QIWI terminals. Dark side of the Moon
It was the 2013th year. I quietly engaged in the repair of computers in the countryside. Chasing teas and eating a season of the next series. Once, my boss offered to deal with payment terminals. He was given them almost for nothing by a familiar entrepreneur, plus he offered to install them in his stores free of charge. By the way, they stood there, just their owner was tired of messing with them.
At first I was against them, it will be necessary to dangle, tear the ass off the warm chair. Anyway, I thought there would be a lot of fuss, but zero profit. Since they are beneficial only to store owners to attract customers. And the boss dreamed of millions, he had already seen several times how fat bundles of money were taken from them. He said that inside there is the same hardware as on ordinary computers, and the same Windows.
- You can do it.
- Well yes.
- Well, that's all, you will receive a salary separately.
There was nothing to object, besides, I already had experience in supporting such a system like Windows XP, VPN, a dump file, plus one remote client on wi-fi, where it was important that the computer was always on and available.
First of all, they had to be brought to us, cleaned, rearranged the system, installed programs and checked all the hardware. The terminals were heavy, in a vandal-resistant building, so that in order not to carry them, the chief contracted local calds that hang out near the shops in eternal searches for sober. It was fun to watch them carry these heavy coffins and try to drag them down the stairs. Subsequently, we already got the hand for it and calmly dragged them together. To the point, of course, drove by car.
')
Terminals under the brand QIWI. I am familiar with them too. There was a wallet and I used it very long and successfully. QIWI itself does not deal with terminals, it only provides a software shell and ready-made assemblies. So in the nearest large city they found their sub-dealers and signed a contract. From them received programs, keys and passwords. They set up everything themselves, I just gave them remote access. At first, it made my job a lot easier.
After a couple of weeks, the terminal was already working and we were testing it at our location, and a couple of days later we took it to our native place. At first, there were few payments, but then it spun up and the flow of money began to move in our direction. More terminals appeared and I already showed my boss payment statistics for a month or two. QIWI has its own statistics server, and I spent days watching the state of the terminals and where the payments go or do not go. It turned out to be very interesting, to be on the other side of the screen. Before, I only used the terminal and had little idea what was there and how. I even set up remote access via Radmin 2.2 (3.0 did not go, apparently, some kind of conflict with the QIWI program arises) + Hamachi = Love forever. If there was no main work, I watched for hours as customers put money.
We set a single commission for all payments, since the main task is to earn money. But over time, I began to notice that some payments were made without commission. It turned out that these are mobile wallets, for them there is no commission, and not only for wallets, but for everything that goes through them - loans, transfers, etc. And such payments became more and more. Lending has developed in our area. Things got worse, the sums are big. Many managed to accumulate debts, and then in a crowd to spend in our terminals. There were so many such payments that more than half of the amount we paid on the terminals ran to waste. No, of course, QIWI paid for such payments, but so miserable interest (hundredths), that simply did not cover our costs. In the bank and put something more profitable.
Appealed to our dealer, he confirmed that yes, there is such a problem and you cannot put a commission on them. In addition, we were at the time when QIWI announced an “amnesty” to everyone and now all the replenishment of the wallet is 0%. The dealer suggested that, as an option, limit the maximum amount of payment and use the built-in blacklist, block particularly arrogant customers. Each terminal has its own list and you have to go to each one and enter the unfortunate number. After this news, I finally switched to the dark side.
For us, this phrase has become more relevant than ever. Restricted nominal in bill acceptors. He began to block in a row all not acceptable, a real witch hunt, did not spare any big or small ones. The dealer told how entrepreneurs complain about QIWI. Many had kilometer foot wrappers with blocked numbers. It was a war, cruel and merciless, we got into its very thick. And lost, in his own field. Every morning, coming to work, first of all I checked yesterday's payments, and if there were payments on QIWI, I immediately added them to the black list.
Of course, I did not go to each terminal and drive in manually. In the folder with the program I found whiteblacklist.xml - this is a common list for black and white. I made myself a complete file access to each terminal (hamachi rules) and automatically updated the bat file. But this did not help, people are cunning in our country, they just go to the salon, buy new sims and put them on a new wallet for 15,000 rubles each. Damn, our turnover per day was less!
But all this, of course, was an ordeal. Another disadvantage of such locks is that if you add a number to the list, it is blocked everywhere. Those. the client could not even put himself on the phone. And this black list had no effect on loans at all. In short, where do not throw, everywhere a wedge. So I began to look for ways to make this commission myself, or to completely block such payments. Otherwise, we simply lost the sense of holding terminals. I found commission.xml in the same folder with the program - that was what I needed.
I started Delphi 7, it has been sitting around for a long time with me, I quickly put on a program that parses this file and changes all the values ​​to what I need. Late in the evening I checked my guesses. And it worked, the commission on QIWI appeared. But after a few days she was gone. I looked at the file again and saw that everything was back as it was. It became clear that the program monitors its files and fixes it when updating. Okay. Again Delphi, we throw a timer on the form, quickly type - and the new program now reads this file every minute, calculates the CRC amount and if it does not match, parses the file, changes the values, remembers the new CRC amount and replaces the file with a new one. You can not parse the file, but simply replace it with the corrected one, but QIWI often has new providers, and the old ones disappear. So parse and edit more correctly. But my joy was not long, because I shared it with our dealer. He said that in QIWI they monitor payments, and if they notice our manipulations, they will be fined, and they will be us. Everything had to be turned off. Of course, I also had an idea how to block these payments, but ... then it seemed to me so simple, obvious, but at the same time stupid and impossible, that I threw it away.
