Security theatre at Allied Irish Banks: a demonstration in python
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Allied Irish Banks have web and mobile portals providing the usual sorts of services that we have come to expect our banks to provide online.

For the newer mobile API, the bank has gone to some trouble to obfuscate it, using a custom Diffie-Hellman implementation. The scripts in this repository give details on how to deal with this.

I created this repository to highlight AIB's online security problems when I wrote about them here and here. The good news is that some time in early-to-mid 2016, the bank closed the loophole highlighted in the second of these posts.

The scripts here should enable anyone to write their own front end for the bank's API.