Jump to content

Determining RSA SecurID Protected Content and Cracking 2FA RNGs


Recommended Posts

I am seeking someone whom is familiar with the 2FA - handshake / connection that is made with RSA SecurID.

I believe that the one that I have come into possession of is securing a Bitcoin wallet or account within a gambling site type of location for example, that would need to have a large sum of funds protected by such a Key Token Random Generated system that is RSA SecurID.

The 'key fob' itself is dated 07-31-2014 and has a 9-digit code that is imprinted into the fob that matches and coordinates with a barcode on the back of the fob as well. Additionally there is a smaller 6 digit code on top of a 2 digit code underneath the assumed to be date of 'birth' or manufacture.

Am i wrong to understand that when programmed, this key basically sends a signal to a server or access point basically saying, here is the password for the next XXXXX seconds, or saomething being broadcast when that button is pushed to activate the RNG and create the code; as there is the option integrated into the what appears to be an IFTTT type sequence of either email or SMS is sent to the fob owner notifying them about the activation of the RNG 2FA to disrupt potential fraud; they must have to have a message/signal that is directed at the protected source location, ie XYZ Bitcoin Wallet login API, that there could be some way to be able to intercept that message/signal to be able to locate the source of the protected content?

Most importantly of all, I would also need to have the username/login as well wouldn't I? As if the location of the content is exposed, that might not be enough to be able to access the protected content; ie Mega.NZ, if you don't know the username as well, other than by doing OSINT on anything else found online back from 2014 era, would be useless to have the 2FA Key password for example without a username? Would that possibly be something that would be included in the core package of info that the fob sends out to the sourced protection material location, as the 2FA key would have been assigned to either be true or false on login attempt with that server; to a certain specific username, would it not?

I haver scrubbed the RSA official website as well as versed myself into how the devices are used, and at length observed as many review and discussion videos on multiple platforms around the devices; and am aware of both current developments and products vs how this one is 7 years old; and was still kept somewhere very safe to someone that was only discovered in passing, so there is no way to be able to verify with the original owner exactly what this RSA SecurID "fob" is protecting, however, as the estate was left into my name, it was found in the process of gathering these things together and inventory them for either auction or storage.

I am willing to disclose the only identifier information to those whom have DM directly with both sound reason and plan of approach to find the source of the 2FA protection. While in the end of it all, we're not entirely sure what is hiding behind this key, I am willing to pay someone for their assistance in either sourcing the scripts (Python preferred) to be able to catch whatever package is being transmitted when this key is activated; so that end result finds us the location and ability to access whatever content is being protected accordingly. I am also willing to not only pay upon completion or delivery of code/information, there is a 2% reward up for grabs of whatever monetary value we find inside of the content.

It coin be bitcoin. A few dozen he had always mentioned he owned but no one ever really saw... so was he lying? Or does it protect some Pokerstars account that has $0.64 because he ran it dry and tossed the key in a safe to not be seen for how many years?

No time wasters. No tire kickers. Only proven performers with solid ideas and plans will be followed up with. We will be willing to issue 1 person 12 hours at a time to an exclusivity before moving onto the next potential candidate, so don't sleep on this. If you know this shit, help me sleep tonight, because I can't for the life of me keep staying up every night trying to learn everything possible about RSA and how to skirt its processes; while balancing normal adult life. I would like to know what it is that being protected and in all reality, with how tough the last couple years have been; could really use a W.

Will not pay first. Don't ask. Get blocked if do. Will agree to escrow 3rd party consent and reward window if required. Might be new to this forum, but not new to working on tough to crack projects; bitcoin, or other python coding endeavors. I come to this forum in search of help, and someone with a sense of both confidence and adventure; as if this pans out to work well with someone, I am always open to developing long term relationships where we can mutually benefit.

Thank you for your time.

Edited by canadarx
spelling correction
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

Board Life Status


Board startup date: October 30, 2017 06:45:19
×
×
  • Create New...