Started looking the other way. Namely - monitoring. I didn't like him at all. There not only need to go to the site every time, and even use a special key. And all the time manually engaged in updating the page, so as not to miss anything. As you understand, I immediately decided to make my monitoring.
But the most important thing for me is to receive terminal status messages. Therefore, the first thing to set up SMS. I found a specialized website where you can connect your number and receive SMS on it, simply by sending a letter to the mail. Each terminal has its own postal address. I wrote a program that checked this mail, added the name of the terminal and forwarded to the postal address that this service issued. This is necessary in order to know which terminal the message came from. You can simply add your mailing address to all terminals, but the letter will contain only the number of the terminal, which does not tell me anything. At the same time, the same warning was made to the boss.
I expanded my monitoring. At first I wanted to connect to the QIWI server and pull out the data from there, but the page there is secure and I could not download the data from the site. Everything is too complicated and there are no ready-made solutions.
So I approached the question from the other side. The QIWI application in the terminal writes everything in detail to the log. I wrote the server part, which parsed this log and selected only the data I needed. As well as the client to receive messages and show on the screen. One of the terminals became the main one, it has a white IP and all other terminals send data to it.
The client program did everything herself. In the corner of the screen hung a small form on top of all windows, showed the current balance and color showed the status of communication with the server. First of all, I threw her boss on the computer and he no longer asked how much money was left in the account. A short look at the screen - and everything is clear.
Further more. Now, lines from the log appeared next to the balance: errors of the bill acceptor, which bill accepted, for which operator, the amount of payment, commission, etc. And while I do not need to press a single button. It is very convenient, especially when the whole day at the computer. It is immediately evident that the terminals are working or electricity is wasted. If I moved away from the company for a long time, then by arrival I clicked the mouse on the form and looked through the general log from all terminals.
Even while writing a monitoring for a computer, a new bright idea came to me. Write client and for Android phone. Its QIWI program is not bad, but it is silent. And I want to receive a sound notification for any errors and just about payments. Attempts to install different SDKs were unsuccessful, they all lacked something. Yes, not knowing the language. And write at the same time the server and the client for the computer and even for the phone. In general, I decided to speed up the process a bit. Yeah ...
On w3bsit3-dns.com I posted the idea of ​​my program and several people responded. But the first one, having heard my budget, harshly criticized. So I am despondent. But the next one agreed to do at least a part. I was ready for that too. The chef paid me three thousand for servicing the terminals, so I suggested this amount as a payment. I sent him all my wishes and even drew a block diagram.
I did not tell him that this is a program for QIWI, I just said a general purpose: tracking computers, which in general was the essence of the program. And since my budget is small and out of pocket, I have simplified the task as much as possible, plus made it more universal. It can be used in any project where you need to receive notifications on the phone. The communication protocol is simple: send code, get a string, add to the table. Connects every 30 seconds. Application principle: the program is a logger, shows a general log of messages from all terminals in one table. And also loses sounds. During a session, each type of message is played only once, no matter how many such messages were received. I divided messages into different types: payment, acceptance of notes, errors, etc. Each type has its own sound. For example: I set the sound to errors as in Windows, and the sound of a falling coin to the accepted payment. I don’t even need to get the phone; by the sounds, you can determine what is happening in the terminals.
It took several months (!). As it turned out, it is even more difficult for programmers to understand each other. But in the end we were able to make it and I enjoyed the first sounds of accepted payments. I liked what happened in the end. And I suggested modifying the program further. Now we need to add another table from above, it will show the current status of terminals on the network / not on the network, and so on. errors requiring immediate attention. I paid him the same amount, and he completed everything, and he also corrected some shortcomings.
And now the fun part. Since QIWI could not put a commission on payments, I decided to have fun. Marked them as a separate type and assigned a sound from the TV series “Sherlock”. Yes, yes, the one that Miss Adler put on his phone. ABOUT! You have no idea how funny it is to watch people's faces when a message comes in and the voice is loud and clear in the room. The funny thing is that even I could not say when he would lose. When friends and acquaintances asked "what is it?", I calmly replied that it was for work. And after all in life you will not guess what kind of work this is.
I found myself a new entertainment. What does a person do when the terminal does not take a large bill? That's right, goes to the cashier in the store and asks to change. What am I doing? I sit behind the monitor. At this moment I see how the lines with errors follow each other below. They are immediately visible, as they are red. If it says that the bill is disabled, then quickly open the program and see where they are trying to put the money. And if this is QIWI, then open another program and add the number to the black list, it is also visible in the logs. And run on the update. Who had time, he won! Of course, all this can be automated in the program on the server, she herself can do everything there and much faster than me ...
