evo42 · February 25, 2017 14:19
diff --git a/bash-banking-co-at.sh b/bash-banking-co-at.sh
 #!/bin/bash

 #
 # bash-banking-co-at.sh
 #
 # http://banking.co.at command line API
 # authenticate a user and initiate transactions
 #

 # 
 # bank account details
 #
 # authentication data for banking.co.at mobile banking
 # url: https://mbp.banking.co.at/appl/mbp/login.html?resource=<$bank>
 #
 bank=''                 # hyponoe: 29 | hellobank: 36
 kontoNr=''              # kontonummer -- part of iban
 user=''                 # verfügernummer
 name=''                 # verfügername
 pin=''                  # pin

 #
 # transfer details
 #
 # initiate and sign a barTAN transaction
 # https://www.volksbank.at/barbehebung
 #
 betragEur='10'            # amount in EUR valid: 10, 20, 30, 40, 50, 60, 70, 80, 90, 100 (for now)
 terminalId='5311014'    # barTAN enabled ATM (ID ends with 4) -- that one is in AT-3062;
                        #see https://gist.github.com/evo42/13976492bc443f960b5fe458e4dc5c1b
                        
 telCc='43'              # country code of sms enabled cell phone number (43: austria)
 telNr=''                # sms enabled cell phone number without leading zero and country code
                        # will receive the sms with the barTAN code to enter at the ATM

 msg='bitATM'            # urlencoded message in the barTAN sms -- seems to be not used any more.


 # transfer specific data -- will be set automatically
 mobileTan=''            # tan from the sms sent from the bank for that transaction -- 12345678
 transId=''              # bank barTAN transaction ID -- 1X24365X27X%5BC%7CN%5D
 sectok=''               # security token


 # start auth process with empty cookie
 rm ./curl-cookies

 # get security token and cookies for the authentication
 login=$(curl -is --verbose -c ./curl-cookies "https://mbp.banking.co.at/appl/mbp/login_fromTimeout.html?resource=$bank");
 sectok=$(echo "$login" | (grep -o 'name="sectok" value="[0-9a-zA-Z+]\{10,50\}" autocomplete' | grep -o '[0-9a-zA-Z+]\{20,50\}'));

 echo '##############';
 echo "${sectok//+/%2B}";
 echo '##############';

 # authenticate and get valid session cookies
 auth=$(curl -is -b ./curl-cookies -c ./curl-cookies --verbose -d "sectok=${sectok//+/%2B}&mlpc=true&refCode2=&verfueger=$user&verfuegerName=$name&pin=$pin" -X POST "https://mbp.banking.co.at/appl/mbp/login/pin.html?resource=$bank&jsStat=disabled")
 echo $auth;

 # somehow needed ...
 page=$(curl -is -b ./curl-cookies --verbose https://mbp.banking.co.at/appl/mbp/functions/core/navigation.html);
 page=$(curl -i -b ./curl-cookies --verbose https://mbp.banking.co.at/appl/mbp/functions/core/trans/GENERAL/btn_i.html);
 #page=$(curl -is -b ./curl-cookies --verbose https://mbp.banking.co.at/appl/mbp/functions/core/finanzuebersicht.html);

 # initiate cash withdrawal at specific ATM 
 withdrawal=$(curl -i -b ./curl-cookies --verbose -d "btnKontonummer=$kontoNr&btnBetrag=$betragEur&btnTerminalid=$terminalId&btnTelnrCC=$telCc&btnTelnrSN=$telNr&btnGrusstext=$msg" -X POST https://mbp.banking.co.at/appl/mbp/functions/core/trans/GENERAL/btn_z.html?jsStat=disabled)

 # from the sent headers extract the transaction ID
 transId=$(echo "$withdrawal" | grep -o 'transID=[0-9a-zA-Z\%]\{10,50\}' | head -n 1);
 echo '##############';
 echo $transId; # including key --> transID=<XYZ>
 echo '##############';

 # regquest a TAN via SMS to sign the barTAN transaction
 sign=$(curl -i -b ./curl-cookies -c ./curl-cookies --verbose "https://mbp.banking.co.at:443/appl/mbp/functions/core/unterschriftenmappe/unterschriftenmappe.html?$transId")
 sign=$(curl -i -b ./curl-cookies -c ./curl-cookies -d "action=sign&$transId" -X POST https://mbp.banking.co.at/appl/mbp/functions/core/unterschriftenmappe/inputmtan.html?jsStat=disabled)
 echo $sign;

 # extract the new security token
 sectok=$(echo "$sign" | grep -o 'sectok=[0-9a-zA-Z\%]\{10,50\}' | head -n 1);


 # wait for SMS from the bank with the mobile TAN
 # use Twilio API / webhook to extract it
 # or just wait and ask for it ;-) 
 read -p "Enter mobile TAN: " mobiletan

 while true
 do
  case $mobiletan in
   [nN]* ) exit;;

   * )     transaction=$(curl -i -b ./curl-cookies -c ./curl-cookies --verbose -d "mobileTan=$mobiletan" -X POST "https://mbp.banking.co.at/appl/mbp/functions/core/unterschriftenmappe/execute.html?$sectok&jsStat=disabled")
           echo $transaction
   
           break ;;
  esac
 done
	#!/bin/bash

	#
	# bash-banking-co-at.sh
	#
	# http://banking.co.at command line API
	# authenticate a user and initiate transactions
	#

