I just arrested someone who is probably the most wanted credit card fraudster in Europe. She is a smart cybercriminal, always a step ahead INTERPOL and she kept unnoticed for years by never buying online, but buying goods with a different card every time and in different stores. My cyber-analysts found out after collecting all evidences she hacked into one the largest payment provider in Europe, reverse-engineered the software present on the server and partly corrupted the card number validation code to accept all her payments. The change enables acceptance of any transaction with a card number multiple of 123457 and the Luhn check digit is valid.
I caught her because every year she bought a bouquet of flowers next to the same cemetery. While handcuffing her at the flower shop's exit, she said the flowers were for her lost father and today it is his death anniversary. She broke down in tears and she did some steps and threw something in the sewers. My female colleague conducted a search on her, but she couldn't find the card she used, only the receipt.
The little flower shop
======================
European Express Debit
Card Number: 543210******1234
SALE
Please debit my account
Amount: 25.00€
Can you help me to recover the card number so that I can confirm with the flower merchant's bank the card number was used in that shop and is fraudulent?
Hints:
2/ Flag format is CTFlearn{card_number}
Discussion
Fun challenge!
https://youtu.be/Yr9s5NjsVAo
Thanks for sharing this video.
if you actually write the algorithm or just get the library for python then you only get one possible answer
Got it... But mind you the python Luhn's module (and the solution to this challenge) is not consistent with the Luhn algorithm that says: "Double the value of every other digit from right to left, beginning with the second to last digit" (and not left to right)
The back story was so sad :(
ez B)
4 months ago