But how fun it is when you are still sleepy in the morning sipping coffee, and the phone begins to be filled with the sound of mistakes. With burning eyes, you run to your computer, shaking hands frantically you click the keys, dialing the number (copying, of course, you are too lazy to do). Finally you click the treasured Enter button. Flickering windows with green lines on a dark background ... In general, Hollywood movies about hackers rest.
Well, entertainment is fun, but I wanted something else. Somehow use terminals. Because here they are in my hands, I can do anything with them, but at the same time I can’t think of anything. A few sleepless nights did not give anything, googling too. Either no one is interested in this, or somehow they use it, but they are silent. The only thing that occurred to me was a banal advertisement. Well, what, we have several different stores, the repair is the same, why not. On the day there are hundreds of people nearby passes. QIWI there and so advertising turns, and we are worse.
I turned to the dealer with my question about how and what should be done in order for our advertising to appear. But he replied that QIWI will not do this, they only work all over Russia. And we are too small company for this. Well, if the mountain does not go to Magomed ... We will draw the mountain ourselves!
Brought a plate at the top of the screen, there are three containers for pictures with ads on it and they circle each other. A few days later, an acquaintance at the meeting said that he had seen our advertisement. He says no one is interested, no one looks at her. Not interesting, you say ... Well, well. Redid the program, now it hung secretly and watched the mouse. In any movement jumped out like the hell out of the box. And it disappeared only after a minute - and that provided that the mouse is not twitching.
Once, when another terminal was in our cabin, a man stood for a long time near the terminal and did something there. At this time I was watching him in the camera, which is in the cabin. Everything seemed suspicious to me, and I went into the hall to ask what was the matter. It turned out that he was trying to pay the loan, but my advertising interfered with it. Earlier, he said, there was a button there and it could be hidden, but now I have to wait. And he waited and waited all those who tried to pay the loan, because they still glowed in my logs ...
Burn me in hell with a blue flame!
We were approached by the owner of one of the shops with a proposal to put the terminal at her point. She was in a nearby village. The road there is good, the village is rich, live in the forest. So I started to assemble a new device. There is no wired internet connection, so I added a USB modem from MegaFon to the terminal. The native modem that came with was not suitable for me, there is only EDGE, and I have increased traffic, so only 3G. At one time, I used modems and I did not like the fact that the program always pops up on the screen during breaks. Therefore, I wrote a bat-file that monitored the network and reconnected itself at the cliffs, while doing everything silently and without interfering. So it was useful here. In the end, all collected and taken to the point.
When installed in place, there were buyers. Naturally, they wondered what it was and why. We, of course, explained that they could put money on the phone here. What kind of grandmother told us: Where are you? Where do you live? If the money does not come, we will come and write ... you! Hmm ... If old grandmother, who is not worth it, threatens us, what can we expect from the rest? Wild people. What to say.
The first couple of months everything was fine. And then it began ... First of all, MegaFon station collapsed. There was no connection for several days. Well, we corrected it, having put the modem from "Beeline". Then I modified my bat program altogether, now it switched between modems on breaks. But it did not work either. Modems stupidly hang. Could not reconnect with the base station themselves. In order for a connection to appear, the terminal needs to be turned off, completely for 15 minutes. And I often called salesmen asking them to turn off the terminal, and then turn it on.
The sensor settings started to fly, paper got stuck in the printer, notes were chewed. We wandered there almost every day. They could not understand what was the matter. Disassembled and cleaned the sensor, changed the printer, bill acceptor, even the sensor with the monitor changed. Changed the power supply inside the case, put a voltage regulator. Ground terminal, as he was hitting the current. They drove a pin into the ground, made a hole in the frame of the window and led the wire to the terminal. The processes in the system hung, threw in a bunch of controlling scripts. Bat on bat and taskkill drives. All for nothing.
Phoned to the dealer, told our problem. They did not encounter this, offered to swap terminals. Changed. At the new point, the buggy terminal earned as if nothing had happened. And at this place again the problem. We thought maybe the local are doing something. I put a web-camera + Ivideon, but did not see anything like that. As a joke, he offered to call the priest and the mullah for a couple. The place is clearly cursed.
Tormented for several months. As a result, the cause of this abnormal behavior, we have not figured out. But everything was decided very simply. The most important thing for us is to establish a connection, so we carried out the Internet ADSL. Everything. All symptoms disappeared like a hand. We woke up somewhere in two weeks. And the terminal works, no problem. Trying to experiment and find out what was wrong, I didn’t, that's enough. Returned to the simple truth: it works - do not touch.
The end of 2014 brought a crisis to my abode. Virtual love, like real love, was not so eternal. Hamachi ordered to live long by closing all free accounts. And I scolded my laziness for a long time. After all, he knew that this day would come. It was necessary to prepare OpenVPN. But what is not, is not.
I downloaded the new version of OpenVPN and started testing at one of the terminals. They changed the GUI interface, but still left it miserable. Is it really so difficult to teach her to monitor the network and reconnect when the cliffs? You have to do everything yourself. Again I had to write a bat-file that pings the network and if there is no answer, openvpn.exe crashes all processes and starts up with a new one. It took a couple of weeks to fully restore the network, I went to the terminals only along with the boss. Demolished Hamachi and put OpenVPN. Also increased the commission at all terminals.