	#
	# bank account details
	#
	# authentication data for banking.co.at mobile banking
	# url: https://mbp.banking.co.at/appl/mbp/login.html?resource=<$bank>
	#
	bank='' # hyponoe: 29 \| hellobank: 36
	kontoNr='' # kontonummer -- part of iban
	user='' # verfügernummer
	name='' # verfügername
	pin='' # pin

	#
	# transfer details
	#
	# initiate and sign a barTAN transaction
	# https://www.volksbank.at/barbehebung
	#
	betragEur='10' # amount in EUR valid: 10, 20, 30, 40, 50, 60, 70, 80, 90, 100 (for now)
	terminalId='5311014' # barTAN enabled ATM (ID ends with 4) -- that one is in AT-3062;
	#see https://gist.github.com/evo42/13976492bc443f960b5fe458e4dc5c1b

	telCc='43' # country code of sms enabled cell phone number (43: austria)
	telNr='' # sms enabled cell phone number without leading zero and country code
	# will receive the sms with the barTAN code to enter at the ATM

	msg='bitATM' # urlencoded message in the barTAN sms -- seems to be not used any more.


	# transfer specific data -- will be set automatically
	mobileTan='' # tan from the sms sent from the bank for that transaction -- 12345678
	transId='' # bank barTAN transaction ID -- 1X24365X27X%5BC%7CN%5D
	sectok='' # security token


	# start auth process with empty cookie
	rm ./curl-cookies

	# get security token and cookies for the authentication
	login=$(curl -is --verbose -c ./curl-cookies "https://mbp.banking.co.at/appl/mbp/login_fromTimeout.html?resource=$bank");
	sectok=$(echo "$login" \| (grep -o 'name="sectok" value="[0-9a-zA-Z+]\{10,50\}" autocomplete' \| grep -o '[0-9a-zA-Z+]\{20,50\}'));

	echo '##############';
	echo "${sectok//+/%2B}";
	echo '##############';

	# authenticate and get valid session cookies
	auth=$(curl -is -b ./curl-cookies -c ./curl-cookies --verbose -d "sectok=${sectok//+/%2B}&mlpc=true&refCode2=&verfueger=$user&verfuegerName=$name&pin=$pin" -X POST "https://mbp.banking.co.at/appl/mbp/login/pin.html?resource=$bank&jsStat=disabled")
	echo $auth;

	# somehow needed ...
	page=$(curl -is -b ./curl-cookies --verbose https://mbp.banking.co.at/appl/mbp/functions/core/navigation.html);
	page=$(curl -i -b ./curl-cookies --verbose https://mbp.banking.co.at/appl/mbp/functions/core/trans/GENERAL/btn_i.html);
	#page=$(curl -is -b ./curl-cookies --verbose https://mbp.banking.co.at/appl/mbp/functions/core/finanzuebersicht.html);

	# initiate cash withdrawal at specific ATM
	withdrawal=$(curl -i -b ./curl-cookies --verbose -d "btnKontonummer=$kontoNr&btnBetrag=$betragEur&btnTerminalid=$terminalId&btnTelnrCC=$telCc&btnTelnrSN=$telNr&btnGrusstext=$msg" -X POST https://mbp.banking.co.at/appl/mbp/functions/core/trans/GENERAL/btn_z.html?jsStat=disabled)

	# from the sent headers extract the transaction ID
	transId=$(echo "$withdrawal" \| grep -o 'transID=[0-9a-zA-Z\%]\{10,50\}' \| head -n 1);
	echo '##############';
	echo $transId; # including key --> transID=<XYZ>
	echo '##############';

	# regquest a TAN via SMS to sign the barTAN transaction
	sign=$(curl -i -b ./curl-cookies -c ./curl-cookies --verbose "https://mbp.banking.co.at:443/appl/mbp/functions/core/unterschriftenmappe/unterschriftenmappe.html?$transId")
	sign=$(curl -i -b ./curl-cookies -c ./curl-cookies -d "action=sign&$transId" -X POST https://mbp.banking.co.at/appl/mbp/functions/core/unterschriftenmappe/inputmtan.html?jsStat=disabled)
	echo $sign;

	# extract the new security token
	sectok=$(echo "$sign" \| grep -o 'sectok=[0-9a-zA-Z\%]\{10,50\}' \| head -n 1);


	# wait for SMS from the bank with the mobile TAN
	# use Twilio API / webhook to extract it
	# or just wait and ask for it ;-)
	read -p "Enter mobile TAN: " mobiletan

	while true
	do
	case $mobiletan in
	[nN]* ) exit;;

	* ) transaction=$(curl -i -b ./curl-cookies -c ./curl-cookies --verbose -d "mobileTan=$mobiletan" -X POST "https://mbp.banking.co.at/appl/mbp/functions/core/unterschriftenmappe/execute.html?$sectok&jsStat=disabled")
	echo $transaction

	break ;;
	esac
	done
No results found