visa Electron Debit Card, 1st four digits are 4917 */ + if (cardnum[0] == '4') - return 1; + return 1; /* valid, Visa Credit Card, 1st digit is 4 */ /* Mastercard */ if ((cardnum[0] == '5') && @@ -51,9 +111,88 @@ (cardnum[1] == '4' || cardnum[1] == '7')) return 1; + /* Diner's Club */ + if (cardnum[0] == '3' && (cardnum[1] == '6' || cardnum[1] == '8')) + return 1; /* valid, Diner's Club International, 1st 2 digits 36 or 38 */ + + if (cardnum[0] == '3' && cardnum[1] == '0') + { + val = cardnum[2] - '0'; + if (val >= 0 && val <= 5) + return 1; /* valid, Diner's Club Carte Blanche, 1st 2 digits 30, 3rd digit 0 to 5 */ + } + + if (cardnum[0] == '5' && (cardnum[1] == '4' || cardnum[1] == '5')) + return 1; /* valid, Diner's Club (US and Canada), 1st 2 digits 54 or 55 */ + /* Discover */ if (cardnum[0] == '6' && cardnum[1] == '0' && cardnum[2] == '1' && cardnum[3] == '1') - return 1; + return 1; /* valid, discover card, 1st 4 digits 6011 */ + + if (cardnum[0] == '6' && cardnum[1] == '2' && cardnum[2] == '2') + { + val = cardnum[3] - '0'; + if (val >= 1 && val <= 9) + return 1; /* valid, discover card, 1st 3 digits 622, 4th digit 1 to 9 */ + } + + if (cardnum[0] == '6' && cardnum[1] == '4') + { + val = cardnum[2] - '0'; + if (val >= 4 && val <= 9) + return 1; /* valid, discover card, 1st 2 digits 64, 3rd digit 4 to 9 */ + } + + if (cardnum[0] == '6' && cardnum[1] == '5') + return 1; /* valid, discover card, 1st two digits are 65 */ + + if (cardnum[0] == '5' && cardnum[1] == '0' && cardnum[2] == '1' && cardnum[3] == '9') + return 1; /* valid, Dankort Card, 1st four digits are 5109 */ + + /* JCB - Japan Credit Bureau */ + if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '3' && cardnum[3] == '1') + return 1; /* valid, 1st four digits are 2131 */ + + if (cardnum[0] == '1' && cardnum[1] == '8' && cardnum[2] == '0' && cardnum[3] == '0') + return 1; /* valid, 1st four digits are 1800 */ + + if (cardnum[0] == '3' && cardnum[1] == '5') + { + val = cardnum[2] - '0'; + if (val >= 2 && val <= 8) + return 1; /* valid, 1st two digits are 35, 3rd digit is 2 thru 8 */ + } + + /* Enroute Credit/Debit Card */ + if (cardnum[0] == '2' && cardnum[1] == '0' && cardnum[2] == '1' && cardnum[3] == '9') + return 1; /* valid, 1st four digits are 2019 */ + + if (cardnum[0] == '2' && cardnum[1] == '1' && cardnum[2] == '4' && cardnum[3] == '9') + return 1; /* valid, 1st four digits are 2149 */ + + /* Instapay Credit Card */ + if (cardnum[0] == '6' && cardnum[1] == '3') + { + val = cardnum[2] - '0'; + if (val >= 7 && val <= 9) + return 1; /* valid, 1st two digits are 63, 3rd digit is 7 thru 9 */ + } + + /* Laser Debit Card or Solo Card (Ireland) */ + if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '0' && cardnum[3] == '4') + return 1; /* valid, Laser Debit Card, 1st four digits are 6304 */ + + if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '0' && cardnum[3] == '6') + return 1; /* valid, Laser Debit Card, 1st four digits are 6706 */ + + if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '7' && cardnum[3] == '1') + return 1; /* valid, Laser Debit Card, 1st four digits are 6771 */ + + if (cardnum[0] == '6' && cardnum[1] == '3' && cardnum[2] == '3' && cardnum[3] == '4') + return 1; /* valid, Solo Credit Card, 1st four digits are 6334 */ + + if (cardnum[0] == '6' && cardnum[1] == '7' && cardnum[2] == '6' && cardnum[3] == '7') + return 1; /* valid, Solo Credit Card, 1st four digits are 6767 */ return 0; } This patch file compiles cleanly via 'make' in snort-2.9.7.0-alpha. I am attaching the patch file to this email. Bill Parker (wp02855 at gmail dot com)
Attachment:
sdf_credit_card.c.patch
Description:
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha Bill Parker (Mar 27)
- Re: [SNORT-DEVEL] Additional Credit/Debit Card Tracking Capability for 2.9.7.0-Alpha Josh Rosenbaum (jrosenba) (Mar 28)