We have competitors, terminals from the owners of new stores and commissions are not there. They put them exclusively to attract customers. So for me, it still remains a mystery who all these people are that they put money in our terminals.
At the beginning of this year, I traveled to the city to speak with a dealer. I am interested in writing a QIWI monitoring program and I asked the dealer how others are doing. How they look at their terminals. Do I need a program like the one that I wrote. He explained that where there are a lot of terminals, special people sit and follow through the site, so they are hardly interested. In addition, my program must be installed separately in each terminal. If everything is so difficult, it is not necessary for nothing. Where QIWI payments are more important to them now is a headache for all owners.
Well, on arrival home, I was fully ripe and was ready to implement any crazy idea that is able to block payments, as long as it works.
And I got down to business. Brought the most transparent form in the lower right corner. The size is such as to completely close the buttons that appear there. Now every click in this place was tracked by my program. When I clicked on the form, she took a screenshot of the screen, cut out 2 parts from the image and compared pixel by pixel with the image that needs to be blocked. In this case, the QIWI wallet number entry interface. And if it did, the program moved the mouse cursor and clicked on the <Back> and <Home> buttons. I think customers are slightly offigel from this behavior of the mouse, the form is not visible to them. If it didn’t match, then the program made its form completely transparent, then you can click after the form. Actually, she also pressed wherever the client wanted to press. It worked, but not everywhere, the reason was in the depth of color, which is indicated in the properties of the screen, but I made them all the same.
I went on the offensive, but it turned out that not everything is blocked. These were transfers through the same ill-fated wallet. The interface there is another. Well, reluctantly added a second image for control. And there are images in BMP format of 3.5 MB! But then a third interface appeared ... The offensive failed, without really starting.
We need to look for another solution, simple and less resource-intensive. And this was found. The article on Habré is a perceptual hash . I spent all weekend with him, staying up late at night. But it was worth it. The article code was not. And in Google ready solutions too. But the author has painted everything well step by step. So part of the search, part of my mind, I got my first hash, and then the matter of technology. I rewrote the program, now it has become much easier. She also cut out a part of the image from the screenshot, but now it is much larger and one, calculated the hash and compared it with the ready list. Even at the beginning of the writing of the program, I taught her to save on the disk all screenshots in JPG format and now I have easily collected all the hashes. For a perceptual hash, it does not matter what format the image is and how compressed it is, the result is always the same. The program writes everything to the log: when it made a screenshot, which hash. So even if something passes by, I'll just find this place by time and copy the finished hash. Before I fight again, I decided to check everything out.I copied the screenshots from the terminals and compared all the hashes with those that blocked. To eliminate false positives. Everything went perfectly. Also changed the program's reaction to blocking. The mouse did not touch now, but instead displayed the same inscription as with the blocked number. For an outgoing client, it looks as if his number is on the black list. The program scattered across the terminals and rebooted them.
But everything did not work again! After much anguish, it turned out that QIWI was to blame, or rather how it was launched. A year ago, fighting for security, they changed the way they run their programs. It replaced the standard Windows shell. And all the programs that are in Startup itself. Perhaps there is a start of programs a little differently than in the standard explorer.exe. Or because of the transparency of my form. I did not find out, I just delayed the launch of my program. I wrote a simple bat-file that ran it a minute after it. Everything worked as it should. The next day I personally went to the terminal and checked the lock. Then a few days more remotely through Radmin contemplated the work of his program. This is not necessary, everything can be read in the logs, but it is better to see once than hear a hundred times. The program does all the work clearly.The delay is minimal, and this despite the fact that I have not optimized anything, even the search for a hash in the list was a blunt search. Now the list is small, but even if there are hundreds of entries, it will not greatly affect the performance.
The black list was cleared of all lepers, becoming pristine clean. And I returned peace to the dark programmer's soul.
Well, my story ends, but the story continues. I am tired of repairing, pulling out dead mice and butterflies from a sistemnik and sniffing toner like an inveterate cocaineer. A big bike trip to the south, hot and long summer with friends awaits me. Something like an indefinite vacation. But I still have one more task that I set for myself. During the creation of advertising I had an idea to show video on the terminals. I already removed that ad. Yes, it took a long time before I realized how useless it is. So now I have a new direction. Positive! I will play a funny video after each payment. Or show a funny picture. QIWI geniuses made a delay before typing a check. All in order to keep attention on the next advertisement. Thank you, QIWI, I will use this moment for my own purposes ...
At first I was against them, it will be necessary to dangle, tear the ass off the warm chair. Anyway, I thought there would be a lot of fuss, but zero profit. Since they are beneficial only to store owners to attract customers. And the boss dreamed of millions, he had already seen several times how fat bundles of money were taken from them. He said that inside there is the same hardware as on ordinary computers, and the same Windows.
- You can do it.
- Well yes.
- Well, that's all, you will receive a salary separately.
There was nothing to object, besides, I already had experience in supporting such a system like Windows XP, VPN, a dump file, plus one remote client on wi-fi, where it was important that the computer was always on and available.
