20. the ROOT OF problem
• Charging our clients per hour of work
• Charging our clients every 15 days
In Diacode we have two rules for invoicing
viernes, 30 de enero de 15
22. the problem
Sending biweekly invoices means
checking our bank account every 2 weeks
to make sure we’ve been paid
viernes, 30 de enero de 15
23. the problem
Sending biweekly invoices means
checking our bank account every 2 weeks
to make sure we’ve been paid
Or every week if we’re working
for 2 clients simultaneously.
viernes, 30 de enero de 15
34. the problem
facepalm_count = 5
Concept = “Transfers”
SUPER HELPFUL.
Do you see that tiny icon?
That’s what I had to click to
find out who paid us
viernes, 30 de enero de 15
35. the problem
TL;DR
5 facepalms and 30 clicks later
I could see if our last invoice was paid
viernes, 30 de enero de 15
36. the problem
TL;DR
5 facepalms and 30 clicks later
I could see if our last invoice was paid
This thing every week.
viernes, 30 de enero de 15
49. Making off: hacking bbva
BBVA’s website sucks.
BUT
they have a pretty good mobile app...
viernes, 30 de enero de 15
50. Making off: hacking bbva
BBVA’s website sucks.
BUT
they have a pretty good mobile app...
viernes, 30 de enero de 15
51. ...which probably uses an API, right?
Making off: hacking bbva
BBVA’s website sucks.
BUT
they have a pretty good mobile app...
viernes, 30 de enero de 15
52. Making off: hacking bbva
What if we use reverse
engineering to discover the
API used by the mobile app?
viernes, 30 de enero de 15
53. Making off: hacking bbva
Madrid.rb, please meet
Charles Proxy
viernes, 30 de enero de 15
54. Making off: hacking bbva
Charles Proxy allows you to
inspect the network traffic
generated on your
computer... or on your phone.
Yes, even with SSL.
Installation guide -> http://bit.ly/1DbqsZi
viernes, 30 de enero de 15
59. Making off: hacking bankinter
After hacking BBVA,
my friend @ismaGNU
decided to hack Bankinter.
This time with an (old school) approach:
web scrapping with Nokogiri
viernes, 30 de enero de 15
60. Making off: hacking bankinter
But... there was one trap.
Bankinter’s website needs to execute a
random Javascript function
that changes in every request.
So we cannot predict its output.
viernes, 30 de enero de 15
61. Making off: hacking bankinter
Solution:
Using execjs gem to
execute Javascript code from Ruby.
viernes, 30 de enero de 15
63. Making off: hacking ing direct
@raulmarcosl
joined the party to hack ING Direct.
ING has both a good mobile app
and a good web app.
The web app turned out to be a
single page app using the
same API than the mobile app.
viernes, 30 de enero de 15
64. Making off: hacking ing direct
BUT
There was a big problem:
A virtual keyboard.
viernes, 30 de enero de 15
65. Making off: hacking ing direct
BUT
There was a big problem:
A virtual keyboard.
viernes, 30 de enero de 15
66. Each number of the keyboard is
an image sent by the API
encoded in base64.
Making off: hacking ING DIRECT
viernes, 30 de enero de 15
67. Each number of the keyboard is
an image sent by the API
encoded in base64.
Making off: hacking ING DIRECT
viernes, 30 de enero de 15
68. And in each request, the base64 string
was different for all numbers.
In other words: some pixels were
different even if they looked the same.
Making off: hacking ING DIRECT
!=
viernes, 30 de enero de 15
69. Solution:
Take one sample for every number.
Then use rmagick gem to
iterate over each pixel
(for each number)
and calculate how different
they’re from the sample.
Making off: hacking ING DIRECT
viernes, 30 de enero de 15
70. Decoding the received pinpad (keyboard)
Making off: hacking ING DIRECT
viernes, 30 de enero de 15
72. Filling the required gaps
Making off: hacking ING DIRECT
viernes, 30 de enero de 15
73. one gem to rule
them all.
introducing:
bank_scrap
viernes, 30 de enero de 15
74. bank_scrap is a Ruby gem with one goal:
becoming to banks what ActiveMerchant is
to payment gateways:
A common abstraction layer
for fetching bank data.
bank_Scrap
viernes, 30 de enero de 15
75. bank_scrap has a Ruby API and a
Command Line Interface (CLI).
bank_Scrap
viernes, 30 de enero de 15
76. Here is how it works from your Ruby code:
bank_Scrap
viernes, 30 de enero de 15
77. Last version (0.0.8) supports fetching accounts
balance and transactions for BBVA & ING Direct
(Bankinter will get up-to-date soon)
bank_Scrap
viernes, 30 de enero de 15
78. Each bank implements its adapter with
a new class that inherits from Bank
bank_Scrap
viernes, 30 de enero de 15
79. bank_Scrap
Gem dependencies
mechanize HTTP requests
thor Implementing the CLI
activesupport Rails candies, like Date.today - 2.months
money Currency formatting and exchange
rmagick To hack virtual keyboards (used by ING adapter)
nokogiri Parsing HTML (used by Bankinter adapter)
execjs Executing JS on ruby (used by Bankinter adapter)
viernes, 30 de enero de 15
80. Once you have your bank data as Ruby objects
the sky is the limit.
(The sky or your imagination).
bank_Scrap
viernes, 30 de enero de 15
81. Some free ideas:
Use bank_scrap to automate email reminders
for expired payments.
Use bank_scrap and Twilio to get SMS
notifications of your transactions
(as some banks don’t offer this)
bank_Scrap
viernes, 30 de enero de 15
82. New stuff we would like to add to bank_scrap:
• More bank adapters.
• Exporters API (CSV, YAML, etc.).
• A complementary gem for creating a dashboard of
your bank data (like the one we have in Diacode).
• Support for write operations (creating transactions)?
• Tests. Yeah.
bank_Scrap
viernes, 30 de enero de 15
83. For doing all of this we need your help.
Especially for writing new adapters for other banks.
(we don’t have as many bank accounts as Bárcenas).
So please, fork the code and contribute!
https://github.com/ismaGNU/bank_scrap
bank_Scrap
viernes, 30 de enero de 15