liato / android-bankdroid

A swedish banking application for your Android device.
http://www.swedroid.se/forum/showthread.php?t=11108
Other
244 stars 173 forks source link

m.handelsbanken.se being closed #314

Open kanflo opened 10 years ago

kanflo commented 10 years ago

Handelsbanken are closing their mobile site "soon" as they say. Is there any plans for migrating to their API. @liato : I have seen that you started looking into their API some time ago, any progress?

liato commented 10 years ago

@kanflo I was asked by Handelsbanken not to use their api. I guess we'll have to if they're closing down their site.

liato commented 10 years ago

The site is closed now so we'll have to start with the new implementation soon.

goober commented 10 years ago

I do not have any access to an account at Handelsbanken anymore. How about you @liato ?

Gyran commented 10 years ago

I have Handelsbanken. I've tried to remove their certificate pinning in their app but haven't been successful. If someone can help me remove the certificate pinning I can help with their new API.

liato commented 10 years ago

@goober I've got an account. Haven't had much time to take a deeper look at the app yet but this is what I've found so far:

Not sure how much the api has changed since I last took a look at it: http://blog.nullbyte.eu/the-new-handelsbanken-api/

gust42 commented 10 years ago

The app Tink is still working with Handelsbanken, any chance of some help from them you think?

liato commented 10 years ago

@gust42: I wouldn't bet on it.

ellmkay commented 9 years ago

Has there been any further progress on this, and is there something that could be done to assist the development?

@liato, you said they are using certificate pinning, have you been able to bypass this and snoop the actual traffic?

If not, I could give it a shot, I found this guide, and figure it could be worth a try.

liato commented 9 years ago

@ellmkay: No success yet, as soon as you modify the apk or try running it on an emulator the (libTfaAndroid.so module in the) app segfaults.

I don't have a spare phone that I can root at the moment otherwise I would have tried https://github.com/iSECPartners/Android-SSL-TrustKiller

anoyance commented 9 years ago

Why not do the Tink way. Use their API and one time do a sign with the card reader. After that the code can be used from that device.

Ny inloggningsmetod med Handelsbanken Nyligen ändrade Handelsbanken så att man inte längre kan använda sin personliga kod vid förenklad inloggning. Det här gör att vi inte kan uppdatera ditt konto som tidigare. För att komma igång igen skulle vi vilja be dig om att göra en uppdatering. Det du behöver ha tillgängligt är din kortläsare, inloggningskort och inloggningskod till den. Det här behöver du göra:

  1. Se till att du har senaste versionen av Tinkappen.
  2. I appen går du till Inställningar - Anslutna Tjänster.
  3. Välj ditt Handelsbanken konto.
  4. Klicka på Status.
  5. Kolla att ditt personnummer är rätt och fyll i din personliga kod (som i mobilappen och för telefonbanken) och tryck på Anslut.
  6. Tink skapar nu en kontrollkod.
  7. Ta fram din kortläsare, sätt i inloggninskortet och tryck på knappen SIGN. Skriv därefter in kontrollkoden du ser i Tink i kortläsaren, tryck OK och skriv in din inloggninskod till kortläsaren.
  8. Din kortläsare skapar nu en svarskod som du skriver in i Tink.
  9. Tryck på Anslut så ska du vara igång igen med automatiska uppdateringar. Har du frågor kan du alltid höra av dig till oss på support@tink.se. Vänligen, Fredrik Hedberg, CTO och grundare
ellmkay commented 9 years ago

If Tink are willing to share how the signing process works, that would be great. I looked into this a couple of weeks ago, and the API is really easy to figure out (the APK does not do any kind of obfuscation). However, the signing process is done by libTfa, and I tried looking at that using Hex-Rays decompiler, but it didn't work out well. Either they've obfuscated the NDK module, or else Hex-Rays wasn't able to correctly decompile it.

I didn't try running it on a rooted device yet, but that might be a way forward as well.

JakeHedman commented 6 years ago

Maybe this could be uses instead? https://developer.handelsbanken.com/products/#account