First of all, they had to be brought to us, cleaned, rearranged the system, installed programs and checked all the hardware. The terminals were heavy, in a vandal-resistant building, so that in order not to carry them, the chief contracted local calds that hang out near the shops in eternal searches for sober. It was fun to watch them carry these heavy coffins and try to drag them down the stairs. Subsequently, we already got the hand for it and calmly dragged them together. To the point, of course, drove by car.
')
Terminals under the brand QIWI. I am familiar with them too. There was a wallet and I used it very long and successfully. QIWI itself does not deal with terminals, it only provides a software shell and ready-made assemblies. So in the nearest large city they found their sub-dealers and signed a contract. From them received programs, keys and passwords. They set up everything themselves, I just gave them remote access. At first, it made my job a lot easier.
After a couple of weeks, the terminal was already working and we were testing it at our location, and a couple of days later we took it to our native place. At first, there were few payments, but then it spun up and the flow of money began to move in our direction. More terminals appeared and I already showed my boss payment statistics for a month or two. QIWI has its own statistics server, and I spent days watching the state of the terminals and where the payments go or do not go. It turned out to be very interesting, to be on the other side of the screen. Before, I only used the terminal and had little idea what was there and how. I even set up remote access via Radmin 2.2 (3.0 did not go, apparently, some kind of conflict with the QIWI program arises) + Hamachi = Love forever. If there was no main work, I watched for hours as customers put money.
A barrel of tar in a spoon of honey
We set a single commission for all payments, since the main task is to earn money. But over time, I began to notice that some payments were made without commission. It turned out that these are mobile wallets, for them there is no commission, and not only for wallets, but for everything that goes through them - loans, transfers, etc. And such payments became more and more. Lending has developed in our area. Things got worse, the sums are big. Many managed to accumulate debts, and then in a crowd to spend in our terminals. There were so many such payments that more than half of the amount we paid on the terminals ran to waste. No, of course, QIWI paid for such payments, but so miserable interest (hundredths), that simply did not cover our costs. In the bank and put something more profitable.
Appealed to our dealer, he confirmed that yes, there is such a problem and you cannot put a commission on them. In addition, we were at the time when QIWI announced an “amnesty” to everyone and now all the replenishment of the wallet is 0%. The dealer suggested that, as an option, limit the maximum amount of payment and use the built-in blacklist, block particularly arrogant customers. Each terminal has its own list and you have to go to each one and enter the unfortunate number. After this news, I finally switched to the dark side.
About heroes
Actually, I like evil characters in the style of Evil Genius. They have an inner core. They are stubborn, hardworking, confidently go to their goal, despite all the failures. And they are ready to fight against the whole World, in order to achieve their dark intentions. Not that these cute Superheroes who are always engaged in self-digging, whine for any reason, make tantrums from scratch. And they can not take a decisive step, without a good kick from behind.
Penny saves the ruble
For us, this phrase has become more relevant than ever. Restricted nominal in bill acceptors. He began to block in a row all not acceptable, a real witch hunt, did not spare any big or small ones. The dealer told how entrepreneurs complain about QIWI. Many had kilometer foot wrappers with blocked numbers. It was a war, cruel and merciless, we got into its very thick. And lost, in his own field. Every morning, coming to work, first of all I checked yesterday's payments, and if there were payments on QIWI, I immediately added them to the black list.
Of course, I did not go to each terminal and drive in manually. In the folder with the program I found whiteblacklist.xml - this is a common list for black and white. I made myself a complete file access to each terminal (hamachi rules) and automatically updated the bat file. But this did not help, people are cunning in our country, they just go to the salon, buy new sims and put them on a new wallet for 15,000 rubles each. Damn, our turnover per day was less!
Anecdote to the topic
The programmer has died. Got to a terrible trial. Judged-ryadili - neither this, nor that.
- Where do you want something: to hell or to heaven?
- Can I see it?
They brought him to the huge VC. Around cars of all kinds, nets - apparently invisible.
- This is paradise, you will be a user here.
- And hell?
- And hell is here - only a system analyst ...
- Where do you want something: to hell or to heaven?
- Can I see it?
They brought him to the huge VC. Around cars of all kinds, nets - apparently invisible.
- This is paradise, you will be a user here.
- And hell?
- And hell is here - only a system analyst ...
Light ray of hope, in the dark kingdom
But all this, of course, was an ordeal. Another disadvantage of such locks is that if you add a number to the list, it is blocked everywhere. Those. the client could not even put himself on the phone. And this black list had no effect on loans at all. In short, where do not throw, everywhere a wedge. So I began to look for ways to make this commission myself, or to completely block such payments. Otherwise, we simply lost the sense of holding terminals. I found commission.xml in the same folder with the program - that was what I needed.
I started Delphi 7, it has been sitting around for a long time with me, I quickly put on a program that parses this file and changes all the values ​​to what I need. Late in the evening I checked my guesses. And it worked, the commission on QIWI appeared. But after a few days she was gone. I looked at the file again and saw that everything was back as it was. It became clear that the program monitors its files and fixes it when updating. Okay. Again Delphi, we throw a timer on the form, quickly type - and the new program now reads this file every minute, calculates the CRC amount and if it does not match, parses the file, changes the values, remembers the new CRC amount and replaces the file with a new one. You can not parse the file, but simply replace it with the corrected one, but QIWI often has new providers, and the old ones disappear. So parse and edit more correctly. But my joy was not long, because I shared it with our dealer. He said that in QIWI they monitor payments, and if they notice our manipulations, they will be fined, and they will be us. Everything had to be turned off. Of course, I also had an idea how to block these payments, but ... then it seemed to me so simple, obvious, but at the same time stupid and impossible, that I threw it away.
We ourselves create problems and then heroically overcome them
Started looking the other way. Namely - monitoring. I didn't like him at all. There not only need to go to the site every time, and even use a special key. And all the time manually engaged in updating the page, so as not to miss anything. As you understand, I immediately decided to make my monitoring.
But the most important thing for me is to receive terminal status messages. Therefore, the first thing to set up SMS. I found a specialized website where you can connect your number and receive SMS on it, simply by sending a letter to the mail. Each terminal has its own postal address. I wrote a program that checked this mail, added the name of the terminal and forwarded to the postal address that this service issued. This is necessary in order to know which terminal the message came from. You can simply add your mailing address to all terminals, but the letter will contain only the number of the terminal, which does not tell me anything. At the same time, the same warning was made to the boss.
I expanded my monitoring. At first I wanted to connect to the QIWI server and pull out the data from there, but the page there is secure and I could not download the data from the site. Everything is too complicated and there are no ready-made solutions.
So I approached the question from the other side. The QIWI application in the terminal writes everything in detail to the log. I wrote the server part, which parsed this log and selected only the data I needed. As well as the client to receive messages and show on the screen. One of the terminals became the main one, it has a white IP and all other terminals send data to it.
The client program did everything herself. In the corner of the screen hung a small form on top of all windows, showed the current balance and color showed the status of communication with the server. First of all, I threw her boss on the computer and he no longer asked how much money was left in the account. A short look at the screen - and everything is clear.
Further more. Now, lines from the log appeared next to the balance: errors of the bill acceptor, which bill accepted, for which operator, the amount of payment, commission, etc. And while I do not need to press a single button. It is very convenient, especially when the whole day at the computer. It is immediately evident that the terminals are working or electricity is wasted. If I moved away from the company for a long time, then by arrival I clicked the mouse on the form and looked through the general log from all terminals.
What child would not amused, just not crying
Even while writing a monitoring for a computer, a new bright idea came to me. Write client and for Android phone. Its QIWI program is not bad, but it is silent. And I want to receive a sound notification for any errors and just about payments. Attempts to install different SDKs were unsuccessful, they all lacked something. Yes, not knowing the language. And write at the same time the server and the client for the computer and even for the phone. In general, I decided to speed up the process a bit. Yeah ...
On w3bsit3-dns.com I posted the idea of ​​my program and several people responded. But the first one, having heard my budget, harshly criticized. So I am despondent. But the next one agreed to do at least a part. I was ready for that too. The chef paid me three thousand for servicing the terminals, so I suggested this amount as a payment. I sent him all my wishes and even drew a block diagram.
I did not tell him that this is a program for QIWI, I just said a general purpose: tracking computers, which in general was the essence of the program. And since my budget is small and out of pocket, I have simplified the task as much as possible, plus made it more universal. It can be used in any project where you need to receive notifications on the phone. The communication protocol is simple: send code, get a string, add to the table. Connects every 30 seconds. Application principle: the program is a logger, shows a general log of messages from all terminals in one table. And also loses sounds. During a session, each type of message is played only once, no matter how many such messages were received. I divided messages into different types: payment, acceptance of notes, errors, etc. Each type has its own sound. For example: I set the sound to errors as in Windows, and the sound of a falling coin to the accepted payment. I don’t even need to get the phone; by the sounds, you can determine what is happening in the terminals.
It took several months (!). As it turned out, it is even more difficult for programmers to understand each other. But in the end we were able to make it and I enjoyed the first sounds of accepted payments. I liked what happened in the end. And I suggested modifying the program further. Now we need to add another table from above, it will show the current status of terminals on the network / not on the network, and so on. errors requiring immediate attention. I paid him the same amount, and he completed everything, and he also corrected some shortcomings.
And now the fun part. Since QIWI could not put a commission on payments, I decided to have fun. Marked them as a separate type and assigned a sound from the TV series “Sherlock”. Yes, yes, the one that Miss Adler put on his phone. ABOUT! You have no idea how funny it is to watch people's faces when a message comes in and the voice is loud and clear in the room. The funny thing is that even I could not say when he would lose. When friends and acquaintances asked "what is it?", I calmly replied that it was for work. And after all in life you will not guess what kind of work this is.
Business before pleasure
I found myself a new entertainment. What does a person do when the terminal does not take a large bill? That's right, goes to the cashier in the store and asks to change. What am I doing? I sit behind the monitor. At this moment I see how the lines with errors follow each other below. They are immediately visible, as they are red. If it says that the bill is disabled, then quickly open the program and see where they are trying to put the money. And if this is QIWI, then open another program and add the number to the black list, it is also visible in the logs. And run on the update. Who had time, he won! Of course, all this can be automated in the program on the server, she herself can do everything there and much faster than me ...
But how fun it is when you are still sleepy in the morning sipping coffee, and the phone begins to be filled with the sound of mistakes. With burning eyes, you run to your computer, shaking hands frantically you click the keys, dialing the number (copying, of course, you are too lazy to do). Finally you click the treasured Enter button. Flickering windows with green lines on a dark background ... In general, Hollywood movies about hackers rest.
QIWI Ads
Well, entertainment is fun, but I wanted something else. Somehow use terminals. Because here they are in my hands, I can do anything with them, but at the same time I can’t think of anything. A few sleepless nights did not give anything, googling too. Either no one is interested in this, or somehow they use it, but they are silent. The only thing that occurred to me was a banal advertisement. Well, what, we have several different stores, the repair is the same, why not. On the day there are hundreds of people nearby passes. QIWI there and so advertising turns, and we are worse.
I turned to the dealer with my question about how and what should be done in order for our advertising to appear. But he replied that QIWI will not do this, they only work all over Russia. And we are too small company for this. Well, if the mountain does not go to Magomed ... We will draw the mountain ourselves!
Brought a plate at the top of the screen, there are three containers for pictures with ads on it and they circle each other. A few days later, an acquaintance at the meeting said that he had seen our advertisement. He says no one is interested, no one looks at her. Not interesting, you say ... Well, well. Redid the program, now it hung secretly and watched the mouse. In any movement jumped out like the hell out of the box. And it disappeared only after a minute - and that provided that the mouse is not twitching.
Once, when another terminal was in our cabin, a man stood for a long time near the terminal and did something there. At this time I was watching him in the camera, which is in the cabin. Everything seemed suspicious to me, and I went into the hall to ask what was the matter. It turned out that he was trying to pay the loan, but my advertising interfered with it. Earlier, he said, there was a button there and it could be hidden, but now I have to wait. And he waited and waited all those who tried to pay the loan, because they still glowed in my logs ...
Burn me in hell with a blue flame!
X-Files: Curse
We were approached by the owner of one of the shops with a proposal to put the terminal at her point. She was in a nearby village. The road there is good, the village is rich, live in the forest. So I started to assemble a new device. There is no wired internet connection, so I added a USB modem from MegaFon to the terminal. The native modem that came with was not suitable for me, there is only EDGE, and I have increased traffic, so only 3G. At one time, I used modems and I did not like the fact that the program always pops up on the screen during breaks. Therefore, I wrote a bat-file that monitored the network and reconnected itself at the cliffs, while doing everything silently and without interfering. So it was useful here. In the end, all collected and taken to the point.
When installed in place, there were buyers. Naturally, they wondered what it was and why. We, of course, explained that they could put money on the phone here. What kind of grandmother told us: Where are you? Where do you live? If the money does not come, we will come and write ... you! Hmm ... If old grandmother, who is not worth it, threatens us, what can we expect from the rest? Wild people. What to say.
The first couple of months everything was fine. And then it began ... First of all, MegaFon station collapsed. There was no connection for several days. Well, we corrected it, having put the modem from "Beeline". Then I modified my bat program altogether, now it switched between modems on breaks. But it did not work either. Modems stupidly hang. Could not reconnect with the base station themselves. In order for a connection to appear, the terminal needs to be turned off, completely for 15 minutes. And I often called salesmen asking them to turn off the terminal, and then turn it on.
The sensor settings started to fly, paper got stuck in the printer, notes were chewed. We wandered there almost every day. They could not understand what was the matter. Disassembled and cleaned the sensor, changed the printer, bill acceptor, even the sensor with the monitor changed. Changed the power supply inside the case, put a voltage regulator. Ground terminal, as he was hitting the current. They drove a pin into the ground, made a hole in the frame of the window and led the wire to the terminal. The processes in the system hung, threw in a bunch of controlling scripts. Bat on bat and taskkill drives. All for nothing.
Phoned to the dealer, told our problem. They did not encounter this, offered to swap terminals. Changed. At the new point, the buggy terminal earned as if nothing had happened. And at this place again the problem. We thought maybe the local are doing something. I put a web-camera + Ivideon, but did not see anything like that. As a joke, he offered to call the priest and the mullah for a couple. The place is clearly cursed.
Tormented for several months. As a result, the cause of this abnormal behavior, we have not figured out. But everything was decided very simply. The most important thing for us is to establish a connection, so we carried out the Internet ADSL. Everything. All symptoms disappeared like a hand. We woke up somewhere in two weeks. And the terminal works, no problem. Trying to experiment and find out what was wrong, I didn’t, that's enough. Returned to the simple truth: it works - do not touch.
A crisis
The end of 2014 brought a crisis to my abode. Virtual love, like real love, was not so eternal. Hamachi ordered to live long by closing all free accounts. And I scolded my laziness for a long time. After all, he knew that this day would come. It was necessary to prepare OpenVPN. But what is not, is not.
I downloaded the new version of OpenVPN and started testing at one of the terminals. They changed the GUI interface, but still left it miserable. Is it really so difficult to teach her to monitor the network and reconnect when the cliffs? You have to do everything yourself. Again I had to write a bat-file that pings the network and if there is no answer, openvpn.exe crashes all processes and starts up with a new one. It took a couple of weeks to fully restore the network, I went to the terminals only along with the boss. Demolished Hamachi and put OpenVPN. Also increased the commission at all terminals.
We have competitors, terminals from the owners of new stores and commissions are not there. They put them exclusively to attract customers. So for me, it still remains a mystery who all these people are that they put money in our terminals.
The Empire Strikes Back
At the beginning of this year, I traveled to the city to speak with a dealer. I am interested in writing a QIWI monitoring program and I asked the dealer how others are doing. How they look at their terminals. Do I need a program like the one that I wrote. He explained that where there are a lot of terminals, special people sit and follow through the site, so they are hardly interested. In addition, my program must be installed separately in each terminal. If everything is so difficult, it is not necessary for nothing. Where QIWI payments are more important to them now is a headache for all owners.
Well, on arrival home, I was fully ripe and was ready to implement any crazy idea that is able to block payments, as long as it works.
And I got down to business. Brought the most transparent form in the lower right corner. The size is such as to completely close the buttons that appear there. Now every click in this place was tracked by my program. When I clicked on the form, she took a screenshot of the screen, cut out 2 parts from the image and compared pixel by pixel with the image that needs to be blocked. In this case, the QIWI wallet number entry interface. And if it did, the program moved the mouse cursor and clicked on the <Back> and <Home> buttons. I think customers are slightly offigel from this behavior of the mouse, the form is not visible to them. If it didn’t match, then the program made its form completely transparent, then you can click after the form. Actually, she also pressed wherever the client wanted to press. It worked, but not everywhere, the reason was in the depth of color, which is indicated in the properties of the screen, but I made them all the same.
I went on the offensive, but it turned out that not everything is blocked. These were transfers through the same ill-fated wallet. The interface there is another. Well, reluctantly added a second image for control. And there are images in BMP format of 3.5 MB! But then a third interface appeared ... The offensive failed, without really starting.
The knife is a tool, they can cut the bread, and you can kill a person
We need to look for another solution, simple and less resource-intensive. And this was found. The article on Habré is a perceptual hash . I spent all weekend with him, staying up late at night. But it was worth it. The article code was not. And in Google ready solutions too. But the author has painted everything well step by step. So part of the search, part of my mind, I got my first hash, and then the matter of technology. I rewrote the program, now it has become much easier. She also cut out a part of the image from the screenshot, but now it is much larger and one, calculated the hash and compared it with the ready list. Even at the beginning of the writing of the program, I taught her to save on the disk all screenshots in JPG format and now I have easily collected all the hashes. For a perceptual hash, it does not matter what format the image is and how compressed it is, the result is always the same. The program writes everything to the log: when it made a screenshot, which hash. So even if something passes by, I'll just find this place by time and copy the finished hash. Before I fight again, I decided to check everything out.I copied the screenshots from the terminals and compared all the hashes with those that blocked. To eliminate false positives. Everything went perfectly. Also changed the program's reaction to blocking. The mouse did not touch now, but instead displayed the same inscription as with the blocked number. For an outgoing client, it looks as if his number is on the black list. The program scattered across the terminals and rebooted them.
But everything did not work again! After much anguish, it turned out that QIWI was to blame, or rather how it was launched. A year ago, fighting for security, they changed the way they run their programs. It replaced the standard Windows shell. And all the programs that are in Startup itself. Perhaps there is a start of programs a little differently than in the standard explorer.exe. Or because of the transparency of my form. I did not find out, I just delayed the launch of my program. I wrote a simple bat-file that ran it a minute after it. Everything worked as it should. The next day I personally went to the terminal and checked the lock. Then a few days more remotely through Radmin contemplated the work of his program. This is not necessary, everything can be read in the logs, but it is better to see once than hear a hundred times. The program does all the work clearly.The delay is minimal, and this despite the fact that I have not optimized anything, even the search for a hash in the list was a blunt search. Now the list is small, but even if there are hundreds of entries, it will not greatly affect the performance.
The black list was cleared of all lepers, becoming pristine clean. And I returned peace to the dark programmer's soul.
Meal'n'Real!
Well, my story ends, but the story continues. I am tired of repairing, pulling out dead mice and butterflies from a sistemnik and sniffing toner like an inveterate cocaineer. A big bike trip to the south, hot and long summer with friends awaits me. Something like an indefinite vacation. But I still have one more task that I set for myself. During the creation of advertising I had an idea to show video on the terminals. I already removed that ad. Yes, it took a long time before I realized how useless it is. So now I have a new direction. Positive! I will play a funny video after each payment. Or show a funny picture. QIWI geniuses made a delay before typing a check. All in order to keep attention on the next advertisement. Thank you, QIWI, I will use this moment for my own purposes ...
Source: https://habr.com/ru/post/252585/
All Articles